UI: Add auth tests (#30033)

* rename page test to login form

* add username/password tests to auth page test

* add github and generalize tests

* finish standard auth types for page test

* add tests for onNamespaceInput

* fix accessibility violation

* add oidc provider qp test

* move helper into test

* move destructured arg

* address oidc auth method flakiness...maybe?

* cleanup unused fake window methods

* add comment why...

* fix diff

* fix header

* finish mfa acceptance tests move mfa selectors to folder

Author: hellobontempo

ui/tests/acceptance/auth/mfa-test.js

@@ -16,7 +16,6 @@ import { callbackData, WindowStub } from 'vault/tests/helpers/oidc-window-stub';
 import sinon from 'sinon';
 
 const ENT_ONLY = ['saml'];
-const DELAY_IN_MS = 500;
 
 // See AUTH_METHOD_TEST_CASES for how request data maps to method types
 // authRequest is the request made on submit and what returns mfa_validation requirements (if any)
@@ -106,7 +105,7 @@ for (const method of AUTH_METHOD_TEST_CASES) {
         setTimeout(() => {
           // set path which is used to set :mount param in the callback url => /auth/:mount/oidc/callback
           window.postMessage(callbackData({ path: this.mountPath }), window.origin);
-        }, DELAY_IN_MS);
+        }, 50);
       }
 
       await click(AUTH_FORM.login);
@@ -142,7 +141,7 @@ for (const method of AUTH_METHOD_TEST_CASES) {
         setTimeout(() => {
           // set path which is used to set :mount param in the callback url => /auth/:mount/oidc/callback
           window.postMessage(callbackData({ path: this.mountPath }), window.origin);
-        }, DELAY_IN_MS);
+        }, 50);
       }
 
       await click(AUTH_FORM.login);
@@ -180,7 +179,7 @@ for (const method of AUTH_METHOD_TEST_CASES) {
         setTimeout(() => {
           // set path which is used to set :mount param in the callback url => /auth/:mount/oidc/callback
           window.postMessage(callbackData({ path: this.mountPath }), window.origin);
-        }, DELAY_IN_MS);
+        }, 50);
       }
 
       await click(AUTH_FORM.login);
@@ -214,7 +213,7 @@ for (const method of AUTH_METHOD_TEST_CASES) {
         setTimeout(() => {
           // set path which is used to set :mount param in the callback url => /auth/:mount/oidc/callback
           window.postMessage(callbackData({ path: this.mountPath }), window.origin);
-        }, DELAY_IN_MS);
+        }, 50);
       }
 
       await click(AUTH_FORM.login);

ui/tests/acceptance/oidc-auth-method-test.js

@@ -13,8 +13,6 @@ import sinon from 'sinon';
 import { Response } from 'miragejs';
 import { setupTotpMfaResponse } from 'vault/tests/helpers/mfa/mfa-helpers';
 
-const DELAY_IN_MS = 500;
-
 module('Acceptance | oidc auth method', function (hooks) {
   setupApplicationTest(hooks);
   setupMirage(hooks);
@@ -70,7 +68,7 @@ module('Acceptance | oidc auth method', function (hooks) {
     await this.selectMethod('oidc');
     setTimeout(() => {
       window.postMessage(buildMessage().data, window.origin);
-    }, DELAY_IN_MS);
+    }, 50);
 
     await click('[data-test-auth-submit]');
   });
@@ -99,7 +97,7 @@ module('Acceptance | oidc auth method', function (hooks) {
     await this.selectMethod('oidc', true);
     setTimeout(() => {
       window.postMessage(buildMessage().data, window.origin);
-    }, DELAY_IN_MS);
+    }, 50);
     await click('[data-test-auth-submit]');
   });
 
@@ -112,7 +110,7 @@ module('Acceptance | oidc auth method', function (hooks) {
 
     setTimeout(() => {
       window.postMessage(buildMessage().data, window.origin);
-    }, 500);
+    }, 50);
 
     await click('[data-test-auth-submit]');
     assert
@@ -169,7 +167,7 @@ module('Acceptance | oidc auth method', function (hooks) {
     await this.selectMethod('oidc');
     setTimeout(() => {
       window.postMessage(buildMessage().data, window.origin);
-    }, DELAY_IN_MS);
+    }, 50);
 
     await click('[data-test-auth-submit]');
     await waitUntil(() => find('[data-test-mfa-form]'));

ui/tests/integration/components/auth/login-form-test.js

@@ -145,7 +145,7 @@ module('Integration | Component | auth | login-form', function (hooks) {
     this.server.post('/sys/wrapping/unwrap', (_, req) => {
       assert.strictEqual(req.url, '/v1/sys/wrapping/unwrap', 'makes call to unwrap the token');
       assert.strictEqual(
-        req.requestHeaders['X-Vault-Token'],
+        req.requestHeaders['x-vault-token'],
         this.wrappedToken,
         'uses passed wrapped token for the unwrap'
       );

ui/tests/integration/components/auth/page-test.js

@@ -46,131 +46,7 @@ module('Integration | Component | auth | page', function (hooks) {
     await this.renderComponent();
     assert.dom(AUTH_FORM.logo).exists();
     assert
-      .dom(GENERAL.messageError)
-      .hasText('Error Authentication failed: API Error here', 'shows the error from the API');
-  });
-
-  test('it calls auth service authenticate method with expected args', async function (assert) {
-    assert.expect(1);
-    const authenticateStub = sinon.stub(this.auth, 'authenticate');
-    this.selectedAuth = 'foo/'; // set to a non-default path
-    this.server.get('/sys/internal/ui/mounts', () => {
-      return {
-        data: {
-          auth: {
-            'foo/': {
-              type: 'userpass',
-            },
-          },
-        },
-      };
-    });
-
-    await this.renderComponent();
-    await fillIn(AUTH_FORM.input('username'), 'sandy');
-    await fillIn(AUTH_FORM.input('password'), '1234');
-    await click(AUTH_FORM.login);
-    const [actual] = authenticateStub.lastCall.args;
-    const expectedArgs = {
-      backend: 'userpass',
-      clusterId: '1',
-      data: {
-        username: 'sandy',
-        password: '1234',
-        path: 'foo',
-      },
-      selectedAuth: 'foo/',
-    };
-    assert.propEqual(
-      actual,
-      expectedArgs,
-      `it calls auth service authenticate method with expected args: ${JSON.stringify(actual)} `
-    );
-  });
-
-  test('it calls onSuccess with expected args', async function (assert) {
-    assert.expect(3);
-    this.server.get(`auth/token/lookup-self`, () => {
-      return {
-        data: {
-          policies: ['default'],
-        },
-      };
-    });
-
-    await this.renderComponent();
-    await fillIn(AUTH_FORM.input('token'), 'mytoken');
-    await click(AUTH_FORM.login);
-    const [authResponse, backendType, data] = this.onSuccess.lastCall.args;
-    const expected = { isRoot: false, namespace: '', token: 'vault-token☃1' };
-
-    assert.propEqual(
-      authResponse,
-      expected,
-      `it calls onSuccess with response: ${JSON.stringify(authResponse)} `
-    );
-    assert.strictEqual(backendType, 'token', `it calls onSuccess with backend type: ${backendType}`);
-    assert.propEqual(data, { token: 'mytoken' }, `it calls onSuccess with data: ${JSON.stringify(data)}`);
-  });
-
-  test('it makes a request to unwrap if passed a wrappedToken and logs in', async function (assert) {
-    assert.expect(3);
-    const authenticateStub = sinon.stub(this.auth, 'authenticate');
-    this.wrappedToken = '54321';
-
-    this.server.post('/sys/wrapping/unwrap', (_, req) => {
-      assert.strictEqual(req.url, '/v1/sys/wrapping/unwrap', 'makes call to unwrap the token');
-      assert.strictEqual(
-        req.requestHeaders['x-vault-token'],
-        this.wrappedToken,
-        'uses passed wrapped token for the unwrap'
-      );
-      return {
-        auth: {
-          client_token: '12345',
-        },
-      };
-    });
-
-    await this.renderComponent();
-    later(() => cancelTimers(), 50);
-    await settled();
-    const [actual] = authenticateStub.lastCall.args;
-    assert.propEqual(
-      actual,
-      {
-        backend: 'token',
-        clusterId: '1',
-        data: {
-          token: '12345',
-        },
-        selectedAuth: 'token',
-      },
-      `it calls auth service authenticate method with correct args: ${JSON.stringify(actual)} `
-    );
-  });
-
-  test('it should set nonce value as uuid for okta method type', async function (assert) {
-    assert.expect(4);
-    this.server.post('/auth/okta/login/foo', (_, req) => {
-      const { nonce } = JSON.parse(req.requestBody);
-      assert.true(validate(nonce), 'Nonce value passed as uuid for okta login');
-      return {
-        auth: {
-          client_token: '12345',
-          policies: ['default'],
-        },
-      };
-    });
-
-    await this.renderComponent();
-
-    await fillIn(GENERAL.selectByAttr('auth-method'), 'okta');
-    await fillIn(AUTH_FORM.input('username'), 'foo');
-    await fillIn(AUTH_FORM.input('password'), 'bar');
-    await click(AUTH_FORM.login);
-    assert
-      .dom('[data-test-okta-number-challenge]')
+      .dom(AUTH_FORM.helpText)
       .hasText(
         'Once you log in, you will be redirected back to your application. If you require login credentials, contact your administrator.'
       );