darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2026-02-06 11:23:48 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
f11746324daea45d073b2205e2d2202213221fe4
notifications-admin/tests/javascripts/authenticateSecurityKey.test.js

280 lines
8.4 KiB
JavaScript
Raw Normal View History

add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
beforeAll(() => {
window.CBOR = require('../../node_modules/cbor-js/cbor.js')
require('../../app/assets/javascripts/authenticateSecurityKey.js')
Restore all mocks after each test This is easier than re-assigning the mock functions manually, as we're reusing Jest's in-built behaviour. Because all the mocks are restored, we need to move the ones we had in the beforeAll block into the beforeEach block. Note: "require('./support/teardown.js')" also resets all Jest mocks, but "require" only runs once, so we can't use it in a beforeEach block [1]. We could do a "jest.resetModules()" to fix that, which seems worse on the whole. I think there's a broader discussion here about whether we could / should have a global reset of Jest mocks after each test - I quickly tried this and it causes some existing tests to fail :-|. [1]: https://stackoverflow.com/questions/48989643/how-to-reset-module-imported-between-tests
2021-06-08 15:33:04 +01:00
// populate missing values to allow consistent jest.spyOn()
window.fetch = () => { }
window.navigator.credentials = { get: () => { } }
show error message in banner rather than an alert the banner is a nicer user experience, and consistent with how we display errors elsewhere in notify. For now pass through the error message from JS, but we'll probably want to change that since the erorr messages themselves are often a bit cryptic and unhelpful
2021-08-11 18:02:50 +01:00
window.GOVUK.ErrorBanner = {
showBanner: () => {},
hideBanner: () => {}
};
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
})
afterAll(() => {
require('./support/teardown.js')
Restore all mocks after each test This is easier than re-assigning the mock functions manually, as we're reusing Jest's in-built behaviour. Because all the mocks are restored, we need to move the ones we had in the beforeAll block into the beforeEach block. Note: "require('./support/teardown.js')" also resets all Jest mocks, but "require" only runs once, so we can't use it in a beforeEach block [1]. We could do a "jest.resetModules()" to fix that, which seems worse on the whole. I think there's a broader discussion here about whether we could / should have a global reset of Jest mocks after each test - I quickly tried this and it causes some existing tests to fail :-|. [1]: https://stackoverflow.com/questions/48989643/how-to-reset-module-imported-between-tests
2021-06-08 15:33:04 +01:00
// restore window attributes to their original undefined state
delete window.fetch
delete window.navigator.credentials
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
})
describe('Authenticate with security key', () => {
let button
beforeEach(() => {
Restore all mocks after each test This is easier than re-assigning the mock functions manually, as we're reusing Jest's in-built behaviour. Because all the mocks are restored, we need to move the ones we had in the beforeAll block into the beforeEach block. Note: "require('./support/teardown.js')" also resets all Jest mocks, but "require" only runs once, so we can't use it in a beforeEach block [1]. We could do a "jest.resetModules()" to fix that, which seems worse on the whole. I think there's a broader discussion here about whether we could / should have a global reset of Jest mocks after each test - I quickly tried this and it causes some existing tests to fail :-|. [1]: https://stackoverflow.com/questions/48989643/how-to-reset-module-imported-between-tests
2021-06-08 15:33:04 +01:00
// disable console.error() so we don't see it in test output
// you might need to comment this out to debug some failures
remove server-side error messages for webauthn since we are hard-coding a generic error message on the front-end, we have no need to do anything on the back end. This is also nice as it standardises the two flows to behave more like each other (rather than previously where one would `flash` an error message and the other would return CBOR for the js to decode). Note that the register flow returns 400 while the auth flow returns 403. The js for both just checks `response.ok` so will handle both. The JS completely discards any body returned if the status isn't 200 now.
2021-09-14 14:31:45 +01:00
jest.spyOn(console, 'error').mockImplementation(() => {})
pass nextUrl through yubikey flow the next url comes from sign in via a query param, and needs to go to the POST /webauthn/authenticate endpoint. That endpoint logs the user in and returns the redirect to the browser, and will take the next from the request query params to get there. also moving the window mocks to beforeEach/afterEach ensures that promise callbacks from previous tests aren't still associated in future tests to ensure good test isolation. unfortunately i couldn't get mocking location for a single js test to work, but by changing the global config i was able to add some query params that i can expect to be passed through. Don't love this at all but not quite sure of a good way round this. I think we're not practicing very good hygiene and best practices with our mocking and it's really confounding me here.
2021-05-27 12:07:11 +01:00
Restore all mocks after each test This is easier than re-assigning the mock functions manually, as we're reusing Jest's in-built behaviour. Because all the mocks are restored, we need to move the ones we had in the beforeAll block into the beforeEach block. Note: "require('./support/teardown.js')" also resets all Jest mocks, but "require" only runs once, so we can't use it in a beforeEach block [1]. We could do a "jest.resetModules()" to fix that, which seems worse on the whole. I think there's a broader discussion here about whether we could / should have a global reset of Jest mocks after each test - I quickly tried this and it causes some existing tests to fail :-|. [1]: https://stackoverflow.com/questions/48989643/how-to-reset-module-imported-between-tests
2021-06-08 15:33:04 +01:00
document.body.innerHTML = `
<button type="submit" data-module="authenticate-security-key" data-csrf-token="abc123"></button>`
button = document.querySelector('[data-module="authenticate-security-key"]')
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
window.GOVUK.modules.start()
})
pass nextUrl through yubikey flow the next url comes from sign in via a query param, and needs to go to the POST /webauthn/authenticate endpoint. That endpoint logs the user in and returns the redirect to the browser, and will take the next from the request query params to get there. also moving the window mocks to beforeEach/afterEach ensures that promise callbacks from previous tests aren't still associated in future tests to ensure good test isolation. unfortunately i couldn't get mocking location for a single js test to work, but by changing the global config i was able to add some query params that i can expect to be passed through. Don't love this at all but not quite sure of a good way round this. I think we're not practicing very good hygiene and best practices with our mocking and it's really confounding me here.
2021-05-27 12:07:11 +01:00
afterEach(() => {
Restore all mocks after each test This is easier than re-assigning the mock functions manually, as we're reusing Jest's in-built behaviour. Because all the mocks are restored, we need to move the ones we had in the beforeAll block into the beforeEach block. Note: "require('./support/teardown.js')" also resets all Jest mocks, but "require" only runs once, so we can't use it in a beforeEach block [1]. We could do a "jest.resetModules()" to fix that, which seems worse on the whole. I think there's a broader discussion here about whether we could / should have a global reset of Jest mocks after each test - I quickly tried this and it causes some existing tests to fail :-|. [1]: https://stackoverflow.com/questions/48989643/how-to-reset-module-imported-between-tests
2021-06-08 15:33:04 +01:00
jest.restoreAllMocks()
pass nextUrl through yubikey flow the next url comes from sign in via a query param, and needs to go to the POST /webauthn/authenticate endpoint. That endpoint logs the user in and returns the redirect to the browser, and will take the next from the request query params to get there. also moving the window mocks to beforeEach/afterEach ensures that promise callbacks from previous tests aren't still associated in future tests to ensure good test isolation. unfortunately i couldn't get mocking location for a single js test to work, but by changing the global config i was able to add some query params that i can expect to be passed through. Don't love this at all but not quite sure of a good way round this. I think we're not practicing very good hygiene and best practices with our mocking and it's really confounding me here.
2021-05-27 12:07:11 +01:00
})
test('authenticates a credential and redirects based on the admin app response', (done) => {
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
jest.spyOn(window, 'fetch')
.mockImplementationOnce((_url) => {
// initial fetch of options from the server
// fetch defaults to GET
// options from the server are CBOR-encoded
const webauthnOptions = window.CBOR.encode('someArbitraryOptions')
return Promise.resolve({
ok: true, arrayBuffer: () => webauthnOptions
})
})
jest.spyOn(window.navigator.credentials, 'get').mockImplementation((options) => {
expect(options).toEqual('someArbitraryOptions')
// fake PublicKeyCredential response from WebAuthn API
// all of the array properties represent Array(Buffer) objects
const credentialsGetResponse = {
response: {
authenticatorData: [2, 2, 2],
signature: [3, 3, 3],
clientDataJSON: [4, 4, 4]
},
rawId: [1, 1, 1],
type: "public-key",
}
return Promise.resolve(credentialsGetResponse)
})
jest.spyOn(window, 'fetch')
.mockImplementationOnce((_url, options = {}) => {
// subsequent POST of credential data to server
const decodedData = window.CBOR.decode(options.body)
expect(decodedData.credentialId).toEqual(new Uint8Array([1, 1, 1]))
expect(decodedData.authenticatorData).toEqual(new Uint8Array([2, 2, 2]))
expect(decodedData.signature).toEqual(new Uint8Array([3, 3, 3]))
expect(decodedData.clientDataJSON).toEqual(new Uint8Array([4, 4, 4]))
expect(options.headers['X-CSRFToken']).toBe('abc123')
const loginResponse = window.CBOR.encode({ redirect_url: '/foo' })
return Promise.resolve({
ok: true, arrayBuffer: () => Promise.resolve(loginResponse)
})
})
jest.spyOn(window.location, 'assign').mockImplementation((href) => {
expect(href).toEqual("/foo")
Remove redundant semicolons in ES6 tests
2021-06-10 14:48:18 +01:00
done()
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
})
show error message in banner rather than an alert the banner is a nicer user experience, and consistent with how we display errors elsewhere in notify. For now pass through the error message from JS, but we'll probably want to change that since the erorr messages themselves are often a bit cryptic and unhelpful
2021-08-11 18:02:50 +01:00
// this will make the test fail if the error banner is displayed
hard-code html error message for errorBanner turns out that we're only using errorBanner with a static message, and it's also full of rich html content. This means that it's probably better to put it in the html templates with other content, rather than hidden away in js files if we can help it. Since there are two places, had to dupe the error message but i think that's fine as i don't anticipate this error message being used in significantly more places. making it a string is a bit gross and means we don't get nice syntax highlighting on it, but as it needs to be passed in to a jinja macro that's the way it has to go unfortunately.
2021-09-13 16:31:58 +01:00
jest.spyOn(window.GOVUK.ErrorBanner, 'showBanner').mockImplementation(() => {
done('didnt expect the banner to be shown')
pass nextUrl through yubikey flow the next url comes from sign in via a query param, and needs to go to the POST /webauthn/authenticate endpoint. That endpoint logs the user in and returns the redirect to the browser, and will take the next from the request query params to get there. also moving the window mocks to beforeEach/afterEach ensures that promise callbacks from previous tests aren't still associated in future tests to ensure good test isolation. unfortunately i couldn't get mocking location for a single js test to work, but by changing the global config i was able to add some query params that i can expect to be passed through. Don't love this at all but not quite sure of a good way round this. I think we're not practicing very good hygiene and best practices with our mocking and it's really confounding me here.
2021-05-27 12:07:11 +01:00
})
button.click()
Remove redundant semicolons in ES6 tests
2021-06-10 14:48:18 +01:00
})
pass nextUrl through yubikey flow the next url comes from sign in via a query param, and needs to go to the POST /webauthn/authenticate endpoint. That endpoint logs the user in and returns the redirect to the browser, and will take the next from the request query params to get there. also moving the window mocks to beforeEach/afterEach ensures that promise callbacks from previous tests aren't still associated in future tests to ensure good test isolation. unfortunately i couldn't get mocking location for a single js test to work, but by changing the global config i was able to add some query params that i can expect to be passed through. Don't love this at all but not quite sure of a good way round this. I think we're not practicing very good hygiene and best practices with our mocking and it's really confounding me here.
2021-05-27 12:07:11 +01:00
test('authenticates and passes a redirect url through to the authenticate admin endpoint', (done) => {
Address PR feedback
2022-10-27 18:16:24 +00:00
window.location.href = `${window.location.href}?next=%2Ffoo%3Fbar%3Dbaz`
pass nextUrl through yubikey flow the next url comes from sign in via a query param, and needs to go to the POST /webauthn/authenticate endpoint. That endpoint logs the user in and returns the redirect to the browser, and will take the next from the request query params to get there. also moving the window mocks to beforeEach/afterEach ensures that promise callbacks from previous tests aren't still associated in future tests to ensure good test isolation. unfortunately i couldn't get mocking location for a single js test to work, but by changing the global config i was able to add some query params that i can expect to be passed through. Don't love this at all but not quite sure of a good way round this. I think we're not practicing very good hygiene and best practices with our mocking and it's really confounding me here.
2021-05-27 12:07:11 +01:00
jest.spyOn(window, 'fetch')
.mockImplementationOnce((_url) => {
// initial fetch of options from the server
// fetch defaults to GET
// options from the server are CBOR-encoded
let webauthnOptions = window.CBOR.encode('someArbitraryOptions')
return Promise.resolve({
ok: true, arrayBuffer: () => webauthnOptions
})
})
jest.spyOn(window.navigator.credentials, 'get').mockImplementation((options) => {
let credentialsGetResponse = {
response: {
authenticatorData: [],
signature: [],
clientDataJSON: []
},
rawId: [],
type: "public-key",
}
return Promise.resolve(credentialsGetResponse)
})
jest.spyOn(window, 'fetch')
.mockImplementationOnce((url, options = {}) => {
// subsequent POST of credential data to server
expect(url.toString()).toEqual(
Address PR feedback
2022-10-27 18:16:24 +00:00
'https://www.notifications.service.gov.uk/webauthn/authenticate?next=%2Ffoo%3Fbar%3Dbaz'
Remove redundant semicolons in ES6 tests
2021-06-10 14:48:18 +01:00
)
remove server-side error messages for webauthn since we are hard-coding a generic error message on the front-end, we have no need to do anything on the back end. This is also nice as it standardises the two flows to behave more like each other (rather than previously where one would `flash` an error message and the other would return CBOR for the js to decode). Note that the register flow returns 400 while the auth flow returns 403. The js for both just checks `response.ok` so will handle both. The JS completely discards any body returned if the status isn't 200 now.
2021-09-14 14:31:45 +01:00
return Promise.resolve({
ok: true, arrayBuffer: () => Promise.resolve(window.CBOR.encode({ redirect_url: '/foo' }))
Update tests to use most recent jest and supporting libraries
2022-10-27 11:12:39 -04:00
})
pass nextUrl through yubikey flow the next url comes from sign in via a query param, and needs to go to the POST /webauthn/authenticate endpoint. That endpoint logs the user in and returns the redirect to the browser, and will take the next from the request query params to get there. also moving the window mocks to beforeEach/afterEach ensures that promise callbacks from previous tests aren't still associated in future tests to ensure good test isolation. unfortunately i couldn't get mocking location for a single js test to work, but by changing the global config i was able to add some query params that i can expect to be passed through. Don't love this at all but not quite sure of a good way round this. I think we're not practicing very good hygiene and best practices with our mocking and it's really confounding me here.
2021-05-27 12:07:11 +01:00
})
remove server-side error messages for webauthn since we are hard-coding a generic error message on the front-end, we have no need to do anything on the back end. This is also nice as it standardises the two flows to behave more like each other (rather than previously where one would `flash` an error message and the other would return CBOR for the js to decode). Note that the register flow returns 400 while the auth flow returns 403. The js for both just checks `response.ok` so will handle both. The JS completely discards any body returned if the status isn't 200 now.
2021-09-14 14:31:45 +01:00
jest.spyOn(window.location, 'assign').mockImplementation((href) => {
// ensure that the fetch mock implementation above was called
expect.assertions(1)
done()
})
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
button.click()
Remove redundant semicolons in ES6 tests
2021-06-10 14:48:18 +01:00
})
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
test.each([
['network'],
['server'],
show error message in banner rather than an alert the banner is a nicer user experience, and consistent with how we display errors elsewhere in notify. For now pass through the error message from JS, but we'll probably want to change that since the erorr messages themselves are often a bit cryptic and unhelpful
2021-08-11 18:02:50 +01:00
])('errors if fetching WebAuthn fails (%s error)', (errorType, done) => {
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
jest.spyOn(window, 'fetch').mockImplementation((_url) => {
if (errorType == 'network') {
return Promise.reject('error')
} else {
return Promise.resolve({ ok: false, statusText: 'error' })
}
})
hard-code html error message for errorBanner turns out that we're only using errorBanner with a static message, and it's also full of rich html content. This means that it's probably better to put it in the html templates with other content, rather than hidden away in js files if we can help it. Since there are two places, had to dupe the error message but i think that's fine as i don't anticipate this error message being used in significantly more places. making it a string is a bit gross and means we don't get nice syntax highlighting on it, but as it needs to be passed in to a jinja macro that's the way it has to go unfortunately.
2021-09-13 16:31:58 +01:00
jest.spyOn(window.GOVUK.ErrorBanner, 'showBanner').mockImplementation(() => {
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
done()
})
button.click()
})
show error message in banner rather than an alert the banner is a nicer user experience, and consistent with how we display errors elsewhere in notify. For now pass through the error message from JS, but we'll probably want to change that since the erorr messages themselves are often a bit cryptic and unhelpful
2021-08-11 18:02:50 +01:00
test('errors if comms with the authenticator fails', (done) => {
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
jest.spyOn(window, 'fetch')
.mockImplementationOnce((_url) => {
const webauthnOptions = window.CBOR.encode('someArbitraryOptions')
return Promise.resolve({
ok: true, arrayBuffer: () => webauthnOptions
})
})
jest.spyOn(window.navigator.credentials, 'get').mockImplementation(() => {
return Promise.reject(new DOMException('error'))
})
hard-code html error message for errorBanner turns out that we're only using errorBanner with a static message, and it's also full of rich html content. This means that it's probably better to put it in the html templates with other content, rather than hidden away in js files if we can help it. Since there are two places, had to dupe the error message but i think that's fine as i don't anticipate this error message being used in significantly more places. making it a string is a bit gross and means we don't get nice syntax highlighting on it, but as it needs to be passed in to a jinja macro that's the way it has to go unfortunately.
2021-09-13 16:31:58 +01:00
jest.spyOn(window.GOVUK.ErrorBanner, 'showBanner').mockImplementation(() => {
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
done()
})
button.click()
Remove redundant semicolons in ES6 tests
2021-06-10 14:48:18 +01:00
})
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
test.each([
remove server-side error messages for webauthn since we are hard-coding a generic error message on the front-end, we have no need to do anything on the back end. This is also nice as it standardises the two flows to behave more like each other (rather than previously where one would `flash` an error message and the other would return CBOR for the js to decode). Note that the register flow returns 400 while the auth flow returns 403. The js for both just checks `response.ok` so will handle both. The JS completely discards any body returned if the status isn't 200 now.
2021-09-14 14:31:45 +01:00
['network'],
['server'],
show error message in banner rather than an alert the banner is a nicer user experience, and consistent with how we display errors elsewhere in notify. For now pass through the error message from JS, but we'll probably want to change that since the erorr messages themselves are often a bit cryptic and unhelpful
2021-08-11 18:02:50 +01:00
])('errors if POSTing WebAuthn credentials fails (%s)', (errorType, done) => {
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
jest.spyOn(window, 'fetch')
.mockImplementationOnce((_url) => {
const webauthnOptions = window.CBOR.encode('someArbitraryOptions')
return Promise.resolve({
ok: true, arrayBuffer: () => webauthnOptions
})
})
jest.spyOn(window.navigator.credentials, 'get').mockImplementation((options) => {
expect(options).toEqual('someArbitraryOptions')
const credentialsGetResponse = {
response: {
authenticatorData: [2, 2, 2],
signature: [3, 3, 3],
clientDataJSON: [4, 4, 4]
},
rawId: [1, 1, 1],
type: "public-key",
}
return Promise.resolve(credentialsGetResponse)
})
jest.spyOn(window, 'fetch').mockImplementationOnce((_url) => {
// subsequent POST of credential data to server
switch (errorType) {
remove server-side error messages for webauthn since we are hard-coding a generic error message on the front-end, we have no need to do anything on the back end. This is also nice as it standardises the two flows to behave more like each other (rather than previously where one would `flash` an error message and the other would return CBOR for the js to decode). Note that the register flow returns 400 while the auth flow returns 403. The js for both just checks `response.ok` so will handle both. The JS completely discards any body returned if the status isn't 200 now.
2021-09-14 14:31:45 +01:00
case 'network':
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
return Promise.reject('error')
remove server-side error messages for webauthn since we are hard-coding a generic error message on the front-end, we have no need to do anything on the back end. This is also nice as it standardises the two flows to behave more like each other (rather than previously where one would `flash` an error message and the other would return CBOR for the js to decode). Note that the register flow returns 400 while the auth flow returns 403. The js for both just checks `response.ok` so will handle both. The JS completely discards any body returned if the status isn't 200 now.
2021-09-14 14:31:45 +01:00
case 'server':
return Promise.resolve({ ok: false, statusText: 'FORBIDDEN' })
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
}
})
show error message in banner rather than an alert the banner is a nicer user experience, and consistent with how we display errors elsewhere in notify. For now pass through the error message from JS, but we'll probably want to change that since the erorr messages themselves are often a bit cryptic and unhelpful
2021-08-11 18:02:50 +01:00
hard-code html error message for errorBanner turns out that we're only using errorBanner with a static message, and it's also full of rich html content. This means that it's probably better to put it in the html templates with other content, rather than hidden away in js files if we can help it. Since there are two places, had to dupe the error message but i think that's fine as i don't anticipate this error message being used in significantly more places. making it a string is a bit gross and means we don't get nice syntax highlighting on it, but as it needs to be passed in to a jinja macro that's the way it has to go unfortunately.
2021-09-13 16:31:58 +01:00
jest.spyOn(window.GOVUK.ErrorBanner, 'showBanner').mockImplementation(() => {
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
done()
})
button.click()
Remove redundant semicolons in ES6 tests
2021-06-10 14:48:18 +01:00
})
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
test('reloads page if POSTing WebAuthn credentials returns 403', (done) => {
remove server-side error messages for webauthn since we are hard-coding a generic error message on the front-end, we have no need to do anything on the back end. This is also nice as it standardises the two flows to behave more like each other (rather than previously where one would `flash` an error message and the other would return CBOR for the js to decode). Note that the register flow returns 400 while the auth flow returns 403. The js for both just checks `response.ok` so will handle both. The JS completely discards any body returned if the status isn't 200 now.
2021-09-14 14:31:45 +01:00
jest.spyOn(window, 'fetch').mockImplementationOnce((_url) => {
const webauthnOptions = window.CBOR.encode('someArbitraryOptions')
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
return Promise.resolve({
ok: true, arrayBuffer: () => webauthnOptions
})
})
jest.spyOn(window.navigator.credentials, 'get').mockImplementation((options) => {
expect(options).toEqual('someArbitraryOptions')
const credentialsGetResponse = {
response: {
authenticatorData: [2, 2, 2],
signature: [3, 3, 3],
clientDataJSON: [4, 4, 4]
},
rawId: [1, 1, 1],
type: "public-key",
}
return Promise.resolve(credentialsGetResponse)
})
jest.spyOn(window, 'fetch').mockImplementationOnce((_url) => {
return Promise.resolve(
{
ok: false,
status: 403,
})
})
// assert that reload is called and the page is refreshed
jest.spyOn(window.location, 'reload').mockImplementation(() => {
Remove redundant semicolons in ES6 tests
2021-06-10 14:48:18 +01:00
done()
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
})
show error message in banner rather than an alert the banner is a nicer user experience, and consistent with how we display errors elsewhere in notify. For now pass through the error message from JS, but we'll probably want to change that since the erorr messages themselves are often a bit cryptic and unhelpful
2021-08-11 18:02:50 +01:00
// this will make the test fail if the error banner is displayed
jest.spyOn(window.GOVUK.ErrorBanner, 'showBanner').mockImplementation((msg) => {
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
done(msg)
})
button.click()
Remove redundant semicolons in ES6 tests
2021-06-10 14:48:18 +01:00
})
add webauthn authentication js tests notably i had to change `window.location = foo` to `window.location.assign` so that i could have something to spy on with jest. mocking sucks. Otherwise this is pretty similar to the registerSecurityKey.test.js file.
2021-05-25 18:02:38 +01:00
Remove redundant semicolons in ES6 tests
2021-06-10 14:48:18 +01:00
})
Reference in New Issue Copy Permalink