chore(e2e): add tests to 'sessionDuration' auth config (#2612)

Signed-off-by: Jessica He <[email protected]>

Author: JessicaJHee

e2e-tests/playwright/e2e/authProviders/github-provider.spec.ts

@@ -20,6 +20,18 @@ import { HelmActions } from "../../utils/helm";
 import { RhdhAuthUiHack } from "../../support/api/rhdh-auth-hack";
 
 let page: Page;
+const githubFlags = [
+  "--set upstream.backstage.appConfig.signInPage=github",
+  "--set upstream.backstage.appConfig.auth.environment=production",
+  "--set upstream.backstage.appConfig.catalog.providers.microsoftGraphOrg=null",
+  "--set upstream.backstage.appConfig.catalog.providers.keycloakOrg=null",
+  "--set upstream.backstage.appConfig.auth.providers.microsoft=null",
+  "--set upstream.backstage.appConfig.auth.providers.oidc=null",
+  "--set global.dynamic.plugins[1].disabled=false",
+  "--set global.dynamic.plugins[3].disabled=false",
+  "--set upstream.backstage.appConfig.permission.enabled=true",
+  "--set upstream.postgresql.primary.persistence.enabled=false",
+];
 
 test.describe("Standard authentication providers: Github Provider", () => {
   test.use({ baseURL: constants.AUTH_PROVIDERS_BASE_URL });
@@ -43,18 +55,40 @@ test.describe("Standard authentication providers: Github Provider", () => {
 
     LOGGER.info(`Base Url is ${process.env.BASE_URL}`);
     LOGGER.info(
-      `Starting scenario: Standard authentication providers: Basic authentication: attemp #${testInfo.retry}`,
+      `Starting scenario: Standard authentication providers: Basic authentication: attempt #${testInfo.retry}`,
     );
 
     await ghHelper.setupGithubEnvironment();
   });
 
   test("Setup Github authentication provider and wait for first sync", async () => {
-    test.setTimeout(300 * 1000);
+    test.setTimeout(600 * 1000);
     LOGGER.info(
       "Execute testcase: Setup Github authentication provider and wait for first sync",
     );
 
+    await HelmActions.upgradeHelmChartWithWait(
+      constants.AUTH_PROVIDERS_RELEASE,
+      constants.AUTH_PROVIDERS_CHART,
+      constants.AUTH_PROVIDERS_NAMESPACE,
+      constants.AUTH_PROVIDERS_VALUES_FILE,
+      constants.CHART_VERSION,
+      constants.QUAY_REPO,
+      constants.TAG_NAME,
+      githubFlags,
+    );
+
+    await waitForNextSync("github", syncTime);
+  });
+
+  test("Set sessionDuration and confirm in auth cookie duration has been set", async () => {
+    LOGGER.info(`Executing testcase: ${test.info().title}`);
+
+    test.setTimeout(600 * 1000);
+    if (test.info().retry > 0) {
+      await waitForNextSync("github", syncTime);
+    }
+
     await HelmActions.upgradeHelmChartWithWait(
       constants.AUTH_PROVIDERS_RELEASE,
       constants.AUTH_PROVIDERS_CHART,
@@ -64,20 +98,56 @@ test.describe("Standard authentication providers: Github Provider", () => {
       constants.QUAY_REPO,
       constants.TAG_NAME,
       [
-        "--set upstream.backstage.appConfig.signInPage=github",
-        "--set upstream.backstage.appConfig.auth.environment=production",
-        "--set upstream.backstage.appConfig.catalog.providers.microsoftGraphOrg=null",
-        "--set upstream.backstage.appConfig.catalog.providers.keycloakOrg=null",
-        "--set upstream.backstage.appConfig.auth.providers.microsoft=null",
-        "--set upstream.backstage.appConfig.auth.providers.oidc=null",
-        "--set global.dynamic.plugins[1].disabled=false",
-        "--set global.dynamic.plugins[3].disabled=false",
-        "--set upstream.backstage.appConfig.permission.enabled=true",
-        "--set upstream.postgresql.primary.persistence.enabled=false",
+        ...githubFlags,
+        "--set upstream.backstage.appConfig.auth.providers.github.production.sessionDuration=3days",
       ],
     );
 
     await waitForNextSync("github", syncTime);
+
+    await page.goto("/");
+    await uiHelper.verifyHeading("Select a sign-in method");
+    const singInMethods = await page
+      .locator("div[class^='MuiCardHeader-root']")
+      .allInnerTexts();
+    expect(singInMethods).not.toContain("Guest");
+
+    await common.githubLogin(
+      constants.GH_USERS["admin"].name,
+      constants.GH_USER_PASSWORD,
+      constants.AUTH_PROVIDERS_GH_ADMIN_2FA,
+    );
+
+    await expect(async () => {
+      expect(
+        await common.CheckUserIsIngestedInCatalog(
+          [constants.GH_USERS["user_1"].displayName],
+          constants.STATIC_API_TOKEN,
+        ),
+      ).toBe(true);
+    }).toPass({
+      intervals: [1_000, 2_000, 5_000],
+      timeout: 90 * 1000,
+    });
+
+    await page.reload();
+
+    const cookies = await context.cookies();
+    const authCookie = cookies.find(
+      (cookie) => cookie.name === "github-refresh-token",
+    );
+
+    const threeDays = 3 * 24 * 60 * 60 * 1000; // expected duration of 3 days in ms
+    const tolerance = 3 * 60 * 1000; // allow for 3 minutes tolerance
+
+    const actualDuration = authCookie.expires * 1000 - Date.now();
+
+    expect(actualDuration).toBeGreaterThan(threeDays - tolerance);
+    expect(actualDuration).toBeLessThan(threeDays + tolerance);
+
+    await uiHelper.goToSettingsPage();
+    await common.signOut();
+    await context.clearCookies();
   });
 
   test("Github with default resolver: user should login and entity is in the catalog", async () => {

e2e-tests/playwright/e2e/authProviders/microsoft-provider.spec.ts

@@ -22,6 +22,35 @@ import { HelmActions } from "../../utils/helm";
 import { RhdhAuthUiHack } from "../../support/api/rhdh-auth-hack";
 
 let page: Page;
+const oauthFlags = [
+  "--set upstream.backstage.appConfig.auth.providers.github=null",
+  "--set upstream.backstage.appConfig.signInPage=microsoft",
+  "--set upstream.backstage.appConfig.auth.environment=production",
+  "--set upstream.backstage.appConfig.catalog.providers.githubOrg=null",
+  "--set upstream.backstage.appConfig.catalog.providers.keycloakOrg=null",
+  "--set global.dynamic.plugins[2].disabled=false",
+  "--set global.dynamic.plugins[3].disabled=false",
+  "--set upstream.backstage.appConfig.permission.enabled=true",
+];
+
+const oidcFlags = [
+  "--set upstream.backstage.appConfig.auth.providers.github=null",
+  "--set upstream.backstage.appConfig.signInPage=oidc",
+  "--set upstream.backstage.appConfig.auth.environment=production",
+  "--set upstream.backstage.appConfig.catalog.providers.githubOrg=null",
+  "--set upstream.backstage.appConfig.catalog.providers.keycloakOrg=null",
+  "--set global.dynamic.plugins[2].disabled=false",
+  "--set global.dynamic.plugins[3].disabled=false",
+  "--set upstream.backstage.appConfig.permission.enabled=true",
+  "--set upstream.backstage.appConfig.auth.providers.oidc.production.metadataUrl=https://login.microsoftonline.com/${AUTH_PROVIDERS_AZURE_TENANT_ID}/.well-known/openid-configuration",
+  "--set upstream.backstage.appConfig.auth.providers.oidc.production.tenantId=${AUTH_PROVIDERS_AZURE_TENANT_ID}",
+  "--set upstream.backstage.appConfig.auth.providers.oidc.production.clientId=${AUTH_PROVIDERS_AZURE_CLIENT_ID}",
+  "--set upstream.backstage.appConfig.auth.providers.oidc.production.clientSecret=${AUTH_PROVIDERS_AZURE_CLIENT_SECRET}",
+  "--set upstream.backstage.appConfig.auth.providers.oidc.production.prompt=auto",
+  "--set upstream.backstage.appConfig.auth.providers.oidc.production.callbackUrl=${BASE_URL}/api/auth/oidc/handler/frame",
+  "--set upstream.backstage.appConfig.auth.providers.oidc.production.signIn.resolvers[0].resolver=emailMatchingUserEntityProfileEmail",
+  "--set upstream.backstage.appConfig.auth.providers.oidc.production.signIn.resolvers[0].dangerouslyAllowSignInWithoutUserInCatalog=true",
+];
 
 test.describe("Standard authentication providers: Micorsoft Azure EntraID", () => {
   test.use({ baseURL: constants.AUTH_PROVIDERS_BASE_URL });
@@ -36,7 +65,7 @@ test.describe("Standard authentication providers: Micorsoft Azure EntraID", () =
   test.beforeAll(async ({ browser }, testInfo) => {
     test.setTimeout(120 * 1000);
     LOGGER.info(
-      `Staring scenario: Standard authentication providers: Micorsoft Azure EntraID: attemp #${testInfo.retry}`,
+      `Staring scenario: Standard authentication providers: Microsoft Azure EntraID: attempt #${testInfo.retry}`,
     );
 
     const browserSetup = await setupBrowser(browser, testInfo);
@@ -66,35 +95,6 @@ test.describe("Standard authentication providers: Micorsoft Azure EntraID", () =
   test("Setup RHDH with Microsoft EntraID ingestion and eventually wait for the first sync", async () => {
     test.setTimeout(600 * 1000);
     const oidcFlow = false;
-    const oauthFlags = [
-      "--set upstream.backstage.appConfig.auth.providers.github=null",
-      "--set upstream.backstage.appConfig.signInPage=microsoft",
-      "--set upstream.backstage.appConfig.auth.environment=production",
-      "--set upstream.backstage.appConfig.catalog.providers.githubOrg=null",
-      "--set upstream.backstage.appConfig.catalog.providers.keycloakOrg=null",
-      "--set global.dynamic.plugins[2].disabled=false",
-      "--set global.dynamic.plugins[3].disabled=false",
-      "--set upstream.backstage.appConfig.permission.enabled=true",
-    ];
-
-    const oidcFlags = [
-      "--set upstream.backstage.appConfig.auth.providers.github=null",
-      "--set upstream.backstage.appConfig.signInPage=oidc",
-      "--set upstream.backstage.appConfig.auth.environment=production",
-      "--set upstream.backstage.appConfig.catalog.providers.githubOrg=null",
-      "--set upstream.backstage.appConfig.catalog.providers.keycloakOrg=null",
-      "--set global.dynamic.plugins[2].disabled=false",
-      "--set global.dynamic.plugins[3].disabled=false",
-      "--set upstream.backstage.appConfig.permission.enabled=true",
-      "--set upstream.backstage.appConfig.auth.providers.oidc.production.metadataUrl=https://login.microsoftonline.com/${AUTH_PROVIDERS_AZURE_TENANT_ID}/.well-known/openid-configuration",
-      "--set upstream.backstage.appConfig.auth.providers.oidc.production.tenantId=${AUTH_PROVIDERS_AZURE_TENANT_ID}",
-      "--set upstream.backstage.appConfig.auth.providers.oidc.production.clientId=${AUTH_PROVIDERS_AZURE_CLIENT_ID}",
-      "--set upstream.backstage.appConfig.auth.providers.oidc.production.clientSecret=${AUTH_PROVIDERS_AZURE_CLIENT_SECRET}",
-      "--set upstream.backstage.appConfig.auth.providers.oidc.production.prompt=auto",
-      "--set upstream.backstage.appConfig.auth.providers.oidc.production.callbackUrl=${BASE_URL}/api/auth/oidc/handler/frame",
-      "--set upstream.backstage.appConfig.auth.providers.oidc.production.signIn.resolvers[0].resolver=emailMatchingUserEntityProfileEmail",
-      "--set upstream.backstage.appConfig.auth.providers.oidc.production.signIn.resolvers[0].dangerouslyAllowSignInWithoutUserInCatalog=true",
-    ];
     // setup RHSSO provider with user ingestion
     await HelmActions.upgradeHelmChartWithWait(
       constants.AUTH_PROVIDERS_RELEASE,
@@ -110,6 +110,64 @@ test.describe("Standard authentication providers: Micorsoft Azure EntraID", () =
     await waitForNextSync("microsoft", syncTime);
   });
 
+  test("Set sessionDuration and confirm in auth cookie duration has been set", async () => {
+    LOGGER.info(`Executing testcase: ${test.info().title}`);
+
+    test.setTimeout(600 * 1000);
+
+    await HelmActions.upgradeHelmChartWithWait(
+      constants.AUTH_PROVIDERS_RELEASE,
+      constants.AUTH_PROVIDERS_CHART,
+      constants.AUTH_PROVIDERS_NAMESPACE,
+      constants.AUTH_PROVIDERS_VALUES_FILE,
+      constants.CHART_VERSION,
+      constants.QUAY_REPO,
+      constants.TAG_NAME,
+      [
+        ...oauthFlags,
+        "--set upstream.backstage.appConfig.auth.providers.microsoft.production.sessionDuration=3days",
+      ],
+    );
+
+    await waitForNextSync("microsoft", syncTime);
+
+    await common.MicrosoftAzureLogin(
+      constants.MSGRAPH_USERS["user_1"].userPrincipalName,
+      constants.RHSSO76_DEFAULT_PASSWORD,
+    );
+
+    await expect(async () => {
+      expect(
+        await common.CheckUserIsIngestedInCatalog(
+          [constants.MSGRAPH_USERS["user_1"].displayName],
+          constants.STATIC_API_TOKEN,
+        ),
+      ).toBe(true);
+    }).toPass({
+      intervals: [1_000, 2_000, 5_000],
+      timeout: 90 * 1000,
+    });
+
+    await page.reload();
+
+    const cookies = await context.cookies();
+    const authCookie = cookies.find(
+      (cookie) => cookie.name === "microsoft-refresh-token",
+    );
+
+    const threeDays = 3 * 24 * 60 * 60 * 1000; // expected duration of 3 days in ms
+    const tolerance = 3 * 60 * 1000; // allow for 3 minutes tolerance
+
+    const actualDuration = authCookie.expires * 1000 - Date.now();
+
+    expect(actualDuration).toBeGreaterThan(threeDays - tolerance);
+    expect(actualDuration).toBeLessThan(threeDays + tolerance);
+
+    await uiHelper.goToSettingsPage();
+    await common.signOut();
+    await context.clearCookies();
+  });
+
   test("Microsoft EntraID with default resolver: user_1 should login and entity is in the catalog", async () => {
     // resolvers from upstream are not available in rhdh
     // testing only default settings