feat: exposing sessions to the api #4352
Conversation
nicolasburtey
force-pushed
the
feat--exposing-sessions-to-the-api
branch
4 times, most recently
from
b342e0a
to
149910b
Compare
nicolasburtey
force-pushed
the
feat--exposing-sessions-to-the-api
branch
from
496b05c
to
263498b
Compare
nicolasburtey
force-pushed
the
feat--exposing-sessions-to-the-api
branch
2 times, most recently
from
a8c89fb
to
f3c5158
Compare
nicolasburtey
force-pushed
the
feat--exposing-sessions-to-the-api
branch
from
f3c5158
to
8454854
Compare
nicolasburtey
force-pushed
the
feat--exposing-sessions-to-the-api
branch
from
f8c0ae5
to
b7c50aa
Compare
| cy.contains("label", "read").should("exist") | ||
| cy.contains("label", "read").should("be.visible") | ||
| cy.contains("label", "read").should("not.be.disabled") | ||
| cy.contains("label", "read").should("not.be.disabled") | ||
| cy.contains("label", "read").click() | ||
|
|
||
| cy.contains("label", "write").should("exist") | ||
| cy.contains("label", "write").should("be.visible") | ||
| cy.contains("label", "write").should("not.be.disabled") | ||
| cy.contains("label", "write").click() | ||
|
|
||
| cy.get("[data-testid=submit_consent_btn]").should("exist") | ||
| cy.get("[data-testid=submit_consent_btn]").should("be.visible") | ||
| cy.get("[data-testid=submit_consent_btn]").should("not.be.disabled") | ||
| cy.get("[data-testid=submit_consent_btn]").click() | ||
|
|
There was a problem hiding this comment.
why this was removed? not related to the PR
There was a problem hiding this comment.
It is, we're skipping consent in the tests
| cy.contains("label", "read").should("exist") | ||
| cy.contains("label", "read").should("be.visible") | ||
| cy.contains("label", "read").should("not.be.disabled") | ||
| cy.contains("label", "read").should("not.be.disabled") | ||
| cy.contains("label", "read").click() | ||
|
|
||
| cy.contains("label", "write").should("exist") | ||
| cy.contains("label", "write").should("be.visible") | ||
| cy.contains("label", "write").should("not.be.disabled") | ||
| cy.contains("label", "write").click() | ||
|
|
||
| cy.get("[data-testid=submit_consent_btn]").should("exist") | ||
| cy.get("[data-testid=submit_consent_btn]").should("be.visible") | ||
| cy.get("[data-testid=submit_consent_btn]").should("not.be.disabled") | ||
| cy.get("[data-testid=submit_consent_btn]").click() | ||
|
|
There was a problem hiding this comment.
It is, we're skipping consent in the tests
core/api/package.json
Outdated
| @@ -161,6 +161,7 @@ | |||
| "@typescript-eslint/parser": "^7.7.0", | |||
| "@xascode/tscpaths": "0.1.4", | |||
| "axios-mock-adapter": "^1.22.0", | |||
| "child_process": "^1.0.2", | |||
There was a problem hiding this comment.
last update 8 years ago https://www.npmjs.com/package/child_process
There was a problem hiding this comment.
doesn't matter? it's on dev only
| @@ -182,6 +183,7 @@ | |||
| "pino-pretty": "^10.3.1", | |||
| "prettier": "^3.2.5", | |||
| "protoc-gen-js": "^3.21.2", | |||
| "puppeteer": "^22.7.1", | |||
There was a problem hiding this comment.
not sure about this.. integrations tests are already flacky and now introducing a package like this that runs a headless chromium can be problematic.. is not another way to test it?
There was a problem hiding this comment.
I understand your point.
I tried with axios and basically spent a day on this, and I could not make it work, so I gave up.
the issue with a OAuth2 flow is that there is a lot of context carried around different screen, whether it's via parameters over the URL or via Cookie. it's quite hard to replicate this, specially for someone not having the full context of OAuth2 in its head.
using puppeteer make it a lot more straightforward.
I suggest we could try it and revert/change if this introduce flackiness to the test suite?
| })) | ||
| } catch (err) { | ||
| // TODO | ||
| console.error(err) |
| expiresAt: new Date(session?.expires_at as string), | ||
| issuedAt: new Date(session?.issued_at as string), |
There was a problem hiding this comment.
I checked the Session interface and expires_at and issued_are are already strings... cast is not necessary also can hide a crash because of conversion (Date)
There was a problem hiding this comment.
it can be undefined otherwise
before I had this but it's more ugly
if (!session.expires_at) throw new MissingExpiredAtKratosError()
I think it's really an issue with the type in the underlying library. so doing a cast as string seems the best option imo
| // Navigate the page to a URL | ||
| await page.goto("http://localhost:3001/api/auth/signin") | ||
|
|
||
| screenshots && (await page.screenshot({ path: "screenshot0.png" })) |
There was a problem hiding this comment.
is this only help for debug? what is the purpose of take screenshots?
There was a problem hiding this comment.
yup indeed to help debugging going over the different screens
| await performOAuthLogin() | ||
|
|
||
| const res = await consentList(userId) | ||
| expect(res).toEqual([ |
There was a problem hiding this comment.
if we are only testing this then this test is not needed 🤔 or it is better to use a mock (which probably does not make sense for what service is doing)
There was a problem hiding this comment.
To test/develop the API, I had to get a client authenticated through an OAuth2 flow to be able to see the result.
Open to other suggestion, but that feels like a mock would not achieve the tests here, because it's really testing the integration with hydra.
| return listSessionsService(userId) | ||
| } | ||
|
|
||
| export const listDeleguations = async ({ userId }: { userId: UserId }) => { |
This PR is exposing the kratos/hydra sessions related to a user.
The idea is show those sessions then into the dashboard.
A follow up PR will enable the mutation to disabled other sessions.
This PR also aim at understanding how to enable long term read only sessions, something Andrew has been asking for