From 10c9d64977b8382771689f8db25f25eb782f743a Mon Sep 17 00:00:00 2001 From: Fabienne Date: Mon, 18 Nov 2024 09:30:23 +0100 Subject: [PATCH 01/11] add test flows for login ui --- acceptance/tests/username-passkey.spec.ts | 22 +++++ .../tests/username-password-otp_email.spec.ts | 87 +++++++++++++++++++ .../tests/username-password-otp_sms.spec.ts | 35 ++++++++ acceptance/tests/username-password.spec.ts | 50 +++++++++++ 4 files changed, 194 insertions(+) create mode 100644 acceptance/tests/username-password-otp_email.spec.ts diff --git a/acceptance/tests/username-passkey.spec.ts b/acceptance/tests/username-passkey.spec.ts index 43c3cec7149..b3f6b131dde 100644 --- a/acceptance/tests/username-passkey.spec.ts +++ b/acceptance/tests/username-passkey.spec.ts @@ -24,3 +24,25 @@ test("username and passkey login", async ({user, page}) => { await loginWithPasskey(page, user.getAuthenticatorId(), user.getUsername()) await loginScreenExpect(page, user.getFullName()); }); + +test("username and passkey login, if passkey enabled", async ({user, page}) => { + // Given passkey is enabled on the organization of the user + // Given the user has only passkey enabled as authentication + + // enter username + // passkey popup is directly shown + // user verifies passkey + // user is redirected to app +}); + +test("username and passkey login, multiple auth methods", async ({user, page}) => { + // Given passkey and password is enabled on the organization of the user + // Given the user has password and passkey registered + + // enter username + // passkey popup is directly shown + // user aborts passkey authentication + // user switches to password authentication + // user enters password + // user is redirected to app +}); diff --git a/acceptance/tests/username-password-otp_email.spec.ts b/acceptance/tests/username-password-otp_email.spec.ts new file mode 100644 index 00000000000..d15793f040a --- /dev/null +++ b/acceptance/tests/username-password-otp_email.spec.ts @@ -0,0 +1,87 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + + +test("username, password and email otp login, enter code manually", async ({user, page}) => { + // Given email otp is enabled on the organizaiton of the user + // Given the user has only email otp configured as second factor + + // User enters username + // User enters password + // User receives an email with a verification code + // User enters the code into the ui + // User is redirected to the app +}); + + +test("username, password and email otp login, click link in email", async ({user, page}) => { + // Given email otp is enabled on the organizaiton of the user + // Given the user has only email otp configured as second factor + + // User enters username + // User enters password + // User receives an email with a verification code + // User clicks link in the email + // User is redirected to the app +}); + +test("username, password and email otp login, resend code", async ({user, page}) => { + // Given email otp is enabled on the organizaiton of the user + // Given the user has only email otp configured as second factor + + // User enters username + // User enters password + // User receives an email with a verification code + // User clicks resend code + // User receives a new email with a verification code + // User enters the new code in the ui + // User is redirected to the app +}); + + +test("username, password and email otp login, wrong code", async ({user, page}) => { + // Given email otp is enabled on the organizaiton of the user + // Given the user has only email otp configured as second factor + + // User enters username + // User enters password + // User receives an email with a verification code + // User enters a wrond code + // Error message - "Invalid code" is shown +}); + +test("username, password and email otp login, multiple mfa options", async ({user, page}) => { + // Given email otp and sms otp is enabled on the organizaiton of the user + // Given the user has email and sms otp configured as second factor + + // User enters username + // User enters password + // User receives an email with a verification code + // User clicks button to use sms otp as second factor + // User receives an sms with a verification code + // User enters code in ui + // User is redirected to the app +}); diff --git a/acceptance/tests/username-password-otp_sms.spec.ts b/acceptance/tests/username-password-otp_sms.spec.ts index 9caf8bd5ceb..d80e03fac8d 100644 --- a/acceptance/tests/username-password-otp_sms.spec.ts +++ b/acceptance/tests/username-password-otp_sms.spec.ts @@ -34,3 +34,38 @@ test("username, password and otp login", async ({user, page}) => { }); +test("username, password and sms otp login", async ({user, page}) => { + // Given sms otp is enabled on the organizaiton of the user + // Given the user has only sms otp configured as second factor + + // User enters username + // User enters password + // User receives an sms with a verification code + // User enters the code into the ui + // User is redirected to the app +}); + + +test("username, password and sms otp login, resend code", async ({user, page}) => { + // Given sms otp is enabled on the organizaiton of the user + // Given the user has only sms otp configured as second factor + + // User enters username + // User enters password + // User receives an sms with a verification code + // User clicks resend code + // User receives a new sms with a verification code + // User is redirected to the app +}); + + +test("username, password and sms otp login, wrong code", async ({user, page}) => { + // Given sms otp is enabled on the organizaiton of the user + // Given the user has only sms otp configured as second factor + + // User enters username + // User enters password + // User receives an sms with a verification code + // User enters a wrond code + // Error message - "Invalid code" is shown +}); diff --git a/acceptance/tests/username-password.spec.ts b/acceptance/tests/username-password.spec.ts index e9ab31d998c..ee97f21bc64 100644 --- a/acceptance/tests/username-password.spec.ts +++ b/acceptance/tests/username-password.spec.ts @@ -43,3 +43,53 @@ test("username and password login, wrong password", async ({user, page}) => { await password(page, "wrong") await passwordScreenExpect(page, "wrong") }); + +test("username and password login, wrong username, ignore unknown usernames", async ({user, page}) => { + // Given user doesn't exist but ignore unknown usernames setting is set to true + // Given username password login is enabled on the users organization + + // enter login name + // enter password + // redirect to loginname page --> error message username or password wrong +}); + +test("username and password login, initial password change", async ({user, page}) => { + // Given user is created and has changePassword set to true + // Given username password login is enabled on the users organization + + // enter login name + // enter password + // create new password +}); + +test("username and password login, reset password - enter code manually", async ({user, page}) => { + // Given user has forgotten password and clicks the forgot password button + // Given username password login is enabled on the users organization + + // enter login name + // click password forgotten + // enter code from email + // user is redirected to app +}); + +test("username and password login, reset password - click link", async ({user, page}) => { + // Given user has forgotten password and clicks the forgot password button, and then the link in the email + // Given username password login is enabled on the users organization + + // enter login name + // click password forgotten + // click link in email + // set new password + // redirect to app +}); + +test("username and password login, reset password, resend code", async ({user, page}) => { + // Given user has forgotten password and clicks the forgot password button and then resend code + // Given username password login is enabled on the users organization + + // enter login name + // click password forgotten + // click resend code + // enter code from second email + // user is authenticated +}); \ No newline at end of file From 81c6e44927df1a0d37060f6696b9f222fc4ce40b Mon Sep 17 00:00:00 2001 From: Fabienne Date: Mon, 18 Nov 2024 10:36:13 +0100 Subject: [PATCH 02/11] add more user test flows --- .../tests/username-password-otp_email.spec.ts | 3 +- .../tests/username-password-totp.spec.ts | 63 +++++++++++++++++++ .../tests/username-password-u2f_email.spec.ts | 52 +++++++++++++++ 3 files changed, 116 insertions(+), 2 deletions(-) create mode 100644 acceptance/tests/username-password-totp.spec.ts create mode 100644 acceptance/tests/username-password-u2f_email.spec.ts diff --git a/acceptance/tests/username-password-otp_email.spec.ts b/acceptance/tests/username-password-otp_email.spec.ts index d15793f040a..55a05876a5a 100644 --- a/acceptance/tests/username-password-otp_email.spec.ts +++ b/acceptance/tests/username-password-otp_email.spec.ts @@ -16,7 +16,7 @@ const test = base.extend<{ user: PasswordUserWithOTP }>({ lastName: "last", password: "Password1!", organization: "", - type: OtpType.sms, + type: OtpType.email, }); await user.ensure(page); @@ -61,7 +61,6 @@ test("username, password and email otp login, resend code", async ({user, page}) // User is redirected to the app }); - test("username, password and email otp login, wrong code", async ({user, page}) => { // Given email otp is enabled on the organizaiton of the user // Given the user has only email otp configured as second factor diff --git a/acceptance/tests/username-password-totp.spec.ts b/acceptance/tests/username-password-totp.spec.ts new file mode 100644 index 00000000000..d81ba9f09eb --- /dev/null +++ b/acceptance/tests/username-password-totp.spec.ts @@ -0,0 +1,63 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + +test("username, password and totp login", async ({user, page}) => { + // Given totp is enabled on the organizaiton of the user + // Given the user has only totp configured as second factor + + // User enters username + // User enters password + // Screen for entering the code is shown directly + // User enters the code into the ui + // User is redirected to the app +}); + + +test("username, password and totp otp login, wrong code", async ({user, page}) => { + // Given totp is enabled on the organizaiton of the user + // Given the user has only totp configured as second factor + + // User enters username + // User enters password + // Screen for entering the code is shown directly + // User enters a wrond code + // Error message - "Invalid code" is shown +}); + + +test("username, password and totp login, multiple mfa options", async ({user, page}) => { + // Given totp and email otp is enabled on the organizaiton of the user + // Given the user has totp and email otp configured as second factor + + // User enters username + // User enters password + // Screen for entering the code is shown directly + // Button to switch to email otp is shown + // User clicks button to use email otp instead + // User receives an email with a verification code + // User enters code in ui + // User is redirected to the app +}); diff --git a/acceptance/tests/username-password-u2f_email.spec.ts b/acceptance/tests/username-password-u2f_email.spec.ts new file mode 100644 index 00000000000..fad16a2fc57 --- /dev/null +++ b/acceptance/tests/username-password-u2f_email.spec.ts @@ -0,0 +1,52 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + + +test("username, password and u2f login", async ({user, page}) => { + // Given u2f is enabled on the organizaiton of the user + // Given the user has only u2f configured as second factor + + // User enters username + // User enters password + // Popup for u2f is directly opened + // User verifies u2f + // User is redirected to the app +}); + + +test("username, password and u2f login, multiple mfa options", async ({user, page}) => { + // Given u2f and semailms otp is enabled on the organizaiton of the user + // Given the user has u2f and email otp configured as second factor + + // User enters username + // User enters password + // Popup for u2f is directly opened + // User aborts u2f verification + // User clicks button to use email otp as second factor + // User receives an email with a verification code + // User enters code in ui + // User is redirected to the app +}); From c354ba2432ded535a619a449728bfd7ff6fad26e Mon Sep 17 00:00:00 2001 From: Fabienne Date: Mon, 18 Nov 2024 11:42:34 +0100 Subject: [PATCH 03/11] google idp test criteria --- acceptance/tests/idp-goolge.spec.ts | 152 ++++++++++++++++++ ....spec.ts => username-password-u2f.spec.ts} | 0 2 files changed, 152 insertions(+) create mode 100644 acceptance/tests/idp-goolge.spec.ts rename acceptance/tests/{username-password-u2f_email.spec.ts => username-password-u2f.spec.ts} (100%) diff --git a/acceptance/tests/idp-goolge.spec.ts b/acceptance/tests/idp-goolge.spec.ts new file mode 100644 index 00000000000..345ac724943 --- /dev/null +++ b/acceptance/tests/idp-goolge.spec.ts @@ -0,0 +1,152 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + + +test("login with Google IDP - auto redirect", async ({user, page}) => { + // Given idp Google is configure on the organization as only authencation method + // Given the user has only idp Google added as auth method + + // User is automatically redirected to Google + // User authenticates in Google + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with Google IDP - auto redirect, error", async ({user, page}) => { + // Given idp Google is configure on the organization as only authencation method + // Given the user has only idp Google added as auth method + + // User is automatically redirected to Google + // User authenticates in Google and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Google Login" +}); + + +test("login with Google IDP", async ({user, page}) => { + // Given username password and idp Google is configure on the organization as authencation method + // Given the user has username password and Google configured + + // Login form shows username field and a Google Login button + // User clicks on the Google button + // User is redirected to Google + // User authenticates in Google and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with Google IDP, error", async ({user, page}) => { + // Given username password and idp Google is configure on the organization as authencation method + // Given the user has username password and Google configured + + // Login form shows username field and a Google Login button + // User clicks on the Google button + // User is redirected to Google + // User authenticates in Google and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Google Login" + // User can choose password for authentication +}); + +test("login with Google IDP, no user existing - auto register", async ({user, page}) => { + // Given idp Google is configure on the organization as only authencation method + // Given idp Google is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Google + // User authenticates in Google + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Google IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp Google is configure on the organization as only authencation method + // Given idp Google is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Google + // User authenticates in Google + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Google IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp Google is configure on the organization as only authencation method + // Given idp Google is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Google + // User authenticates in Google + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with Google IDP, no user linked - auto link", async ({user, page}) => { + // Given idp Google is configure on the organization as only authencation method + // Given idp Google is configure with account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to Google + // User authenticates in Google with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with Google IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Google is configure on the organization as only authencation method + // Given idp Google is configure with manually account linking not allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Google + // User authenticates in Google with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with Google IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Google is configure on the organization as only authencation method + // Given idp Google is configure with manually account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Google + // User authenticates in Google with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/username-password-u2f_email.spec.ts b/acceptance/tests/username-password-u2f.spec.ts similarity index 100% rename from acceptance/tests/username-password-u2f_email.spec.ts rename to acceptance/tests/username-password-u2f.spec.ts From 3a22045b3691df5e6f783bf789f8997f74db90b0 Mon Sep 17 00:00:00 2001 From: Fabienne Date: Mon, 18 Nov 2024 14:04:04 +0100 Subject: [PATCH 04/11] add test spec for all idps --- acceptance/tests/idp-apple.spec.ts | 154 +++++++++++++++++ acceptance/tests/idp-generic-jwt.spec.ts | 151 +++++++++++++++++ acceptance/tests/idp-generic-oauth.spec.ts | 152 +++++++++++++++++ acceptance/tests/idp-generic-oidc.spec.ts | 153 +++++++++++++++++ .../tests/idp-github-enterprise.spec.ts | 156 +++++++++++++++++ acceptance/tests/idp-github.spec.ts | 156 +++++++++++++++++ .../tests/idp-gitlab-self-hosted.spec.ts | 156 +++++++++++++++++ acceptance/tests/idp-gitlab.spec.ts | 156 +++++++++++++++++ ...{idp-goolge.spec.ts => idp-google.spec.ts} | 1 - acceptance/tests/idp-ldap.spec.ts | 151 +++++++++++++++++ acceptance/tests/idp-microsoft.spec.ts | 154 +++++++++++++++++ acceptance/tests/idp-saml.spec.ts | 157 ++++++++++++++++++ 12 files changed, 1696 insertions(+), 1 deletion(-) create mode 100644 acceptance/tests/idp-apple.spec.ts create mode 100644 acceptance/tests/idp-generic-jwt.spec.ts create mode 100644 acceptance/tests/idp-generic-oauth.spec.ts create mode 100644 acceptance/tests/idp-generic-oidc.spec.ts create mode 100644 acceptance/tests/idp-github-enterprise.spec.ts create mode 100644 acceptance/tests/idp-github.spec.ts create mode 100644 acceptance/tests/idp-gitlab-self-hosted.spec.ts create mode 100644 acceptance/tests/idp-gitlab.spec.ts rename acceptance/tests/{idp-goolge.spec.ts => idp-google.spec.ts} (99%) create mode 100644 acceptance/tests/idp-ldap.spec.ts create mode 100644 acceptance/tests/idp-microsoft.spec.ts create mode 100644 acceptance/tests/idp-saml.spec.ts diff --git a/acceptance/tests/idp-apple.spec.ts b/acceptance/tests/idp-apple.spec.ts new file mode 100644 index 00000000000..c9485053787 --- /dev/null +++ b/acceptance/tests/idp-apple.spec.ts @@ -0,0 +1,154 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + +// Note for all tests, in case Apple doesn't deliver all relevant information per default +// We should add an action in the needed cases + +test("login with Apple IDP - auto redirect", async ({user, page}) => { + // Given idp Apple is configure on the organization as only authencation method + // Given the user has only idp Apple added as auth method + + // User is automatically redirected to Apple + // User authenticates in Apple + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with Apple IDP - auto redirect, error", async ({user, page}) => { + // Given idp Apple is configure on the organization as only authencation method + // Given the user has only idp Apple added as auth method + + // User is automatically redirected to Apple + // User authenticates in Apple and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Apple Login" +}); + + +test("login with Apple IDP", async ({user, page}) => { + // Given username password and idp Apple is configure on the organization as authencation method + // Given the user has username password and Apple configured + + // Login form shows username field and a Apple Login button + // User clicks on the Apple button + // User is redirected to Apple + // User authenticates in Apple and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with Apple IDP, error", async ({user, page}) => { + // Given username password and idp Apple is configure on the organization as authencation method + // Given the user has username password and Apple configured + + // Login form shows username field and a Apple Login button + // User clicks on the Apple button + // User is redirected to Apple + // User authenticates in Apple and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Apple Login" + // User can choose password for authentication +}); + +test("login with Apple IDP, no user existing - auto register", async ({user, page}) => { + // Given idp Apple is configure on the organization as only authencation method + // Given idp Apple is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Apple + // User authenticates in Apple + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Apple IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp Apple is configure on the organization as only authencation method + // Given idp Apple is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Apple + // User authenticates in Apple + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Apple IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp Apple is configure on the organization as only authencation method + // Given idp Apple is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Apple + // User authenticates in Apple + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with Apple IDP, no user linked - auto link", async ({user, page}) => { + // Given idp Apple is configure on the organization as only authencation method + // Given idp Apple is configure with account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to Apple + // User authenticates in Apple with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with Apple IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Apple is configure on the organization as only authencation method + // Given idp Apple is configure with manually account linking not allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Apple + // User authenticates in Apple with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with Apple IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Apple is configure on the organization as only authencation method + // Given idp Apple is configure with manually account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Apple + // User authenticates in Apple with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-generic-jwt.spec.ts b/acceptance/tests/idp-generic-jwt.spec.ts new file mode 100644 index 00000000000..2127b10a347 --- /dev/null +++ b/acceptance/tests/idp-generic-jwt.spec.ts @@ -0,0 +1,151 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + +test("login with Generic JWT IDP - auto redirect", async ({user, page}) => { + // Given idp Generic JWT is configure on the organization as only authencation method + // Given the user has only idp Generic JWT added as auth method + + // User is automatically redirected to Generic JWT + // User authenticates in Generic JWT + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with Generic JWT IDP - auto redirect, error", async ({user, page}) => { + // Given idp Generic JWT is configure on the organization as only authencation method + // Given the user has only idp Generic JWT added as auth method + + // User is automatically redirected to Generic JWT + // User authenticates in Generic JWT and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Generic JWT Login" +}); + + +test("login with Generic JWT IDP", async ({user, page}) => { + // Given username password and idp Generic JWT is configure on the organization as authencation method + // Given the user has username password and Generic JWT configured + + // Login form shows username field and a Generic JWT Login button + // User clicks on the Generic JWT button + // User is redirected to Generic JWT + // User authenticates in Generic JWT and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with Generic JWT IDP, error", async ({user, page}) => { + // Given username password and idp Generic JWT is configure on the organization as authencation method + // Given the user has username password and Generic JWT configured + + // Login form shows username field and a Generic JWT Login button + // User clicks on the Generic JWT button + // User is redirected to Generic JWT + // User authenticates in Generic JWT and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Generic JWT Login" + // User can choose password for authentication +}); + +test("login with Generic JWT IDP, no user existing - auto register", async ({user, page}) => { + // Given idp Generic JWT is configure on the organization as only authencation method + // Given idp Generic JWT is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic JWT + // User authenticates in Generic JWT + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Generic JWT IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp Generic JWT is configure on the organization as only authencation method + // Given idp Generic JWT is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic JWT + // User authenticates in Generic JWT + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Generic JWT IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp Generic JWT is configure on the organization as only authencation method + // Given idp Generic JWT is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic JWT + // User authenticates in Generic JWT + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with Generic JWT IDP, no user linked - auto link", async ({user, page}) => { + // Given idp Generic JWT is configure on the organization as only authencation method + // Given idp Generic JWT is configure with account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to Generic JWT + // User authenticates in Generic JWT with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with Generic JWT IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Generic JWT is configure on the organization as only authencation method + // Given idp Generic JWT is configure with manually account linking not allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Generic JWT + // User authenticates in Generic JWT with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with Generic JWT IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Generic JWT is configure on the organization as only authencation method + // Given idp Generic JWT is configure with manually account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Generic JWT + // User authenticates in Generic JWT with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-generic-oauth.spec.ts b/acceptance/tests/idp-generic-oauth.spec.ts new file mode 100644 index 00000000000..7f27e3167fa --- /dev/null +++ b/acceptance/tests/idp-generic-oauth.spec.ts @@ -0,0 +1,152 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + + +test("login with Generic OAuth IDP - auto redirect", async ({user, page}) => { + // Given idp Generic OAuth is configure on the organization as only authencation method + // Given the user has only idp Generic OAuth added as auth method + + // User is automatically redirected to Generic OAuth + // User authenticates in Generic OAuth + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with Generic OAuth IDP - auto redirect, error", async ({user, page}) => { + // Given idp Generic OAuth is configure on the organization as only authencation method + // Given the user has only idp Generic OAuth added as auth method + + // User is automatically redirected to Generic OAuth + // User authenticates in Generic OAuth and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Generic OAuth Login" +}); + + +test("login with Generic OAuth IDP", async ({user, page}) => { + // Given username password and idp Generic OAuth is configure on the organization as authencation method + // Given the user has username password and Generic OAuth configured + + // Login form shows username field and a Generic OAuth Login button + // User clicks on the Generic OAuth button + // User is redirected to Generic OAuth + // User authenticates in Generic OAuth and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with Generic OAuth IDP, error", async ({user, page}) => { + // Given username password and idp Generic OAuth is configure on the organization as authencation method + // Given the user has username password and Generic OAuth configured + + // Login form shows username field and a Generic OAuth Login button + // User clicks on the Generic OAuth button + // User is redirected to Generic OAuth + // User authenticates in Generic OAuth and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Generic OAuth Login" + // User can choose password for authentication +}); + +test("login with Generic OAuth IDP, no user existing - auto register", async ({user, page}) => { + // Given idp Generic OAuth is configure on the organization as only authencation method + // Given idp Generic OAuth is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic OAuth + // User authenticates in Generic OAuth + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Generic OAuth IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp Generic OAuth is configure on the organization as only authencation method + // Given idp Generic OAuth is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic OAuth + // User authenticates in Generic OAuth + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Generic OAuth IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp Generic OAuth is configure on the organization as only authencation method + // Given idp Generic OAuth is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic OAuth + // User authenticates in Generic OAuth + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with Generic OAuth IDP, no user linked - auto link", async ({user, page}) => { + // Given idp Generic OAuth is configure on the organization as only authencation method + // Given idp Generic OAuth is configure with account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to Generic OAuth + // User authenticates in Generic OAuth with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with Generic OAuth IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Generic OAuth is configure on the organization as only authencation method + // Given idp Generic OAuth is configure with manually account linking not allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Generic OAuth + // User authenticates in Generic OAuth with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with Generic OAuth IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Generic OAuth is configure on the organization as only authencation method + // Given idp Generic OAuth is configure with manually account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Generic OAuth + // User authenticates in Generic OAuth with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-generic-oidc.spec.ts b/acceptance/tests/idp-generic-oidc.spec.ts new file mode 100644 index 00000000000..f3c9e59bd63 --- /dev/null +++ b/acceptance/tests/idp-generic-oidc.spec.ts @@ -0,0 +1,153 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + +// Note, we should use a provider such as Google to test this, where we know OIDC standard is properly implemented + +test("login with Generic OIDC IDP - auto redirect", async ({user, page}) => { + // Given idp Generic OIDC is configure on the organization as only authencation method + // Given the user has only idp Generic OIDC added as auth method + + // User is automatically redirected to Generic OIDC + // User authenticates in Generic OIDC + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with Generic OIDC IDP - auto redirect, error", async ({user, page}) => { + // Given idp Generic OIDC is configure on the organization as only authencation method + // Given the user has only idp Generic OIDC added as auth method + + // User is automatically redirected to Generic OIDC + // User authenticates in Generic OIDC and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Generic OIDC Login" +}); + + +test("login with Generic OIDC IDP", async ({user, page}) => { + // Given username password and idp Generic OIDC is configure on the organization as authencation method + // Given the user has username password and Generic OIDC configured + + // Login form shows username field and a Generic OIDC Login button + // User clicks on the Generic OIDC button + // User is redirected to Generic OIDC + // User authenticates in Generic OIDC and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with Generic OIDC IDP, error", async ({user, page}) => { + // Given username password and idp Generic OIDC is configure on the organization as authencation method + // Given the user has username password and Generic OIDC configured + + // Login form shows username field and a Generic OIDC Login button + // User clicks on the Generic OIDC button + // User is redirected to Generic OIDC + // User authenticates in Generic OIDC and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Generic OIDC Login" + // User can choose password for authentication +}); + +test("login with Generic OIDC IDP, no user existing - auto register", async ({user, page}) => { + // Given idp Generic OIDC is configure on the organization as only authencation method + // Given idp Generic OIDC is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic OIDC + // User authenticates in Generic OIDC + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Generic OIDC IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp Generic OIDC is configure on the organization as only authencation method + // Given idp Generic OIDC is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic OIDC + // User authenticates in Generic OIDC + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Generic OIDC IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp Generic OIDC is configure on the organization as only authencation method + // Given idp Generic OIDC is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Generic OIDC + // User authenticates in Generic OIDC + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with Generic OIDC IDP, no user linked - auto link", async ({user, page}) => { + // Given idp Generic OIDC is configure on the organization as only authencation method + // Given idp Generic OIDC is configure with account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to Generic OIDC + // User authenticates in Generic OIDC with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with Generic OIDC IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Generic OIDC is configure on the organization as only authencation method + // Given idp Generic OIDC is configure with manually account linking not allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Generic OIDC + // User authenticates in Generic OIDC with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with Generic OIDC IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Generic OIDC is configure on the organization as only authencation method + // Given idp Generic OIDC is configure with manually account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Generic OIDC + // User authenticates in Generic OIDC with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-github-enterprise.spec.ts b/acceptance/tests/idp-github-enterprise.spec.ts new file mode 100644 index 00000000000..6bbcbc20265 --- /dev/null +++ b/acceptance/tests/idp-github-enterprise.spec.ts @@ -0,0 +1,156 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + + +test("login with GitHub Enterprise IDP - auto redirect", async ({user, page}) => { + // Given idp GitHub Enterprise is configure on the organization as only authencation method + // Given the user has only idp GitHub Enterprise added as auth method + + // User is automatically redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with GitHub Enterprise IDP - auto redirect, error", async ({user, page}) => { + // Given idp GitHub Enterprise is configure on the organization as only authencation method + // Given the user has only idp GitHub Enterprise added as auth method + + // User is automatically redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in GitHub Enterprise Login" +}); + + +test("login with GitHub Enterprise IDP", async ({user, page}) => { + // Given username password and idp GitHub Enterprise is configure on the organization as authencation method + // Given the user has username password and GitHub Enterprise configured + + // Login form shows username field and a GitHub Enterprise Login button + // User clicks on the GitHub Enterprise button + // User is redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with GitHub Enterprise IDP, error", async ({user, page}) => { + // Given username password and idp GitHub Enterprise is configure on the organization as authencation method + // Given the user has username password and GitHub Enterprise configured + + // Login form shows username field and a GitHub Enterprise Login button + // User clicks on the GitHub Enterprise button + // User is redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in GitHub Enterprise Login" + // User can choose password for authentication +}); + +test("login with GitHub Enterprise IDP, no user existing - auto register", async ({user, page}) => { + // Given idp GitHub Enterprise is configure on the organization as only authencation method + // Given idp GitHub Enterprise is configure with account creation alloweed, and automatic creation enabled + // Given ZITADEL Action is added to autofill missing user information + // Given no user exists yet + + // User is automatically redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with GitHub Enterprise IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp GitHub Enterprise is configure on the organization as only authencation method + // Given idp GitHub Enterprise is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with GitHub Enterprise IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp GitHub Enterprise is configure on the organization as only authencation method + // Given idp GitHub Enterprise is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with GitHub Enterprise IDP, no user linked - auto link", async ({user, page}) => { + // Given idp GitHub Enterprise is configure on the organization as only authencation method + // Given idp GitHub Enterprise is configure with account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with GitHub Enterprise IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp GitHub Enterprise is configure on the organization as only authencation method + // Given idp GitHub Enterprise is configure with manually account linking not allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with GitHub Enterprise IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp GitHub Enterprise is configure on the organization as only authencation method + // Given idp GitHub Enterprise is configure with manually account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to GitHub Enterprise + // User authenticates in GitHub Enterprise with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-github.spec.ts b/acceptance/tests/idp-github.spec.ts new file mode 100644 index 00000000000..d6935f92915 --- /dev/null +++ b/acceptance/tests/idp-github.spec.ts @@ -0,0 +1,156 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + + +test("login with GitHub IDP - auto redirect", async ({user, page}) => { + // Given idp GitHub is configure on the organization as only authencation method + // Given the user has only idp GitHub added as auth method + + // User is automatically redirected to GitHub + // User authenticates in GitHub + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with GitHub IDP - auto redirect, error", async ({user, page}) => { + // Given idp GitHub is configure on the organization as only authencation method + // Given the user has only idp GitHub added as auth method + + // User is automatically redirected to GitHub + // User authenticates in GitHub and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in GitHub Login" +}); + + +test("login with GitHub IDP", async ({user, page}) => { + // Given username password and idp GitHub is configure on the organization as authencation method + // Given the user has username password and GitHub configured + + // Login form shows username field and a GitHub Login button + // User clicks on the GitHub button + // User is redirected to GitHub + // User authenticates in GitHub and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with GitHub IDP, error", async ({user, page}) => { + // Given username password and idp GitHub is configure on the organization as authencation method + // Given the user has username password and GitHub configured + + // Login form shows username field and a GitHub Login button + // User clicks on the GitHub button + // User is redirected to GitHub + // User authenticates in GitHub and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in GitHub Login" + // User can choose password for authentication +}); + +test("login with GitHub IDP, no user existing - auto register", async ({user, page}) => { + // Given idp GitHub is configure on the organization as only authencation method + // Given idp GitHub is configure with account creation alloweed, and automatic creation enabled + // Given ZITADEL Action is added to autofill missing user information + // Given no user exists yet + + // User is automatically redirected to GitHub + // User authenticates in GitHub + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with GitHub IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp GitHub is configure on the organization as only authencation method + // Given idp GitHub is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to GitHub + // User authenticates in GitHub + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with GitHub IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp GitHub is configure on the organization as only authencation method + // Given idp GitHub is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to GitHub + // User authenticates in GitHub + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with GitHub IDP, no user linked - auto link", async ({user, page}) => { + // Given idp GitHub is configure on the organization as only authencation method + // Given idp GitHub is configure with account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to GitHub + // User authenticates in GitHub with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with GitHub IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp GitHub is configure on the organization as only authencation method + // Given idp GitHub is configure with manually account linking not allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to GitHub + // User authenticates in GitHub with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with GitHub IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp GitHub is configure on the organization as only authencation method + // Given idp GitHub is configure with manually account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to GitHub + // User authenticates in GitHub with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-gitlab-self-hosted.spec.ts b/acceptance/tests/idp-gitlab-self-hosted.spec.ts new file mode 100644 index 00000000000..fe3b29439ea --- /dev/null +++ b/acceptance/tests/idp-gitlab-self-hosted.spec.ts @@ -0,0 +1,156 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + + +test("login with Gitlab Self-Hosted IDP - auto redirect", async ({user, page}) => { + // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method + // Given the user has only idp Gitlab Self-Hosted added as auth method + + // User is automatically redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with Gitlab Self-Hosted IDP - auto redirect, error", async ({user, page}) => { + // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method + // Given the user has only idp Gitlab Self-Hosted added as auth method + + // User is automatically redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Gitlab Self-Hosted Login" +}); + + +test("login with Gitlab Self-Hosted IDP", async ({user, page}) => { + // Given username password and idp Gitlab Self-Hosted is configure on the organization as authencation method + // Given the user has username password and Gitlab Self-Hosted configured + + // Login form shows username field and a Gitlab Self-Hosted Login button + // User clicks on the Gitlab Self-Hosted button + // User is redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with Gitlab Self-Hosted IDP, error", async ({user, page}) => { + // Given username password and idp Gitlab Self-Hosted is configure on the organization as authencation method + // Given the user has username password and Gitlab Self-Hosted configured + + // Login form shows username field and a Gitlab Self-Hosted Login button + // User clicks on the Gitlab Self-Hosted button + // User is redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Gitlab Self-Hosted Login" + // User can choose password for authentication +}); + +test("login with Gitlab Self-Hosted IDP, no user existing - auto register", async ({user, page}) => { + // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method + // Given idp Gitlab Self-Hosted is configure with account creation alloweed, and automatic creation enabled + // Given ZITADEL Action is added to autofill missing user information + // Given no user exists yet + + // User is automatically redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Gitlab Self-Hosted IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method + // Given idp Gitlab Self-Hosted is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Gitlab Self-Hosted IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method + // Given idp Gitlab Self-Hosted is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with Gitlab Self-Hosted IDP, no user linked - auto link", async ({user, page}) => { + // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method + // Given idp Gitlab Self-Hosted is configure with account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with Gitlab Self-Hosted IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method + // Given idp Gitlab Self-Hosted is configure with manually account linking not allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with Gitlab Self-Hosted IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Gitlab Self-Hosted is configure on the organization as only authencation method + // Given idp Gitlab Self-Hosted is configure with manually account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Gitlab Self-Hosted + // User authenticates in Gitlab Self-Hosted with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-gitlab.spec.ts b/acceptance/tests/idp-gitlab.spec.ts new file mode 100644 index 00000000000..4504f670f9f --- /dev/null +++ b/acceptance/tests/idp-gitlab.spec.ts @@ -0,0 +1,156 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + + +test("login with Gitlab IDP - auto redirect", async ({user, page}) => { + // Given idp Gitlab is configure on the organization as only authencation method + // Given the user has only idp Gitlab added as auth method + + // User is automatically redirected to Gitlab + // User authenticates in Gitlab + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with Gitlab IDP - auto redirect, error", async ({user, page}) => { + // Given idp Gitlab is configure on the organization as only authencation method + // Given the user has only idp Gitlab added as auth method + + // User is automatically redirected to Gitlab + // User authenticates in Gitlab and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Gitlab Login" +}); + + +test("login with Gitlab IDP", async ({user, page}) => { + // Given username password and idp Gitlab is configure on the organization as authencation method + // Given the user has username password and Gitlab configured + + // Login form shows username field and a Gitlab Login button + // User clicks on the Gitlab button + // User is redirected to Gitlab + // User authenticates in Gitlab and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with Gitlab IDP, error", async ({user, page}) => { + // Given username password and idp Gitlab is configure on the organization as authencation method + // Given the user has username password and Gitlab configured + + // Login form shows username field and a Gitlab Login button + // User clicks on the Gitlab button + // User is redirected to Gitlab + // User authenticates in Gitlab and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Gitlab Login" + // User can choose password for authentication +}); + +test("login with Gitlab IDP, no user existing - auto register", async ({user, page}) => { + // Given idp Gitlab is configure on the organization as only authencation method + // Given idp Gitlab is configure with account creation alloweed, and automatic creation enabled + // Given ZITADEL Action is added to autofill missing user information + // Given no user exists yet + + // User is automatically redirected to Gitlab + // User authenticates in Gitlab + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Gitlab IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp Gitlab is configure on the organization as only authencation method + // Given idp Gitlab is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Gitlab + // User authenticates in Gitlab + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Gitlab IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp Gitlab is configure on the organization as only authencation method + // Given idp Gitlab is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Gitlab + // User authenticates in Gitlab + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with Gitlab IDP, no user linked - auto link", async ({user, page}) => { + // Given idp Gitlab is configure on the organization as only authencation method + // Given idp Gitlab is configure with account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to Gitlab + // User authenticates in Gitlab with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with Gitlab IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Gitlab is configure on the organization as only authencation method + // Given idp Gitlab is configure with manually account linking not allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Gitlab + // User authenticates in Gitlab with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with Gitlab IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Gitlab is configure on the organization as only authencation method + // Given idp Gitlab is configure with manually account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Gitlab + // User authenticates in Gitlab with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-goolge.spec.ts b/acceptance/tests/idp-google.spec.ts similarity index 99% rename from acceptance/tests/idp-goolge.spec.ts rename to acceptance/tests/idp-google.spec.ts index 345ac724943..0c0d777fe4a 100644 --- a/acceptance/tests/idp-goolge.spec.ts +++ b/acceptance/tests/idp-google.spec.ts @@ -24,7 +24,6 @@ const test = base.extend<{ user: PasswordUserWithOTP }>({ }, }); - test("login with Google IDP - auto redirect", async ({user, page}) => { // Given idp Google is configure on the organization as only authencation method // Given the user has only idp Google added as auth method diff --git a/acceptance/tests/idp-ldap.spec.ts b/acceptance/tests/idp-ldap.spec.ts new file mode 100644 index 00000000000..8bd71b16b41 --- /dev/null +++ b/acceptance/tests/idp-ldap.spec.ts @@ -0,0 +1,151 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + +test("login with LDAP IDP - auto redirect", async ({user, page}) => { + // Given idp LDAP is configure on the organization as only authencation method + // Given the user has only idp LDAP added as auth method + + // User is automatically redirected to LDAP + // User authenticates in LDAP + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with LDAP IDP - auto redirect, error", async ({user, page}) => { + // Given idp LDAP is configure on the organization as only authencation method + // Given the user has only idp LDAP added as auth method + + // User is automatically redirected to LDAP + // User authenticates in LDAP and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in LDAP Login" +}); + + +test("login with LDAP IDP", async ({user, page}) => { + // Given username password and idp LDAP is configure on the organization as authencation method + // Given the user has username password and LDAP configured + + // Login form shows username field and a LDAP Login button + // User clicks on the LDAP button + // User is redirected to LDAP + // User authenticates in LDAP and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with LDAP IDP, error", async ({user, page}) => { + // Given username password and idp LDAP is configure on the organization as authencation method + // Given the user has username password and LDAP configured + + // Login form shows username field and a LDAP Login button + // User clicks on the LDAP button + // User is redirected to LDAP + // User authenticates in LDAP and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in LDAP Login" + // User can choose password for authentication +}); + +test("login with LDAP IDP, no user existing - auto register", async ({user, page}) => { + // Given idp LDAP is configure on the organization as only authencation method + // Given idp LDAP is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to LDAP + // User authenticates in LDAP + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with LDAP IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp LDAP is configure on the organization as only authencation method + // Given idp LDAP is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to LDAP + // User authenticates in LDAP + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with LDAP IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp LDAP is configure on the organization as only authencation method + // Given idp LDAP is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to LDAP + // User authenticates in LDAP + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with LDAP IDP, no user linked - auto link", async ({user, page}) => { + // Given idp LDAP is configure on the organization as only authencation method + // Given idp LDAP is configure with account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to LDAP + // User authenticates in LDAP with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with LDAP IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp LDAP is configure on the organization as only authencation method + // Given idp LDAP is configure with manually account linking not allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to LDAP + // User authenticates in LDAP with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with LDAP IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp LDAP is configure on the organization as only authencation method + // Given idp LDAP is configure with manually account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to LDAP + // User authenticates in LDAP with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-microsoft.spec.ts b/acceptance/tests/idp-microsoft.spec.ts new file mode 100644 index 00000000000..8e37d11de1f --- /dev/null +++ b/acceptance/tests/idp-microsoft.spec.ts @@ -0,0 +1,154 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + +// Note for all tests, in case Microsoft doesn't deliver all relevant information per default +// We should add an action in the needed cases + +test("login with Microsoft IDP - auto redirect", async ({user, page}) => { + // Given idp Microsoft is configure on the organization as only authencation method + // Given the user has only idp Microsoft added as auth method + + // User is automatically redirected to Microsoft + // User authenticates in Microsoft + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with Microsoft IDP - auto redirect, error", async ({user, page}) => { + // Given idp Microsoft is configure on the organization as only authencation method + // Given the user has only idp Microsoft added as auth method + + // User is automatically redirected to Microsoft + // User authenticates in Microsoft and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Microsoft Login" +}); + + +test("login with Microsoft IDP", async ({user, page}) => { + // Given username password and idp Microsoft is configure on the organization as authencation method + // Given the user has username password and Microsoft configured + + // Login form shows username field and a Microsoft Login button + // User clicks on the Microsoft button + // User is redirected to Microsoft + // User authenticates in Microsoft and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with Microsoft IDP, error", async ({user, page}) => { + // Given username password and idp Microsoft is configure on the organization as authencation method + // Given the user has username password and Microsoft configured + + // Login form shows username field and a Microsoft Login button + // User clicks on the Microsoft button + // User is redirected to Microsoft + // User authenticates in Microsoft and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in Microsoft Login" + // User can choose password for authentication +}); + +test("login with Microsoft IDP, no user existing - auto register", async ({user, page}) => { + // Given idp Microsoft is configure on the organization as only authencation method + // Given idp Microsoft is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Microsoft + // User authenticates in Microsoft + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Microsoft IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp Microsoft is configure on the organization as only authencation method + // Given idp Microsoft is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Microsoft + // User authenticates in Microsoft + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with Microsoft IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp Microsoft is configure on the organization as only authencation method + // Given idp Microsoft is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to Microsoft + // User authenticates in Microsoft + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with Microsoft IDP, no user linked - auto link", async ({user, page}) => { + // Given idp Microsoft is configure on the organization as only authencation method + // Given idp Microsoft is configure with account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to Microsoft + // User authenticates in Microsoft with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with Microsoft IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Microsoft is configure on the organization as only authencation method + // Given idp Microsoft is configure with manually account linking not allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Microsoft + // User authenticates in Microsoft with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with Microsoft IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp Microsoft is configure on the organization as only authencation method + // Given idp Microsoft is configure with manually account linking allowed, and linking set to existing email + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to Microsoft + // User authenticates in Microsoft with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); diff --git a/acceptance/tests/idp-saml.spec.ts b/acceptance/tests/idp-saml.spec.ts new file mode 100644 index 00000000000..a57e19d8482 --- /dev/null +++ b/acceptance/tests/idp-saml.spec.ts @@ -0,0 +1,157 @@ +import {test as base} from "@playwright/test"; +import {OtpType, PasswordUserWithOTP} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword} from "./login"; +import {startSink} from "./otp"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUserWithOTP }>({ + user: async ({page}, use) => { + const user = new PasswordUserWithOTP({ + email: "otp_sms@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + type: OtpType.sms, + }); + + await user.ensure(page); + await use(user); + }, +}); + + +test("login with SAML IDP - auto redirect", async ({user, page}) => { + // Given idp SAML is configure on the organization as only authencation method + // Given ZITADEL Action is added to autofill missing user information + // Given the user has only idp SAML added as auth method + + // User is automatically redirected to SAML + // User authenticates in SAML + // User is redirect to ZITADEL login + // User is redirected to the app +}); + + +test("login with SAML IDP - auto redirect, error", async ({user, page}) => { + // Given idp SAML is configure on the organization as only authencation method + // Given the user has only idp SAML added as auth method + + // User is automatically redirected to SAML + // User authenticates in SAML and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in SAML Login" +}); + + +test("login with SAML IDP", async ({user, page}) => { + // Given username password and idp SAML is configure on the organization as authencation method + // Given the user has username password and SAML configured + + // Login form shows username field and a SAML Login button + // User clicks on the SAML button + // User is redirected to SAML + // User authenticates in SAML and gets an error + // User is redirect to ZITADEL login automatically + // User is redirected to app automatically +}); + + +test("login with SAML IDP, error", async ({user, page}) => { + // Given username password and idp SAML is configure on the organization as authencation method + // Given the user has username password and SAML configured + + // Login form shows username field and a SAML Login button + // User clicks on the SAML button + // User is redirected to SAML + // User authenticates in SAML and gets an error + // User is redirect to ZITADEL login + // Error is shown to the user "Something went wrong in SAML Login" + // User can choose password for authentication +}); + +test("login with SAML IDP, no user existing - auto register", async ({user, page}) => { + // Given idp SAML is configure on the organization as only authencation method + // Given idp SAML is configure with account creation alloweed, and automatic creation enabled + // Given ZITADEL Action is added to autofill missing user information + // Given no user exists yet + + // User is automatically redirected to SAML + // User authenticates in SAML + // User is redirect to ZITADEL login + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with SAML IDP, no user existing - auto register not possible", async ({user, page}) => { + // Given idp SAML is configure on the organization as only authencation method + // Given idp SAML is configure with account creation alloweed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to SAML + // User authenticates in SAML + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // User will see the registration page with pre filled user information + // User fills missing information + // User clicks register button + // User is created in ZITADEL + // User is redirected to the app +}); + +test("login with SAML IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { + // Given idp SAML is configure on the organization as only authencation method + // Given idp SAML is configure with account creation not allowed, and automatic creation enabled + // Given no user exists yet + + // User is automatically redirected to SAML + // User authenticates in SAML + // User is redirect to ZITADEL login + // Because of missing informaiton on the user auto creation is not possible + // Error message is shown, that registration of the user was not possible due to missing information +}); + +test("login with SAML IDP, no user linked - auto link", async ({user, page}) => { + // Given idp SAML is configure on the organization as only authencation method + // Given idp SAML is configure with account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com exists + + // User is automatically redirected to SAML + // User authenticates in SAML with user@zitadel.com + // User is redirect to ZITADEL login + // User is linked with existing user in ZITADEL + // User is redirected to the app +}); + +test("login with SAML IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp SAML is configure on the organization as only authencation method + // Given idp SAML is configure with manually account linking not allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to SAML + // User authenticates in SAML with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User will get an error message that account linking wasn't possible +}); + + +test("login with SAML IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { + // Given idp SAML is configure on the organization as only authencation method + // Given idp SAML is configure with manually account linking allowed, and linking set to existing email + // Given ZITADEL Action is added to autofill missing user information + // Given user with email address user@zitadel.com doesn't exists + + // User is automatically redirected to SAML + // User authenticates in SAML with user@zitadel.com + // User is redirect to ZITADEL login + // User with email address user@zitadel.com can not be found + // User is prompted to link the account manually + // User is redirected to the app +}); From bbc8d05a86de314eeb5b033fa8dfc898636c1d1c Mon Sep 17 00:00:00 2001 From: Fabienne Date: Mon, 18 Nov 2024 15:30:29 +0100 Subject: [PATCH 05/11] add more test scenarios --- acceptance/tests/idp-apple.spec.ts | 12 +- acceptance/tests/idp-generic-jwt.spec.ts | 12 +- acceptance/tests/idp-generic-oauth.spec.ts | 12 +- acceptance/tests/idp-generic-oidc.spec.ts | 12 +- .../tests/idp-github-enterprise.spec.ts | 12 +- acceptance/tests/idp-github.spec.ts | 12 +- .../tests/idp-gitlab-self-hosted.spec.ts | 12 +- acceptance/tests/idp-gitlab.spec.ts | 12 +- acceptance/tests/idp-google.spec.ts | 12 +- acceptance/tests/idp-ldap.spec.ts | 12 +- acceptance/tests/idp-microsoft.spec.ts | 12 +- acceptance/tests/idp-saml.spec.ts | 12 +- .../login-configuration-possiblities.spec.ts | 91 +++++++++++ acceptance/tests/register.spec.ts | 148 ++++++++++++++++++ .../tests/username-password-otp_email.spec.ts | 8 +- .../tests/username-password-otp_sms.spec.ts | 4 +- .../tests/username-password-totp.spec.ts | 4 +- .../tests/username-password-u2f.spec.ts | 4 +- acceptance/tests/username-password.spec.ts | 67 +++++++- 19 files changed, 384 insertions(+), 86 deletions(-) create mode 100644 acceptance/tests/login-configuration-possiblities.spec.ts diff --git a/acceptance/tests/idp-apple.spec.ts b/acceptance/tests/idp-apple.spec.ts index c9485053787..57cd320fd2e 100644 --- a/acceptance/tests/idp-apple.spec.ts +++ b/acceptance/tests/idp-apple.spec.ts @@ -34,7 +34,7 @@ test("login with Apple IDP - auto redirect", async ({user, page}) => { // User is automatically redirected to Apple // User authenticates in Apple // User is redirect to ZITADEL login - // User is redirected to the app + // User is redirected to the app (default redirect url) }); @@ -58,7 +58,7 @@ test("login with Apple IDP", async ({user, page}) => { // User is redirected to Apple // User authenticates in Apple and gets an error // User is redirect to ZITADEL login automatically - // User is redirected to app automatically + // User is redirected to app automatically (default redirect url) }); @@ -84,7 +84,7 @@ test("login with Apple IDP, no user existing - auto register", async ({user, pag // User authenticates in Apple // User is redirect to ZITADEL login // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Apple IDP, no user existing - auto register not possible", async ({user, page}) => { @@ -100,7 +100,7 @@ test("login with Apple IDP, no user existing - auto register not possible", asyn // User fills missing information // User clicks register button // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Apple IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { @@ -124,7 +124,7 @@ test("login with Apple IDP, no user linked - auto link", async ({user, page}) => // User authenticates in Apple with user@zitadel.com // User is redirect to ZITADEL login // User is linked with existing user in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Apple IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { @@ -150,5 +150,5 @@ test("login with Apple IDP, no user linked, user doesn't exist - no auto link", // User is redirect to ZITADEL login // User with email address user@zitadel.com can not be found // User is prompted to link the account manually - // User is redirected to the app + // User is redirected to the app (default redirect url) }); diff --git a/acceptance/tests/idp-generic-jwt.spec.ts b/acceptance/tests/idp-generic-jwt.spec.ts index 2127b10a347..6ca3558dd64 100644 --- a/acceptance/tests/idp-generic-jwt.spec.ts +++ b/acceptance/tests/idp-generic-jwt.spec.ts @@ -31,7 +31,7 @@ test("login with Generic JWT IDP - auto redirect", async ({user, page}) => { // User is automatically redirected to Generic JWT // User authenticates in Generic JWT // User is redirect to ZITADEL login - // User is redirected to the app + // User is redirected to the app (default redirect url) }); @@ -55,7 +55,7 @@ test("login with Generic JWT IDP", async ({user, page}) => { // User is redirected to Generic JWT // User authenticates in Generic JWT and gets an error // User is redirect to ZITADEL login automatically - // User is redirected to app automatically + // User is redirected to app automatically (default redirect url) }); @@ -81,7 +81,7 @@ test("login with Generic JWT IDP, no user existing - auto register", async ({use // User authenticates in Generic JWT // User is redirect to ZITADEL login // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Generic JWT IDP, no user existing - auto register not possible", async ({user, page}) => { @@ -97,7 +97,7 @@ test("login with Generic JWT IDP, no user existing - auto register not possible" // User fills missing information // User clicks register button // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Generic JWT IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { @@ -121,7 +121,7 @@ test("login with Generic JWT IDP, no user linked - auto link", async ({user, pag // User authenticates in Generic JWT with user@zitadel.com // User is redirect to ZITADEL login // User is linked with existing user in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Generic JWT IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { @@ -147,5 +147,5 @@ test("login with Generic JWT IDP, no user linked, user doesn't exist - no auto l // User is redirect to ZITADEL login // User with email address user@zitadel.com can not be found // User is prompted to link the account manually - // User is redirected to the app + // User is redirected to the app (default redirect url) }); diff --git a/acceptance/tests/idp-generic-oauth.spec.ts b/acceptance/tests/idp-generic-oauth.spec.ts index 7f27e3167fa..0d55f399737 100644 --- a/acceptance/tests/idp-generic-oauth.spec.ts +++ b/acceptance/tests/idp-generic-oauth.spec.ts @@ -32,7 +32,7 @@ test("login with Generic OAuth IDP - auto redirect", async ({user, page}) => { // User is automatically redirected to Generic OAuth // User authenticates in Generic OAuth // User is redirect to ZITADEL login - // User is redirected to the app + // User is redirected to the app (default redirect url) }); @@ -56,7 +56,7 @@ test("login with Generic OAuth IDP", async ({user, page}) => { // User is redirected to Generic OAuth // User authenticates in Generic OAuth and gets an error // User is redirect to ZITADEL login automatically - // User is redirected to app automatically + // User is redirected to app automatically (default redirect url) }); @@ -82,7 +82,7 @@ test("login with Generic OAuth IDP, no user existing - auto register", async ({u // User authenticates in Generic OAuth // User is redirect to ZITADEL login // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Generic OAuth IDP, no user existing - auto register not possible", async ({user, page}) => { @@ -98,7 +98,7 @@ test("login with Generic OAuth IDP, no user existing - auto register not possibl // User fills missing information // User clicks register button // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Generic OAuth IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { @@ -122,7 +122,7 @@ test("login with Generic OAuth IDP, no user linked - auto link", async ({user, p // User authenticates in Generic OAuth with user@zitadel.com // User is redirect to ZITADEL login // User is linked with existing user in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Generic OAuth IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { @@ -148,5 +148,5 @@ test("login with Generic OAuth IDP, no user linked, user doesn't exist - no auto // User is redirect to ZITADEL login // User with email address user@zitadel.com can not be found // User is prompted to link the account manually - // User is redirected to the app + // User is redirected to the app (default redirect url) }); diff --git a/acceptance/tests/idp-generic-oidc.spec.ts b/acceptance/tests/idp-generic-oidc.spec.ts index f3c9e59bd63..ed19a50a732 100644 --- a/acceptance/tests/idp-generic-oidc.spec.ts +++ b/acceptance/tests/idp-generic-oidc.spec.ts @@ -33,7 +33,7 @@ test("login with Generic OIDC IDP - auto redirect", async ({user, page}) => { // User is automatically redirected to Generic OIDC // User authenticates in Generic OIDC // User is redirect to ZITADEL login - // User is redirected to the app + // User is redirected to the app (default redirect url) }); @@ -57,7 +57,7 @@ test("login with Generic OIDC IDP", async ({user, page}) => { // User is redirected to Generic OIDC // User authenticates in Generic OIDC and gets an error // User is redirect to ZITADEL login automatically - // User is redirected to app automatically + // User is redirected to app automatically (default redirect url) }); @@ -83,7 +83,7 @@ test("login with Generic OIDC IDP, no user existing - auto register", async ({us // User authenticates in Generic OIDC // User is redirect to ZITADEL login // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Generic OIDC IDP, no user existing - auto register not possible", async ({user, page}) => { @@ -99,7 +99,7 @@ test("login with Generic OIDC IDP, no user existing - auto register not possible // User fills missing information // User clicks register button // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Generic OIDC IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { @@ -123,7 +123,7 @@ test("login with Generic OIDC IDP, no user linked - auto link", async ({user, pa // User authenticates in Generic OIDC with user@zitadel.com // User is redirect to ZITADEL login // User is linked with existing user in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Generic OIDC IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { @@ -149,5 +149,5 @@ test("login with Generic OIDC IDP, no user linked, user doesn't exist - no auto // User is redirect to ZITADEL login // User with email address user@zitadel.com can not be found // User is prompted to link the account manually - // User is redirected to the app + // User is redirected to the app (default redirect url) }); diff --git a/acceptance/tests/idp-github-enterprise.spec.ts b/acceptance/tests/idp-github-enterprise.spec.ts index 6bbcbc20265..ee7f5d8a5be 100644 --- a/acceptance/tests/idp-github-enterprise.spec.ts +++ b/acceptance/tests/idp-github-enterprise.spec.ts @@ -32,7 +32,7 @@ test("login with GitHub Enterprise IDP - auto redirect", async ({user, page}) => // User is automatically redirected to GitHub Enterprise // User authenticates in GitHub Enterprise // User is redirect to ZITADEL login - // User is redirected to the app + // User is redirected to the app (default redirect url) }); @@ -56,7 +56,7 @@ test("login with GitHub Enterprise IDP", async ({user, page}) => { // User is redirected to GitHub Enterprise // User authenticates in GitHub Enterprise and gets an error // User is redirect to ZITADEL login automatically - // User is redirected to app automatically + // User is redirected to app automatically (default redirect url) }); @@ -83,7 +83,7 @@ test("login with GitHub Enterprise IDP, no user existing - auto register", async // User authenticates in GitHub Enterprise // User is redirect to ZITADEL login // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with GitHub Enterprise IDP, no user existing - auto register not possible", async ({user, page}) => { @@ -99,7 +99,7 @@ test("login with GitHub Enterprise IDP, no user existing - auto register not pos // User fills missing information // User clicks register button // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with GitHub Enterprise IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { @@ -124,7 +124,7 @@ test("login with GitHub Enterprise IDP, no user linked - auto link", async ({use // User authenticates in GitHub Enterprise with user@zitadel.com // User is redirect to ZITADEL login // User is linked with existing user in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with GitHub Enterprise IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { @@ -152,5 +152,5 @@ test("login with GitHub Enterprise IDP, no user linked, user doesn't exist - no // User is redirect to ZITADEL login // User with email address user@zitadel.com can not be found // User is prompted to link the account manually - // User is redirected to the app + // User is redirected to the app (default redirect url) }); diff --git a/acceptance/tests/idp-github.spec.ts b/acceptance/tests/idp-github.spec.ts index d6935f92915..0ac8c13193e 100644 --- a/acceptance/tests/idp-github.spec.ts +++ b/acceptance/tests/idp-github.spec.ts @@ -32,7 +32,7 @@ test("login with GitHub IDP - auto redirect", async ({user, page}) => { // User is automatically redirected to GitHub // User authenticates in GitHub // User is redirect to ZITADEL login - // User is redirected to the app + // User is redirected to the app (default redirect url) }); @@ -56,7 +56,7 @@ test("login with GitHub IDP", async ({user, page}) => { // User is redirected to GitHub // User authenticates in GitHub and gets an error // User is redirect to ZITADEL login automatically - // User is redirected to app automatically + // User is redirected to app automatically (default redirect url) }); @@ -83,7 +83,7 @@ test("login with GitHub IDP, no user existing - auto register", async ({user, pa // User authenticates in GitHub // User is redirect to ZITADEL login // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with GitHub IDP, no user existing - auto register not possible", async ({user, page}) => { @@ -99,7 +99,7 @@ test("login with GitHub IDP, no user existing - auto register not possible", asy // User fills missing information // User clicks register button // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with GitHub IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { @@ -124,7 +124,7 @@ test("login with GitHub IDP, no user linked - auto link", async ({user, page}) = // User authenticates in GitHub with user@zitadel.com // User is redirect to ZITADEL login // User is linked with existing user in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with GitHub IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { @@ -152,5 +152,5 @@ test("login with GitHub IDP, no user linked, user doesn't exist - no auto link", // User is redirect to ZITADEL login // User with email address user@zitadel.com can not be found // User is prompted to link the account manually - // User is redirected to the app + // User is redirected to the app (default redirect url) }); diff --git a/acceptance/tests/idp-gitlab-self-hosted.spec.ts b/acceptance/tests/idp-gitlab-self-hosted.spec.ts index fe3b29439ea..00b0ec7c4af 100644 --- a/acceptance/tests/idp-gitlab-self-hosted.spec.ts +++ b/acceptance/tests/idp-gitlab-self-hosted.spec.ts @@ -32,7 +32,7 @@ test("login with Gitlab Self-Hosted IDP - auto redirect", async ({user, page}) = // User is automatically redirected to Gitlab Self-Hosted // User authenticates in Gitlab Self-Hosted // User is redirect to ZITADEL login - // User is redirected to the app + // User is redirected to the app (default redirect url) }); @@ -56,7 +56,7 @@ test("login with Gitlab Self-Hosted IDP", async ({user, page}) => { // User is redirected to Gitlab Self-Hosted // User authenticates in Gitlab Self-Hosted and gets an error // User is redirect to ZITADEL login automatically - // User is redirected to app automatically + // User is redirected to app automatically (default redirect url) }); @@ -83,7 +83,7 @@ test("login with Gitlab Self-Hosted IDP, no user existing - auto register", asyn // User authenticates in Gitlab Self-Hosted // User is redirect to ZITADEL login // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Gitlab Self-Hosted IDP, no user existing - auto register not possible", async ({user, page}) => { @@ -99,7 +99,7 @@ test("login with Gitlab Self-Hosted IDP, no user existing - auto register not po // User fills missing information // User clicks register button // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Gitlab Self-Hosted IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { @@ -124,7 +124,7 @@ test("login with Gitlab Self-Hosted IDP, no user linked - auto link", async ({us // User authenticates in Gitlab Self-Hosted with user@zitadel.com // User is redirect to ZITADEL login // User is linked with existing user in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Gitlab Self-Hosted IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { @@ -152,5 +152,5 @@ test("login with Gitlab Self-Hosted IDP, no user linked, user doesn't exist - no // User is redirect to ZITADEL login // User with email address user@zitadel.com can not be found // User is prompted to link the account manually - // User is redirected to the app + // User is redirected to the app (default redirect url) }); diff --git a/acceptance/tests/idp-gitlab.spec.ts b/acceptance/tests/idp-gitlab.spec.ts index 4504f670f9f..a94b1ac77d8 100644 --- a/acceptance/tests/idp-gitlab.spec.ts +++ b/acceptance/tests/idp-gitlab.spec.ts @@ -32,7 +32,7 @@ test("login with Gitlab IDP - auto redirect", async ({user, page}) => { // User is automatically redirected to Gitlab // User authenticates in Gitlab // User is redirect to ZITADEL login - // User is redirected to the app + // User is redirected to the app (default redirect url) }); @@ -56,7 +56,7 @@ test("login with Gitlab IDP", async ({user, page}) => { // User is redirected to Gitlab // User authenticates in Gitlab and gets an error // User is redirect to ZITADEL login automatically - // User is redirected to app automatically + // User is redirected to app automatically (default redirect url) }); @@ -83,7 +83,7 @@ test("login with Gitlab IDP, no user existing - auto register", async ({user, pa // User authenticates in Gitlab // User is redirect to ZITADEL login // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Gitlab IDP, no user existing - auto register not possible", async ({user, page}) => { @@ -99,7 +99,7 @@ test("login with Gitlab IDP, no user existing - auto register not possible", asy // User fills missing information // User clicks register button // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Gitlab IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { @@ -124,7 +124,7 @@ test("login with Gitlab IDP, no user linked - auto link", async ({user, page}) = // User authenticates in Gitlab with user@zitadel.com // User is redirect to ZITADEL login // User is linked with existing user in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Gitlab IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { @@ -152,5 +152,5 @@ test("login with Gitlab IDP, no user linked, user doesn't exist - no auto link", // User is redirect to ZITADEL login // User with email address user@zitadel.com can not be found // User is prompted to link the account manually - // User is redirected to the app + // User is redirected to the app (default redirect url) }); diff --git a/acceptance/tests/idp-google.spec.ts b/acceptance/tests/idp-google.spec.ts index 0c0d777fe4a..8c13449adde 100644 --- a/acceptance/tests/idp-google.spec.ts +++ b/acceptance/tests/idp-google.spec.ts @@ -31,7 +31,7 @@ test("login with Google IDP - auto redirect", async ({user, page}) => { // User is automatically redirected to Google // User authenticates in Google // User is redirect to ZITADEL login - // User is redirected to the app + // User is redirected to the app (default redirect url) }); @@ -55,7 +55,7 @@ test("login with Google IDP", async ({user, page}) => { // User is redirected to Google // User authenticates in Google and gets an error // User is redirect to ZITADEL login automatically - // User is redirected to app automatically + // User is redirected to app automatically (default redirect url) }); @@ -81,7 +81,7 @@ test("login with Google IDP, no user existing - auto register", async ({user, pa // User authenticates in Google // User is redirect to ZITADEL login // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Google IDP, no user existing - auto register not possible", async ({user, page}) => { @@ -97,7 +97,7 @@ test("login with Google IDP, no user existing - auto register not possible", asy // User fills missing information // User clicks register button // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Google IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { @@ -121,7 +121,7 @@ test("login with Google IDP, no user linked - auto link", async ({user, page}) = // User authenticates in Google with user@zitadel.com // User is redirect to ZITADEL login // User is linked with existing user in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Google IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { @@ -147,5 +147,5 @@ test("login with Google IDP, no user linked, user doesn't exist - no auto link", // User is redirect to ZITADEL login // User with email address user@zitadel.com can not be found // User is prompted to link the account manually - // User is redirected to the app + // User is redirected to the app (default redirect url) }); diff --git a/acceptance/tests/idp-ldap.spec.ts b/acceptance/tests/idp-ldap.spec.ts index 8bd71b16b41..fc667edee4c 100644 --- a/acceptance/tests/idp-ldap.spec.ts +++ b/acceptance/tests/idp-ldap.spec.ts @@ -31,7 +31,7 @@ test("login with LDAP IDP - auto redirect", async ({user, page}) => { // User is automatically redirected to LDAP // User authenticates in LDAP // User is redirect to ZITADEL login - // User is redirected to the app + // User is redirected to the app (default redirect url) }); @@ -55,7 +55,7 @@ test("login with LDAP IDP", async ({user, page}) => { // User is redirected to LDAP // User authenticates in LDAP and gets an error // User is redirect to ZITADEL login automatically - // User is redirected to app automatically + // User is redirected to app automatically (default redirect url) }); @@ -81,7 +81,7 @@ test("login with LDAP IDP, no user existing - auto register", async ({user, page // User authenticates in LDAP // User is redirect to ZITADEL login // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with LDAP IDP, no user existing - auto register not possible", async ({user, page}) => { @@ -97,7 +97,7 @@ test("login with LDAP IDP, no user existing - auto register not possible", async // User fills missing information // User clicks register button // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with LDAP IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { @@ -121,7 +121,7 @@ test("login with LDAP IDP, no user linked - auto link", async ({user, page}) => // User authenticates in LDAP with user@zitadel.com // User is redirect to ZITADEL login // User is linked with existing user in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with LDAP IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { @@ -147,5 +147,5 @@ test("login with LDAP IDP, no user linked, user doesn't exist - no auto link", a // User is redirect to ZITADEL login // User with email address user@zitadel.com can not be found // User is prompted to link the account manually - // User is redirected to the app + // User is redirected to the app (default redirect url) }); diff --git a/acceptance/tests/idp-microsoft.spec.ts b/acceptance/tests/idp-microsoft.spec.ts index 8e37d11de1f..26ffcc10642 100644 --- a/acceptance/tests/idp-microsoft.spec.ts +++ b/acceptance/tests/idp-microsoft.spec.ts @@ -34,7 +34,7 @@ test("login with Microsoft IDP - auto redirect", async ({user, page}) => { // User is automatically redirected to Microsoft // User authenticates in Microsoft // User is redirect to ZITADEL login - // User is redirected to the app + // User is redirected to the app (default redirect url) }); @@ -58,7 +58,7 @@ test("login with Microsoft IDP", async ({user, page}) => { // User is redirected to Microsoft // User authenticates in Microsoft and gets an error // User is redirect to ZITADEL login automatically - // User is redirected to app automatically + // User is redirected to app automatically (default redirect url) }); @@ -84,7 +84,7 @@ test("login with Microsoft IDP, no user existing - auto register", async ({user, // User authenticates in Microsoft // User is redirect to ZITADEL login // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Microsoft IDP, no user existing - auto register not possible", async ({user, page}) => { @@ -100,7 +100,7 @@ test("login with Microsoft IDP, no user existing - auto register not possible", // User fills missing information // User clicks register button // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Microsoft IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { @@ -124,7 +124,7 @@ test("login with Microsoft IDP, no user linked - auto link", async ({user, page} // User authenticates in Microsoft with user@zitadel.com // User is redirect to ZITADEL login // User is linked with existing user in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with Microsoft IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { @@ -150,5 +150,5 @@ test("login with Microsoft IDP, no user linked, user doesn't exist - no auto lin // User is redirect to ZITADEL login // User with email address user@zitadel.com can not be found // User is prompted to link the account manually - // User is redirected to the app + // User is redirected to the app (default redirect url) }); diff --git a/acceptance/tests/idp-saml.spec.ts b/acceptance/tests/idp-saml.spec.ts index a57e19d8482..890965180b5 100644 --- a/acceptance/tests/idp-saml.spec.ts +++ b/acceptance/tests/idp-saml.spec.ts @@ -33,7 +33,7 @@ test("login with SAML IDP - auto redirect", async ({user, page}) => { // User is automatically redirected to SAML // User authenticates in SAML // User is redirect to ZITADEL login - // User is redirected to the app + // User is redirected to the app (default redirect url) }); @@ -57,7 +57,7 @@ test("login with SAML IDP", async ({user, page}) => { // User is redirected to SAML // User authenticates in SAML and gets an error // User is redirect to ZITADEL login automatically - // User is redirected to app automatically + // User is redirected to app automatically (default redirect url) }); @@ -84,7 +84,7 @@ test("login with SAML IDP, no user existing - auto register", async ({user, page // User authenticates in SAML // User is redirect to ZITADEL login // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with SAML IDP, no user existing - auto register not possible", async ({user, page}) => { @@ -100,7 +100,7 @@ test("login with SAML IDP, no user existing - auto register not possible", async // User fills missing information // User clicks register button // User is created in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with SAML IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({user, page}) => { @@ -125,7 +125,7 @@ test("login with SAML IDP, no user linked - auto link", async ({user, page}) => // User authenticates in SAML with user@zitadel.com // User is redirect to ZITADEL login // User is linked with existing user in ZITADEL - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("login with SAML IDP, no user linked, user doesn't exist - no auto link", async ({user, page}) => { @@ -153,5 +153,5 @@ test("login with SAML IDP, no user linked, user doesn't exist - no auto link", a // User is redirect to ZITADEL login // User with email address user@zitadel.com can not be found // User is prompted to link the account manually - // User is redirected to the app + // User is redirected to the app (default redirect url) }); diff --git a/acceptance/tests/login-configuration-possiblities.spec.ts b/acceptance/tests/login-configuration-possiblities.spec.ts new file mode 100644 index 00000000000..0fb3b78975a --- /dev/null +++ b/acceptance/tests/login-configuration-possiblities.spec.ts @@ -0,0 +1,91 @@ +import {test as base} from "@playwright/test"; +import {PasswordUser} from './user'; +import path from 'path'; +import dotenv from 'dotenv'; +import {loginScreenExpect, loginWithPassword, startLogin} from "./login"; +import {loginnameScreenExpect} from "./loginname-screen"; +import {passwordScreenExpect} from "./password-screen"; +import {loginname} from "./loginname"; +import {password} from "./password"; + +// Read from ".env" file. +dotenv.config({path: path.resolve(__dirname, '.env.local')}); + +const test = base.extend<{ user: PasswordUser }>({ + user: async ({page}, use) => { + const user = new PasswordUser({ + email: "password@example.com", + firstName: "first", + lastName: "last", + password: "Password1!", + organization: "", + }); + await user.ensure(page); + await use(user); + }, +}); + +test("login with mfa setup, mfa setup prompt", async ({user, page}) => { + // Given the organization has set "multifactor init check time" to 40 + // Given the organization has enabled all possible mfa types + // Given the user has a password but no mfa registered and never authenticated + + // enter login name + // enter password + // User is prompted to setup a mfa, all possible mfa providers are listed, the user can choose the provider +}); + +test("login with mfa setup, mfa setup prompt", async ({user, page}) => { + // Given the organization has set "multifactor init check time" to 0 + // Given the organization has enabled all possible mfa types + // Given the user has a password but no mfa registered and never authenticated + + // enter login name + // enter password + // user is redirected to app +}); + +test("login with mfa setup, force mfa for local authenticated users", async ({user, page}) => { + // Given the organization has enabled force mfa for local authentiacted users + // Given the organization has enabled all possible mfa types + // Given the user has a password but no mfa registered + + // enter login name + // enter password + // User is prompted to setup a mfa, all possible mfa providers are listed, the user can choose the provider +}); + + +test("login with mfa setup, force mfa - local user", async ({user, page}) => { + // Given the organization has enabled force mfa for local authentiacted users + // Given the organization has enabled all possible mfa types + // Given the user has a password but no mfa registered + + // enter login name + // enter password + // User is prompted to setup a mfa, all possible mfa providers are listed, the user can choose the provider +}); + + +test("login with mfa setup, force mfa - external user", async ({user, page}) => { + // Given the organization has enabled force mfa + // Given the organization has enabled all possible mfa types + // Given the user has an idp but no mfa registered + + // enter login name + // redirect to configured external idp + // User is prompted to setup a mfa, all possible mfa providers are listed, the user can choose the provider +}); + + +test("login with mfa setup, force mfa - external user", async ({user, page}) => { + // Given the organization has a password lockout policy set to 1 on the max password attempts + // Given the user has only a password as auth methos + + // enter login name + // enter wrong password + // User will get an error "Wrong password" + // enter password + // User will get an error "Max password attempts reached - user is locked. Please reach out to your administrator" +}); + diff --git a/acceptance/tests/register.spec.ts b/acceptance/tests/register.spec.ts index 0e08db56143..f8711e3ffff 100644 --- a/acceptance/tests/register.spec.ts +++ b/acceptance/tests/register.spec.ts @@ -28,3 +28,151 @@ test("register with passkey", async ({page}) => { await registerWithPasskey(page, firstname, lastname, username) await loginScreenExpect(page, firstname + " " + lastname); }); + +test("register with username and password - only password enabled", async ({user, page}) => { + // Given on the default organization "username and password is allowed" is enabled + // Given on the default organization "username registeration allowed" is enabled + // Given on the default organization no idp is configured and enabled + // Given on the default organization passkey is not enabled + // Given user doesn't exist + + // Click on button "register new user" + // User is redirected to registration page + // Only password is shown as an option - no passkey + // User enters "firstname", "lastname", "username" and "password" + // User is redirected to app (default redirect url) +}); + +test("register with username and password - wrong password not enough characters", async ({user, page}) => { + // Given on the default organization "username and password is allowed" is enabled + // Given on the default organization "username registeration allowed" is enabled + // Given on the default organization no idp is configured and enabled + // Given on the default organization passkey is not enabled + // Given password policy is set to 8 characters and must include number, symbol, lower and upper letter + // Given user doesn't exist + + // Click on button "register new user" + // User is redirected to registration page + // Only password is shown as an option - no passkey + // User enters "firstname", "lastname", "username" and a password thats to short + // Error is shown "Password doesn't match the policy - it must have at least 8 characters" +}); + +test("register with username and password - wrong password number missing", async ({user, page}) => { + // Given on the default organization "username and password is allowed" is enabled + // Given on the default organization "username registeration allowed" is enabled + // Given on the default organization no idp is configured and enabled + // Given on the default organization passkey is not enabled + // Given password policy is set to 8 characters and must include number, symbol, lower and upper letter + // Given user doesn't exist + + // Click on button "register new user" + // User is redirected to registration page + // Only password is shown as an option - no passkey + // User enters "firstname", "lastname", "username" and a password without a number + // Error is shown "Password doesn't match the policy - number missing" +}); + +test("register with username and password - wrong password upper case missing", async ({user, page}) => { + // Given on the default organization "username and password is allowed" is enabled + // Given on the default organization "username registeration allowed" is enabled + // Given on the default organization no idp is configured and enabled + // Given on the default organization passkey is not enabled + // Given password policy is set to 8 characters and must include number, symbol, lower and upper letter + // Given user doesn't exist + + // Click on button "register new user" + // User is redirected to registration page + // Only password is shown as an option - no passkey + // User enters "firstname", "lastname", "username" and a password without an upper case + // Error is shown "Password doesn't match the policy - uppercase letter missing" +}); + +test("register with username and password - wrong password lower case missing", async ({user, page}) => { + // Given on the default organization "username and password is allowed" is enabled + // Given on the default organization "username registeration allowed" is enabled + // Given on the default organization no idp is configured and enabled + // Given on the default organization passkey is not enabled + // Given password policy is set to 8 characters and must include number, symbol, lower and upper letter + // Given user doesn't exist + + // Click on button "register new user" + // User is redirected to registration page + // Only password is shown as an option - no passkey + // User enters "firstname", "lastname", "username" and a password without an lower case + // Error is shown "Password doesn't match the policy - lowercase letter missing" +}); + + +test("register with username and password - wrong password symboo missing", async ({user, page}) => { + // Given on the default organization "username and password is allowed" is enabled + // Given on the default organization "username registeration allowed" is enabled + // Given on the default organization no idp is configured and enabled + // Given on the default organization passkey is not enabled + // Given password policy is set to 8 characters and must include number, symbol, lower and upper letter + // Given user doesn't exist + + // Click on button "register new user" + // User is redirected to registration page + // Only password is shown as an option - no passkey + // User enters "firstname", "lastname", "username" and a password without an symbol + // Error is shown "Password doesn't match the policy - symbol missing" +}); + +test("register with username and password - password and passkey enabled", async ({user, page}) => { + // Given on the default organization "username and password is allowed" is enabled + // Given on the default organization "username registeration allowed" is enabled + // Given on the default organization no idp is configured and enabled + // Given on the default organization passkey is enabled + // Given user doesn't exist + + // Click on button "register new user" + // User is redirected to registration page + // User enters "firstname", "lastname", "username" + // Password and passkey are shown as authentication option + // User clicks password + // User enters password + // User is redirected to app (default redirect url) +}); + +test("register with username and passkey - password and passkey enabled", async ({user, page}) => { + // Given on the default organization "username and password is allowed" is enabled + // Given on the default organization "username registeration allowed" is enabled + // Given on the default organization no idp is configured and enabled + // Given on the default organization passkey is enabled + // Given user doesn't exist + + // Click on button "register new user" + // User is redirected to registration page + // User enters "firstname", "lastname", "username" + // Password and passkey are shown as authentication option + // User clicks passkey + // Passkey is opened automatically + // User verifies passkey + // User is redirected to app (default redirect url) +}); + + +test("register with username and password - registration disabled", async ({user, page}) => { + // Given on the default organization "username and password is allowed" is enabled + // Given on the default organization "username registeration allowed" is enabled + // Given on the default organization no idp is configured and enabled + // Given user doesn't exist + + // Button "register new user" is not available +}); + +test("register with username and password - multiple registration options", async ({user, page}) => { + // Given on the default organization "username and password is allowed" is enabled + // Given on the default organization "username registeration allowed" is enabled + // Given on the default organization one idp is configured and enabled + // Given user doesn't exist + + // Click on button "register new user" + // User is redirected to registration options + // Local User and idp button are shown + // User clicks idp button + // User enters "firstname", "lastname", "username" and "password" + // User clicks next + // User is redirected to app (default redirect url) +}); diff --git a/acceptance/tests/username-password-otp_email.spec.ts b/acceptance/tests/username-password-otp_email.spec.ts index 55a05876a5a..43749cb203e 100644 --- a/acceptance/tests/username-password-otp_email.spec.ts +++ b/acceptance/tests/username-password-otp_email.spec.ts @@ -33,7 +33,7 @@ test("username, password and email otp login, enter code manually", async ({user // User enters password // User receives an email with a verification code // User enters the code into the ui - // User is redirected to the app + // User is redirected to the app (default redirect url) }); @@ -45,7 +45,7 @@ test("username, password and email otp login, click link in email", async ({user // User enters password // User receives an email with a verification code // User clicks link in the email - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("username, password and email otp login, resend code", async ({user, page}) => { @@ -58,7 +58,7 @@ test("username, password and email otp login, resend code", async ({user, page}) // User clicks resend code // User receives a new email with a verification code // User enters the new code in the ui - // User is redirected to the app + // User is redirected to the app (default redirect url) }); test("username, password and email otp login, wrong code", async ({user, page}) => { @@ -82,5 +82,5 @@ test("username, password and email otp login, multiple mfa options", async ({use // User clicks button to use sms otp as second factor // User receives an sms with a verification code // User enters code in ui - // User is redirected to the app + // User is redirected to the app (default redirect url) }); diff --git a/acceptance/tests/username-password-otp_sms.spec.ts b/acceptance/tests/username-password-otp_sms.spec.ts index d80e03fac8d..f762dc8c0d4 100644 --- a/acceptance/tests/username-password-otp_sms.spec.ts +++ b/acceptance/tests/username-password-otp_sms.spec.ts @@ -42,7 +42,7 @@ test("username, password and sms otp login", async ({user, page}) => { // User enters password // User receives an sms with a verification code // User enters the code into the ui - // User is redirected to the app + // User is redirected to the app (default redirect url) }); @@ -55,7 +55,7 @@ test("username, password and sms otp login, resend code", async ({user, page}) = // User receives an sms with a verification code // User clicks resend code // User receives a new sms with a verification code - // User is redirected to the app + // User is redirected to the app (default redirect url) }); diff --git a/acceptance/tests/username-password-totp.spec.ts b/acceptance/tests/username-password-totp.spec.ts index d81ba9f09eb..85ea828e08b 100644 --- a/acceptance/tests/username-password-totp.spec.ts +++ b/acceptance/tests/username-password-totp.spec.ts @@ -32,7 +32,7 @@ test("username, password and totp login", async ({user, page}) => { // User enters password // Screen for entering the code is shown directly // User enters the code into the ui - // User is redirected to the app + // User is redirected to the app (default redirect url) }); @@ -59,5 +59,5 @@ test("username, password and totp login, multiple mfa options", async ({user, pa // User clicks button to use email otp instead // User receives an email with a verification code // User enters code in ui - // User is redirected to the app + // User is redirected to the app (default redirect url) }); diff --git a/acceptance/tests/username-password-u2f.spec.ts b/acceptance/tests/username-password-u2f.spec.ts index fad16a2fc57..0f87175ad0d 100644 --- a/acceptance/tests/username-password-u2f.spec.ts +++ b/acceptance/tests/username-password-u2f.spec.ts @@ -33,7 +33,7 @@ test("username, password and u2f login", async ({user, page}) => { // User enters password // Popup for u2f is directly opened // User verifies u2f - // User is redirected to the app + // User is redirected to the app (default redirect url) }); @@ -48,5 +48,5 @@ test("username, password and u2f login, multiple mfa options", async ({user, pag // User clicks button to use email otp as second factor // User receives an email with a verification code // User enters code in ui - // User is redirected to the app + // User is redirected to the app (default redirect url) }); diff --git a/acceptance/tests/username-password.spec.ts b/acceptance/tests/username-password.spec.ts index ee97f21bc64..c7f4e8227ca 100644 --- a/acceptance/tests/username-password.spec.ts +++ b/acceptance/tests/username-password.spec.ts @@ -62,6 +62,15 @@ test("username and password login, initial password change", async ({user, page} // create new password }); + +test("username and password login, reset password hidden", async ({user, page}) => { + // Given the organization has enabled "Password reset hidden" in the login policy + // Given username password login is enabled on the users organization + + // enter login name + // password reset link should not be shown on password screen +}); + test("username and password login, reset password - enter code manually", async ({user, page}) => { // Given user has forgotten password and clicks the forgot password button // Given username password login is enabled on the users organization @@ -69,7 +78,7 @@ test("username and password login, reset password - enter code manually", async // enter login name // click password forgotten // enter code from email - // user is redirected to app + // user is redirected to app (default redirect url) }); test("username and password login, reset password - click link", async ({user, page}) => { @@ -80,7 +89,7 @@ test("username and password login, reset password - click link", async ({user, p // click password forgotten // click link in email // set new password - // redirect to app + // redirect to app (default redirect url) }); test("username and password login, reset password, resend code", async ({user, page}) => { @@ -91,5 +100,55 @@ test("username and password login, reset password, resend code", async ({user, p // click password forgotten // click resend code // enter code from second email - // user is authenticated -}); \ No newline at end of file + // user is redirected to app (default redirect url) +}); + +test("email login enabled", async ({user, page}) => { + // Given user with the username "testuser", email test@zitadel.com and phone number 0711111111 exists + // Given no other user with the same email address exists + + // enter email address "test@zitadel.com " in login screen + // user will get to password screen +}); + +test("email login disabled", async ({user, page}) => { + // Given user with the username "testuser", email test@zitadel.com and phone number 0711111111 exists + // Given no other user with the same email address exists + + // enter email address "test@zitadel.com" in login screen + // user will see error message "user not found" +}); + +test("email login enabled - multiple users", async ({user, page}) => { + // Given user with the username "testuser", email test@zitadel.com and phone number 0711111111 exists + // Given a second user with the username "testuser2", email test@zitadel.com and phone number 0711111111 exists + + // enter email address "test@zitadel.com" in login screen + // user will see error message "user not found" +}); + + +test("phone login enabled", async ({user, page}) => { + // Given user with the username "testuser", email test@zitadel.com and phone number 0711111111 exists + // Given no other user with the same phon number exists + + // enter phone number "0711111111" in login screen + // user will get to password screen +}); + +test("phone login disabled", async ({user, page}) => { + // Given user with the username "testuser", email test@zitadel.com and phone number 0711111111 exists + // Given no other user with the same phone number exists + + // enter phone number "0711111111" in login screen + // user will see error message "user not found" +}); + +test("phone login enabled - multiple users", async ({user, page}) => { + // Given user with the username "testuser", email test@zitadel.com and phone number 0711111111 exists + // Given a second user with the username "testuser2", email test@zitadel.com and phone number 0711111111 exists + + // enter phone number "0711111111" in login screen + // user will see error message "user not found" +}); + From c077b7f16a4e9e249efae03323874658c7bcf11e Mon Sep 17 00:00:00 2001 From: Max Peintner Date: Mon, 18 Nov 2024 16:54:50 +0100 Subject: [PATCH 06/11] Update acceptance/tests/idp-apple.spec.ts --- acceptance/tests/idp-apple.spec.ts | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/acceptance/tests/idp-apple.spec.ts b/acceptance/tests/idp-apple.spec.ts index 57cd320fd2e..e8cdba47a3a 100644 --- a/acceptance/tests/idp-apple.spec.ts +++ b/acceptance/tests/idp-apple.spec.ts @@ -27,14 +27,12 @@ const test = base.extend<{ user: PasswordUserWithOTP }>({ // Note for all tests, in case Apple doesn't deliver all relevant information per default // We should add an action in the needed cases -test("login with Apple IDP - auto redirect", async ({user, page}) => { - // Given idp Apple is configure on the organization as only authencation method - // Given the user has only idp Apple added as auth method - - // User is automatically redirected to Apple - // User authenticates in Apple - // User is redirect to ZITADEL login - // User is redirected to the app (default redirect url) +test("login with Apple IDP", async ({user, page}) => { + // Given idp Apple is configured on the organization + // Given the user has Apple added as auth method + // User authenticates with Apple + // User is redirected back to login + // User is redirected to the app }); From 8033fa7dd6b0f645a50fdbde15849e05ce8c99db Mon Sep 17 00:00:00 2001 From: Max Peintner Date: Mon, 18 Nov 2024 16:54:57 +0100 Subject: [PATCH 07/11] Update acceptance/tests/idp-apple.spec.ts --- acceptance/tests/idp-apple.spec.ts | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/acceptance/tests/idp-apple.spec.ts b/acceptance/tests/idp-apple.spec.ts index e8cdba47a3a..d56f104ce06 100644 --- a/acceptance/tests/idp-apple.spec.ts +++ b/acceptance/tests/idp-apple.spec.ts @@ -47,17 +47,6 @@ test("login with Apple IDP - auto redirect, error", async ({user, page}) => { }); -test("login with Apple IDP", async ({user, page}) => { - // Given username password and idp Apple is configure on the organization as authencation method - // Given the user has username password and Apple configured - - // Login form shows username field and a Apple Login button - // User clicks on the Apple button - // User is redirected to Apple - // User authenticates in Apple and gets an error - // User is redirect to ZITADEL login automatically - // User is redirected to app automatically (default redirect url) -}); test("login with Apple IDP, error", async ({user, page}) => { From 054cb4672f07ef7b1267d5734892c85d72e63b48 Mon Sep 17 00:00:00 2001 From: Max Peintner Date: Mon, 18 Nov 2024 16:55:03 +0100 Subject: [PATCH 08/11] Update acceptance/tests/login-configuration-possiblities.spec.ts --- .../tests/login-configuration-possiblities.spec.ts | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/acceptance/tests/login-configuration-possiblities.spec.ts b/acceptance/tests/login-configuration-possiblities.spec.ts index 0fb3b78975a..f277bdccac8 100644 --- a/acceptance/tests/login-configuration-possiblities.spec.ts +++ b/acceptance/tests/login-configuration-possiblities.spec.ts @@ -26,13 +26,10 @@ const test = base.extend<{ user: PasswordUser }>({ }); test("login with mfa setup, mfa setup prompt", async ({user, page}) => { - // Given the organization has set "multifactor init check time" to 40 - // Given the organization has enabled all possible mfa types - // Given the user has a password but no mfa registered and never authenticated - - // enter login name - // enter password - // User is prompted to setup a mfa, all possible mfa providers are listed, the user can choose the provider + // Given the organization has enabled at least one mfa types + // Given the user has a password but no mfa registered + // User authenticates with login name and password + // User is prompted to setup a mfa, mfa providers are listed, the user can choose the provider }); test("login with mfa setup, mfa setup prompt", async ({user, page}) => { From d7be98e6f91097b22b0651da2d111318e2f4fb14 Mon Sep 17 00:00:00 2001 From: Max Peintner Date: Mon, 18 Nov 2024 16:55:11 +0100 Subject: [PATCH 09/11] Update acceptance/tests/login-configuration-possiblities.spec.ts --- .../tests/login-configuration-possiblities.spec.ts | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/acceptance/tests/login-configuration-possiblities.spec.ts b/acceptance/tests/login-configuration-possiblities.spec.ts index f277bdccac8..0f06bd94094 100644 --- a/acceptance/tests/login-configuration-possiblities.spec.ts +++ b/acceptance/tests/login-configuration-possiblities.spec.ts @@ -32,15 +32,13 @@ test("login with mfa setup, mfa setup prompt", async ({user, page}) => { // User is prompted to setup a mfa, mfa providers are listed, the user can choose the provider }); -test("login with mfa setup, mfa setup prompt", async ({user, page}) => { +test("login with mfa setup, no mfa setup prompt", async ({user, page}) => { // Given the organization has set "multifactor init check time" to 0 - // Given the organization has enabled all possible mfa types - // Given the user has a password but no mfa registered and never authenticated - - // enter login name - // enter password - // user is redirected to app -}); + // Given the organization has enabled mfa types + // Given the user has a password but no mfa registered + // User authenticates with loginname and password + // user is directly loged in and not prompted to setup mfa + }); test("login with mfa setup, force mfa for local authenticated users", async ({user, page}) => { // Given the organization has enabled force mfa for local authentiacted users From c9fe0d92c3ceb7a421262c151038561592491248 Mon Sep 17 00:00:00 2001 From: Max Peintner Date: Mon, 18 Nov 2024 16:55:19 +0100 Subject: [PATCH 10/11] Update acceptance/tests/idp-apple.spec.ts --- acceptance/tests/idp-apple.spec.ts | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/acceptance/tests/idp-apple.spec.ts b/acceptance/tests/idp-apple.spec.ts index d56f104ce06..7de8875eef4 100644 --- a/acceptance/tests/idp-apple.spec.ts +++ b/acceptance/tests/idp-apple.spec.ts @@ -49,18 +49,6 @@ test("login with Apple IDP - auto redirect, error", async ({user, page}) => { -test("login with Apple IDP, error", async ({user, page}) => { - // Given username password and idp Apple is configure on the organization as authencation method - // Given the user has username password and Apple configured - - // Login form shows username field and a Apple Login button - // User clicks on the Apple button - // User is redirected to Apple - // User authenticates in Apple and gets an error - // User is redirect to ZITADEL login - // Error is shown to the user "Something went wrong in Apple Login" - // User can choose password for authentication -}); test("login with Apple IDP, no user existing - auto register", async ({user, page}) => { // Given idp Apple is configure on the organization as only authencation method From 7f0c70709c2293fb14056f967fc612dd6c50e8b2 Mon Sep 17 00:00:00 2001 From: Max Peintner Date: Mon, 18 Nov 2024 16:55:28 +0100 Subject: [PATCH 11/11] Update acceptance/tests/idp-apple.spec.ts --- acceptance/tests/idp-apple.spec.ts | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/acceptance/tests/idp-apple.spec.ts b/acceptance/tests/idp-apple.spec.ts index 7de8875eef4..c599cd5bba8 100644 --- a/acceptance/tests/idp-apple.spec.ts +++ b/acceptance/tests/idp-apple.spec.ts @@ -36,14 +36,13 @@ test("login with Apple IDP", async ({user, page}) => { }); -test("login with Apple IDP - auto redirect, error", async ({user, page}) => { - // Given idp Apple is configure on the organization as only authencation method - // Given the user has only idp Apple added as auth method - - // User is automatically redirected to Apple - // User authenticates in Apple and gets an error - // User is redirect to ZITADEL login - // Error is shown to the user "Something went wrong in Apple Login" +test("login with Apple IDP - error", async ({user, page}) => { + // Given idp Apple is configure on the organization + // Given the user Apple added as auth method + // User is redirected to Apple + // User authenticates with Apple and gets an error + // User is redirect back to login + // An error is shown to the user "Something went wrong in Apple Login" });