From b7e29c9d7ddb6db52b7553c7c68935620854a90e Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Mon, 16 Sep 2024 16:24:55 +0200 Subject: [PATCH 01/11] [IMP] Simple quotes --- source/app/blueprints/rest/manage/manage_groups.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/app/blueprints/rest/manage/manage_groups.py b/source/app/blueprints/rest/manage/manage_groups.py index 3f7ef7137..c97251f80 100644 --- a/source/app/blueprints/rest/manage/manage_groups.py +++ b/source/app/blueprints/rest/manage/manage_groups.py @@ -68,11 +68,11 @@ def manage_groups_index(): def manage_groups_add(): if not request.is_json: - return response_error("Invalid request, expecting JSON") + return response_error('Invalid request, expecting JSON') data = request.get_json() if not data: - return response_error("Invalid request, expecting JSON") + return response_error('Invalid request, expecting JSON') ags = AuthorizationGroupSchema() From 874c7060119be59a49fa5d5dafbd0865a2d39896 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Mon, 16 Sep 2024 16:25:54 +0200 Subject: [PATCH 02/11] [IMP] Simple quotes --- source/app/blueprints/rest/manage/manage_groups.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source/app/blueprints/rest/manage/manage_groups.py b/source/app/blueprints/rest/manage/manage_groups.py index c97251f80..4f1e7b1ab 100644 --- a/source/app/blueprints/rest/manage/manage_groups.py +++ b/source/app/blueprints/rest/manage/manage_groups.py @@ -85,9 +85,9 @@ def manage_groups_add(): db.session.commit() except marshmallow.exceptions.ValidationError as e: - return response_error(msg="Data error", data=e.messages) + return response_error(msg='Data error', data=e.messages) - track_activity(message=f"added group {ags_c.group_name}", ctx_less=True) + track_activity(message=f'added group {ags_c.group_name}', ctx_less=True) return response_success('', data=ags.dump(ags_c)) From b5ce881aca634d6373802ccfecac1e90cdf57768 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Mon, 16 Sep 2024 16:49:00 +0200 Subject: [PATCH 03/11] [FIX] create customer should be authorized for a user with right customer_write --- .../rest/manage/manage_customers_routes.py | 1 - tests/iris.py | 3 ++- tests/tests_rest.py | 18 ++++++++++++++++++ tests/user.py | 2 +- 4 files changed, 21 insertions(+), 3 deletions(-) diff --git a/source/app/blueprints/rest/manage/manage_customers_routes.py b/source/app/blueprints/rest/manage/manage_customers_routes.py index 1d250cb5a..bd5d24df7 100644 --- a/source/app/blueprints/rest/manage/manage_customers_routes.py +++ b/source/app/blueprints/rest/manage/manage_customers_routes.py @@ -240,7 +240,6 @@ def view_customers(client_id): @manage_customers_rest_blueprint.route('/manage/customers/add', methods=['POST']) @ac_api_requires(Permissions.customers_write) -@ac_api_requires_client_access() def add_customers(): if not request.is_json: return response_error("Invalid request") diff --git a/tests/iris.py b/tests/iris.py index 368389025..fd16657f2 100644 --- a/tests/iris.py +++ b/tests/iris.py @@ -28,6 +28,7 @@ _API_KEY = 'B8BA5D730210B50F41C06941582D7965D57319D5685440587F98DFDC45A01594' _IRIS_PATH = Path('..') _TEST_DATA_PATH = Path('./data') +_ADMINISTRATOR_USER_IDENTIFIER = 1 class Iris: @@ -35,7 +36,7 @@ class Iris: def __init__(self): self._docker_compose = DockerCompose(_IRIS_PATH, 'docker-compose.dev.yml') self._api = RestApi(API_URL, _API_KEY) - self._administrator = User(API_URL, _API_KEY, 1) + self._administrator = User(API_URL, _API_KEY, _ADMINISTRATOR_USER_IDENTIFIER) self._user_count = 0 def _wait(self, condition, attempts, sleep_duration=1): diff --git a/tests/tests_rest.py b/tests/tests_rest.py index 1d108c9cf..7171e9252 100644 --- a/tests/tests_rest.py +++ b/tests/tests_rest.py @@ -22,6 +22,7 @@ _INITIAL_DEMO_CASE_IDENTIFIER = 1 _GROUP_ANALYSTS_IDENTIFIER = 2 _CASE_ACCESS_LEVEL_FULL_ACCESS = 4 +_PERMISSION_CUSTOMERS_WRITE = 0x80 # TODO should change None into 123456789 and maybe fix... _IDENTIFIER_FOR_NONEXISTENT_OBJECT = None @@ -571,3 +572,20 @@ def test_delete_task_should_return_403_when_user_has_insufficient_rights(self): response = user.delete(f'/api/v2/tasks/{task_identifier}') self.assertEqual(403, response.status_code) + + def test_create_customer_should_return_200_when_user_has_customer_write_right(self): + body = { + 'group_name': 'Customer create', + 'group_description': 'Group with customer_write right', + 'group_permissions': [_PERMISSION_CUSTOMERS_WRITE] + } + response = self._subject.create('/manage/groups/add', body).json() + group_identifier = response['data']['group_id'] + user = self._subject.create_dummy_user() + body = {'groups_membership': [group_identifier]} + self._subject.create(f'/manage/users/{user.get_identifier()}/groups/update', body) + + body = {'custom_attributes': {}, 'customer_description': '', 'customer_name': 'Customer', 'customer_sla': ''} + response = user.create('/manage/customers/add', body) + + self.assertEqual(200, response.status_code) diff --git a/tests/user.py b/tests/user.py index ff669aac7..7bd9870ed 100644 --- a/tests/user.py +++ b/tests/user.py @@ -42,4 +42,4 @@ def get(self, path): return self._api.get(path) def delete(self, path): - return self._api.delete(path) \ No newline at end of file + return self._api.delete(path) From 0564a6d428afceb5d6b2dfc8fa45c6210de244ec Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Tue, 17 Sep 2024 10:14:05 +0200 Subject: [PATCH 04/11] [IMP] Added record command to record e2e tests with playwright --- e2e/package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/e2e/package.json b/e2e/package.json index 168c34ae3..3a167d948 100644 --- a/e2e/package.json +++ b/e2e/package.json @@ -7,6 +7,7 @@ "e2e": "playwright test", "e2e:ui": "playwright test --ui", "e2e:report": "playwright show-report", + "record": "playwright codegen", "test": "npm run start && npm run e2e && npm run stop" }, "devDependencies": { From 0af6fb05f0f517b7c5c813ba548389b12a9c77ef Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Tue, 17 Sep 2024 10:14:46 +0200 Subject: [PATCH 05/11] [IMP] Added test Add customer modal can be opened --- e2e/tests/home_page.spec.js | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/e2e/tests/home_page.spec.js b/e2e/tests/home_page.spec.js index c4544825d..3805b4e5d 100644 --- a/e2e/tests/home_page.spec.js +++ b/e2e/tests/home_page.spec.js @@ -11,3 +11,10 @@ test('successfully loads', async ({ page }) => { await expect(page.getByText('Invalid data type')).toBeVisible(); }); + +test('should be able to open "Add customer" modal', async ({ page }) => { + await page.goto('/manage/customers'); + await page.getByRole('button', { name: 'Add customer' }).click(); + await expect(page.getByRole('heading', { name: 'Add customer' })).toBeVisible() +}); + From 66e957870de4c4147477f995022990345e349940 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Wed, 18 Sep 2024 09:24:09 +0200 Subject: [PATCH 06/11] [IMP] Simple quotes --- tests/iris.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/iris.py b/tests/iris.py index fd16657f2..e35dee9ef 100644 --- a/tests/iris.py +++ b/tests/iris.py @@ -25,6 +25,7 @@ from user import User API_URL = 'http://127.0.0.1:8000' +# TODO SSOT: this could be directly read from the .env file _API_KEY = 'B8BA5D730210B50F41C06941582D7965D57319D5685440587F98DFDC45A01594' _IRIS_PATH = Path('..') _TEST_DATA_PATH = Path('./data') @@ -35,6 +36,7 @@ class Iris: def __init__(self): self._docker_compose = DockerCompose(_IRIS_PATH, 'docker-compose.dev.yml') + # TODO remove this field and use _administrator instead self._api = RestApi(API_URL, _API_KEY) self._administrator = User(API_URL, _API_KEY, _ADMINISTRATOR_USER_IDENTIFIER) self._user_count = 0 From 8289ef2368625ad4886f1c741dc86805b5143b43 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Wed, 18 Sep 2024 11:03:08 +0200 Subject: [PATCH 07/11] [FIX] user with customers read right should be able to open Add customer modal --- e2e/playwright.config.js | 4 - e2e/tests/auth.setup.js | 75 +++++++++++++++++-- .../{home_page.spec.js => dashboard.spec.js} | 4 +- e2e/tests/permissionChecks.spec.js | 9 +++ .../pages/manage/manage_customers_routes.py | 1 - 5 files changed, 80 insertions(+), 13 deletions(-) rename e2e/tests/{home_page.spec.js => dashboard.spec.js} (87%) create mode 100644 e2e/tests/permissionChecks.spec.js diff --git a/e2e/playwright.config.js b/e2e/playwright.config.js index a97fe1573..eb33c33df 100644 --- a/e2e/playwright.config.js +++ b/e2e/playwright.config.js @@ -43,8 +43,6 @@ module.exports = defineConfig({ name: 'chromium', use: { ...devices['Desktop Chrome'], - // Use prepared auth state. - storageState: 'playwright/.auth/user.json', }, dependencies: ['setup'], }, @@ -52,8 +50,6 @@ module.exports = defineConfig({ name: 'firefox', use: { ...devices['Desktop Firefox'], - // Use prepared auth state. - storageState: 'playwright/.auth/user.json', }, dependencies: ['setup'], }, diff --git a/e2e/tests/auth.setup.js b/e2e/tests/auth.setup.js index 3e9c79c9e..7a757ab37 100644 --- a/e2e/tests/auth.setup.js +++ b/e2e/tests/auth.setup.js @@ -1,19 +1,80 @@ -import { test as setup } from '@playwright/test'; +import { test as setup, expect } from '@playwright/test'; import path from 'path'; -const authFile = path.join(__dirname, '../playwright/.auth/user.json'); +// TODO SSOT: this could be directly read from the .env file +const _ADMINISTRATOR_USERNAME = 'administrator'; +const _ADMINISTRATOR_PASSWORD = 'MySuperAdminPassword!'; +const _ADMINISTRATOR_API_KEY = 'B8BA5D730210B50F41C06941582D7965D57319D5685440587F98DFDC45A01594'; -const username = "administrator"; -const password = "MySuperAdminPassword!"; +const _PERMISSION_CUSTOMERS_READ = 0x40; +const _API_URL = 'http://127.0.0.1:8000'; -setup('authenticate', async ({ page }) => { +let apiContext; + +setup.beforeAll(async ({ playwright }) => { + apiContext = await playwright.request.newContext({ + baseURL: _API_URL, + extraHTTPHeaders: { + 'Authorization': `Bearer ${_ADMINISTRATOR_API_KEY}`, + 'Content-Type': 'application/json' + }, + }); +}); + +async function authenticate(page, login, password) { await page.goto('/'); - await page.getByRole('textbox', { name: 'Username' }).fill(username); + await page.getByRole('textbox', { name: 'Username' }).fill(login); await page.getByRole('textbox', { name: 'Password' }).fill(password); await page.getByRole('button', { name: 'Sign in' }).click(); // FIXME: It should be: await page.waitForURL('/dashboard'); No wildcard. // Wait until the page receives the cookies. await page.waitForURL('/dashboard*'); + const authFile = path.join(__dirname, `../playwright/.auth/${login}.json`); await page.context().storageState({ path: authFile }); -}); \ No newline at end of file +} + +setup('authenticate as administrator', async ({ page }) => { + await authenticate(page, _ADMINISTRATOR_USERNAME, _ADMINISTRATOR_PASSWORD); +}); + +setup('authenticate as user with customers read rights', async ({ page }) => { + // TODO when this method is called a second time, all these request will fail + // think about a better ways of doing things, some possible strategies + // - find a way to create a new valid database before and empty the database after + // - find a way to remove elements from the database to roughly get back to the initial state + // - code so that these requests are robust (check the group exists, user exists, link between the two is set...) + // - global setup and teardown? https://playwright.dev/docs/test-global-setup-teardown + let response = await apiContext.post('/manage/groups/add', { + data: { + group_name: 'group_customers_r', + group_description: 'Group with rights: customers_read', + group_permissions: [_PERMISSION_CUSTOMERS_READ] + } + }); + const groupIdentifier = (await response.json()).data.group_id; + const login = 'user_customers_r'; + const password = 'aA.1234567890'; + response = await apiContext.post('/manage/users/add', { + data: { + user_name: login, + user_login: login, + user_email: `${login}@eu`, + user_password: password + } + }); + const userIdentifier = (await response.json()).data.id; + response = await apiContext.post(`/manage/users/${userIdentifier}/groups/update`, { + data: { + groups_membership: [groupIdentifier] + } + }); + + await authenticate(page, login, password); +}); + +setup.afterAll(async ({ }) => { + // Dispose all responses. + await apiContext.dispose(); +}); + diff --git a/e2e/tests/home_page.spec.js b/e2e/tests/dashboard.spec.js similarity index 87% rename from e2e/tests/home_page.spec.js rename to e2e/tests/dashboard.spec.js index 3805b4e5d..83e3df6a1 100644 --- a/e2e/tests/home_page.spec.js +++ b/e2e/tests/dashboard.spec.js @@ -1,5 +1,7 @@ import { test, expect } from '@playwright/test'; +test.use({ storageState: 'playwright/.auth/administrator.json' }) + test('successfully loads', async ({ page }) => { await page.goto('/dashboard'); @@ -11,7 +13,7 @@ test('successfully loads', async ({ page }) => { await expect(page.getByText('Invalid data type')).toBeVisible(); }); - +// TODO move this to manage/customers.spec.js test('should be able to open "Add customer" modal', async ({ page }) => { await page.goto('/manage/customers'); await page.getByRole('button', { name: 'Add customer' }).click(); diff --git a/e2e/tests/permissionChecks.spec.js b/e2e/tests/permissionChecks.spec.js new file mode 100644 index 000000000..533a037e0 --- /dev/null +++ b/e2e/tests/permissionChecks.spec.js @@ -0,0 +1,9 @@ +import { test, expect } from '@playwright/test'; + +test.use({ storageState: 'playwright/.auth/user_customers_r.json' }) + +test('should be able to open "Add customer" modal', async ({ page }) => { + await page.goto('/manage/customers'); + await page.getByRole('button', { name: 'Add customer' }).click(); + await expect(page.getByRole('heading', { name: 'Add customer' })).toBeVisible() +}); diff --git a/source/app/blueprints/pages/manage/manage_customers_routes.py b/source/app/blueprints/pages/manage/manage_customers_routes.py index 69748030e..3800c82a7 100644 --- a/source/app/blueprints/pages/manage/manage_customers_routes.py +++ b/source/app/blueprints/pages/manage/manage_customers_routes.py @@ -129,7 +129,6 @@ def view_customer_modal(client_id, caseid, url_redir): @manage_customers_blueprint.route('/manage/customers/add/modal', methods=['GET']) @ac_requires(Permissions.customers_read, no_cid_required=True) -@ac_requires_client_access() def add_customers_modal(caseid, url_redir): if url_redir: return redirect(url_for('manage_customers.manage_customers', cid=caseid)) From dd57a518a965e5a06b5ffe75c8cbe65779ae528d Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Wed, 18 Sep 2024 11:03:30 +0200 Subject: [PATCH 08/11] [IMP] Small typo --- tests/tests_rest.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/tests_rest.py b/tests/tests_rest.py index 7171e9252..c6d82b6f5 100644 --- a/tests/tests_rest.py +++ b/tests/tests_rest.py @@ -576,7 +576,7 @@ def test_delete_task_should_return_403_when_user_has_insufficient_rights(self): def test_create_customer_should_return_200_when_user_has_customer_write_right(self): body = { 'group_name': 'Customer create', - 'group_description': 'Group with customer_write right', + 'group_description': 'Group with customers_write right', 'group_permissions': [_PERMISSION_CUSTOMERS_WRITE] } response = self._subject.create('/manage/groups/add', body).json() From 1d4ef0bfe8aa303603ce229f32cf898445235948 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Wed, 18 Sep 2024 11:09:59 +0200 Subject: [PATCH 09/11] [IMP] Reorganized e2e tests --- e2e/tests/{ => administrator}/dashboard.spec.js | 10 +--------- e2e/tests/administrator/manage/customers.spec.js | 9 +++++++++ .../manage/customers.spec.js} | 0 3 files changed, 10 insertions(+), 9 deletions(-) rename e2e/tests/{ => administrator}/dashboard.spec.js (57%) create mode 100644 e2e/tests/administrator/manage/customers.spec.js rename e2e/tests/{permissionChecks.spec.js => user_customers_r/manage/customers.spec.js} (100%) diff --git a/e2e/tests/dashboard.spec.js b/e2e/tests/administrator/dashboard.spec.js similarity index 57% rename from e2e/tests/dashboard.spec.js rename to e2e/tests/administrator/dashboard.spec.js index 83e3df6a1..a7d6a95a7 100644 --- a/e2e/tests/dashboard.spec.js +++ b/e2e/tests/administrator/dashboard.spec.js @@ -2,7 +2,7 @@ import { test, expect } from '@playwright/test'; test.use({ storageState: 'playwright/.auth/administrator.json' }) -test('successfully loads', async ({ page }) => { +test('create case with empty name should present error', async ({ page }) => { await page.goto('/dashboard'); // FIXME: Should be a button instead of a link @@ -12,11 +12,3 @@ test('successfully loads', async ({ page }) => { // FIXME: Locator should be: page.getByRole('alert', { name: 'Invalid data type' }); await expect(page.getByText('Invalid data type')).toBeVisible(); }); - -// TODO move this to manage/customers.spec.js -test('should be able to open "Add customer" modal', async ({ page }) => { - await page.goto('/manage/customers'); - await page.getByRole('button', { name: 'Add customer' }).click(); - await expect(page.getByRole('heading', { name: 'Add customer' })).toBeVisible() -}); - diff --git a/e2e/tests/administrator/manage/customers.spec.js b/e2e/tests/administrator/manage/customers.spec.js new file mode 100644 index 000000000..8dfe98983 --- /dev/null +++ b/e2e/tests/administrator/manage/customers.spec.js @@ -0,0 +1,9 @@ +import { test, expect } from '@playwright/test'; + +test.use({ storageState: 'playwright/.auth/administrator.json' }) + +test('should be able to open "Add customer" modal', async ({ page }) => { + await page.goto('/manage/customers'); + await page.getByRole('button', { name: 'Add customer' }).click(); + await expect(page.getByRole('heading', { name: 'Add customer' })).toBeVisible() +}); diff --git a/e2e/tests/permissionChecks.spec.js b/e2e/tests/user_customers_r/manage/customers.spec.js similarity index 100% rename from e2e/tests/permissionChecks.spec.js rename to e2e/tests/user_customers_r/manage/customers.spec.js From d41c786ce74e9e534a8a045d2ec10bea37b6f512 Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Wed, 18 Sep 2024 11:51:49 +0200 Subject: [PATCH 10/11] [IMP] Generate projects configuration and avoid test.use --- e2e/playwright.config.js | 74 +++++++------------ e2e/tests/administrator/dashboard.spec.js | 2 - .../administrator/manage/customers.spec.js | 2 - .../user_customers_r/manage/customers.spec.js | 2 - 4 files changed, 27 insertions(+), 53 deletions(-) diff --git a/e2e/playwright.config.js b/e2e/playwright.config.js index eb33c33df..b557a7709 100644 --- a/e2e/playwright.config.js +++ b/e2e/playwright.config.js @@ -1,5 +1,6 @@ // @ts-check -const { defineConfig, devices } = require('@playwright/test'); +import { defineConfig, devices } from '@playwright/test'; +import fs from 'node:fs'; /** * Read environment variables from file. @@ -7,6 +8,30 @@ const { defineConfig, devices } = require('@playwright/test'); */ // require('dotenv').config({ path: path.resolve(__dirname, '.env') }); +const BROWSERS = ['Chrome', 'Firefox']; +const files = fs.readdirSync('tests', { withFileTypes: true }); +const users = files.filter(file => file.isDirectory()).map(file => file.name); + +// setup project +let projects = [{ + name: 'setup', + testMatch: 'auth.setup.js', +}]; + +for (const browser of BROWSERS) { + for (const user of users) { + projects.push({ + name: `${browser}:${user}`, + use: { + ...devices[`Desktop ${browser}`], + storageState: `playwright/.auth/${user}.json`, + }, + testDir: `./tests/${user}`, + dependencies: ['setup'], + }) + } +} + /** * @see https://playwright.dev/docs/test-configuration */ @@ -33,52 +58,7 @@ module.exports = defineConfig({ }, /* Configure projects for major browsers */ - projects: [ - // Setup project - { - name: 'setup', - testMatch: /.*\.setup\.js/, - }, - { - name: 'chromium', - use: { - ...devices['Desktop Chrome'], - }, - dependencies: ['setup'], - }, - { - name: 'firefox', - use: { - ...devices['Desktop Firefox'], - }, - dependencies: ['setup'], - }, - - // { - // name: 'webkit', - // use: { ...devices['Desktop Safari'] }, - // }, - - /* Test against mobile viewports. */ - // { - // name: 'Mobile Chrome', - // use: { ...devices['Pixel 5'] }, - // }, - // { - // name: 'Mobile Safari', - // use: { ...devices['iPhone 12'] }, - // }, - - /* Test against branded browsers. */ - // { - // name: 'Microsoft Edge', - // use: { ...devices['Desktop Edge'], channel: 'msedge' }, - // }, - // { - // name: 'Google Chrome', - // use: { ...devices['Desktop Chrome'], channel: 'chrome' }, - // }, - ], + projects: projects, /* Run your local dev server before starting the tests */ // webServer: { diff --git a/e2e/tests/administrator/dashboard.spec.js b/e2e/tests/administrator/dashboard.spec.js index a7d6a95a7..3c2d31b35 100644 --- a/e2e/tests/administrator/dashboard.spec.js +++ b/e2e/tests/administrator/dashboard.spec.js @@ -1,7 +1,5 @@ import { test, expect } from '@playwright/test'; -test.use({ storageState: 'playwright/.auth/administrator.json' }) - test('create case with empty name should present error', async ({ page }) => { await page.goto('/dashboard'); diff --git a/e2e/tests/administrator/manage/customers.spec.js b/e2e/tests/administrator/manage/customers.spec.js index 8dfe98983..8806b5999 100644 --- a/e2e/tests/administrator/manage/customers.spec.js +++ b/e2e/tests/administrator/manage/customers.spec.js @@ -1,7 +1,5 @@ import { test, expect } from '@playwright/test'; -test.use({ storageState: 'playwright/.auth/administrator.json' }) - test('should be able to open "Add customer" modal', async ({ page }) => { await page.goto('/manage/customers'); await page.getByRole('button', { name: 'Add customer' }).click(); diff --git a/e2e/tests/user_customers_r/manage/customers.spec.js b/e2e/tests/user_customers_r/manage/customers.spec.js index 533a037e0..8806b5999 100644 --- a/e2e/tests/user_customers_r/manage/customers.spec.js +++ b/e2e/tests/user_customers_r/manage/customers.spec.js @@ -1,7 +1,5 @@ import { test, expect } from '@playwright/test'; -test.use({ storageState: 'playwright/.auth/user_customers_r.json' }) - test('should be able to open "Add customer" modal', async ({ page }) => { await page.goto('/manage/customers'); await page.getByRole('button', { name: 'Add customer' }).click(); From b0e183b23b23a16a4c7eef34cae2773203a5825b Mon Sep 17 00:00:00 2001 From: c8y3 <25362953+c8y3@users.noreply.github.com> Date: Wed, 18 Sep 2024 13:31:54 +0200 Subject: [PATCH 11/11] [IMP] Reading administrator API_KEY from .env file --- e2e/package-lock.json | 14 ++++++++++++++ e2e/package.json | 3 +++ e2e/tests/auth.setup.js | 19 ++++++++++++------- 3 files changed, 29 insertions(+), 7 deletions(-) diff --git a/e2e/package-lock.json b/e2e/package-lock.json index 2a07571dd..e31dc2f06 100644 --- a/e2e/package-lock.json +++ b/e2e/package-lock.json @@ -5,6 +5,9 @@ "packages": { "": { "name": "tests_end_to_end", + "dependencies": { + "dotenv": "^16.4.5" + }, "devDependencies": { "@playwright/test": "^1.47.0", "@types/node": "^22.5.4", @@ -129,6 +132,17 @@ "node": ">=0.4.0" } }, + "node_modules/dotenv": { + "version": "16.4.5", + "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.4.5.tgz", + "integrity": "sha512-ZmdL2rui+eB2YwhsWzjInR8LldtZHGDoQ1ugH85ppHKwpUHL7j7rN0Ti9NCnGiQbhaZ11FpR+7ao1dNsmduNUg==", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://dotenvx.com" + } + }, "node_modules/follow-redirects": { "version": "1.15.6", "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", diff --git a/e2e/package.json b/e2e/package.json index 3a167d948..1b8a4b53b 100644 --- a/e2e/package.json +++ b/e2e/package.json @@ -14,5 +14,8 @@ "@playwright/test": "^1.47.0", "@types/node": "^22.5.4", "wait-on": "^7.2.0" + }, + "dependencies": { + "dotenv": "^16.4.5" } } diff --git a/e2e/tests/auth.setup.js b/e2e/tests/auth.setup.js index 7a757ab37..d65d35bea 100644 --- a/e2e/tests/auth.setup.js +++ b/e2e/tests/auth.setup.js @@ -1,22 +1,27 @@ import { test as setup, expect } from '@playwright/test'; import path from 'path'; +import dotenv from 'dotenv'; +import fs from 'node:fs'; -// TODO SSOT: this could be directly read from the .env file -const _ADMINISTRATOR_USERNAME = 'administrator'; -const _ADMINISTRATOR_PASSWORD = 'MySuperAdminPassword!'; -const _ADMINISTRATOR_API_KEY = 'B8BA5D730210B50F41C06941582D7965D57319D5685440587F98DFDC45A01594'; +const _API_URL = 'http://127.0.0.1:8000'; const _PERMISSION_CUSTOMERS_READ = 0x40; -const _API_URL = 'http://127.0.0.1:8000'; +const _ADMINISTRATOR_USERNAME = 'administrator'; let apiContext; +let administrator_password; setup.beforeAll(async ({ playwright }) => { + const envFile = fs.readFileSync('../.env'); + const env = dotenv.parse(envFile); + + administrator_password = env.IRIS_ADM_PASSWORD + apiContext = await playwright.request.newContext({ baseURL: _API_URL, extraHTTPHeaders: { - 'Authorization': `Bearer ${_ADMINISTRATOR_API_KEY}`, + 'Authorization': `Bearer ${env.IRIS_ADM_API_KEY}`, 'Content-Type': 'application/json' }, }); @@ -35,7 +40,7 @@ async function authenticate(page, login, password) { } setup('authenticate as administrator', async ({ page }) => { - await authenticate(page, _ADMINISTRATOR_USERNAME, _ADMINISTRATOR_PASSWORD); + await authenticate(page, _ADMINISTRATOR_USERNAME, administrator_password); }); setup('authenticate as user with customers read rights', async ({ page }) => {