From 3a22045b3691df5e6f783bf789f8997f74db90b0 Mon Sep 17 00:00:00 2001 From: Fabienne Date: Mon, 18 Nov 2024 14:04:04 +0100 Subject: [PATCH] add test spec for all idps --- acceptance/tests/idp-apple.spec.ts | 154 +++++++++++++++++ acceptance/tests/idp-generic-jwt.spec.ts | 151 +++++++++++++++++ acceptance/tests/idp-generic-oauth.spec.ts | 152 +++++++++++++++++ acceptance/tests/idp-generic-oidc.spec.ts | 153 +++++++++++++++++ .../tests/idp-github-enterprise.spec.ts | 156 +++++++++++++++++ acceptance/tests/idp-github.spec.ts | 156 +++++++++++++++++ .../tests/idp-gitlab-self-hosted.spec.ts | 156 +++++++++++++++++ acceptance/tests/idp-gitlab.spec.ts | 156 +++++++++++++++++ ...{idp-goolge.spec.ts => idp-google.spec.ts} | 1 - acceptance/tests/idp-ldap.spec.ts | 151 +++++++++++++++++ acceptance/tests/idp-microsoft.spec.ts | 154 +++++++++++++++++ acceptance/tests/idp-saml.spec.ts | 157 ++++++++++++++++++ 12 files changed, 1696 insertions(+), 1 deletion(-) create mode 100644 acceptance/tests/idp-apple.spec.ts create mode 100644 acceptance/tests/idp-generic-jwt.spec.ts create mode 100644 acceptance/tests/idp-generic-oauth.spec.ts create mode 100644 acceptance/tests/idp-generic-oidc.spec.ts create mode 100644 acceptance/tests/idp-github-enterprise.spec.ts create mode 100644 acceptance/tests/idp-github.spec.ts create mode 100644 acceptance/tests/idp-gitlab-self-hosted.spec.ts create mode 100644 acceptance/tests/idp-gitlab.spec.ts rename acceptance/tests/{idp-goolge.spec.ts => idp-google.spec.ts} (99%) create mode 100644 acceptance/tests/idp-ldap.spec.ts create mode 100644 acceptance/tests/idp-microsoft.spec.ts create mode 100644 acceptance/tests/idp-saml.spec.ts diff --git a/acceptance/tests/idp-apple.spec.ts b/acceptance/tests/idp-apple.spec.ts new file mode 100644 index 00000000000..c9485053787 --- /dev/null +++ b/acceptance/tests/idp-apple.spec.ts @@ -0,0 +1,154 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + +// Note for all tests, in case Apple doesn't deliver all relevant information per default +// We should add an action in the needed cases + +test("login with Apple IDP - auto redirect", async ({user, page}) => { + // Given idp Apple is configure on the organization as only authencation method + // Given the user has only idp Apple added as auth method + + // User is automatically redirected to Apple + // User authenticates in Apple + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with Apple IDP - auto redirect, error", async ({user, page}) => { + // Given idp Apple is configure on the organization as only authencation method + // Given the user has only idp Apple added as auth method + + // User is automatically redirected to Apple + // User authenticates in Apple and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Apple Login" +}); + + +test("login with Apple IDP", async ({user, page}) => { + // Given username password and idp Apple is configure on the organization as authencation method + // Given the user has username password and Apple configured + + // Login form shows username field and a Apple Login button + // User clicks on the Apple button + // User is redirected to Apple + // User authenticates in Apple and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with Apple IDP, error", async ({user, page}) => { + // Given username password and idp Apple is configure on the organization as authencation method + // Given the user has username password and Apple configured + + // Login form shows username field and a Apple Login button + // User clicks on the Apple button + // User is redirected to Apple + // User authenticates in Apple and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Apple Login" + // User can choose password for authentication +}); + +test("login with Apple IDP, no user existing - auto register", async ({user, page}) => { + // Given idp Apple is configure on the organization as only authencation method + // Given idp Apple is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Apple + // User authenticates in Apple + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Apple IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp Apple is configure on the organization as only authencation method + // Given idp Apple is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Apple + // User authenticates in Apple + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Apple IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp Apple is configure on the organization as only authencation method + // Given idp Apple is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Apple + // User authenticates in Apple + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with Apple IDP, no user linked - auto link", async ({user, page}) => { + // Given idp Apple is configure on the organization as only authencation method + // Given idp Apple is configure with account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to Apple + // User authenticates in Apple with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with Apple IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Apple is configure on the organization as only authencation method + // Given idp Apple is configure with manually account linking not allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Apple + // User authenticates in Apple with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with Apple IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Apple is configure on the organization as only authencation method + // Given idp Apple is configure with manually account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Apple + // User authenticates in Apple with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-generic-jwt.spec.ts b/acceptance/tests/idp-generic-jwt.spec.ts new file mode 100644 index 00000000000..2127b10a347 --- /dev/null +++ b/acceptance/tests/idp-generic-jwt.spec.ts @@ -0,0 +1,151 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + +test("login with Generic JWT IDP - auto redirect", async ({user, page}) => { + // Given idp Generic JWT is configure on the organization as only authencation method + // Given the user has only idp Generic JWT added as auth method + + // User is automatically redirected to Generic JWT + // User authenticates in Generic JWT + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with Generic JWT IDP - auto redirect, error", async ({user, page}) => { + // Given idp Generic JWT is configure on the organization as only authencation method + // Given the user has only idp Generic JWT added as auth method + + // User is automatically redirected to Generic JWT + // User authenticates in Generic JWT and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Generic JWT Login" +}); + + +test("login with Generic JWT IDP", async ({user, page}) => { + // Given username password and idp Generic JWT is configure on the organization as authencation method + // Given the user has username password and Generic JWT configured + + // Login form shows username field and a Generic JWT Login button + // User clicks on the Generic JWT button + // User is redirected to Generic JWT + // User authenticates in Generic JWT and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with Generic JWT IDP, error", async ({user, page}) => { + // Given username password and idp Generic JWT is configure on the organization as authencation method + // Given the user has username password and Generic JWT configured + + // Login form shows username field and a Generic JWT Login button + // User clicks on the Generic JWT button + // User is redirected to Generic JWT + // User authenticates in Generic JWT and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Generic JWT Login" + // User can choose password for authentication +}); + +test("login with Generic JWT IDP, no user existing - auto register", async ({user, page}) => { + // Given idp Generic JWT is configure on the organization as only authencation method + // Given idp Generic JWT is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic JWT + // User authenticates in Generic JWT + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Generic JWT IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp Generic JWT is configure on the organization as only authencation method + // Given idp Generic JWT is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic JWT + // User authenticates in Generic JWT + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Generic JWT IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp Generic JWT is configure on the organization as only authencation method + // Given idp Generic JWT is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic JWT + // User authenticates in Generic JWT + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with Generic JWT IDP, no user linked - auto link", async ({user, page}) => { + // Given idp Generic JWT is configure on the organization as only authencation method + // Given idp Generic JWT is configure with account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to Generic JWT + // User authenticates in Generic JWT with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with Generic JWT IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Generic JWT is configure on the organization as only authencation method + // Given idp Generic JWT is configure with manually account linking not allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Generic JWT + // User authenticates in Generic JWT with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with Generic JWT IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Generic JWT is configure on the organization as only authencation method + // Given idp Generic JWT is configure with manually account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Generic JWT + // User authenticates in Generic JWT with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-generic-oauth.spec.ts b/acceptance/tests/idp-generic-oauth.spec.ts new file mode 100644 index 00000000000..7f27e3167fa --- /dev/null +++ b/acceptance/tests/idp-generic-oauth.spec.ts @@ -0,0 +1,152 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + + +test("login with Generic OAuth IDP - auto redirect", async ({user, page}) => { + // Given idp Generic OAuth is configure on the organization as only authencation method + // Given the user has only idp Generic OAuth added as auth method + + // User is automatically redirected to Generic OAuth + // User authenticates in Generic OAuth + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with Generic OAuth IDP - auto redirect, error", async ({user, page}) => { + // Given idp Generic OAuth is configure on the organization as only authencation method + // Given the user has only idp Generic OAuth added as auth method + + // User is automatically redirected to Generic OAuth + // User authenticates in Generic OAuth and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Generic OAuth Login" +}); + + +test("login with Generic OAuth IDP", async ({user, page}) => { + // Given username password and idp Generic OAuth is configure on the organization as authencation method + // Given the user has username password and Generic OAuth configured + + // Login form shows username field and a Generic OAuth Login button + // User clicks on the Generic OAuth button + // User is redirected to Generic OAuth + // User authenticates in Generic OAuth and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with Generic OAuth IDP, error", async ({user, page}) => { + // Given username password and idp Generic OAuth is configure on the organization as authencation method + // Given the user has username password and Generic OAuth configured + + // Login form shows username field and a Generic OAuth Login button + // User clicks on the Generic OAuth button + // User is redirected to Generic OAuth + // User authenticates in Generic OAuth and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Generic OAuth Login" + // User can choose password for authentication +}); + +test("login with Generic OAuth IDP, no user existing - auto register", async ({user, page}) => { + // Given idp Generic OAuth is configure on the organization as only authencation method + // Given idp Generic OAuth is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic OAuth + // User authenticates in Generic OAuth + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Generic OAuth IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp Generic OAuth is configure on the organization as only authencation method + // Given idp Generic OAuth is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic OAuth + // User authenticates in Generic OAuth + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Generic OAuth IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp Generic OAuth is configure on the organization as only authencation method + // Given idp Generic OAuth is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic OAuth + // User authenticates in Generic OAuth + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with Generic OAuth IDP, no user linked - auto link", async ({user, page}) => { + // Given idp Generic OAuth is configure on the organization as only authencation method + // Given idp Generic OAuth is configure with account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to Generic OAuth + // User authenticates in Generic OAuth with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with Generic OAuth IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Generic OAuth is configure on the organization as only authencation method + // Given idp Generic OAuth is configure with manually account linking not allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Generic OAuth + // User authenticates in Generic OAuth with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with Generic OAuth IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Generic OAuth is configure on the organization as only authencation method + // Given idp Generic OAuth is configure with manually account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Generic OAuth + // User authenticates in Generic OAuth with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-generic-oidc.spec.ts b/acceptance/tests/idp-generic-oidc.spec.ts new file mode 100644 index 00000000000..f3c9e59bd63 --- /dev/null +++ b/acceptance/tests/idp-generic-oidc.spec.ts @@ -0,0 +1,153 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + +// Note, we should use a provider such as Google to test this, where we know OIDC standard is properly implemented + +test("login with Generic OIDC IDP - auto redirect", async ({user, page}) => { + // Given idp Generic OIDC is configure on the organization as only authencation method + // Given the user has only idp Generic OIDC added as auth method + + // User is automatically redirected to Generic OIDC + // User authenticates in Generic OIDC + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with Generic OIDC IDP - auto redirect, error", async ({user, page}) => { + // Given idp Generic OIDC is configure on the organization as only authencation method + // Given the user has only idp Generic OIDC added as auth method + + // User is automatically redirected to Generic OIDC + // User authenticates in Generic OIDC and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Generic OIDC Login" +}); + + +test("login with Generic OIDC IDP", async ({user, page}) => { + // Given username password and idp Generic OIDC is configure on the organization as authencation method + // Given the user has username password and Generic OIDC configured + + // Login form shows username field and a Generic OIDC Login button + // User clicks on the Generic OIDC button + // User is redirected to Generic OIDC + // User authenticates in Generic OIDC and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with Generic OIDC IDP, error", async ({user, page}) => { + // Given username password and idp Generic OIDC is configure on the organization as authencation method + // Given the user has username password and Generic OIDC configured + + // Login form shows username field and a Generic OIDC Login button + // User clicks on the Generic OIDC button + // User is redirected to Generic OIDC + // User authenticates in Generic OIDC and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Generic OIDC Login" + // User can choose password for authentication +}); + +test("login with Generic OIDC IDP, no user existing - auto register", async ({user, page}) => { + // Given idp Generic OIDC is configure on the organization as only authencation method + // Given idp Generic OIDC is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic OIDC + // User authenticates in Generic OIDC + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Generic OIDC IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp Generic OIDC is configure on the organization as only authencation method + // Given idp Generic OIDC is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic OIDC + // User authenticates in Generic OIDC + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Generic OIDC IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp Generic OIDC is configure on the organization as only authencation method + // Given idp Generic OIDC is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic OIDC + // User authenticates in Generic OIDC + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with Generic OIDC IDP, no user linked - auto link", async ({user, page}) => { + // Given idp Generic OIDC is configure on the organization as only authencation method + // Given idp Generic OIDC is configure with account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to Generic OIDC + // User authenticates in Generic OIDC with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with Generic OIDC IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Generic OIDC is configure on the organization as only authencation method + // Given idp Generic OIDC is configure with manually account linking not allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Generic OIDC + // User authenticates in Generic OIDC with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with Generic OIDC IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Generic OIDC is configure on the organization as only authencation method + // Given idp Generic OIDC is configure with manually account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Generic OIDC + // User authenticates in Generic OIDC with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-github-enterprise.spec.ts b/acceptance/tests/idp-github-enterprise.spec.ts new file mode 100644 index 00000000000..6bbcbc20265 --- /dev/null +++ b/acceptance/tests/idp-github-enterprise.spec.ts @@ -0,0 +1,156 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + + +test("login with GitHub Enterprise IDP - auto redirect", async ({user, page}) => { + // Given idp GitHub Enterprise is configure on the organization as only authencation method + // Given the user has only idp GitHub Enterprise added as auth method + + // User is automatically redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with GitHub Enterprise IDP - auto redirect, error", async ({user, page}) => { + // Given idp GitHub Enterprise is configure on the organization as only authencation method + // Given the user has only idp GitHub Enterprise added as auth method + + // User is automatically redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in GitHub Enterprise Login" +}); + + +test("login with GitHub Enterprise IDP", async ({user, page}) => { + // Given username password and idp GitHub Enterprise is configure on the organization as authencation method + // Given the user has username password and GitHub Enterprise configured + + // Login form shows username field and a GitHub Enterprise Login button + // User clicks on the GitHub Enterprise button + // User is redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with GitHub Enterprise IDP, error", async ({user, page}) => { + // Given username password and idp GitHub Enterprise is configure on the organization as authencation method + // Given the user has username password and GitHub Enterprise configured + + // Login form shows username field and a GitHub Enterprise Login button + // User clicks on the GitHub Enterprise button + // User is redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in GitHub Enterprise Login" + // User can choose password for authentication +}); + +test("login with GitHub Enterprise IDP, no user existing - auto register", async ({user, page}) => { + // Given idp GitHub Enterprise is configure on the organization as only authencation method + // Given idp GitHub Enterprise is configure with account creation alloweed, and automatic creation enabled + // Given ZITADEL Action is added to autofill missing user information + // Given no user exists yet + + // User is automatically redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with GitHub Enterprise IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp GitHub Enterprise is configure on the organization as only authencation method + // Given idp GitHub Enterprise is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with GitHub Enterprise IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp GitHub Enterprise is configure on the organization as only authencation method + // Given idp GitHub Enterprise is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with GitHub Enterprise IDP, no user linked - auto link", async ({user, page}) => { + // Given idp GitHub Enterprise is configure on the organization as only authencation method + // Given idp GitHub Enterprise is configure with account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with GitHub Enterprise IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp GitHub Enterprise is configure on the organization as only authencation method + // Given idp GitHub Enterprise is configure with manually account linking not allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with GitHub Enterprise IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp GitHub Enterprise is configure on the organization as only authencation method + // Given idp GitHub Enterprise is configure with manually account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-github.spec.ts b/acceptance/tests/idp-github.spec.ts new file mode 100644 index 00000000000..d6935f92915 --- /dev/null +++ b/acceptance/tests/idp-github.spec.ts @@ -0,0 +1,156 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + + +test("login with GitHub IDP - auto redirect", async ({user, page}) => { + // Given idp GitHub is configure on the organization as only authencation method + // Given the user has only idp GitHub added as auth method + + // User is automatically redirected to GitHub + // User authenticates in GitHub + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with GitHub IDP - auto redirect, error", async ({user, page}) => { + // Given idp GitHub is configure on the organization as only authencation method + // Given the user has only idp GitHub added as auth method + + // User is automatically redirected to GitHub + // User authenticates in GitHub and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in GitHub Login" +}); + + +test("login with GitHub IDP", async ({user, page}) => { + // Given username password and idp GitHub is configure on the organization as authencation method + // Given the user has username password and GitHub configured + + // Login form shows username field and a GitHub Login button + // User clicks on the GitHub button + // User is redirected to GitHub + // User authenticates in GitHub and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with GitHub IDP, error", async ({user, page}) => { + // Given username password and idp GitHub is configure on the organization as authencation method + // Given the user has username password and GitHub configured + + // Login form shows username field and a GitHub Login button + // User clicks on the GitHub button + // User is redirected to GitHub + // User authenticates in GitHub and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in GitHub Login" + // User can choose password for authentication +}); + +test("login with GitHub IDP, no user existing - auto register", async ({user, page}) => { + // Given idp GitHub is configure on the organization as only authencation method + // Given idp GitHub is configure with account creation alloweed, and automatic creation enabled + // Given ZITADEL Action is added to autofill missing user information + // Given no user exists yet + + // User is automatically redirected to GitHub + // User authenticates in GitHub + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with GitHub IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp GitHub is configure on the organization as only authencation method + // Given idp GitHub is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to GitHub + // User authenticates in GitHub + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with GitHub IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp GitHub is configure on the organization as only authencation method + // Given idp GitHub is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to GitHub + // User authenticates in GitHub + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with GitHub IDP, no user linked - auto link", async ({user, page}) => { + // Given idp GitHub is configure on the organization as only authencation method + // Given idp GitHub is configure with account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to GitHub + // User authenticates in GitHub with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with GitHub IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp GitHub is configure on the organization as only authencation method + // Given idp GitHub is configure with manually account linking not allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to GitHub + // User authenticates in GitHub with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with GitHub IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp GitHub is configure on the organization as only authencation method + // Given idp GitHub is configure with manually account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to GitHub + // User authenticates in GitHub with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-gitlab-self-hosted.spec.ts b/acceptance/tests/idp-gitlab-self-hosted.spec.ts new file mode 100644 index 00000000000..fe3b29439ea --- /dev/null +++ b/acceptance/tests/idp-gitlab-self-hosted.spec.ts @@ -0,0 +1,156 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + + +test("login with Gitlab Self-Hosted IDP - auto redirect", async ({user, page}) => { + // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method + // Given the user has only idp Gitlab Self-Hosted added as auth method + + // User is automatically redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with Gitlab Self-Hosted IDP - auto redirect, error", async ({user, page}) => { + // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method + // Given the user has only idp Gitlab Self-Hosted added as auth method + + // User is automatically redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Gitlab Self-Hosted Login" +}); + + +test("login with Gitlab Self-Hosted IDP", async ({user, page}) => { + // Given username password and idp Gitlab Self-Hosted is configure on the organization as authencation method + // Given the user has username password and Gitlab Self-Hosted configured + + // Login form shows username field and a Gitlab Self-Hosted Login button + // User clicks on the Gitlab Self-Hosted button + // User is redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with Gitlab Self-Hosted IDP, error", async ({user, page}) => { + // Given username password and idp Gitlab Self-Hosted is configure on the organization as authencation method + // Given the user has username password and Gitlab Self-Hosted configured + + // Login form shows username field and a Gitlab Self-Hosted Login button + // User clicks on the Gitlab Self-Hosted button + // User is redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Gitlab Self-Hosted Login" + // User can choose password for authentication +}); + +test("login with Gitlab Self-Hosted IDP, no user existing - auto register", async ({user, page}) => { + // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method + // Given idp Gitlab Self-Hosted is configure with account creation alloweed, and automatic creation enabled + // Given ZITADEL Action is added to autofill missing user information + // Given no user exists yet + + // User is automatically redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Gitlab Self-Hosted IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method + // Given idp Gitlab Self-Hosted is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Gitlab Self-Hosted IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method + // Given idp Gitlab Self-Hosted is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with Gitlab Self-Hosted IDP, no user linked - auto link", async ({user, page}) => { + // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method + // Given idp Gitlab Self-Hosted is configure with account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with Gitlab Self-Hosted IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method + // Given idp Gitlab Self-Hosted is configure with manually account linking not allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with Gitlab Self-Hosted IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method + // Given idp Gitlab Self-Hosted is configure with manually account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-gitlab.spec.ts b/acceptance/tests/idp-gitlab.spec.ts new file mode 100644 index 00000000000..4504f670f9f --- /dev/null +++ b/acceptance/tests/idp-gitlab.spec.ts @@ -0,0 +1,156 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + + +test("login with Gitlab IDP - auto redirect", async ({user, page}) => { + // Given idp Gitlab is configure on the organization as only authencation method + // Given the user has only idp Gitlab added as auth method + + // User is automatically redirected to Gitlab + // User authenticates in Gitlab + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with Gitlab IDP - auto redirect, error", async ({user, page}) => { + // Given idp Gitlab is configure on the organization as only authencation method + // Given the user has only idp Gitlab added as auth method + + // User is automatically redirected to Gitlab + // User authenticates in Gitlab and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Gitlab Login" +}); + + +test("login with Gitlab IDP", async ({user, page}) => { + // Given username password and idp Gitlab is configure on the organization as authencation method + // Given the user has username password and Gitlab configured + + // Login form shows username field and a Gitlab Login button + // User clicks on the Gitlab button + // User is redirected to Gitlab + // User authenticates in Gitlab and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with Gitlab IDP, error", async ({user, page}) => { + // Given username password and idp Gitlab is configure on the organization as authencation method + // Given the user has username password and Gitlab configured + + // Login form shows username field and a Gitlab Login button + // User clicks on the Gitlab button + // User is redirected to Gitlab + // User authenticates in Gitlab and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Gitlab Login" + // User can choose password for authentication +}); + +test("login with Gitlab IDP, no user existing - auto register", async ({user, page}) => { + // Given idp Gitlab is configure on the organization as only authencation method + // Given idp Gitlab is configure with account creation alloweed, and automatic creation enabled + // Given ZITADEL Action is added to autofill missing user information + // Given no user exists yet + + // User is automatically redirected to Gitlab + // User authenticates in Gitlab + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Gitlab IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp Gitlab is configure on the organization as only authencation method + // Given idp Gitlab is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Gitlab + // User authenticates in Gitlab + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Gitlab IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp Gitlab is configure on the organization as only authencation method + // Given idp Gitlab is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Gitlab + // User authenticates in Gitlab + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with Gitlab IDP, no user linked - auto link", async ({user, page}) => { + // Given idp Gitlab is configure on the organization as only authencation method + // Given idp Gitlab is configure with account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to Gitlab + // User authenticates in Gitlab with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with Gitlab IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Gitlab is configure on the organization as only authencation method + // Given idp Gitlab is configure with manually account linking not allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Gitlab + // User authenticates in Gitlab with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with Gitlab IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Gitlab is configure on the organization as only authencation method + // Given idp Gitlab is configure with manually account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Gitlab + // User authenticates in Gitlab with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-goolge.spec.ts b/acceptance/tests/idp-google.spec.ts similarity index 99% rename from acceptance/tests/idp-goolge.spec.ts rename to acceptance/tests/idp-google.spec.ts index 345ac724943..0c0d777fe4a 100644 --- a/acceptance/tests/idp-goolge.spec.ts +++ b/acceptance/tests/idp-google.spec.ts @@ -24,7 +24,6 @@ const test = base.extend<{ user: PasswordUserWithOTP }>({ }, }); - test("login with Google IDP - auto redirect", async ({user, page}) => { // Given idp Google is configure on the organization as only authencation method // Given the user has only idp Google added as auth method diff --git a/acceptance/tests/idp-ldap.spec.ts b/acceptance/tests/idp-ldap.spec.ts new file mode 100644 index 00000000000..8bd71b16b41 --- /dev/null +++ b/acceptance/tests/idp-ldap.spec.ts @@ -0,0 +1,151 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + +test("login with LDAP IDP - auto redirect", async ({user, page}) => { + // Given idp LDAP is configure on the organization as only authencation method + // Given the user has only idp LDAP added as auth method + + // User is automatically redirected to LDAP + // User authenticates in LDAP + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with LDAP IDP - auto redirect, error", async ({user, page}) => { + // Given idp LDAP is configure on the organization as only authencation method + // Given the user has only idp LDAP added as auth method + + // User is automatically redirected to LDAP + // User authenticates in LDAP and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in LDAP Login" +}); + + +test("login with LDAP IDP", async ({user, page}) => { + // Given username password and idp LDAP is configure on the organization as authencation method + // Given the user has username password and LDAP configured + + // Login form shows username field and a LDAP Login button + // User clicks on the LDAP button + // User is redirected to LDAP + // User authenticates in LDAP and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with LDAP IDP, error", async ({user, page}) => { + // Given username password and idp LDAP is configure on the organization as authencation method + // Given the user has username password and LDAP configured + + // Login form shows username field and a LDAP Login button + // User clicks on the LDAP button + // User is redirected to LDAP + // User authenticates in LDAP and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in LDAP Login" + // User can choose password for authentication +}); + +test("login with LDAP IDP, no user existing - auto register", async ({user, page}) => { + // Given idp LDAP is configure on the organization as only authencation method + // Given idp LDAP is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to LDAP + // User authenticates in LDAP + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with LDAP IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp LDAP is configure on the organization as only authencation method + // Given idp LDAP is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to LDAP + // User authenticates in LDAP + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with LDAP IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp LDAP is configure on the organization as only authencation method + // Given idp LDAP is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to LDAP + // User authenticates in LDAP + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with LDAP IDP, no user linked - auto link", async ({user, page}) => { + // Given idp LDAP is configure on the organization as only authencation method + // Given idp LDAP is configure with account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to LDAP + // User authenticates in LDAP with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with LDAP IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp LDAP is configure on the organization as only authencation method + // Given idp LDAP is configure with manually account linking not allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to LDAP + // User authenticates in LDAP with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with LDAP IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp LDAP is configure on the organization as only authencation method + // Given idp LDAP is configure with manually account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to LDAP + // User authenticates in LDAP with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-microsoft.spec.ts b/acceptance/tests/idp-microsoft.spec.ts new file mode 100644 index 00000000000..8e37d11de1f --- /dev/null +++ b/acceptance/tests/idp-microsoft.spec.ts @@ -0,0 +1,154 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + +// Note for all tests, in case Microsoft doesn't deliver all relevant information per default +// We should add an action in the needed cases + +test("login with Microsoft IDP - auto redirect", async ({user, page}) => { + // Given idp Microsoft is configure on the organization as only authencation method + // Given the user has only idp Microsoft added as auth method + + // User is automatically redirected to Microsoft + // User authenticates in Microsoft + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with Microsoft IDP - auto redirect, error", async ({user, page}) => { + // Given idp Microsoft is configure on the organization as only authencation method + // Given the user has only idp Microsoft added as auth method + + // User is automatically redirected to Microsoft + // User authenticates in Microsoft and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Microsoft Login" +}); + + +test("login with Microsoft IDP", async ({user, page}) => { + // Given username password and idp Microsoft is configure on the organization as authencation method + // Given the user has username password and Microsoft configured + + // Login form shows username field and a Microsoft Login button + // User clicks on the Microsoft button + // User is redirected to Microsoft + // User authenticates in Microsoft and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with Microsoft IDP, error", async ({user, page}) => { + // Given username password and idp Microsoft is configure on the organization as authencation method + // Given the user has username password and Microsoft configured + + // Login form shows username field and a Microsoft Login button + // User clicks on the Microsoft button + // User is redirected to Microsoft + // User authenticates in Microsoft and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Microsoft Login" + // User can choose password for authentication +}); + +test("login with Microsoft IDP, no user existing - auto register", async ({user, page}) => { + // Given idp Microsoft is configure on the organization as only authencation method + // Given idp Microsoft is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Microsoft + // User authenticates in Microsoft + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Microsoft IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp Microsoft is configure on the organization as only authencation method + // Given idp Microsoft is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Microsoft + // User authenticates in Microsoft + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Microsoft IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp Microsoft is configure on the organization as only authencation method + // Given idp Microsoft is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Microsoft + // User authenticates in Microsoft + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with Microsoft IDP, no user linked - auto link", async ({user, page}) => { + // Given idp Microsoft is configure on the organization as only authencation method + // Given idp Microsoft is configure with account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to Microsoft + // User authenticates in Microsoft with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with Microsoft IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Microsoft is configure on the organization as only authencation method + // Given idp Microsoft is configure with manually account linking not allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Microsoft + // User authenticates in Microsoft with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with Microsoft IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Microsoft is configure on the organization as only authencation method + // Given idp Microsoft is configure with manually account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Microsoft + // User authenticates in Microsoft with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-saml.spec.ts b/acceptance/tests/idp-saml.spec.ts new file mode 100644 index 00000000000..a57e19d8482 --- /dev/null +++ b/acceptance/tests/idp-saml.spec.ts @@ -0,0 +1,157 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + + +test("login with SAML IDP - auto redirect", async ({user, page}) => { + // Given idp SAML is configure on the organization as only authencation method + // Given ZITADEL Action is added to autofill missing user information + // Given the user has only idp SAML added as auth method + + // User is automatically redirected to SAML + // User authenticates in SAML + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with SAML IDP - auto redirect, error", async ({user, page}) => { + // Given idp SAML is configure on the organization as only authencation method + // Given the user has only idp SAML added as auth method + + // User is automatically redirected to SAML + // User authenticates in SAML and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in SAML Login" +}); + + +test("login with SAML IDP", async ({user, page}) => { + // Given username password and idp SAML is configure on the organization as authencation method + // Given the user has username password and SAML configured + + // Login form shows username field and a SAML Login button + // User clicks on the SAML button + // User is redirected to SAML + // User authenticates in SAML and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with SAML IDP, error", async ({user, page}) => { + // Given username password and idp SAML is configure on the organization as authencation method + // Given the user has username password and SAML configured + + // Login form shows username field and a SAML Login button + // User clicks on the SAML button + // User is redirected to SAML + // User authenticates in SAML and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in SAML Login" + // User can choose password for authentication +}); + +test("login with SAML IDP, no user existing - auto register", async ({user, page}) => { + // Given idp SAML is configure on the organization as only authencation method + // Given idp SAML is configure with account creation alloweed, and automatic creation enabled + // Given ZITADEL Action is added to autofill missing user information + // Given no user exists yet + + // User is automatically redirected to SAML + // User authenticates in SAML + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with SAML IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp SAML is configure on the organization as only authencation method + // Given idp SAML is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to SAML + // User authenticates in SAML + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with SAML IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp SAML is configure on the organization as only authencation method + // Given idp SAML is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to SAML + // User authenticates in SAML + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with SAML IDP, no user linked - auto link", async ({user, page}) => { + // Given idp SAML is configure on the organization as only authencation method + // Given idp SAML is configure with account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to SAML + // User authenticates in SAML with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with SAML IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp SAML is configure on the organization as only authencation method + // Given idp SAML is configure with manually account linking not allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to SAML + // User authenticates in SAML with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with SAML IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp SAML is configure on the organization as only authencation method + // Given idp SAML is configure with manually account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to SAML + // User authenticates in SAML with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +});