Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: #1251 - fix return_to for expired flows #1697

Merged
merged 10 commits into from
Sep 5, 2021
Merged

fix: #1251 - fix return_to for expired flows #1697

merged 10 commits into from
Sep 5, 2021

Conversation

dibyajyotibehera
Copy link
Contributor

Related issue(s)

Checklist

Further Comments

@codecov
Copy link

codecov bot commented Aug 29, 2021
edited
Loading

Codecov Report

Merging #1697 (79c34d1) into master (64c9b76) will increase coverage by 0.10%.
The diff coverage is 72.22%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #1697      +/-   ##
==========================================
+ Coverage   73.92%   74.03%   +0.10%     
==========================================
  Files         260      260              
  Lines       12662    12692      +30     
==========================================
+ Hits         9360     9396      +36     
+ Misses       2679     2672       -7     
- Partials      623      624       +1
Impacted Files Coverage Δ
selfservice/flow/login/handler.go 68.88% <66.66%> (-0.11%) ⬇️
selfservice/flow/recovery/flow.go 90.69% <66.66%> (-3.90%) ⬇️
selfservice/flow/registration/handler.go 71.92% <66.66%> (-0.30%) ⬇️
selfservice/flow/settings/handler.go 63.43% <66.66%> (+0.15%) ⬆️
selfservice/flow/verification/flow.go 85.71% <66.66%> (-2.29%) ⬇️
selfservice/flow/login/error.go 77.41% <100.00%> (ø)
selfservice/flow/recovery/error.go 73.84% <100.00%> (ø)
selfservice/flow/registration/error.go 77.41% <100.00%> (ø)
selfservice/flow/settings/error.go 75.60% <100.00%> (ø)
selfservice/flow/verification/error.go 81.66% <100.00%> (ø)
... and 2 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 64c9b76...79c34d1. Read the comment docs.

aeneasr
aeneasr requested changes Aug 30, 2021
View reviewed changes
Copy link
Member

@aeneasr aeneasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! This is looking pretty good! I think we should still verify if this works end-to-end - so checking that you end up at the correct URL when you try to submit an expired flow. To do that, you could add a helper like this one

kratos/test/e2e/cypress/support/commands.js

Line 108 in 1cf61cd

Cypress.Commands.add('longRecoveryLifespan', ({} = {}) => {

kratos/test/e2e/cypress/support/commands.js

Line 124 in 1cf61cd

Cypress.Commands.add('shortRecoveryLifespan', ({} = {}) => {

and add a test to login

kratos/test/e2e/cypress/integration/profiles/email/login/success.spec.js

Lines 36 to 49 in 835fb31

it('should sign in with case insensitive identifier', () => {
cy.get('input[name="password_identifier"]').type(email.toUpperCase())
cy.get('input[name="password"]').type(password)
cy.get('button[type="submit"]').click()
cy.session().should((session) => {
const { identity } = session
expect(identity.id).to.not.be.empty
expect(identity.schema_id).to.equal('default')
expect(identity.schema_url).to.equal(`${APP_URL}/schemas/default`)
expect(identity.traits.website).to.equal(website)
expect(identity.traits.email).to.equal(email)
})
})

(and the other flows) which has a beforeEach that reset the lifespan like here:

kratos/test/e2e/cypress/integration/profiles/recovery/recovery/errors.spec.js

Line 17 in 835fb31

cy.longRecoveryLifespan()

and has one test with a short expiry time

kratos/test/e2e/cypress/integration/profiles/recovery/recovery/errors.spec.js

Line 57 in 835fb31

cy.shortLinkLifespan()

In pseudo-code it might look something like this:

    it('should end up at the correct return to if flow is expired', () => {
      cy.visit(APP_URL + '/auth/login?return_to=....')
      cy.shortLoginLifespan()
      cy.get('input[name="password_identifier"]').type(email.toUpperCase())
      cy.get('input[name="password"]').type(password)
      cy.get('button[type="submit"]').click()

      // Try again
      cy.longLoginLifespan()
      cy.get('input[name="password_identifier"]').type(email.toUpperCase())
      cy.get('input[name="password"]').type(password)
      cy.get('button[type="submit"]').click()

      cy.session()

      cy.location().should('contain', '...')
    })

You can run e2e test quickly using:

./test/e2e/run.sh --dev sqlite

aeneasr
aeneasr reviewed Aug 30, 2021
View reviewed changes
Copy link
Member

@aeneasr aeneasr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, forgot to submit this comment

selfservice/flow/login/handler_test.go Outdated

f, err = reg.LoginFlowPersister().GetLoginFlow(context.Background(), uuid.FromStringOrNil(gjson.GetBytes(resBody, "id").String()))
require.NoError(t, err)
assert.Equal(t, f.RequestURL, oldReqUrl)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just for a sanity check maybe add this here:

Suggested change
assert.Equal(t, f.RequestURL, oldReqUrl)
assert.Equal(t, f.RequestURL, oldReqUrl)
assert.Contains(t, f.RequestURL, "?return_to=https://www.ory.sh")

(and to the other tests as well)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks . I made the changes added ui tests for login and registration flows . I believe other flows stay on the settings ui instead of redirecting . Please check.

@aeneasr aeneasr self-assigned this Aug 31, 2021
@aeneasr
Copy link
Member

aeneasr commented Sep 4, 2021

Let me know when you want this reviewed again :)

@dibyajyotibehera
Copy link
Contributor Author

Let me know when you want this reviewed again :)

Please review it :) again .
I had a put a comment above actually to get it reviewed :)

thanks . I made the changes added ui tests for login and registration flows . I believe other flows stay on the settings ui instead of redirecting . Please check.

@aeneasr
Copy link
Member

aeneasr commented Sep 4, 2021

Oh sorry, I missed that!

@aeneasr
Copy link
Member

aeneasr commented Sep 4, 2021

Awesome work!

aeneasr
aeneasr approved these changes Sep 4, 2021
View reviewed changes
selfservice/flow/recovery/flow.go Outdated Show resolved Hide resolved
selfservice/flow/recovery/flow.go Show resolved Hide resolved
selfservice/flow/login/handler.go Show resolved Hide resolved
selfservice/flow/registration/handler.go Show resolved Hide resolved
selfservice/flow/settings/handler.go Outdated Show resolved Hide resolved
selfservice/flow/settings/handler.go Show resolved Hide resolved
selfservice/flow/verification/flow.go Show resolved Hide resolved
@aeneasr
Copy link
Member

aeneasr commented Sep 4, 2021

The CI failure is unrelated to your changes!

@aeneasr aeneasr merged commit 394a8de into ory:master Sep 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aeneasr aeneasr aeneasr approved these changes

@zepatrik zepatrik Awaiting requested review from zepatrik zepatrik is a code owner

Assignees

@aeneasr aeneasr

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dibyajyotibehera @aeneasr