e2e: fix 2fa leakage in next tests

This commit is contained in:
Nicolas Meienberger 2026-05-27 21:52:05 +02:00
parent 5ee65bf0af
commit dee3bb098a
No known key found for this signature in database
3 changed files with 64 additions and 30 deletions

View file

@ -576,15 +576,16 @@ test("deleting a volume cascades and removes its backup schedule", async ({ page
await volumeLink.click(); await volumeLink.click();
await expect(page).toHaveURL(/\/volumes\/[^/?#]+/); await expect(page).toHaveURL(/\/volumes\/[^/?#]+/);
await expect(page.getByRole("button", { name: "Actions" })).toBeVisible(); await expect(page.getByRole("button", { name: "Actions" })).toBeVisible();
const deleteVolumeMenuItem = page.getByRole("menuitem", { name: "Delete" });
await expect(async () => { await expect(async () => {
await page.getByRole("button", { name: "Actions" }).click(); await page.getByRole("button", { name: "Actions" }).click();
const deleteVolumeMenuItem = page.getByRole("menuitem", { name: "Delete" });
await expect(deleteVolumeMenuItem).toBeVisible(); await expect(deleteVolumeMenuItem).toBeVisible();
}).toPass({ timeout: 10000 }); await deleteVolumeMenuItem.click();
await deleteVolumeMenuItem.click({ force: true });
await expect(page.getByRole("heading", { name: "Delete volume?" })).toBeVisible(); await expect(page.getByRole("heading", { name: "Delete volume?" })).toBeVisible();
await expect(page.getByText("All backup schedules associated with this volume will also be removed.")).toBeVisible(); }).toPass({ timeout: 10000 });
await expect(
page.getByText("All backup schedules associated with this volume will also be removed."),
).toBeVisible();
await page.getByRole("button", { name: "Delete volume" }).click(); await page.getByRole("button", { name: "Delete volume" }).click();
await expect(page.getByText("Volume deleted successfully")).toBeVisible(); await expect(page.getByText("Volume deleted successfully")).toBeVisible();

View file

@ -52,8 +52,8 @@ async function getRepositoryShortId(page: Page, name: string) {
} }
async function createRepository(page: Page, name: string) { async function createRepository(page: Page, name: string) {
await gotoAndWaitForAppReady(page, "/repositories"); await gotoAndWaitForAppReady(page, "/repositories/create");
await page.getByRole("button", { name: "Create repository" }).click(); await expect(page.getByRole("textbox", { name: "Name" })).toBeVisible();
await page.getByRole("textbox", { name: "Name" }).fill(name); await page.getByRole("textbox", { name: "Name" }).fill(name);
await page.getByRole("combobox", { name: "Backend" }).click(); await page.getByRole("combobox", { name: "Backend" }).click();
await page.getByRole("option", { name: "Local" }).click(); await page.getByRole("option", { name: "Local" }).click();

View file

@ -1,10 +1,36 @@
import type { Page } from "@playwright/test"; import type { Browser, Page } from "@playwright/test";
import { base32 } from "@better-auth/utils/base32"; import { base32 } from "@better-auth/utils/base32";
import { createOTP } from "@better-auth/utils/otp"; import { createOTP } from "@better-auth/utils/otp";
import path from "node:path";
import { expect, test } from "./test"; import { expect, test } from "./test";
import { gotoAndWaitForAppReady } from "./helpers/page"; import { gotoAndWaitForAppReady } from "./helpers/page";
const workerPassword = "password123"; const twoFactorPassword = "password123";
async function createTwoFactorUser(browser: Browser, username: string) {
const context = await browser.newContext({
baseURL: `http://${process.env.SERVER_IP}:4096`,
storageState: { cookies: [], origins: [] },
});
const page = await context.newPage();
await gotoAndWaitForAppReady(page, "/onboarding");
await page.getByRole("textbox", { name: "Email" }).fill(`${username}@example.com`);
await page.getByRole("textbox", { name: "Username" }).fill(username);
await page.getByRole("textbox", { name: "Password", exact: true }).fill(twoFactorPassword);
await page.getByRole("textbox", { name: "Confirm Password" }).fill(twoFactorPassword);
await page.getByRole("button", { name: "Create admin user" }).click();
await expect(page.getByText("Download Your Recovery Key")).toBeVisible();
await page.getByRole("textbox", { name: "Confirm Your Password" }).fill(twoFactorPassword);
const downloadPromise = page.waitForEvent("download");
await page.getByRole("button", { name: "Download Recovery Key" }).click();
const download = await downloadPromise;
await download.saveAs(path.join(process.cwd(), "playwright", `restic-${username}.pass`));
await expect(page).toHaveURL("/volumes");
return { context, page };
}
async function generateTotp(secret: string) { async function generateTotp(secret: string) {
const decodedSecret = new TextDecoder().decode(base32.decode(secret)); const decodedSecret = new TextDecoder().decode(base32.decode(secret));
@ -16,36 +42,43 @@ async function fillOtp(page: Page, code: string) {
await page.keyboard.type(code); await page.keyboard.type(code);
} }
test("user can enable 2FA and sign in with a TOTP code", async ({ page }) => { test("user can enable 2FA and sign in with a TOTP code", async ({ browser }, testInfo) => {
await gotoAndWaitForAppReady(page, "/settings"); const username = `e2e-2fa-${testInfo.parallelIndex}-${testInfo.retry}`;
const { context, page: twoFactorPage } = await createTwoFactorUser(browser, username);
const username = await page.locator("#username").inputValue(); try {
await gotoAndWaitForAppReady(twoFactorPage, "/settings");
await page.getByRole("button", { name: "Enable 2FA" }).click(); await twoFactorPage.getByRole("button", { name: "Enable 2FA" }).click();
await page.getByRole("textbox", { name: "Password" }).fill(workerPassword); await twoFactorPage.getByRole("textbox", { name: "Password" }).fill(twoFactorPassword);
await page.getByRole("button", { name: "Continue" }).click(); await twoFactorPage.getByRole("button", { name: "Continue" }).click();
await expect(page.getByRole("heading", { name: "Scan QR Code" })).toBeVisible(); await expect(twoFactorPage.getByRole("heading", { name: "Scan QR Code" })).toBeVisible();
const secret = await page.locator("input[readonly]").inputValue(); const secret = await twoFactorPage.locator("input[readonly]").inputValue();
await page.getByRole("button", { name: "Continue" }).click(); await twoFactorPage.getByRole("button", { name: "Continue" }).click();
await expect(page.getByRole("heading", { name: "Verify setup" })).toBeVisible(); await expect(twoFactorPage.getByRole("heading", { name: "Verify setup" })).toBeVisible();
await fillOtp(page, await generateTotp(secret)); await fillOtp(twoFactorPage, await generateTotp(secret));
await expect(page.getByText(/Status:\s*Enabled/)).toBeVisible(); await expect(twoFactorPage.getByText(/Status:\s*Enabled/)).toBeVisible();
await page.context().clearCookies(); await context.clearCookies();
await gotoAndWaitForAppReady(page, "/login"); await gotoAndWaitForAppReady(twoFactorPage, "/login");
await page.getByRole("textbox", { name: "Username" }).fill(username); const usernameInput = twoFactorPage.getByRole("textbox", { name: "Username" });
await page.getByRole("textbox", { name: "Password" }).fill(workerPassword); await usernameInput.fill(username);
await page.getByRole("button", { name: "Login" }).click(); await expect(usernameInput).toHaveValue(username);
await twoFactorPage.getByRole("textbox", { name: "Password" }).fill(twoFactorPassword);
await twoFactorPage.getByRole("button", { name: "Login" }).click();
await expect(page.getByRole("heading", { name: "Two-Factor Authentication" })).toBeVisible(); await expect(twoFactorPage.getByRole("heading", { name: "Two-Factor Authentication" })).toBeVisible();
await fillOtp(page, await generateTotp(secret)); await fillOtp(twoFactorPage, await generateTotp(secret));
await expect(page).toHaveURL("/volumes"); await expect(twoFactorPage).toHaveURL("/volumes");
await expect(page.getByRole("button", { name: "Create Volume" })).toBeVisible(); await expect(twoFactorPage.getByRole("button", { name: "Create Volume" })).toBeVisible();
} finally {
await context.close();
}
}); });