LG-10225: Add JavaScript-enabled WebAuthn feature spec capability#8761
LG-10225: Add JavaScript-enabled WebAuthn feature spec capability#8761
Conversation
aduth
changed the title
|
Addressing original "draft" comments:
Added in 7435b62.
Decided to duplicate in the spec helper in 5918ffc.
Will do this as-needed in future pull requests. Changes here to reorganize, rename, and add new helper methods should simplify this work. |
There was a problem hiding this comment.
The idea with the rename is that, as of LG-8622 / #8716, we no longer differentiate the error behavior based on whether the user has multiple MFA methods enabled.
aduth
force-pushed
the
aduth-try-webauthn-js-stub
branch
from
7435b62 to
7ed0aa6
Compare
aduth
changed the title
There was a problem hiding this comment.
would it make the tests clearer if we passed in platform: true to these helpers instead of inferring from the URL?
There was a problem hiding this comment.
I think I have a soft preference for the current approach, for convenience and since the helpers already make many other assumptions of "just working" for both platform authenticators and security keys. Open to revisiting though.
There was a problem hiding this comment.
when skimming this diff I had trouble telling the difference between _and_cancel and _and_verify because they're the same number of characters, what if we dropped _and_verify since that's kind of default behavior and left _and_cancel as the differentiated option?
There was a problem hiding this comment.
Yeah, that seems like a simple way to differentiate. I'll update.
There was a problem hiding this comment.
This wasn't quite as easy as expected, since I already had a method click_webauthn_authenticate_button for just the action of clicking the button itself.
I took a different direction in b75d2ff63, since this feels like two things of simulating the result + clicking the button, where the simulated result has setup and teardown. Yielding to a block seemed appropriate enough? 🤷
There was a problem hiding this comment.
I am not super in love with the block approach but can't think of anything better 🤷
changelog: Internal, Automated Testing, Improve realism of WebAuthn tests
Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com>
Two separate concerns, where mocking involves setup & teardown. Avoids some readability issues with similar named methods See: https://github.com/18F/identity-idp/pull/8761/files#r1261446915
aduth
force-pushed
the
aduth-try-webauthn-js-stub
branch
from
b75d2ff to
200b0bb
Compare
…11077) * Use faster default driver for feature tests not requiring JavaScript changelog: Internal, Automated Testing, Use faster default driver for feature tests not requiring JavaScript * Enable JavaScript for at least one WebAuthn spec See rationale in #8761 * Remove duplicate spec Same test case already exists in no-JavaScript context
2 participants
🎫 Ticket
LG-10225
🛠 Summary of changes
Adds support for simulating results of WebAuthn in JavaScript-enabled browsers in specs, allowing for more realistic test scenarios running in a real browser.
For example, this may have helped avoid the scenario fixed in #8738.
📜 Testing Plan