diff --git a/test/integration/cli_test.go b/test/integration/cli_test.go index 5a8358ae..1e2d0357 100644 --- a/test/integration/cli_test.go +++ b/test/integration/cli_test.go @@ -338,7 +338,7 @@ func runPinnipedLoginOIDC( require.NoError(t, page.Navigate(loginURL)) // Expect to be redirected to the upstream provider and log in. - browsertest.LoginToUpstream(t, page, env.CLIUpstreamOIDC) + browsertest.LoginToUpstreamOIDC(t, page, env.CLIUpstreamOIDC) // Expect to be redirected to the localhost callback. t.Logf("waiting for redirect to callback") diff --git a/test/integration/e2e_test.go b/test/integration/e2e_test.go index ea5e0e50..b3fa7266 100644 --- a/test/integration/e2e_test.go +++ b/test/integration/e2e_test.go @@ -245,7 +245,7 @@ func TestE2EFullIntegration_Browser(t *testing.T) { // nolint:gocyclo require.NoError(t, page.Navigate(loginURL)) // Expect to be redirected to the upstream provider and log in. - browsertest.LoginToUpstream(t, page, env.SupervisorUpstreamOIDC) + browsertest.LoginToUpstreamOIDC(t, page, env.SupervisorUpstreamOIDC) // Expect to be redirected to the downstream callback which is serving the form_post HTML. t.Logf("waiting for response page %s", downstream.Spec.Issuer) @@ -358,7 +358,7 @@ func TestE2EFullIntegration_Browser(t *testing.T) { // nolint:gocyclo require.NoError(t, page.Navigate(loginURL)) // Expect to be redirected to the upstream provider and log in. - browsertest.LoginToUpstream(t, page, env.SupervisorUpstreamOIDC) + browsertest.LoginToUpstreamOIDC(t, page, env.SupervisorUpstreamOIDC) // Expect to be redirected to the downstream callback which is serving the form_post HTML. t.Logf("waiting for response page %s", downstream.Spec.Issuer) @@ -486,7 +486,7 @@ func TestE2EFullIntegration_Browser(t *testing.T) { // nolint:gocyclo require.NoError(t, page.Navigate(loginURL)) // Expect to be redirected to the upstream provider and log in. - browsertest.LoginToUpstream(t, page, env.SupervisorUpstreamOIDC) + browsertest.LoginToUpstreamOIDC(t, page, env.SupervisorUpstreamOIDC) // Expect to be redirected to the downstream callback which is serving the form_post HTML. t.Logf("waiting for response page %s", downstream.Spec.Issuer) @@ -965,7 +965,7 @@ func TestE2EFullIntegration_Browser(t *testing.T) { // nolint:gocyclo ) }) - // Add an OIDC upstream IDP and try using it to authenticate during kubectl commands. + // Add an LDAP upstream IDP and try using it to authenticate during kubectl commands. t.Run("with Supervisor LDAP upstream IDP and browser flow", func(t *testing.T) { testCtx, cancel := context.WithTimeout(context.Background(), 5*time.Minute) t.Cleanup(cancel) @@ -1075,21 +1075,9 @@ func TestE2EFullIntegration_Browser(t *testing.T) { // nolint:gocyclo t.Logf("navigating to login page: %q", loginURL) require.NoError(t, page.Navigate(loginURL)) - // Expect to be redirected to the supervisor's ldap login page. - t.Logf("waiting for redirect to supervisor ldap login page") - regex := regexp.MustCompile(`\A` + downstream.Spec.Issuer + `/login.+`) - browsertest.WaitForURL(t, page, regex) - - usernameSelector := "#username" - passwordSelector := "#password" - loginButtonSelector := "#submit" - browsertest.WaitForVisibleElements(t, page, usernameSelector, passwordSelector, loginButtonSelector) - - // Fill in the username and password and click "submit". - t.Logf("logging into ldap") - require.NoError(t, page.First(usernameSelector).Fill(expectedUsername)) - require.NoError(t, page.First(passwordSelector).Fill(env.SupervisorUpstreamLDAP.TestUserPassword)) - require.NoError(t, page.First(loginButtonSelector).Click()) + // Confirm that we got to the login page, fill out the form, and submit the form. + browsertest.LoginToUpstreamLDAP(t, page, downstream.Spec.Issuer, + expectedUsername, env.SupervisorUpstreamLDAP.TestUserPassword) formpostExpectSuccessState(t, page) diff --git a/test/integration/supervisor_login_test.go b/test/integration/supervisor_login_test.go index 31089ec4..b849df2e 100644 --- a/test/integration/supervisor_login_test.go +++ b/test/integration/supervisor_login_test.go @@ -2005,7 +2005,7 @@ func requestAuthorizationUsingBrowserAuthcodeFlow(t *testing.T, downstreamAuthor require.NoError(t, page.Navigate(downstreamAuthorizeURL)) // Expect to be redirected to the upstream provider and log in. - browsertest.LoginToUpstream(t, page, env.SupervisorUpstreamOIDC) + browsertest.LoginToUpstreamOIDC(t, page, env.SupervisorUpstreamOIDC) // Wait for the login to happen and us be redirected back to a localhost callback. t.Logf("waiting for redirect to callback") diff --git a/test/integration/supervisor_warnings_test.go b/test/integration/supervisor_warnings_test.go index 65fa06e1..f4ae43ef 100644 --- a/test/integration/supervisor_warnings_test.go +++ b/test/integration/supervisor_warnings_test.go @@ -448,7 +448,7 @@ func TestSupervisorWarnings_Browser(t *testing.T) { require.NoError(t, page.Navigate(loginURL)) // Expect to be redirected to the upstream provider and log in. - browsertest.LoginToUpstream(t, page, env.SupervisorUpstreamOIDC) + browsertest.LoginToUpstreamOIDC(t, page, env.SupervisorUpstreamOIDC) // Expect to be redirected to the downstream callback which is serving the form_post HTML. t.Logf("waiting for response page %s", downstream.Spec.Issuer) diff --git a/test/testlib/browsertest/browsertest.go b/test/testlib/browsertest/browsertest.go index d6686ea6..b04b1e1f 100644 --- a/test/testlib/browsertest/browsertest.go +++ b/test/testlib/browsertest/browsertest.go @@ -125,9 +125,9 @@ func WaitForURL(t *testing.T, page *agouti.Page, pat *regexp.Regexp) { ) } -// LoginToUpstream expects the page to be redirected to one of several known upstream IDPs. +// LoginToUpstreamOIDC expects the page to be redirected to one of several known upstream IDPs. // It knows how to enter the test username/password and submit the upstream login form. -func LoginToUpstream(t *testing.T, page *agouti.Page, upstream testlib.TestOIDCUpstream) { +func LoginToUpstreamOIDC(t *testing.T, page *agouti.Page, upstream testlib.TestOIDCUpstream) { t.Helper() type config struct { @@ -182,3 +182,29 @@ func LoginToUpstream(t *testing.T, page *agouti.Page, upstream testlib.TestOIDCU require.NoError(t, page.First(cfg.PasswordSelector).Fill(upstream.Password)) require.NoError(t, page.First(cfg.LoginButtonSelector).Click()) } + +// LoginToUpstreamLDAP expects the page to be redirected to the Supervisor's login UI for an LDAP/AD IDP. +// It knows how to enter the test username/password and submit the upstream login form. +func LoginToUpstreamLDAP(t *testing.T, page *agouti.Page, issuer, username, password string) { + t.Helper() + + usernameSelector := "#username" + passwordSelector := "#password" + loginButtonSelector := "#submit" + + loginURLRegexp, err := regexp.Compile(`\A` + regexp.QuoteMeta(issuer+"/login") + `.+\z`) + require.NoError(t, err) + + // Expect to be redirected to the login page. + t.Logf("waiting for redirect to %s/login page", issuer) + WaitForURL(t, page, loginURLRegexp) + + // Wait for the login page to be rendered. + WaitForVisibleElements(t, page, usernameSelector, passwordSelector, loginButtonSelector) + + // Fill in the username and password and click "submit". + t.Logf("logging in via Supervisor's upstream LDAP/AD login UI page") + require.NoError(t, page.First(usernameSelector).Fill(username)) + require.NoError(t, page.First(passwordSelector).Fill(password)) + require.NoError(t, page.First(loginButtonSelector).Click()) +}