test: add e2e tests for recovery

Co-authored-by: Jonas Hungershausen <[email protected]>
ory · Aug 25, 2023 · 77b7c72 · 77b7c72
1 parent bc0f0d0
commit 77b7c72
Show file tree

Hide file tree

Showing 5 changed files with 78 additions and 34 deletions.
diff --git a/contrib/quickstart/kratos/email-password/kratos.yml b/contrib/quickstart/kratos/email-password/kratos.yml
@@ -14,7 +14,7 @@ selfservice:
   default_browser_return_url: http://127.0.0.1:4455/
   allowed_return_urls:
     - http://127.0.0.1:4455
-    - http://localhost:4457/Callback
+    - http://localhost:19006/Callback
 
   methods:
     password:

diff --git a/selfservice/flow/recovery/flow.go b/selfservice/flow/recovery/flow.go
@@ -101,6 +101,7 @@ type Flow struct {
 	// the user.
 	DangerousSkipCSRFCheck bool `json:"-" faker:"-" db:"skip_csrf_check"`
 
+	// Contains possible actions that could follow this flow
 	ContinueWith []flow.ContinueWith `json:"continue_with,omitempty" faker:"-" db:"-"`
 }
 

diff --git a/selfservice/strategy/code/strategy_recovery.go b/selfservice/strategy/code/strategy_recovery.go
@@ -185,7 +185,6 @@ func (s *Strategy) recoveryIssueSession(w http.ResponseWriter, r *http.Request,
 
 	switch {
 	case f.Type == flow.TypeBrowser:
-		// TODO: How does this work with Mobile?
 		if err := s.deps.SessionManager().UpsertAndIssueCookie(ctx, w, r, sess); err != nil {
 			return s.retryRecoveryFlowWithError(w, r, f.Type, err)
 		}

diff --git a/test/e2e/playwright.config.ts b/test/e2e/playwright.config.ts
@@ -54,7 +54,7 @@ export default defineConfig({
       command:
         "make .bin/MailHog && .bin/MailHog -smtp-bind-addr=localhost:8026",
       cwd: "../..",
-      reuseExistingServer: true,
+      reuseExistingServer: false,
       url: "http://localhost:8025/",
     },
   ],

diff --git a/test/e2e/playwright/tests/app_recovery.spec.ts b/test/e2e/playwright/tests/app_recovery.spec.ts
@@ -6,46 +6,90 @@ import { test } from "../fixtures"
 import { search } from "../actions/mail"
 import { extractCode } from "../lib/helper"
 
-test.use({
-  configOverride: {
-    identity: {
-      default_schema_id: "email",
-      schemas: [
-        {
-          id: "email",
-          url: "file://test/e2e/profiles/email/identity.traits.schema.json",
-        },
-      ],
+test.describe.configure({ mode: "parallel" })
+test.describe("Recovery", () => {
+  test.use({
+    configOverride: {
+      identity: {
+        default_schema_id: "email",
+        schemas: [
+          {
+            id: "email",
+            url: "file://test/e2e/profiles/email/identity.traits.schema.json",
+          },
+        ],
+      },
     },
-  },
-})
+  })
 
-test("recovery works", async ({ page, identity }) => {
-  await page.goto("/Recovery")
+  test("succeeds with a valid email address", async ({ page, identity }) => {
+    await page.goto("/Recovery")
 
-  const emailInput = page.getByTestId("email")
-  await emailInput.waitFor()
+    await page.getByTestId("email").fill(identity.traits.email)
+    await page.getByTestId("submit-form").click()
+    await expect(page.getByTestId("ui/message/1060003")).toBeVisible()
 
-  await emailInput.fill(identity.traits.email)
+    const mails = await search(identity.traits.email, "to")
+    expect(mails).toHaveLength(1)
 
-  await page.getByTestId("submit-form").click()
+    const code = extractCode(mails[0])
+    const wrongCode = "0" + code
 
-  await page.getByTestId("ui/message/1060003").waitFor()
+    await test.step("enter wrong code", async () => {
+      await page.getByTestId("code").fill(wrongCode)
+      await page.getByText("Submit").click()
+      await expect(page.getByTestId("ui/message/4060006")).toBeVisible()
+    })
 
-  const mails = await search(identity.traits.email, "to")
-  expect(mails).toHaveLength(1)
+    await test.step("enter correct code", async () => {
+      await page.getByTestId("code").fill(code)
+      await page.getByText("Submit").click()
+      await page.waitForURL(/Settings/)
+      await expect(page.getByTestId("ui/message/1060001").first()).toBeVisible()
+    })
+  })
 
-  const code = extractCode(mails[0])
+  test("wrong email address does not get sent", async ({ page, identity }) => {
+    await page.goto("/Recovery")
 
-  const codeInput = page.getByTestId("code")
-  await codeInput.fill(code)
+    const wrongEmailAddress = "wrong-" + identity.traits.email
+    await page.getByTestId("email").fill(wrongEmailAddress)
+    await page.getByTestId("submit-form").click()
+    await expect(page.getByTestId("ui/message/1060003")).toBeVisible()
 
-  await page.getByTestId("field/method/code").getByTestId("submit-form").click()
+    try {
+      await search(identity.traits.email, "to")
+      expect(false).toBeTruthy()
+    } catch (e) {
+      // this is expected
+    }
+  })
 
-  await page.getByTestId("ui/message/1060001").waitFor()
-})
+  test("fails with an invalid code", async ({ page, identity }) => {
+    await page.goto("/Recovery")
+
+    await page.getByTestId("email").fill(identity.traits.email)
+    await page.getByTestId("submit-form").click()
+    await page.getByTestId("ui/message/1060003").isVisible()
+
+    const mails = await search(identity.traits.email, "to")
+    expect(mails).toHaveLength(1)
 
-// TODO: add test for
-// - recovery with a not registered email
-// - recovery with a not verified email
-// - recovery brute force
+    const code = extractCode(mails[0])
+    const wrongCode = "0" + code
+
+    await test.step("enter wrong repeatetly", async () => {
+      for (let i = 0; i < 10; i++) {
+        await page.getByTestId("code").fill(wrongCode)
+        await page.getByText("Submit").click()
+        await expect(page.getByTestId("ui/message/4060006")).toBeVisible()
+      }
+    })
+
+    await test.step("enter correct code fails", async () => {
+      await page.getByTestId("code").fill(code)
+      await page.getByText("Submit").click()
+      await expect(page.getByTestId("ui/message/4060006")).toBeVisible()
+    })
+  })
+})