booth 0.0.3 → 0.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 75776c21f5e995703cc155d9689c504d9f5158c90b1e122c71c0cae6c7ec145f
-  data.tar.gz: 0f3ef4e56515e035e2d7f48244cacc4d66609972e8d00087ea8967124a995369
+  metadata.gz: edffbca58e6e40fa8b572564a2fdefd1243becc6bc64247765adae3c2bc4cfe0
+  data.tar.gz: 9ca0edd3a0fd70873623f5cb7f109bab2082f4c3fd5546056dfdd4d0d29b54e1
 SHA512:
-  metadata.gz: cfc9d3c104de49717ee87ea1cfa49e3b85ee9a452817fb7eb9b3526c4529831280be737ab23397b58de7c43d422a4bb0cd337b065a342402266a928864b24065
-  data.tar.gz: ff800424fa6697a691f884c078892a742ac20fff360859facd027557d8c1917562425bba657161fb7131606675d6a88d8b44dde6ea8954c67850228472eea6f7
+  metadata.gz: cb38a8a59631b6590de981e724c3dce086f15f70e6d579b4948a5b8051af01b85321c58d8a92a9e7742da39f75f32c3c3e424d6e55c9ffd2b470411864fa7b8b
+  data.tar.gz: 8d2e7119be3efe18a9ff5ef840d75e332220f33ec876f1ef46b87a7ccebca508b39e35443d873f4283ee62d0725840d391ef1ee3011dba22ec4152fdb9b113f5

data/CHANGELOG.md

@@ -1,4 +1,7 @@
 # main
+# 0.0.4
+
+- Expose Credential domain in Passport
 
 # 0.0.3
 

data/app/assets/images/booth/fido/passkey_mark_b_reverse.svg

@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   width="512"
+   height="512"
+   viewBox="0 0 135.46666 135.46667"
+   version="1.1"
+   id="svg1"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:svg="http://www.w3.org/2000/svg">
+  <defs
+     id="defs1" />
+  <g
+     id="layer1">
+    <g
+       transform="matrix(0.87804943,0,0,0.87804943,-217.61517,-58.068321)"
+       id="g6">
+      <g
+         transform="translate(221.49,33.864)"
+         fill="#ffbf3b"
+         id="g2">
+        <path
+           class="st1"
+           d="M 129.2,33.23 H 77.78 c -27.26,0 -49.36,22.43 -49.36,50.09 v 52.18 c 0,27.66 22.1,50.09 49.36,50.09 h 51.42 c 27.26,0 49.36,-22.43 49.36,-50.09 V 83.32 c 0,-27.67 -22.1,-50.09 -49.36,-50.09 z"
+           fill="#ffbf3b"
+           id="path2" />
+      </g>
+      <path
+         class="st2"
+         d="m 377.05,136.85 c 0,9.8 -6.03,18.13 -14.42,21.17 l 5.08,8.41 -7.51,9.24 7.51,9.03 -12.12,16.26 -8.54,-9.11 V 157.4 c -7.59,-3.45 -12.91,-11.35 -12.91,-20.55 0,-12.37 9.61,-22.4 21.45,-22.4 11.85,0.01 21.46,10.03 21.46,22.4 z m -21.46,3.44 c 2.86,0 5.18,-2.42 5.18,-5.41 0,-2.99 -2.32,-5.41 -5.18,-5.41 -2.86,0 -5.18,2.42 -5.18,5.41 0,2.99 2.32,5.41 5.18,5.41 z"
+         clip-rule="evenodd"
+         fill="#353535"
+         fill-rule="evenodd"
+         id="path3" />
+      <path
+         class="st3"
+         d="m 377.11,136.92 c 0,9.68 -5.87,17.93 -14.09,21.09 l 4.68,8.42 -6.92,9.24 6.92,9.03 -12.11,16.39 v -60.81 c 2.86,0 5.18,-2.42 5.18,-5.41 0,-2.99 -2.32,-5.41 -5.18,-5.41 v -15 c 11.89,0 21.52,10.05 21.52,22.46 z"
+         clip-rule="evenodd"
+         fill-rule="evenodd"
+         id="path4" />
+      <path
+         class="st3"
+         d="m 340.02,161.48 c -6.93,-5.69 -11.58,-14.43 -12.22,-24.36 h -37.14 c -7.79,0 -14.1,6.41 -14.1,14.31 v 17.89 c 0,3.95 3.16,7.16 7.05,7.16 h 49.36 c 3.89,0 7.05,-3.2 7.05,-7.16 z"
+         clip-rule="evenodd"
+         fill-rule="evenodd"
+         id="path5" />
+      <path
+         class="st4"
+         d="m 306.56,132.83 c -1.72,-0.33 -3.43,-0.64 -5.05,-1.32 -6.15,-2.58 -9.73,-7.34 -10.89,-14.06 -0.8,-4.6 -0.42,-9.15 1.44,-13.45 2.64,-6.11 7.39,-9.43 13.61,-10.55 3.72,-0.67 7.43,-0.52 11.02,0.82 5.4,2.01 9.01,5.87 10.69,11.55 1.69,5.72 1.44,11.45 -1.11,16.86 -2.64,5.66 -7.26,8.69 -13.1,9.88 -0.49,0.1 -0.97,0.2 -1.46,0.29 -1.71,-0.02 -3.43,-0.02 -5.15,-0.02 z"
+         fill="#141313"
+         id="path6" />
+    </g>
+  </g>
+</svg>

data/config/locales/de.yml

@@ -17,7 +17,7 @@ de:
     blank_nickname: Please provide a name for your device.
     blank_remote_code: You did not enter a code.
     blank_secret_key: The provided secret key is empty. Is the URL correct?
-    blank_username: Trage bitte deinen Benutzernamen ein.
+    blank_username: Tragen Sie bitte Ihren Benutzernamen ein.
     domain_mismatch: Dieser Benutzername kann sich nicht hier einloggen.
     email_too_long: The provided email is too long. It must be less at most %{maximum} characters long.
     email_too_short: The provided email is too short. It should be at least %{minimum} characters long.
@@ -29,7 +29,7 @@ de:
     invalid_secret_key_format: The provided secret key contains invalid characters. It should be from the Base58 alphabet.
     invalid_username_format: Der eingegebene Benutzername enthält ungültige Zeichen. Nur Buchstaben und Zahlen sind erlaubt.
     last_attempt: This is your last attempt and you will have to contact customer service if you fail.
-    login_timeout: Du hattest %{lifespan_minutes} Minuten um den Login abzuschließen, es hat aber länger gedauert. Bitte beginne erneut.
+    login_timeout: Sie hatten %{lifespan_minutes} Minuten um den Login abzuschließen, es hat aber länger gedauert. Bitte beginnen Sie erneut.
     missing_secret_key: Missing the secret key parameter. Is the URL correct?
     mode_username_and_webauth_description: Auch bekannt als WebAuthentication (WebAuthn), FIDO2, CTAP2, Apple Passkey (Touch ID, Face ID).
     mode_username_and_webauth_title: Hardwareschlüssel (empfohlen)
@@ -40,14 +40,14 @@ de:
     remote_timed_out: You had %{lifespan_minutes} minutes to enter the response code, but it took too long. Please start again.
     session_revoked: Das Gerät mit der IP %{ip} wurde erfolgreich ausgeloggt.
     some_authenticator_removed: Hardware key successfully deleted.
-    successfully_logged_out: Du hast dich erfolgreich ausgeloggt.
-    try_again_cooldown: Du kannst es in %{distance_of_time_until_cooldown} erneut probieren.
+    successfully_logged_out: Sie haben sich erfolgreich ausgeloggt.
+    try_again_cooldown: Sie können es es in %{distance_of_time_until_cooldown} erneut probieren.
     uninitialized_credential: This account has not been initialized yet. Please contact support.
     unknown_email: We don't know that email.
     unknown_secret_key: The provided secret key is unknown.
     unknown_username: Dieser Benutzername existiert nicht.
     unknown_webauth_device: Sorry, We don't recognize that device. Have you registered it before?
-    username_already_exists: This username already exists. Try to login instead?
+    username_already_exists: Dieser Benutzername ist leider nicht verfügbar.
     username_must_start_with_letter: Der Benutzername muss mit einem Buchstaben beginnen.
     username_too_long: The provided username is too long. It must be less at most %{maximum} characters long.
     username_too_short: The provided username is too short. It should be at least %{minimum} characters long.

data/lib/booth/core/sessions/to_passport.rb

@@ -12,7 +12,8 @@ module Booth
         param :session
 
         def call
-          ::Booth::ToStruct.call(attributes)
+          # ::Booth::ToStruct.call(attributes)
+          ::Booth::Passport.new(**attributes)
         end
 
         private
@@ -24,7 +25,16 @@ module Booth
             username: credential.username,
             session_id: session.id,
             credential_id: credential.id,
+            domain: credential.domain,
+            scope: credential.scope.to_sym,
             incognito_credential_id: session.incognito_credential_id,
+
+            # A container wher the Rails developer may store information.
+            # Injectable using `passport.with(context: ...)`
+            context: nil,
+
+            # These are to be processed by the Warden AfterFetch hook.
+            # Normally the Rails developer doesn't need them.
             blocked: credential.blocked?,
             revoked: session.revoked_at.present?,
           }

data/lib/booth/core/webauth/authentication_verification.rb

@@ -17,12 +17,13 @@ module Booth
           end
 
           log do
-            "Verifying using challenge #{challenge.inspect} and public key #{authenticator.public_key.inspect} and sign count #{authenticator.sign_count.inspect}"
+            "Verifying using challenge #{challenge.inspect} and public key #{authenticator.public_key.inspect} and expecting sign count #{authenticator.sign_count.inspect}"
           end
+
           webauth.verify(
-            challenge,
-            public_key: authenticator.public_key,
-            sign_count: authenticator.sign_count,
+             challenge,
+             public_key: authenticator.public_key,
+             sign_count: authenticator.sign_count,
           )
           log { 'Response successfully verified' }
 
@@ -38,7 +39,6 @@ module Booth
           # TODO: Audit
           Tron.failure :webauth_failed, public_json: { public_message: 'Passkey Sign count mismatch.' },
                                         public_message: "Verification failed: #{e.message}",
-                                        # expected_sign_count: authenticator.sign_count,
                                         http_status: :unprocessable_entity
         rescue WebAuthn::Error => e
           log { "Response verification failed: #{e.message}" }

data/lib/booth/models/authenticator.rb

@@ -26,6 +26,17 @@ module Booth
         confirmed_at.present?
       end
 
+      def provider_attributes
+        return {} unless aaguid
+
+        provider = ::Booth::Core::Webauth::Provider.find(aaguid)
+        return {} unless provider
+
+        { provider_name: provider.name,
+          provider_icon_dark: provider.icon_dark,
+          provider_icon_light: provider.icon_light }
+      end
+
       def step
         ::Booth::Core::Authenticators::Step.call(self)
       end

data/lib/booth/passport.rb

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module Booth
+  Passport = Data.define(
+    :username,
+    :session_id,
+    :credential_id,
+    :domain,
+    :scope,
+    :incognito_credential_id,
+    :context,
+    :blocked,
+    :revoked,
+  )
+end

data/lib/booth/requests/authentication.rb

@@ -25,7 +25,7 @@ module Booth
       end
 
       def logged_in?
-        log { "Checking whether logged in in scope #{scope}" }
+        log { "Checking whether logged in in scope #{scope} - #{warden.authenticated?(scope)}" }
         warden.authenticated?(scope)
       end
 

data/lib/booth/requests/storages/login.rb

@@ -63,7 +63,10 @@ module Booth
 
           # I think this could happen if the end-user has multiple browser windows open
           # and registers for different companies, finding race conditions.
-          raise "Scope mismatch #{new_credential.scope} != #{scope}" if new_credential.scope.to_sym != scope.to_sym
+          #
+          # Problem: When you register a taken username and it is persisted in the cookie,
+          #          you should not raise if the username was merely taken in another scope.
+          # raise "Scope mismatch #{new_credential.scope} != #{scope}" if new_credential.scope.to_sym != scope.to_sym
 
           session[:credential_for_username] = new_credential.id
           @credential_for_username = nil

data/lib/booth/requests/sudo.rb

@@ -22,7 +22,7 @@ module Booth
 
         log { 'You need Webauth sudo' }
         public_message = I18n.t('booth.webauth_sudo_timeout', lifespan_minutes: (lifespan / 60))
-        yield Tron.success(:webauth_sudo_needed, step: :sudo, public_message:)
+        yield Tron.success(:webauth_sudo_needed, step: :sudo, authenticators?: authenticators?, public_message:)
       end
 
       # Getters
@@ -47,7 +47,9 @@ module Booth
 
       def webauthn_challenge=(new_challenge)
         if new_challenge
-          log { "Persisting webauth challenge #{new_challenge.inspect} in sudo session for scope #{scope.inspect}" }
+          log do
+            "Persisting webauth challenge #{new_challenge.inspect} in sudo session for scope #{scope.inspect}"
+          end
         else
           log { "Removing webauth challenge from sudo session for scope #{scope.inspect}" }
         end
@@ -61,6 +63,14 @@ module Booth
       def session
         request.session(namespace: :sudo)
       end
+
+      def authenticators?
+        credential.registered_authenticators?
+      end
+
+      def credential
+        @credential ||= ::Booth::Models::Credential.find(request.authentication.credential_id)
+      end
     end
   end
 end

data/lib/booth/test.rb

@@ -1,9 +1,8 @@
 # frozen_string_literal: true
 
 # Just in case a developer using Booth makes a mistake.
-raise 'Requiring `booth/test` is only intended for testing your code' unless Rails.env.test?
-
-# raise "Only require 'booth/test' when running incorporation test" if ENV['BOOTH_SKIP_INCORPORATION']
+# Note: We check ENV directly since Rails hasn't been loaded yet at this point.
+raise 'Requiring `booth/test` is only intended for testing your code' unless ENV['RAILS_ENV'] == 'test'
 
 def try_to_load_gem(gem_name, require_name = nil)
   require_name = gem_name if require_name.nil?
@@ -13,26 +12,22 @@ rescue LoadError => e
 end
 
 # Gems
+try_to_load_gem 'calls'
 try_to_load_gem 'capybara', 'capybara/dsl'
-try_to_load_gem 'capybara-lockstep'
-try_to_load_gem 'rack_session_access', 'rack_session_access/capybara'
-try_to_load_gem 'selenium-devtools', 'selenium/devtools'
-try_to_load_gem 'selenium-webdriver'
+try_to_load_gem 'capybara-playwright-driver'
 try_to_load_gem 'minitest'
 
 require 'active_support/testing/time_helpers'
 
-# Support
-# require_relative 'test/support/virtual_authenticators/manager'
-# require_relative 'test/support/virtual_authenticators/create'
-
-# # Internal Helpers
+# Internal Booth dependencies
+require_relative '../booth'
+require_relative 'logging'
+require_relative 'testing/support/virtual_authenticator'
+require_relative 'testing/support/virtual_authenticators'
+require_relative 'testing/support/capybara_step_logger'
 require_relative 'testing/shortcuts'
-# # require_relative 'test/support/force_login'
 require_relative 'testing/incorporation_test_case'
 
-# Tests
-
 # Public API
 require_relative 'testing/userland'
 
@@ -54,5 +49,3 @@ Capybara.configure do |config|
   config.test_id = 'data-booth' # How Booth interacts with your HTML elements.
   config.default_max_wait_time = 20 if ENV['CHROME'] # For manual debugging
 end
-
-Rails.application.config.middleware.use RackSessionAccess::Middleware

data/lib/booth/testing/incorporation_test_case.rb

@@ -7,7 +7,9 @@ module Booth
       include ::Capybara::DSL
       include ::Minitest::Assertions
       include ::ActiveSupport::Testing::TimeHelpers
+      include ::Booth::Testing::Support::CapybaraStepLogger
       include ::Booth::Testing::Shortcuts
+      include ::Booth::Logging
 
       option :host, default: -> { 'localhost' }
       option :scope
@@ -18,7 +20,7 @@ module Booth
       private
 
       def virtual_authenticators
-        @virtual_authenticators ||= ::Booth::Testing::Support::VirtualAuthenticators::Manager.new
+        ::Booth::Testing::Support::VirtualAuthenticators
       end
 
       # So that `Minitest::Assertions` can be included

data/lib/booth/testing/shortcuts.rb

@@ -45,33 +45,24 @@ module Booth
         ::Booth::Testing::Support::AssertPartial.call(namespace: :userland, controller:, step:)
       end
 
-      def soft_reset_session
-        ::Booth::Testing::Support::SoftResetSession.call
+      def clear_cookies
+        ::Booth::Testing::Support::ClearCookies.call
+      end
+
+      def decrypt_session_cookie(cookie_value)
+        ::Booth::Testing::Support::DecryptSessionCookie.call(cookie_value:)
       end
 
       def virtual_authenticators
-        @virtual_authenticators ||= ::Booth::Testing::Support::VirtualAuthenticators::Manager.new
+        ::Booth::Testing::Support::VirtualAuthenticators
       end
+
       # def debug
       #   puts
       #   puts
       #   puts Nokogiri::XML(page.html, &:noblanks)
       #   puts
       # end
-
-      # def respond_to_remote
-      #   visit userland_remote_login_path
-
-      #   credential = ::Booth::Models::Session.sorted_scope.first.credential
-      #   code = ::Booth::Core::Remotes::Get.call(credential_id: credential.id).formatted_code
-
-      #   fill_in 'Code', with: code
-      #   click_on 'Continue'
-
-      #   assert_content 'logged in on the other device'
-      #   assert_content 'solved your challenge'
-      # end
-
     end
   end
 end

data/lib/booth/testing/support/assert_logged_in.rb

@@ -14,40 +14,38 @@ module Booth
         option :username, optional: true
 
         def call
-          # tries ||= 0
-          ::Capybara::Lockstep.synchronize
-
           browser_session_id = nil
-          active_sessions.each do |session|
-            browser_session_id = ::Booth::Testing::Support::GetSessionValue.call(key:)
-            return true if browser_session_id == session.id.to_s
-          end
 
-          attributes = {
-            expected_username: credential.username,
-            expected_credential_id: credential.id,
-            expected_session_ids: active_sessions.map(&:id),
-            actual_session_id: browser_session_id,
-          }
-          raise AssertionFailedError, "Expected to be logged in. #{attributes}"
-          # "Expected Credential `#{credential.id}` to be logged in with a session of: #{active_sessions.map(&:id)}"
-
-          # With the Webauth pingpong it sometimes takes a little longer.
-          # And Capybara Lockstep doesn't seem to be able to detect that.
-          # rescue AssertionFailedError
-          #   if (tries += 1) < 3
-          #     log { 'Trying again...' }
-          #     sleep 1
-          #     retry
-          #   end
+          begin
+            ::Timeout.timeout(Capybara.default_max_wait_time) do
+              loop do
+                log { "Polling to see if #{credential.username} logged in in scope #{scope}..." }
+                browser_session_id = ::Booth::Testing::Support::CookieDataFromBrowser.call[key]
+                active_sessions.each do |session|
+                  return true if session.id.to_s == browser_session_id
+                end
+                sleep 0.1
+              end
+            end
+          rescue ::Timeout::Error
+            # Timed out
+          end
 
-          #   raise
+          raise AssertionFailedError, "Expected to be logged in as #{credential.username} " \
+                                      "(Credential #{credential.id}) " \
+                                      "with some Session ID #{active_sessions.map(&:id)} " \
+                                      "but the Browser Cookie has #{browser_session_id} "
         end
 
         private
 
+        # Playwright session handling causes ActiveRecord to aggressively cache queries.
+        # Randomizing the query seems to be the only reliable way to avoid this.
         def active_sessions
-          credential.sessions.active_scope.sorted_scope
+          ::Booth::Models::Session.active_scope
+                                  .sorted_scope
+                                  .where(credential_id: credential.id)
+                                  .where.not(id: SecureRandom.uuid)
         end
 
         def credential
@@ -56,7 +54,8 @@ module Booth
             raise 'Must provide either `credential:` or `username:`'
           end
 
-          manual_credential || ::Booth::Models::Credential.find_by(username:)
+          manual_credential ||
+            ::Booth::Models::Credential.where.not(id: SecureRandom.uuid).find_by(username:)
         end
 
         def key

data/lib/booth/testing/support/assert_logged_out.rb

@@ -11,21 +11,25 @@ module Booth
         option :scope
 
         def call
-          ::Capybara::Lockstep.synchronize
+          browser_session_id = nil
 
-          return unless logged_in?
+          begin
+            ::Timeout.timeout(Capybara.default_max_wait_time) do
+              loop do
+                log { 'Polling to see if logged out...' }
+                browser_session_id = ::Booth::Testing::Support::CookieDataFromBrowser.call["warden.user.#{scope}.key"]
 
-          raise 'Expected nobody to logged in, but somebody is logged in.'
-        end
-
-        private
+                # If no session cookie or it's empty, user is logged out
+                return true unless browser_session_id
 
-        def logged_in?
-          ::Booth::Testing::Support::GetSessionValue.call(key:)
-        end
+                sleep 0.1
+              end
+            end
+          rescue ::Timeout::Error
+            # Timed out
+          end
 
-        def key
-          "warden.user.#{scope}.key"
+          raise 'Expected nobody to be logged out, but a session cookie exists.'
         end
       end
     end

data/lib/booth/testing/support/assert_partial.rb

@@ -15,41 +15,32 @@ module Booth
         option :step
 
         def call
-          ::Capybara::Lockstep.synchronize
           log { "Looking for view `#{partial}`" }
-
-          assert_selector 'template', visible: false
-
-          content = page.html.match(%r{<template>([^<]+)</template>})[1].strip
-
-          raise "Expected view '#{partial}' but got '#{content}'" unless content == partial
-
-          log { "The expected view `#{partial}` was rendered." }
-          self.class.asserted_partials << partial
-          nil
-        end
-
-        def expected_tag
-          "<template>#{partial}</template>"
-        end
-
-        def actual_tag
-          page.html.scan(%r{<template>[^/]+/[^/]+/[^/]+</template>}).uniq.first.presence ||
-            page.text
+          content = nil
+          begin
+            ::Timeout.timeout(Capybara.default_max_wait_time) do
+              loop do
+                content = page.html.match(%r{<template>([^<]+)</template>})[1].strip
+                unless content == partial
+                  sleep 0.1
+                  next
+                end
+
+                log { "The expected view `#{partial}` was rendered." }
+                self.class.asserted_partials << partial
+                return
+              end
+            end
+          rescue ::Timeout::Error
+            raise "Expected view '#{partial}' but timed out with '#{page.html}'"
+          end
+
+          raise "Expected view '#{partial}' but got '#{content}'"
         end
 
         def partial
           "#{namespace}/#{controller}/#{step}"
         end
-
-        def test_file_and_line_number
-          # Called from e.g. `::Booth::Testing::Userland::LoginRemotely`.
-          candidate = caller[3].split(':in ').first
-          return candidate unless candidate.include?('calls')
-
-          # Called from e.g. `::Booth::Testing::Support::RegisterNewPasskey`.
-          caller[2].split(':in ').first
-        end
       end
     end
   end

data/lib/booth/testing/support/capybara_step_logger.rb

@@ -0,0 +1,22 @@
+# frozen_string_literal: true
+
+module Booth
+  module Testing
+    module Support
+      module CapybaraStepLogger
+        extend ActiveSupport::Concern
+
+        included do
+          %i[visit click_on fill_in check uncheck choose select attach_file submit].each do |meth|
+            define_method(meth) do |*args, **kwargs, &block|
+              log { Paint['-' * 20, :green] }
+              log { Paint["#{meth} #{args} #{kwargs}", :green] }
+              log { Paint['-' * 20, :green] }
+              super(*args, **kwargs, &block)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/booth/testing/support/{soft_reset_session.rb → clear_cookies.rb}

@@ -5,18 +5,17 @@ module Booth
     module Support
       # Essentially resets the session cookie, but without removing
       # Chrome's Virtual Authenticator Enviroment. Like a force logout.
-      class SoftResetSession
+      class ClearCookies
         include ::Calls
         include ::Capybara::DSL
         include ::Booth::Logging
 
         def call
-          ::Capybara::Lockstep.synchronize
+          log { 'Soft-resetting session via Playwright cookie API...' }
 
-          keys = page.get_rack_session.keys
-          keys_with_nil_values = keys.index_with { nil }
-
-          page.set_rack_session(**keys_with_nil_values)
+          page.driver.with_playwright_page do |playwright_page|
+            playwright_page.context.clear_cookies
+          end
         end
       end
     end

data/lib/booth/testing/support/cookie_data_from_browser.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+module Booth
+  module Testing
+    module Support
+      class CookieDataFromBrowser
+        include ::Calls
+        include ::Booth::Logging
+
+        def call
+          cipher = ActiveSupport::MessageEncryptor.default_cipher
+          key_length = ActiveSupport::MessageEncryptor.key_len(cipher)
+          key_generator = Rails.application.key_generator
+          salt = Rails.configuration.action_dispatch.authenticated_encrypted_cookie_salt
+          secret = key_generator.generate_key(salt, key_length)
+          encryptor = ActiveSupport::MessageEncryptor.new(secret, cipher:, serializer: ActiveSupport::MessageEncryptor::NullSerializer)
+          cookie = CGI.unescape(encrypted_cookie_data.strip)
+          session_name = Rails.application.config.session_options[:key]
+
+          JSON.parse encryptor.decrypt_and_verify(cookie, purpose: "cookie.#{session_name}")
+        end
+
+        private
+
+        def encrypted_cookie_data
+          session_name = Rails.application.config.session_options[:key]
+
+          Capybara.current_session.driver.with_playwright_page do |playwright_page|
+            cookies = playwright_page.context.cookies
+            cookie = cookies.find { it['name'] == session_name }
+
+            return cookie['value']
+          end
+        end
+      end
+    end
+  end
+end

data/lib/booth/testing/support/shortcuts/create_and_onboard.rb

@@ -8,6 +8,8 @@ module Booth
         class CreateAndOnboard
           include ::Calls
           include ::Capybara::DSL
+          include ::Booth::Testing::Support::CapybaraStepLogger
+          include ::Booth::Logging
 
           option :routing_namespace
           option :scope
@@ -15,6 +17,8 @@ module Booth
           option :after_credential
 
           def call
+            log { 'Starting Subroutine...' }
+
             Visit.call(routing_namespace:,
                        controller: :onboardings,
                        action: :show,