@camunda/e2e-test-suite 0.0.578 → 0.0.579
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -8,9 +8,18 @@ const apiHelpers_1 = require("../../utils/apiHelpers");
|
|
|
8
8
|
const users_1 = require("../../utils/users");
|
|
9
9
|
const urlHelpers_1 = require("../../utils/urlHelpers");
|
|
10
10
|
const testUser = (0, users_1.getTestUser)('twentySecondUser');
|
|
11
|
-
// This
|
|
11
|
+
// This suite covers the manual scenario: create a new API client via UI,
|
|
12
|
+
// copy the API URL from the credentials, and verify that the cluster's V2
|
|
13
|
+
// API endpoints require authentication.
|
|
14
|
+
//
|
|
15
|
+
// V2 endpoints (/v2/process-definitions/search, /v2/user-tasks/search, ...)
|
|
16
|
+
// are served by the Zeebe REST API exposed at ZEEBE_REST_ADDRESS in the
|
|
17
|
+
// client credentials — NOT by the Operate URL (the Operate URL is the SPA
|
|
18
|
+
// frontend and returns 200 + HTML for unknown paths, so a previous version
|
|
19
|
+
// of this spec that POSTed V2 paths to it always saw 200/HTML and never
|
|
20
|
+
// the auth response under test).
|
|
12
21
|
_8_10_1.test.describe.configure({ mode: 'parallel' });
|
|
13
|
-
_8_10_1.test.describe('
|
|
22
|
+
_8_10_1.test.describe('Cluster V2 API requires authentication @tasklistV2', () => {
|
|
14
23
|
let clientName;
|
|
15
24
|
const clusterName = 'Test Cluster';
|
|
16
25
|
_8_10_1.test.beforeEach(async ({ page, loginPage }, testInfo) => {
|
|
@@ -26,122 +35,100 @@ _8_10_1.test.describe('Operate access requires authentication @tasklistV2', () =
|
|
|
26
35
|
await clusterDetailsPage.deleteAPIClientsIfExist(clientName);
|
|
27
36
|
}
|
|
28
37
|
});
|
|
29
|
-
(0, _8_10_1.test)('check that request POST /v2/process-definitions/search returns 401 without credentials', async ({ homePage, clusterPage, clusterDetailsPage,
|
|
30
|
-
clientName = `
|
|
31
|
-
|
|
38
|
+
(0, _8_10_1.test)('check that request POST /v2/process-definitions/search returns 401 without credentials', async ({ homePage, clusterPage, clusterDetailsPage, request, }) => {
|
|
39
|
+
clientName = `cluster-deny-${await (0, _setup_1.generateRandomStringAsync)(5)}`;
|
|
40
|
+
let zeebeRestUrl = '';
|
|
41
|
+
await _8_10_1.test.step('Add API Client and capture Zeebe REST URL', async () => {
|
|
32
42
|
await homePage.clickClusters();
|
|
33
43
|
await clusterPage.clickClusterLink(clusterName);
|
|
34
44
|
await clusterDetailsPage.clickAPITab();
|
|
35
|
-
await clusterDetailsPage.
|
|
45
|
+
const variables = await clusterDetailsPage.createAPIClientAndReturnVariables(clientName, true);
|
|
46
|
+
zeebeRestUrl = variables.zeebeUrl;
|
|
47
|
+
(0, test_1.expect)(zeebeRestUrl).toMatch(/^https?:\/\//);
|
|
36
48
|
await clusterDetailsPage.clickCloseModalButton();
|
|
37
49
|
await (0, test_1.expect)(clusterDetailsPage.clientsList.filter({ hasText: clientName })).toBeVisible({ timeout: 6000 });
|
|
38
50
|
});
|
|
39
|
-
let operateUrl = '';
|
|
40
|
-
await _8_10_1.test.step('Capture Operate URL from client credentials page and close it', async () => {
|
|
41
|
-
await clusterDetailsPage.searchAndClickClientCredentialsLink(clientName);
|
|
42
|
-
operateUrl = await clientCredentialsDetailsPage.getOperateUrl();
|
|
43
|
-
(0, test_1.expect)(operateUrl).toMatch(/^https?:\/\//);
|
|
44
|
-
await clientCredentialsDetailsPage.goBack();
|
|
45
|
-
await clusterDetailsPage.clickAPITab();
|
|
46
|
-
});
|
|
47
51
|
await _8_10_1.test.step('POST search endpoint without auth should be rejected', async () => {
|
|
48
|
-
const
|
|
49
|
-
const response = await request.post(`${
|
|
50
|
-
data: { filter: {},
|
|
52
|
+
const sanitizedUrl = (0, urlHelpers_1.sanitizeUrl)(zeebeRestUrl);
|
|
53
|
+
const response = await request.post(`${sanitizedUrl}/v2/process-definitions/search`, {
|
|
54
|
+
data: { filter: {}, page: { limit: 10 } },
|
|
51
55
|
});
|
|
52
56
|
(0, test_1.expect)(response.status()).toBe(401);
|
|
53
|
-
const body = await response.text();
|
|
54
|
-
(0, test_1.expect)(body).toBe('');
|
|
55
57
|
});
|
|
56
58
|
});
|
|
57
|
-
(0, _8_10_1.test)('check that request POST /v2/process-definitions/search returns 200 with valid credentials', async ({ homePage, clusterPage, clusterDetailsPage,
|
|
58
|
-
clientName = `
|
|
59
|
-
let
|
|
60
|
-
await _8_10_1.test.step('Add API Client
|
|
59
|
+
(0, _8_10_1.test)('check that request POST /v2/process-definitions/search returns 200 with valid credentials', async ({ homePage, clusterPage, clusterDetailsPage, request, }) => {
|
|
60
|
+
clientName = `cluster-allow-${await (0, _setup_1.generateRandomStringAsync)(5)}`;
|
|
61
|
+
let zeebeRestUrl = '';
|
|
62
|
+
await _8_10_1.test.step('Add API Client and capture Zeebe REST URL', async () => {
|
|
61
63
|
await homePage.clickClusters();
|
|
62
64
|
await clusterPage.clickClusterLink(clusterName);
|
|
63
65
|
await clusterDetailsPage.clickAPITab();
|
|
64
|
-
await clusterDetailsPage.
|
|
66
|
+
const variables = await clusterDetailsPage.createAPIClientAndReturnVariables(clientName, true);
|
|
67
|
+
zeebeRestUrl = variables.zeebeUrl;
|
|
68
|
+
(0, test_1.expect)(zeebeRestUrl).toMatch(/^https?:\/\//);
|
|
65
69
|
await clusterDetailsPage.clickCloseModalButton();
|
|
66
70
|
await (0, test_1.expect)(clusterDetailsPage.clientsList.filter({ hasText: clientName })).toBeVisible({ timeout: 6000 });
|
|
67
71
|
});
|
|
68
|
-
await _8_10_1.test.step('Capture Operate URL', async () => {
|
|
69
|
-
await clusterDetailsPage.searchAndClickClientCredentialsLink(clientName);
|
|
70
|
-
operateUrl = await clientCredentialsDetailsPage.getOperateUrl();
|
|
71
|
-
(0, test_1.expect)(operateUrl).toMatch(/^https?:\/\//);
|
|
72
|
-
await clientCredentialsDetailsPage.goBack();
|
|
73
|
-
await clusterDetailsPage.clickAPITab();
|
|
74
|
-
});
|
|
75
72
|
await _8_10_1.test.step('POST search endpoint with valid Zeebe bearer token returns 200 or is routed', async () => {
|
|
76
73
|
const validToken = await (0, apiHelpers_1.authSaasAPI)();
|
|
77
|
-
const
|
|
78
|
-
const response = await request.post(`${
|
|
74
|
+
const sanitizedUrl = (0, urlHelpers_1.sanitizeUrl)(zeebeRestUrl);
|
|
75
|
+
const response = await request.post(`${sanitizedUrl}/v2/process-definitions/search`, {
|
|
79
76
|
headers: {
|
|
80
77
|
Authorization: validToken,
|
|
81
78
|
'Content-Type': 'application/json',
|
|
82
79
|
},
|
|
83
|
-
data: { filter: {},
|
|
80
|
+
data: { filter: {}, page: { limit: 10 } },
|
|
84
81
|
});
|
|
85
|
-
(0, test_1.expect)([200, 405]).toContain(response.status());
|
|
82
|
+
(0, test_1.expect)([200, 400, 405]).toContain(response.status());
|
|
86
83
|
if (response.status() === 200) {
|
|
87
84
|
const body = await response.json();
|
|
88
85
|
(0, test_1.expect)(body).toHaveProperty('items');
|
|
89
86
|
}
|
|
90
87
|
});
|
|
91
88
|
});
|
|
92
|
-
(0, _8_10_1.test)('check that POST /v2/user-tasks/search returns 401 without credentials', async ({ homePage, clusterPage, clusterDetailsPage,
|
|
89
|
+
(0, _8_10_1.test)('check that POST /v2/user-tasks/search returns 401 without credentials', async ({ homePage, clusterPage, clusterDetailsPage, request, }) => {
|
|
93
90
|
clientName = `tasklist-deny-${await (0, _setup_1.generateRandomStringAsync)(5)}`;
|
|
94
|
-
let
|
|
95
|
-
await _8_10_1.test.step('Add API Client
|
|
91
|
+
let zeebeRestUrl = '';
|
|
92
|
+
await _8_10_1.test.step('Add API Client and capture Zeebe REST URL', async () => {
|
|
96
93
|
await homePage.clickClusters();
|
|
97
94
|
await clusterPage.clickClusterLink(clusterName);
|
|
98
95
|
await clusterDetailsPage.clickAPITab();
|
|
99
|
-
await clusterDetailsPage.
|
|
96
|
+
const variables = await clusterDetailsPage.createAPIClientAndReturnVariables(clientName, true);
|
|
97
|
+
zeebeRestUrl = variables.zeebeUrl;
|
|
98
|
+
(0, test_1.expect)(zeebeRestUrl).toMatch(/^https?:\/\//);
|
|
100
99
|
await clusterDetailsPage.clickCloseModalButton();
|
|
101
100
|
await (0, test_1.expect)(clusterDetailsPage.clientsList.filter({ hasText: clientName })).toBeVisible({ timeout: 6000 });
|
|
102
101
|
});
|
|
103
|
-
await _8_10_1.test.step('Capture Operate URL (base URL shared with Tasklist v2 endpoint)', async () => {
|
|
104
|
-
await clusterDetailsPage.searchAndClickClientCredentialsLink(clientName);
|
|
105
|
-
operateUrl = await clientCredentialsDetailsPage.getOperateUrl();
|
|
106
|
-
(0, test_1.expect)(operateUrl).toMatch(/^https?:\/\//);
|
|
107
|
-
await clientCredentialsDetailsPage.goBack();
|
|
108
|
-
await clusterDetailsPage.clickAPITab();
|
|
109
|
-
});
|
|
110
102
|
await _8_10_1.test.step('POST /v2/user-tasks/search without auth returns 401', async () => {
|
|
111
|
-
const
|
|
112
|
-
const response = await request.post(`${
|
|
113
|
-
data: { filter: {},
|
|
103
|
+
const sanitizedUrl = (0, urlHelpers_1.sanitizeUrl)(zeebeRestUrl);
|
|
104
|
+
const response = await request.post(`${sanitizedUrl}/v2/user-tasks/search`, {
|
|
105
|
+
data: { filter: {}, page: { limit: 10 } },
|
|
114
106
|
});
|
|
115
107
|
(0, test_1.expect)(response.status()).toBe(401);
|
|
116
108
|
});
|
|
117
109
|
});
|
|
118
|
-
(0, _8_10_1.test)('check that POST /v2/process-definitions/search with wrong-audience token returns 401', async ({ homePage, clusterPage, clusterDetailsPage,
|
|
119
|
-
clientName = `
|
|
120
|
-
let
|
|
121
|
-
await _8_10_1.test.step('Add API Client
|
|
110
|
+
(0, _8_10_1.test)('check that POST /v2/process-definitions/search with wrong-audience token returns 401', async ({ homePage, clusterPage, clusterDetailsPage, request, }) => {
|
|
111
|
+
clientName = `cluster-wrong-aud-${await (0, _setup_1.generateRandomStringAsync)(5)}`;
|
|
112
|
+
let zeebeRestUrl = '';
|
|
113
|
+
await _8_10_1.test.step('Add API Client and capture Zeebe REST URL', async () => {
|
|
122
114
|
await homePage.clickClusters();
|
|
123
115
|
await clusterPage.clickClusterLink(clusterName);
|
|
124
116
|
await clusterDetailsPage.clickAPITab();
|
|
125
|
-
await clusterDetailsPage.
|
|
117
|
+
const variables = await clusterDetailsPage.createAPIClientAndReturnVariables(clientName, true);
|
|
118
|
+
zeebeRestUrl = variables.zeebeUrl;
|
|
119
|
+
(0, test_1.expect)(zeebeRestUrl).toMatch(/^https?:\/\//);
|
|
126
120
|
await clusterDetailsPage.clickCloseModalButton();
|
|
127
121
|
await (0, test_1.expect)(clusterDetailsPage.clientsList.filter({ hasText: clientName })).toBeVisible({ timeout: 6000 });
|
|
128
122
|
});
|
|
129
|
-
await _8_10_1.test.step('
|
|
130
|
-
await clusterDetailsPage.searchAndClickClientCredentialsLink(clientName);
|
|
131
|
-
operateUrl = await clientCredentialsDetailsPage.getOperateUrl();
|
|
132
|
-
(0, test_1.expect)(operateUrl).toMatch(/^https?:\/\//);
|
|
133
|
-
await clientCredentialsDetailsPage.goBack();
|
|
134
|
-
await clusterDetailsPage.clickAPITab();
|
|
135
|
-
});
|
|
136
|
-
await _8_10_1.test.step('Token scoped for Optimize audience rejected by Operate endpoint', async () => {
|
|
123
|
+
await _8_10_1.test.step('Token scoped for Optimize audience rejected by Zeebe REST endpoint', async () => {
|
|
137
124
|
const optimizeToken = await (0, apiHelpers_1.authSaasAPI)(process.env.OPTIMIZE_API_TOKEN_AUDIENCE);
|
|
138
|
-
const
|
|
139
|
-
const response = await request.post(`${
|
|
125
|
+
const sanitizedUrl = (0, urlHelpers_1.sanitizeUrl)(zeebeRestUrl);
|
|
126
|
+
const response = await request.post(`${sanitizedUrl}/v2/process-definitions/search`, {
|
|
140
127
|
headers: {
|
|
141
128
|
Authorization: optimizeToken,
|
|
142
129
|
'Content-Type': 'application/json',
|
|
143
130
|
},
|
|
144
|
-
data: { filter: {},
|
|
131
|
+
data: { filter: {}, page: { limit: 10 } },
|
|
145
132
|
});
|
|
146
133
|
(0, test_1.expect)([401, 403]).toContain(response.status());
|
|
147
134
|
});
|