booth 0.0.1 → 0.0.2

data/lib/booth/testing/support/shortcuts/login_with_passkey.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+module Booth
+  module Testing
+    module Support
+      module Shortcuts
+        class LoginWithPasskey
+          include ::Calls
+          include ::Capybara::DSL
+          include ::Booth::Logging
+
+          option :routing_namespace
+          option :scope
+          option :username
+
+          def call
+            log { 'Initiating Test Shortcut for logging in with passkey' }
+            ::Booth::Testing::Support::Visit.call(routing_namespace:,
+                                                  controller: :logins,
+                                                  action: :new)
+
+            ::Booth::Testing::Support::AssertPartial.call(namespace: :userland,
+                                                          controller: :logins,
+                                                          step: :enter_username)
+
+            fill_in :username, with: username
+            click_on :submit
+
+            # Wait for HTML to be loaded before checking its <template>
+            assert_selector 'template', visible: false
+
+            if page.html.include?('userland/logins/remote_session_available')
+              ::Booth::Testing::Support::AssertPartial.call(namespace: :userland,
+                                                            controller: :logins,
+                                                            step: :remote_session_available)
+              click_on :skip
+            end
+
+            ::Booth::Testing::Support::AssertPartial.call(namespace: :userland,
+                                                          controller: :logins,
+                                                          step: :enter_webauth)
+
+            click_on :authenticate
+
+            AssertLoggedIn.call(scope:, username:)
+
+            log { 'Shortcut to login with passkey succeeded' }
+
+            nil
+          end
+        end
+      end
+    end
+  end
+end

data/lib/booth/testing/support/shortcuts/register_new_passkey.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module Booth
+  module Testing
+    module Support
+      module Shortcuts
+        class RegisterNewPasskey
+          include ::Calls
+          include ::Capybara::DSL
+
+          option :routing_namespace
+          option :scope
+          option :username
+
+          def call
+            ::Booth::Testing::Support::Visit.call(routing_namespace:,
+                                                  controller: :webauths,
+                                                  action: :new)
+
+            ::Booth::Testing::Support::AssertPartial.call(namespace: :userland,
+                                                          controller: :webauths,
+                                                          step: :register)
+
+            click_on :register
+
+            ::Booth::Testing::Support::AssertPartial.call(namespace: :userland,
+                                                          controller: :webauths,
+                                                          step: :choose_nickname)
+
+            fill_in :nickname, with: 'Latchkey'
+            click_on :submit
+
+            ::Booth::Testing::Support::AssertPartial.call(namespace: :userland,
+                                                          controller: :webauths,
+                                                          step: :confirm)
+
+            click_on :test
+
+            ::Booth::Testing::Support::AssertPartial.call(namespace: :userland,
+                                                          controller: :webauths,
+                                                          step: :completed)
+
+            AssertLoggedIn.call(scope:, username:)
+
+            nil
+          end
+        end
+      end
+    end
+  end
+end

data/lib/booth/testing/support/soft_reset_session.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Booth
+  module Testing
+    module Support
+      # Essentially resets the session cookie, but without removing
+      # Chrome's Virtual Authenticator Enviroment. Like a force logout.
+      class SoftResetSession
+        include ::Calls
+        include ::Capybara::DSL
+        include ::Booth::Logging
+
+        def call
+          ::Capybara::Lockstep.synchronize
+
+          keys = page.get_rack_session.keys
+          keys_with_nil_values = keys.index_with { nil }
+
+          page.set_rack_session(**keys_with_nil_values)
+        end
+      end
+    end
+  end
+end

data/lib/booth/testing/support/virtual_authenticators/create.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+module Booth
+  module Testing
+    module Support
+      module VirtualAuthenticators
+        class Create
+          include ::Calls
+          include ::Capybara::DSL
+          include ::Booth::Logging
+
+          option :has_user_verification
+
+          def call
+            log { "Adding Virtual Authenticator... #{options.as_json}" }
+            page.driver.browser.add_virtual_authenticator(options)
+          end
+
+          private
+
+          # See `bundle open selenium-webdriver`
+          # See https://chromedevtools.github.io/devtools-protocol/tot/WebAuthn/#type-VirtualAuthenticatorOptions
+          def options
+            ::Selenium::WebDriver::VirtualAuthenticatorOptions.new.tap do |instance|
+              instance.user_verification = has_user_verification
+              instance.user_verified = true
+              # instance.attestation = 'direct' # or 'indirect'
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/booth/testing/support/virtual_authenticators/destroy.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+module Booth
+  module Testing
+    module VirtualAuthenticators
+      class Destroy
+        include ::Booth::Logging
+        include Calls
+
+        option :devtools
+        option :id
+
+        def call
+          log { "Removing Virtual Authenticator with ID #{id}" }
+          devtools.send_cmd 'WebAuthn.removeVirtualAuthenticator', authenticatorId: id
+        end
+      end
+    end
+  end
+end

data/lib/booth/testing/support/virtual_authenticators/enable.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module Booth
+  module Testing
+    module Support
+      module VirtualAuthenticators
+        # Start the Virtual Authenticator Environment in Chrome.
+        class Enable
+          include ::Calls
+          include ::Capybara::DSL
+          include ::Booth::Logging
+
+          def call
+            log { 'Ensuring enabled Chrome Virtual Authenticator Environment...' }
+            # The Environment *randomly* leaks from test to test, disabling it first works.
+            # All you'll see is `NotAllowedError` in the JS console if you miss this.
+            page.driver.browser.devtools.send_cmd 'WebAuthn.disable'
+            page.driver.browser.devtools.send_cmd 'WebAuthn.enable'
+          end
+        end
+      end
+    end
+  end
+end

data/lib/booth/testing/support/virtual_authenticators/load.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Booth
+  module Testing
+    module Support
+      module VirtualAuthenticators
+        class Load
+          include ::Calls
+          include ::Capybara::DSL
+          include ::Booth::Logging
+
+          option :virtual_authenticator
+
+          def call
+            credential = virtual_authenticator.credentials.first
+
+            # p 'A' * 100
+            # pp credential.instance_variable_get(:@sign_count)
+            # p Booth::Models::Authenticator.sole.sign_count
+            # p 'B' * 100
+
+            instance = ::Booth::Testing::Support::VirtualAuthenticators::Create.call(
+              has_user_verification: true,
+            )
+
+            log do
+              "Attaching Virtual Authenticator Secrets to #{virtual_authenticator.instance_variable_get(:@id)}"
+            end
+            instance.add_credential(credential)
+            # virtual_authenticator.instance_variable_set(:@id, instance.instance_variable_get(:@sign_count))
+
+            instance
+          end
+        end
+      end
+    end
+  end
+end

data/lib/booth/testing/support/virtual_authenticators/manager.rb

@@ -0,0 +1,124 @@
+# frozen_string_literal: true
+
+module Booth
+  module Testing
+    module Support
+      module VirtualAuthenticators
+        # Capybara handles multiple separate Chrome sessions (like separate browsers).
+        # In Chrome each of those sessions is completely distinct and nows nothing about the others.
+        # To "simulate" having the *same* passkey in "two browsers", we need to clone and sync it.
+        # This means transferring the secret key, and synchronizing the sign count.
+        # This class holds a state of all browser sessions to easier facilitate transfer and sync.
+        class Manager
+          include ::Capybara::DSL
+          include ::Booth::Logging
+
+          # Creates a brand new passkey.
+          def create(has_user_verification: true)
+            ::Booth::Testing::Support::VirtualAuthenticators::Enable.call
+
+            new_device = ::Booth::Testing::Support::VirtualAuthenticators::Create.call(
+              has_user_verification:,
+            )
+
+            this_session[new_device.instance_variable_get(:@id)] = new_device
+
+            nil
+          end
+
+          # Takes a passkey from (the) other browser and injects it into this browser.
+          def clone_from_other_session
+            new_device = ::Booth::Testing::Support::VirtualAuthenticators::Create.call(
+              has_user_verification: true,
+            )
+            new_device.add_credential(other_credential)
+
+            this_session[new_device.instance_variable_get(:@id)] = new_device
+            nil
+          end
+
+          # Inspects a passkey in (the) other browser and syncs the passkey here if needed.
+          def refresh_from_other_session
+            this_sign_count = this_credential.instance_variable_get(:@sign_count)
+            other_sign_count = other_credential.instance_variable_get(:@sign_count)
+
+            if this_sign_count == other_sign_count
+              log { "Sign count of both Virtual Keys is #{this_sign_count}" }
+              return
+            end
+
+            log { "Changing Virtual Key sign count from #{this_sign_count} to #{other_sign_count}" }
+
+            new_credential = this_credential
+            # This only affects the Credential here in our Ruby instance.
+            new_credential.instance_variable_set(:@sign_count, other_sign_count)
+
+            # So let us send our Ruby instance to the browser by replacing the key there.
+            this_device.remove_all_credentials
+            this_device.add_credential(new_credential)
+
+            nil
+          end
+
+          private
+
+          def this_credential
+            these_credentials = this_device.credentials
+
+            unless these_credentials.size == 1
+              raise "Don't know which other Virtual Credential to pick: #{these_credentials}"
+            end
+
+            these_credentials.first
+          end
+
+          def other_credential
+            other_credentials = other_device.credentials
+
+            unless other_credentials.size == 1
+              raise "Don't know which Virtual Credential of mine to pick: #{other_credentials}"
+            end
+
+            other_credentials.first
+          end
+
+          def this_device
+            unless this_session.size == 1
+              raise "Don't know which Virtual Authenticator of mine to pick: #{this_session.keys}"
+            end
+
+            this_session.values.first
+          end
+
+          def other_device
+            unless other_session.size == 1
+              raise "Don't know which other Virtual Authenticator to pick: #{other_session.keys}"
+            end
+
+            other_session.values.first
+          end
+
+          def this_session
+            sessions[Capybara.session_name]
+          end
+
+          def other_session
+            other_session_keys = sessions.keys.reject { it == Capybara.session_name }
+
+            unless other_session_keys.size == 1
+              raise "Cannot determine #{sessions.keys} as alternative to #{Capybara.session_name}"
+            end
+
+            sessions[other_session_keys.first]
+          end
+
+          def sessions
+            @sessions ||= {}
+            @sessions[Capybara.session_name] ||= {}
+            @sessions
+          end
+        end
+      end
+    end
+  end
+end

data/lib/booth/testing/support/visit.rb

@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+module Booth
+  module Testing
+    module Support
+      class Visit
+        include ::Calls
+        include ::Capybara::DSL
+        include ::Booth::Logging
+
+        option :routing_namespace # :community
+        option :controller # :registrations
+        option :action # :new
+        option :params, default: -> { {} } # { id: 42 }
+
+        def call
+          log { "-----> Visiting #{controller}/#{action} #{params.presence} on #{subdomain}.localhost" }
+          visit ::Rails.application.routes.url_helpers.url_for(options)
+        end
+
+        private
+
+        # The `url_for` helper dissects options into three categories:
+        #
+        # Path Params
+        #   - :controller
+        #   - :action
+        #   - :anchor
+        #
+        # URL Params
+        #   - :protocol
+        #   - :port
+        #   - :domain
+        #   - :subdomain
+        #   - :host (shortcut for :domain + :subdomain)
+        #   - :only_path
+        #
+        # Query Params (everything not absorbed by the other to categories)
+        #
+        def options
+          params.merge subdomain:,
+                       domain: 'localhost',
+                       controller: namespaced_controller,
+                       action:
+        end
+
+        def subdomain
+          uri = URI.parse(Capybara.app_host) # 'http://one.two.localhost'
+          host_parts = uri.host.to_s.split('.') # ['one', 'two']
+          host_parts[0...-1].join('.') # 'one.two'
+        end
+
+        def namespaced_controller
+          raise "Controller names must be plural (#{controller})" unless controller.end_with?('s')
+          return controller if routing_namespace.blank?
+
+          "#{routing_namespace}/#{controller}"
+        end
+      end
+    end
+  end
+end

data/lib/booth/testing/userland/login_remotely.rb

@@ -0,0 +1,100 @@
+# frozen_string_literal: true
+
+module Booth
+  module Testing
+    module Userland
+      class LoginRemotely < ::Booth::Testing::IncorporationTestCase
+        def call
+          before_test&.call
+
+          create_and_onboard(username: 'alice')
+          virtual_authenticators.create
+          register_new_passkey(username: 'alice')
+
+          visit_namespaced controller: :remote_logins, action: :show
+
+          # ---------------- SIGNIFICANT TEST ------------------
+          # Can only enter a code when there is a pending Remote
+          # ----------------------------------------------------
+          assert_userland_view controller: :remote_logins, step: :no_remote
+
+          code = nil
+          using_session(:other_device) do
+            # Login on other device
+
+            visit_namespaced controller: :logins, action: :new
+
+            assert_userland_view controller: :logins, step: :enter_username
+
+            fill_in :username, with: 'alice'
+            click_on :submit
+
+            assert_userland_view controller: :logins, step: :remote_session_available
+
+            code = find('[data-booth="code"]').text
+          end
+
+          # Redeem remote code
+
+          visit_namespaced controller: :remote_logins, action: :show
+
+          assert_userland_view controller: :remote_logins, step: :remote_login
+
+          fill_in :code, with: code
+          click_on :submit
+
+          # ------ SIGNIFICANT TEST ------
+          # Remote logins can be redeemed.
+          # ------------------------------
+          assert_userland_view controller: :remote_logins, step: :remote_solved
+
+          using_session(:other_device) do
+            visit_namespaced controller: :webauths, action: :index
+
+            # ------------ SIGNIFICANT TEST --------------
+            # Webauth sudo is required after remote login.
+            # --------------------------------------------
+            assert_userland_view controller: :webauths, step: :sudo
+          end
+
+          using_session(:yet_another_device) do
+            visit_namespaced controller: :logins, action: :new
+
+            assert_userland_view controller: :logins, step: :enter_username
+
+            fill_in :username, with: 'alice'
+            click_on :submit
+
+            assert_userland_view controller: :logins, step: :remote_session_available
+
+            ::Booth::Models::Remote.sole.update!(created_at: 21.minutes.ago)
+
+            visit_namespaced controller: :logins, action: :new
+
+            assert_userland_view controller: :logins, step: :remote_session_expired
+
+            travel 19.minutes
+
+            visit_namespaced controller: :logins, action: :new
+
+            # --- SIGNIFICANT TEST ----
+            # Remote logins can expire.
+            # -------------------------
+            assert_userland_view controller: :logins, step: :remote_session_expired
+
+            travel 2.minutes
+
+            visit_namespaced controller: :logins, action: :new
+
+            assert_userland_view controller: :logins, step: :enter_username
+
+            # ---------- SIGNIFICANT TEST -----------
+            # Login procedures as a whole can expire.
+            # ---------------------------------------
+            assert_text(/20 min/i) # Flash message
+          end
+        end
+      end
+    end
+  end
+end

data/lib/booth/testing/userland/onboarding_first_time.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+
+module Booth
+  module Testing
+    module Userland
+      class OnboardingFirstTime < ::Booth::Testing::IncorporationTestCase
+        def call
+          before_test&.call
+
+          alice = ::Booth::Models::Credential.create!(
+            domain: ::Capybara.app_host.remove('http://'),
+            username: 'alice',
+            scope:,
+          )
+
+          after_credential&.call(credential_id: alice.id)
+
+          bobby = ::Booth::Models::Credential.create!(
+            domain: ::Capybara.app_host.remove('http://'),
+            username: 'bobby',
+            scope:,
+          )
+
+          after_credential&.call(credential_id: bobby.id)
+
+          alices_onboarding = ::Booth::Models::Onboarding.create!(
+            credential_id: alice.id,
+          )
+
+          bobbys_onboarding = ::Booth::Models::Onboarding.create!(
+            credential_id: bobby.id,
+          )
+
+          # Onboard via URL
+
+          visit_namespaced controller: :onboardings, action: :show,
+                           params: { id: alices_onboarding.secret_key }
+
+          assert_userland_view controller: :onboardings, step: :redeem
+
+          click_on :submit
+
+          # ------------------------ SIGNIFICANT TEST --------------------------------
+          # Re-visiting the Onboarding later, shows the success of having redeemed it.
+          # --------------------------------------------------------------------------
+          assert_userland_view controller: :onboardings, step: :success
+
+          visit_namespaced controller: :webauths, action: :index
+
+          # ----- SIGNIFICANT TEST -----
+          # Onboarding logs the user in.
+          # ----------------------------
+          assert_userland_view controller: :webauths, step: :index
+
+          visit_namespaced controller: :onboardings, action: :show,
+                           params: { id: alices_onboarding.secret_key }
+
+          assert_userland_view controller: :onboardings, step: :success
+
+          visit_namespaced controller: :onboardings, action: :show,
+                           params: { id: bobbys_onboarding.secret_key }
+
+          # -------------------- SIGNIFICANT TEST -------------------
+          # Cannot onboard while the wrong user is already logged in.
+          # ---------------------------------------------------------
+          assert_userland_view controller: :onboardings, step: :wrong_user
+
+          soft_reset_session
+
+          visit_namespaced controller: :onboardings, action: :show,
+                           params: { id: alices_onboarding.secret_key }
+
+          # ------------ SIGNIFICANT TEST ---------------
+          # Cannot redeem an already consumed Onboarding.
+          # ---------------------------------------------
+          assert_userland_view controller: :onboardings, step: :already_used
+        end
+      end
+    end
+  end
+end