You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The reason will be displayed to describe this comment to others. Learn more.
Technically we're not checking if it's shown, since the element will always exist in the markup, and we're removing it whether or not it's visible. To that point, we may be able to even go as far to assume the element exists and assign the variable above using the TypeScript non-null assertion operator, similar to what we're doing with webauthnInProgressContainer and webauthnSuccessContainer variables before it.
The reason will be displayed to describe this comment to others. Learn more.
I had encountered unwanted behavior where the user not clicking cancel initially got an error then had to re-attempt in order to authenticate. I could not discern why but adding the check with that if statement fixed it.
The element with the class .usa-alert--error gets inserted as that view loads and if it needs to display the error. If there's no error that element doesn't show up in the DOM.
Would it be more preferable to use a non-null operator?
})
.catch((error: Error) => {
(document.getElementById('webauthn_error') as HTMLInputElement).value = error.name;
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The reason will be displayed to describe this comment to others. Learn more.
One downside of how we stub out the WebAuthn behaviors in the specs is that none of this runs in JavaScript, which is where most users would encounter the errors. Curious how difficult it would be to have a JavaScript-enabled test.
The reason will be displayed to describe this comment to others. Learn more.
I spent part of my afternoon yesterday exploring if we could have more realistic WebAuthn stubbing for JavaScript-enabled browsers in the spec. I think it's possible, but I didn't quite reach a working solution.
I like the WebAuthn DevTools approach, but I couldn't quite figure out the right parameters to send, and which methods to call. The closest I got to a working solution was implementing the first approach. I got the tests passing locally, but strangely only when the browser was shown (i.e. using the SHOW_BROWSER=true environment variable). It's also kinda unwieldy because it inlines parts of base64ToArrayBuffer.
Long story short: I worry this test isn't really giving us any regression assurances, since I suspect it passes on main as well. We could alternatively try a JavaScript spec which tests the JavaScript code. That would also be rather difficult with how packs are tightly integrated with page markup and very side-effecty. Maybe in the future we'd refactor the authentication button to a custom element like app/javascript/packages/webauthn/webauthn-authenticate-button-element.ts, which could be easier to test against.
Given all the challenges, I think it'd be okay to leave it like this for now, though maybe we should create a ticket to further explore one of the above alternatives?
The reason will be displayed to describe this comment to others. Learn more.
I will work on creating that ticket.
I can confirm that test does pass on main so your suspicion is correct.
end
end
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Technically we're not checking if it's shown, since the element will always exist in the markup, and we're removing it whether or not it's visible. To that point, we may be able to even go as far to assume the element exists and assign the variable above using the TypeScript non-null assertion operator, similar to what we're doing with
webauthnInProgressContainerandwebauthnSuccessContainervariables before it.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had encountered unwanted behavior where the user not clicking cancel initially got an error then had to re-attempt in order to authenticate. I could not discern why but adding the check with that if statement fixed it.
The element with the class .usa-alert--error gets inserted as that view loads and if it needs to display the error. If there's no error that element doesn't show up in the DOM.
Would it be more preferable to use a non-null operator?