ping-javascript-sdk/e2e/oidc-suites/src/login.spec.ts at 60493b7367537ddeaf2962debe83296a1573e606 · ForgeRock/ping-javascript-sdk · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
/*
 *
 * Copyright © 2025 Ping Identity Corporation. All right reserved.
 *
 * This software may be modified and distributed under the terms
 * of the MIT license. See the LICENSE file for details.
 *
 */
import { test, expect } from '@forgerock/e2e-shared/coverage-fixture';
import {
  pingAmUsername,
  pingAmPassword,
  pingOneUsername,
  pingOnePassword,
} from './utils/demo-users.js';
import { asyncEvents } from './utils/async-events.js';

test.describe('PingAM login and get token tests', () => {
  test('background login with valid credentials', async ({ page }) => {
    const { clickWithRedirect, navigate } = asyncEvents(page);
    await navigate('/ping-am/');

    await clickWithRedirect('Login (Background)', '**/am/XUI/**');

    await page.getByLabel('User Name').fill(pingAmUsername);
    await page.getByRole('textbox', { name: 'Password' }).fill(pingAmPassword);
    await clickWithRedirect('Next', 'http://localhost:8443/ping-am/**');

    expect(page.url()).toContain('code');
    expect(page.url()).toContain('state');

    await expect(page.locator('#accessToken-0')).not.toBeEmpty();
  });

  test('redirect login with valid credentials', async ({ page }) => {
    const { clickWithRedirect, navigate } = asyncEvents(page);
    await navigate('/ping-am/');

    await clickWithRedirect('Login (Redirect)', '**/am/XUI/**');

    await page.getByLabel('User Name').fill(pingAmUsername);
    await page.getByRole('textbox', { name: 'Password' }).fill(pingAmPassword);
    await clickWithRedirect('Next', 'http://localhost:8443/ping-am/**');

    expect(page.url()).toContain('code');
    expect(page.url()).toContain('state');

    await expect(page.locator('#accessToken-0')).not.toBeEmpty();
  });

  test('background login with invalid client id fails', async ({ page }) => {
    const { navigate } = asyncEvents(page);
    await navigate('/ping-am/?clientid=bad-id');

    await page.getByRole('button', { name: 'Login (Background)' }).click();

    await expect(page.locator('.error')).toContainText(`CONFIGURATION_ERROR`);
    await expect(page.locator('.error')).toContainText(
      'Configuration error. Please check your OAuth configuration, like clientId or allowed redirect URLs.',
    );
    await expect(page.locator('.error')).toContainText(`"type": "network_error"`);
  });
});

test.describe('PingOne login and get token tests', () => {
  test('background login with valid credentials', async ({ page }) => {
    const { clickWithRedirect, navigate } = asyncEvents(page);
    await navigate('/ping-one/');

    await clickWithRedirect('Login (Background)', '**/signon/**');

    await page.getByLabel('Username').fill(pingOneUsername);
    await page.getByRole('textbox', { name: 'Password' }).fill(pingOnePassword);
    await clickWithRedirect('Sign On', 'http://localhost:8443/ping-one/**');

    expect(page.url()).toContain('code');
    expect(page.url()).toContain('state');

    await expect(page.locator('#accessToken-0')).not.toBeEmpty();
  });

  test('redirect login with valid credentials', async ({ page }) => {
    const { clickWithRedirect, navigate } = asyncEvents(page);
    await navigate('/ping-one/');

    await clickWithRedirect('Login (Background)', '**/signon/**');

    await page.getByLabel('Username').fill(pingOneUsername);
    await page.getByRole('textbox', { name: 'Password' }).fill(pingOnePassword);
    await clickWithRedirect('Sign On', 'http://localhost:8443/ping-one/**');

    expect(page.url()).toContain('code');
    expect(page.url()).toContain('state');

    await expect(page.locator('#accessToken-0')).not.toBeEmpty();
  });

  test('login with invalid client id fails', async ({ page }) => {
    const { navigate } = asyncEvents(page);
    await navigate('/ping-one/?clientid=bad-id');

    await page.getByRole('button', { name: 'Login (Background)' }).click();

    await expect(page.locator('.error')).toContainText(`CONFIGURATION_ERROR`);
    await expect(page.locator('.error')).toContainText(
      'Configuration error. Please check your OAuth configuration, like clientId or allowed redirect URLs.',
    );
    await expect(page.locator('.error')).toContainText(`"type": "network_error"`);
  });

  test('login with pi.flow response mode', async ({ page }) => {
    const { clickWithRedirect, navigate } = asyncEvents(page);
    await navigate('/ping-one/?piflow=true');

    await page.on('request', (request) => {
      const method = request.method();
      const requestUrl = request.url();

      if (method === 'POST' && requestUrl.includes('/as/authorize')) {
        expect(requestUrl).toContain('response_mode=pi.flow');
      }
    });

    await clickWithRedirect('Login (Background)', '**/signon/**');

    await page.getByLabel('Username').fill(pingOneUsername);
    await page.getByRole('textbox', { name: 'Password' }).fill(pingOnePassword);
    await clickWithRedirect('Sign On', 'http://localhost:8443/ping-one/**');

    expect(page.url()).toContain('code');
    expect(page.url()).toContain('state');

    await expect(page.locator('#accessToken-0')).not.toBeEmpty();
  });
});

test('login with invalid state fails with error', async ({ page }) => {
  const { navigate } = asyncEvents(page);
  await navigate('/ping-am/?code=12345&state=abcxyz');

  await expect(page.locator('.error')).toContainText(`"error": "State mismatch"`);
  await expect(page.locator('.error')).toContainText(`"type": "state_error"`);
  await expect(page.locator('.error')).toContainText(
    'The provided state does not match the stored state. This is likely due to passing in used, returned, authorize parameters.',
  );
});

test('oidc client fails to initialize with bad wellknown', async ({ page }) => {
  const { navigate } = asyncEvents(page);
  await navigate('/ping-am/?wellknown=bad-wellknown');

  await page.getByRole('button', { name: 'Login (Background)' }).click();

  await expect(page.locator('.error')).toContainText(
    'Authorization endpoint not found in wellknown configuration',
  );
  await expect(page.locator('.error')).toContainText('wellknown_error');
});