test(e2e): add mfa profile

ory · Oct 19, 2021 · a60d157 · a60d157
1 parent c8a1dfc
commit a60d157
Show file tree

Hide file tree

Showing 4 changed files with 210 additions and 1 deletion.
diff --git a/test/e2e/cypress/integration/profiles/mfa/settings/success.spec.js b/test/e2e/cypress/integration/profiles/mfa/settings/success.spec.js
@@ -0,0 +1,136 @@
+import {APP_URL, gen, website} from '../../../../helpers'
+
+context('Email Profile', () => {
+  describe('Settings Flow Success', () => {
+    before(() => {
+      cy.useConfigProfile('mfa')
+    })
+
+    const email = gen.email()
+    const password = gen.password()
+
+    before(() => {
+      cy.register({email, password, fields: {'traits.website': website}})
+    })
+
+    beforeEach(() => {
+      cy.clearCookies()
+      cy.login({email, password})
+      cy.visit(APP_URL + '/settings')
+    })
+
+    it('shows all settings forms', () => {
+      cy.get('p').should('contain.text', 'Profile')
+      cy.get('input[name="traits.email"]').should('contain.value', email)
+      cy.get('input[name="traits.website"]').should('contain.value', website)
+
+      cy.get('p').should('contain.text', 'Password')
+      cy.get('input[name="password"]').should('be.empty')
+    })
+
+    // describe('password', () => {
+    //   it('modifies the password with privileged session', () => {
+    //     // Once input weak password to test which error message is cleared after updating successfully
+    //     cy.get('input[name="password"]').clear().type('123')
+    //     cy.get('button[value="password"]').click()
+    //     cy.get('.container').should(
+    //       'not.contain.text',
+    //       'Your changes have been saved!'
+    //     )
+    //     cy.get('.container').should(
+    //       'contain.text',
+    //       'The password can not be used'
+    //     )
+    //     cy.get('input[name="password"]').should('be.empty')
+    //
+    //     password = up(password)
+    //     cy.get('input[name="password"]').clear().type(password)
+    //     cy.get('button[value="password"]').click()
+    //     cy.get('.container').should(
+    //       'contain.text',
+    //       'Your changes have been saved!'
+    //     )
+    //     cy.get('.container').should(
+    //       'not.contain.text',
+    //       'The password can not be used'
+    //     )
+    //     cy.get('input[name="password"]').should('be.empty')
+    //   })
+    //
+    //   it('is unable to log in with the old password', () => {
+    //     cy.clearCookies()
+    //     cy.login({
+    //       email: email,
+    //       password: down(password),
+    //       expectSession: false
+    //     })
+    //   })
+    //
+    //   it('modifies the password with an unprivileged session', () => {
+    //     password = up(password)
+    //     cy.get('input[name="password"]').clear().type(password)
+    //     cy.shortPrivilegedSessionTime() // wait for the privileged session to time out
+    //     cy.get('button[value="password"]').click()
+    //
+    //     cy.reauth({ expect: { email }, type: { password: down(password) } })
+    //
+    //     cy.url().should('include', '/settings')
+    //     cy.get('.container').should(
+    //       'contain.text',
+    //       'Your changes have been saved!'
+    //     )
+    //     cy.get('input[name="password"]').should('be.empty')
+    //   })
+    // })
+    //
+    // describe('profile', () => {
+    //   it('modifies an unprotected trait', () => {
+    //     cy.get('input[name="traits.website"]')
+    //       .clear()
+    //       .type('https://github.com/ory')
+    //     cy.get('button[value="profile"]').click()
+    //     cy.get('.container').should(
+    //       'contain.text',
+    //       'Your changes have been saved!'
+    //     )
+    //     cy.get('input[name="traits.website"]').should(
+    //       'contain.value',
+    //       'https://github.com/ory'
+    //     )
+    //   })
+    //
+    //   it('modifies a protected trait with privileged session', () => {
+    //     email = up(email)
+    //     cy.get('input[name="traits.email"]').clear().type(email)
+    //     cy.get('button[value="profile"]').click()
+    //     cy.get('.container').should(
+    //       'contain.text',
+    //       'Your changes have been saved!'
+    //     )
+    //     cy.get('input[name="traits.email"]').should('contain.value', email)
+    //   })
+    //
+    //   it('is unable to log in with the old email', () => {
+    //     cy.clearCookies()
+    //     cy.visit(APP_URL + '/auth/login')
+    //     cy.login({ email: down(email), password, expectSession: false })
+    //   })
+    //
+    //   it('modifies a protected trait with unprivileged session', () => {
+    //     email = up(email)
+    //     cy.get('input[name="traits.email"]').clear().type(email)
+    //     cy.shortPrivilegedSessionTime() // wait for the privileged session to time out
+    //     cy.get('button[value="profile"]').click()
+    //
+    //     cy.reauth({ expect: { email: down(email) }, type: { password } })
+    //
+    //     cy.url().should('include', '/settings')
+    //     cy.get('.container').should(
+    //       'contain.text',
+    //       'Your changes have been saved!'
+    //     )
+    //     cy.get('input[name="traits.email"]').should('contain.value', email)
+    //   })
+    // })
+  })
+})
diff --git a/test/e2e/profiles/mfa/.kratos.yml b/test/e2e/profiles/mfa/.kratos.yml
@@ -0,0 +1,36 @@
+selfservice:
+  flows:
+    settings:
+      privileged_session_max_age: 5m
+
+    logout:
+      after:
+        default_browser_return_url: http://localhost:4455/auth/login
+
+    registration:
+      after:
+        password:
+          hooks:
+            - hook: session
+
+  methods:
+    totp:
+      enabled: true
+      config:
+        issuer: issuer.ory.sh
+    lookup_secret:
+      enabled: true
+    webauthn:
+      enabled: true
+      config:
+        rp:
+          id: localhost
+          origin: http://localhost:4455
+          display_name: Ory
+
+identity:
+  default_schema_url: file://test/e2e/profiles/email/identity.traits.schema.json
+
+#session:
+#  whoami:
+#    authenticated_if: aal1 | aal2 | highest_available_aal
diff --git a/test/e2e/profiles/mfa/identity.traits.schema.json b/test/e2e/profiles/mfa/identity.traits.schema.json
@@ -0,0 +1,37 @@
+{
+  "$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "title": "Person",
+  "type": "object",
+  "properties": {
+    "traits": {
+      "type": "object",
+      "properties": {
+        "email": {
+          "type": "string",
+          "format": "email",
+          "title": "Your E-Mail",
+          "minLength": 3,
+          "ory.sh/kratos": {
+            "credentials": {
+              "password": {
+                "identifier": true
+              }
+            }
+          }
+        },
+        "website": {
+          "title": "Your website",
+          "type": "string",
+          "format": "uri",
+          "minLength": 10
+        }
+      },
+      "required": [
+        "email",
+        "website"
+      ],
+      "additionalProperties": false
+    }
+  }
+}
diff --git a/test/e2e/run.sh b/test/e2e/run.sh
@@ -141,7 +141,7 @@ run() {
     $kratos migrate sql -e --yes
   fi
 
-  for profile in email mobile oidc recovery verification; do
+  for profile in email mobile oidc recovery verification mfa; do
     yq merge test/e2e/profiles/kratos.base.yml "test/e2e/profiles/${profile}/.kratos.yml" > test/e2e/kratos.${profile}.yml
     cp test/e2e/kratos.email.yml test/e2e/kratos.generated.yml
   done