booth 0.0.3 → 0.0.4

data/lib/booth/testing/support/shortcuts/login_with_passkey.rb

@@ -7,6 +7,8 @@ module Booth
         class LoginWithPasskey
           include ::Calls
           include ::Capybara::DSL
+          include ::Booth::Testing::Support::CapybaraStepLogger
+          include ::Booth::Testing::Shortcuts
           include ::Booth::Logging
 
           option :routing_namespace
@@ -14,7 +16,8 @@ module Booth
           option :username
 
           def call
-            log { 'Initiating Test Shortcut for logging in with passkey' }
+            log { Paint['Starting Subroutine LoginWithPasskey', '#ff9900'] }
+
             ::Booth::Testing::Support::Visit.call(routing_namespace:,
                                                   controller: :logins,
                                                   action: :new)
@@ -39,12 +42,11 @@ module Booth
             ::Booth::Testing::Support::AssertPartial.call(namespace: :userland,
                                                           controller: :logins,
                                                           step: :enter_webauth)
-
             click_on :authenticate
 
-            AssertLoggedIn.call(scope:, username:)
+            ::Booth::Testing::Support::AssertLoggedIn.call(scope:, username:)
 
-            log { 'Shortcut to login with passkey succeeded' }
+            log { Paint['Finished Subroutine LoginWithPasskey', '#ff9900'] }
 
             nil
           end

data/lib/booth/testing/support/shortcuts/register_new_passkey.rb

@@ -7,12 +7,16 @@ module Booth
         class RegisterNewPasskey
           include ::Calls
           include ::Capybara::DSL
+          include ::Booth::Logging
+          include ::Booth::Testing::Support::CapybaraStepLogger
 
           option :routing_namespace
           option :scope
           option :username
 
           def call
+            log { 'Starting Subroutine...' }
+
             ::Booth::Testing::Support::Visit.call(routing_namespace:,
                                                   controller: :webauths,
                                                   action: :new)
@@ -26,8 +30,8 @@ module Booth
             ::Booth::Testing::Support::AssertPartial.call(namespace: :userland,
                                                           controller: :webauths,
                                                           step: :choose_nickname)
-
-            fill_in :nickname, with: 'Latchkey'
+            sleep 1
+            fill_in :nickname, with: 'Pristine Key'
             click_on :submit
 
             ::Booth::Testing::Support::AssertPartial.call(namespace: :userland,

data/lib/booth/testing/support/virtual_authenticator.rb

@@ -0,0 +1,196 @@
+# frozen_string_literal: true
+
+module Booth
+  module Testing
+    module Support
+      # Represents a virtual WebAuthn credential that can be transferred between browser sessions.
+      # Stores the credential data (including private key) and tracks which authenticator ID
+      # exists in each browser session.
+      class VirtualAuthenticator
+        # Maps Capybara session names to their authenticator IDs
+        # Each browser session has its own isolated authenticator with the same credential
+        attr_accessor :authenticator_ids
+        attr_accessor :credential_data, :has_user_verification, :rp_id # Relying Party ID for this credential
+
+        def initialize(authenticator_id:, has_user_verification: true)
+          @authenticator_ids = {}
+          @has_user_verification = has_user_verification
+          @credential_data = nil
+          # Register the initial authenticator for the current session
+          register_authenticator_id(authenticator_id, Capybara.session_name.to_s)
+        end
+
+        # Registers an authenticator ID for a specific browser session
+        def register_authenticator_id(authenticator_id, session_name = Capybara.session_name.to_s)
+          authenticator_ids[session_name] = authenticator_id
+        end
+
+        # Gets the authenticator ID for the current browser session
+        def current_authenticator_id
+          session_key = Capybara.session_name.to_s
+          authenticator_ids[session_key] || raise("No authenticator registered for session #{session_key}. Call import() first if this is a new browser session.")
+        end
+
+        # Pulls credential data from the current browser session.
+        # On first pull (after WebAuthn registration), this captures the private key.
+        # On subsequent pulls, this updates the stored sign_count.
+        def pull
+          auth_id = current_authenticator_id
+          log do
+            "Pulling credentials from session #{Capybara.session_name} for authenticator #{auth_id}"
+          end
+
+          credentials = get_credentials_from_session(auth_id)
+
+          if credentials.empty?
+            raise "No credentials found in authenticator #{auth_id}. Ensure WebAuthn registration completed before pulling."
+          end
+
+          # Store the first (and typically only) credential
+          @credential_data = credentials.first
+
+          # rpId might not be returned by getCredentials in imported credentials
+          # Use stored value if available, otherwise use what we got from browser
+          pulled_rp_id = @credential_data['rpId']
+          if pulled_rp_id
+            @rp_id = pulled_rp_id
+            log do
+              "Pulled credential #{credential_id} with sign_count #{sign_count} and rpId #{@rp_id}"
+            end
+          elsif @rp_id
+            log do
+              "Pulled credential #{credential_id} with sign_count #{sign_count} (rpId not returned, using stored: #{@rp_id})"
+            end
+          else
+            raise "PULL FAILED: No rpId found in credential data and none stored! Keys: #{@credential_data.keys.inspect}"
+          end
+
+          log { "PUSH: Credential data keys: #{@credential_data.keys.inspect}" }
+
+          self
+        end
+
+        # Pushes the stored sign_count to the current browser session.
+        # Since WebAuthn.setCredentialProperties doesn't support signCount,
+        # we remove and re-add the credential with the correct sign_count.
+        def push
+          unless credential_data
+            raise 'No credential data to push. Call pull() first to capture credentials.'
+          end
+
+          auth_id = current_authenticator_id
+          target_sign_count = sign_count
+
+          # First, read current state from browser
+          current_creds = get_credentials_from_session(auth_id)
+          target_cred = current_creds.find { |c| c['credentialId'] == credential_id }
+
+          if target_cred.nil?
+            raise "Credential #{credential_id} not found in browser session #{Capybara.session_name}. Import this authenticator first."
+          end
+
+          current_browser_sign_count = target_cred['signCount']
+
+          log do
+            "PUSH: Session #{Capybara.session_name}, Auth #{auth_id}, Credential #{credential_id}, Target sign_count: #{target_sign_count}, Current browser sign_count: #{current_browser_sign_count}"
+          end
+
+          if current_browser_sign_count == target_sign_count
+            log { "PUSH: Sign count already up to date (#{target_sign_count})" }
+            return self
+          end
+
+          # Remove and re-add credential with updated sign_count
+          # (setCredentialProperties doesn't support signCount per CDP spec)
+          log { "PUSH: Removing credential #{credential_id} from authenticator #{auth_id}" }
+          remove_result = send_cdp_message(
+            'WebAuthn.removeCredential',
+            authenticatorId: auth_id,
+            credentialId: credential_id,
+          )
+          log { "PUSH: removeCredential result: #{remove_result.inspect}" }
+
+          log { "PUSH: Re-adding credential with sign_count #{target_sign_count}" }
+          # Create credential data with updated sign_count
+          updated_credential = credential_data.dup
+          updated_credential['signCount'] = target_sign_count
+          updated_credential['rpId'] = @rp_id
+
+          # Debug: show what fields are in the credential
+          log { "PUSH: Credential fields: #{updated_credential.keys.inspect}" }
+          log { "PUSH: rpId in credential: #{updated_credential['rpId'].inspect}" }
+          log { "PUSH: @rp_id instance variable: #{@rp_id.inspect}" }
+
+          raise 'PUSH FAILED: @rp_id is nil!' unless @rp_id
+
+          add_result = send_cdp_message(
+            'WebAuthn.addCredential',
+            authenticatorId: auth_id,
+            credential: updated_credential,
+          )
+          log { "PUSH: addCredential result: #{add_result.inspect}" }
+
+          # CRITICAL: Verify the update actually worked
+          sleep 0.5 # Give browser time to apply update
+          post_update_creds = get_credentials_from_session(auth_id)
+          post_update_cred = post_update_creds.find { |c| c['credentialId'] == credential_id }
+
+          if post_update_cred.nil?
+            raise "PUSH FAILED: Credential #{credential_id} not found after re-add!"
+          end
+
+          actual_sign_count = post_update_cred['signCount']
+          log do
+            "PUSH: Post-update browser sign_count: #{actual_sign_count} (expected: #{target_sign_count})"
+          end
+
+          unless actual_sign_count == target_sign_count
+            raise "PUSH FAILED: Browser sign_count is #{actual_sign_count} but we expected #{target_sign_count}"
+          end
+
+          log { "PUSH: Successfully updated sign_count to #{target_sign_count} in browser" }
+
+          self
+        end
+
+        # Returns the credential ID
+        def credential_id
+          credential_data&.dig('credentialId')
+        end
+
+        # Returns the current sign count
+        def sign_count
+          credential_data&.dig('signCount') || 0
+        end
+
+        # Returns the private key (base64 encoded)
+        def private_key
+          credential_data&.dig('privateKey')
+        end
+
+        private
+
+        include ::Booth::Logging
+        include ::Capybara::DSL
+
+        def get_credentials_from_session(authenticator_id)
+          result = send_cdp_message(
+            'WebAuthn.getCredentials',
+            authenticatorId: authenticator_id,
+          )
+
+          result['credentials'] || []
+        end
+
+        def send_cdp_message(method, params)
+          result = nil
+          Capybara.current_session.driver.with_playwright_page do |playwright_page|
+            cdp_session = playwright_page.context.new_cdp_session(playwright_page)
+            result = cdp_session.send_message(method, params:)
+          end
+          result
+        end
+      end
+    end
+  end
+end

data/lib/booth/testing/support/virtual_authenticators/create.rb

@@ -13,19 +13,34 @@ module Booth
 
           def call
             log { "Adding Virtual Authenticator... #{options.as_json}" }
-            page.driver.browser.add_virtual_authenticator(options)
+            result = nil
+            page.driver.with_playwright_page do |playwright_page|
+              cdp_session = playwright_page.context.new_cdp_session(playwright_page)
+              log { '[WebAuthn] Sending addVirtualAuthenticator command...' }
+              result = cdp_session.send_message('WebAuthn.addVirtualAuthenticator', params: { options: options })
+              log { "[WebAuthn] addVirtualAuthenticator result: #{result.inspect}" }
+            end
+            authenticator_id = result['authenticatorId']
+            if authenticator_id
+              log { "[WebAuthn] ✓ Virtual Authenticator created with ID: #{authenticator_id}" }
+            else
+              log { "[WebAuthn] ✗ FAILED to create Virtual Authenticator - no authenticatorId in response" }
+            end
+            authenticator_id
           end
 
           private
 
-          # See `bundle open selenium-webdriver`
           # See https://chromedevtools.github.io/devtools-protocol/tot/WebAuthn/#type-VirtualAuthenticatorOptions
           def options
-            ::Selenium::WebDriver::VirtualAuthenticatorOptions.new.tap do |instance|
-              instance.user_verification = has_user_verification
-              instance.user_verified = true
-              # instance.attestation = 'direct' # or 'indirect'
-            end
+            {
+              protocol: 'ctap2',
+              transport: 'internal',
+              hasResidentKey: true,
+              hasUserVerification: has_user_verification,
+              isUserVerified: true,
+              automaticPresenceSimulation: true
+            }
           end
         end
       end

data/lib/booth/testing/support/virtual_authenticators/destroy.rb

@@ -2,17 +2,22 @@
 
 module Booth
   module Testing
-    module VirtualAuthenticators
-      class Destroy
-        include ::Booth::Logging
-        include Calls
+    module Support
+      module VirtualAuthenticators
+        class Destroy
+          include ::Booth::Logging
+          include ::Calls
+          include ::Capybara::DSL
 
-        option :devtools
-        option :id
+          option :authenticator_id
 
-        def call
-          log { "Removing Virtual Authenticator with ID #{id}" }
-          devtools.send_cmd 'WebAuthn.removeVirtualAuthenticator', authenticatorId: id
+          def call
+            log { "Removing Virtual Authenticator with ID #{authenticator_id}" }
+            page.driver.with_playwright_page do |playwright_page|
+              cdp_session = playwright_page.context.new_cdp_session(playwright_page)
+              cdp_session.send_message('WebAuthn.removeVirtualAuthenticator', params: { authenticatorId: authenticator_id })
+            end
+          end
         end
       end
     end

data/lib/booth/testing/support/virtual_authenticators/enable.rb

@@ -13,9 +13,21 @@ module Booth
           def call
             log { 'Ensuring enabled Chrome Virtual Authenticator Environment...' }
             # The Environment *randomly* leaks from test to test, disabling it first works.
+            # This happens with both Selenium and Playwright.
             # All you'll see is `NotAllowedError` in the JS console if you miss this.
-            page.driver.browser.devtools.send_cmd 'WebAuthn.disable'
-            page.driver.browser.devtools.send_cmd 'WebAuthn.enable'
+            page.driver.with_playwright_page do |playwright_page|
+              cdp_session = playwright_page.context.new_cdp_session(playwright_page)
+
+              # log { '[WebAuthn] Disabling any existing environment...' }
+              # disable_result = cdp_session.send_message('WebAuthn.disable')
+              # log { "[Disable result: #{disable_result.inspect}" }
+
+              # log { '[WebAuthn] Enabling virtual authenticator environment...' }
+              cdp_session.send_message('WebAuthn.enable')
+              # log { "[Enable result: #{enable_result.inspect}" }
+
+              # log { '[WebAuthn] Virtual Authenticator Environment is ready' }
+            end
           end
         end
       end

data/lib/booth/testing/support/virtual_authenticators/load.rb

@@ -9,27 +9,15 @@ module Booth
           include ::Capybara::DSL
           include ::Booth::Logging
 
-          option :virtual_authenticator
+          option :authenticator_id
 
           def call
-            credential = virtual_authenticator.credentials.first
-
-            # p 'A' * 100
-            # pp credential.instance_variable_get(:@sign_count)
-            # p Booth::Models::Authenticator.sole.sign_count
-            # p 'B' * 100
-
-            instance = ::Booth::Testing::Support::VirtualAuthenticators::Create.call(
-              has_user_verification: true,
-            )
-
-            log do
-              "Attaching Virtual Authenticator Secrets to #{virtual_authenticator.instance_variable_get(:@id)}"
-            end
-            instance.add_credential(credential)
-            # virtual_authenticator.instance_variable_set(:@id, instance.instance_variable_get(:@sign_count))
-
-            instance
+            raise NotImplementedError, 'Load needs to be reimplemented for Playwright using CDP'
+            # Previously this loaded credentials from a Selenium virtual authenticator object
+            # and added them to a new authenticator. With CDP, we'd need to:
+            # 1. Get credentials from the source authenticator via WebAuthn.getCredentials
+            # 2. Create a new authenticator
+            # 3. Add the credentials via WebAuthn.addCredential
           end
         end
       end

data/lib/booth/testing/support/virtual_authenticators.rb

@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+
+module Booth
+  module Testing
+    module Support
+      # Factory and operations for VirtualAuthenticator objects.
+      # Provides methods to create and import authenticators across browser sessions.
+      module VirtualAuthenticators
+        include ::Booth::Logging
+        include ::Capybara::DSL
+
+        # Creates a new virtual authenticator in the current browser session.
+        # Returns a VirtualAuthenticator object that can be used to pull credentials
+        # after WebAuthn registration.
+        def self.create(has_user_verification: true)
+          log { "Creating virtual authenticator in session #{Capybara.session_name}" }
+
+          ::Booth::Testing::Support::VirtualAuthenticators::Enable.call
+
+          result = send_cdp_message(
+            'WebAuthn.addVirtualAuthenticator',
+            options: authenticator_options(has_user_verification:),
+          )
+
+          authenticator_id = result['authenticatorId']
+
+          unless authenticator_id
+            raise 'Failed to create virtual authenticator - no authenticatorId in response'
+          end
+
+          log { "Created virtual authenticator #{authenticator_id}" }
+
+          VirtualAuthenticator.new(
+            authenticator_id:,
+            has_user_verification:,
+          )
+        end
+
+        # Imports a VirtualAuthenticator into the current browser session.
+        # This creates a new authenticator and adds the credential with the stored private key.
+        def self.import(virtual_authenticator)
+          unless virtual_authenticator.credential_data
+            raise 'VirtualAuthenticator has no credential data to import. Call pull() on the source authenticator first.'
+          end
+
+          log { "Importing authenticator into session #{Capybara.session_name}" }
+
+          ::Booth::Testing::Support::VirtualAuthenticators::Enable.call
+
+          result = send_cdp_message(
+            'WebAuthn.addVirtualAuthenticator',
+            options: authenticator_options(has_user_verification: virtual_authenticator.has_user_verification),
+          )
+
+          new_authenticator_id = result['authenticatorId']
+
+          raise 'Failed to create authenticator for import' unless new_authenticator_id
+
+          # Add the credential with stored data
+          unless virtual_authenticator.rp_id
+            raise 'IMPORT FAILED: No rp_id set on VirtualAuthenticator'
+          end
+
+          send_cdp_message(
+            'WebAuthn.addCredential',
+            authenticatorId: new_authenticator_id,
+            credential: virtual_authenticator.credential_data,
+            rpId: virtual_authenticator.rp_id,
+          )
+
+          log do
+            "Imported credential #{virtual_authenticator.credential_id} into new authenticator #{new_authenticator_id}"
+          end
+
+          # Register the new authenticator ID for the current browser session
+          virtual_authenticator.register_authenticator_id(new_authenticator_id,
+                                                          Capybara.session_name.to_s)
+
+          virtual_authenticator
+        end
+
+        private
+
+        def self.authenticator_options(has_user_verification:)
+          {
+            protocol: 'ctap2',
+            transport: 'internal',
+            hasResidentKey: true,
+            hasUserVerification: has_user_verification,
+            isUserVerified: true,
+            automaticPresenceSimulation: true
+          }
+        end
+
+        def self.send_cdp_message(method, params)
+          result = nil
+          Capybara.current_session.driver.with_playwright_page do |playwright_page|
+            cdp_session = playwright_page.context.new_cdp_session(playwright_page)
+            result = cdp_session.send_message(method, params:)
+          end
+          result
+        end
+      end
+    end
+  end
+end

data/lib/booth/testing/support/visit.rb

@@ -40,6 +40,7 @@ module Booth
         def options
           params.merge subdomain:,
                        domain: 'localhost',
+                       port: Capybara.server_port,
                        controller: namespaced_controller,
                        action:
         end

data/lib/booth/testing/userland/login_remotely.rb

@@ -49,12 +49,12 @@ module Booth
           assert_userland_view controller: :remote_logins, step: :remote_solved
 
           using_session(:other_device) do
-            visit_namespaced controller: :webauths, action: :index
+            visit current_path
 
             # ------------ SIGNIFICANT TEST --------------
             # Webauth sudo is required after remote login.
             # --------------------------------------------
-            assert_userland_view controller: :webauths, step: :sudo
+            assert_logged_in username: 'alice'
           end
 
           using_session(:yet_another_device) do

data/lib/booth/testing/userland/onboarding_first_time.rb

@@ -45,13 +45,14 @@ module Booth
           # --------------------------------------------------------------------------
           assert_userland_view controller: :onboardings, step: :success
 
-          visit_namespaced controller: :webauths, action: :index
+          # ::Booth::Testing::Support::CheckBrowserState.call(operation: 'after assert_userland_view :success')
+          assert_logged_in username: 'alice'
 
+          # ::Booth::Testing::Support::CheckBrowserState.call(operation: 'after assert_logged_in')
           # ----- SIGNIFICANT TEST -----
           # Onboarding logs the user in.
           # ----------------------------
-          assert_userland_view controller: :webauths, step: :index
-
+          # ::Booth::Testing::Support::CheckBrowserState.call(operation: 'before second visit')
           visit_namespaced controller: :onboardings, action: :show,
                            params: { id: alices_onboarding.secret_key }
 
@@ -65,7 +66,7 @@ module Booth
           # ---------------------------------------------------------
           assert_userland_view controller: :onboardings, step: :wrong_user
 
-          soft_reset_session
+          clear_cookies
 
           visit_namespaced controller: :onboardings, action: :show,
                            params: { id: alices_onboarding.secret_key }

data/lib/booth/testing/userland/onboarding_to_reset_passkeys.rb

@@ -64,11 +64,11 @@ module Booth
 
           assert_userland_view controller: :webauths, step: :completed
 
-          authenticator = ::Booth::Models::Authenticator.sole
+          authenticator = ActiveRecord::Base.uncached { ::Booth::Models::Authenticator.sole }
 
           assert_equal 'Latchkey', authenticator.nickname
 
-          soft_reset_session
+          clear_cookies
 
           # Onboard via URL
 
@@ -100,7 +100,7 @@ module Booth
 
           assert_userland_view controller: :webauths, step: :completed
 
-          authenticator = ::Booth::Models::Authenticator.sole
+          authenticator = ActiveRecord::Base.uncached { ::Booth::Models::Authenticator.sole }
 
           assert_equal 'Superkey', authenticator.nickname
 

data/lib/booth/testing/userland/registration_with_passkey.rb

@@ -9,9 +9,14 @@ module Booth
 
           # Register
 
-          visit_namespaced controller: :registrations, action: :new
+          begin
+            # Non-headless Chrome may cause Exception if HTTP status is 4xx
+            visit_namespaced controller: :registrations, action: :new
+          rescue Playwright::Error => e
+            raise unless e.message.include?('ERR_HTTP_RESPONSE_CODE_FAILURE')
+          end
 
-          return 'Skipping self-registration tests' if page.has_text?('HTTP ERROR 410') # Chrome Page
+          return log { 'Skipping self-registration tests' } if page.status_code == 410
 
           virtual_authenticators.create
 
@@ -39,7 +44,7 @@ module Booth
           # --------------------------------------------
           assert_userland_view controller: :webauths, step: :completed
 
-          soft_reset_session
+          clear_cookies
 
           # Login
 
@@ -64,9 +69,7 @@ module Booth
           # -----------------------------------------------------------------
           click_on :authenticate
 
-          visit_namespaced controller: :webauths, action: :index
-
-          assert_userland_view controller: :webauths, step: :index
+          assert_logged_in username: 'alice'
 
           # Try to register when already logged in
 

data/lib/booth/testing/userland/registration_without_passkey.rb

@@ -9,10 +9,14 @@ module Booth
 
           # Register normally
 
-          visit_namespaced controller: :registrations, action: :new
+          begin
+            # Non-headless Chrome may cause Exception if HTTP status is 4xx
+            visit_namespaced controller: :registrations, action: :new
+          rescue Playwright::Error => e
+            raise unless e.message.include?('ERR_HTTP_RESPONSE_CODE_FAILURE')
+          end
 
-          # Chrome Page
-          return 'Skipping self-registration tests' if page.has_text?('HTTP ERROR 410')
+          return log { 'Skipping self-registration tests' } if page.status_code == 410
 
           assert_userland_view controller: :registrations, step: :choose_username
 
@@ -53,17 +57,17 @@ module Booth
           assert_userland_view controller: :remote_logins, step: :remote_solved
 
           using_session(:other_device) do
-            visit_namespaced controller: :webauths, action: :index
+            visit current_path
 
             # -------------------------- SIGNIFICANT TEST ---------------------------
             # You can remote-login even though you don't have any Authenticators yet.
             # -----------------------------------------------------------------------
-            assert_userland_view controller: :webauths, step: :index
+            assert_logged_in username: 'alice'
           end
 
           # Try to Login without having any Authenticators
 
-          soft_reset_session
+          clear_cookies
 
           visit_namespaced controller: :logins, action: :new
 
@@ -93,7 +97,7 @@ module Booth
           # ---------------- SIGNIFICANT TEST -------------------
           # You cannot register a username that is already taken.
           # -----------------------------------------------------
-          assert_text 'username already exists'
+          assert_text I18n.t('booth.username_already_exists')
         end
       end
     end