Skip to content

Add Maestro E2E testing framework #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
michaelstingl wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Add Maestro E2E testing framework #11

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
76bfe1e
Add Maestro E2E tests with screenshots and credential management
michaelstingl Mar 19, 2025
3ade168
Add OIDC token-based authentication for E2E tests
michaelstingl Mar 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,16 @@ yarn-error.*

# local env files
.env*.local
.env
.env.*

# typescript
*.tsbuildinfo

app-example
coverage/

# Maestro test credentials
.maestro/credentials.json
.maestro/env.json
.maestro/.env
54 changes: 54 additions & 0 deletions .gitleaks.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
# GitLeaks configuration file
title = "OpenCloud Mobile GitLeaks Configuration"

# Define additional custom secret patterns
[[rules]]
id = "opencloud-api-key"
description = "OpenCloud API Key"
regex = '''(?i)(\W|^)(oc_[a-zA-Z0-9]{32})(\W|$)'''
tags = ["key", "API", "opencloud"]
severity = "CRITICAL"

[[rules]]
id = "opencloud-auth-token"
description = "OpenCloud Auth Token"
regex = '''(?i)(\W|^)(ocauth_[a-zA-Z0-9]{64})(\W|$)'''
tags = ["token", "API", "opencloud"]
severity = "CRITICAL"

[[rules]]
id = "test-credentials"
description = "Test Credentials in Non-Example Files"
regex = '''(?i)("username"\s*:\s*"(?!.*example).*"|"password"\s*:\s*"(?!.*example).*")'''
tags = ["credentials", "test"]
severity = "HIGH"

# Allowlist (files to exclude from scanning)
[allowlist]
description = "Files and paths to exclude from scanning"

# Exclude examples and templates
paths = [
'''\.maestro/env\.example\.json$''',
'''\.maestro/flows/secure_oidc_login\.yaml\.example$''',
'''.*\.md$''',
'''docs/.*''',
'''\.git/.*''',
'''node_modules/.*''',
'''.*\.lock$''',
'''package-lock\.json$'''
]

# Allow example test credentials
regexes = [
'''test_username''',
'''test_password''',
'''example\.com''',
'''"password": "test_password"''',
'''"username": "test_username"'''
]

# Example test_credentials is allowed
[[allowlist.rules]]
id = "test-credentials"
path = '''\.maestro/env\.example\.json$'''
218 changes: 218 additions & 0 deletions .maestro/OIDC_AGENT_SETUP.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,218 @@
# Setting up oidc-agent for E2E Tests

This document describes how to set up oidc-agent for use with E2E tests in OpenCloud Mobile. This approach allows you to bypass WebView authentication in tests by using pre-generated tokens.

## Installing oidc-agent

Install oidc-agent on your system:

### macOS (with Homebrew)

```bash
brew install oidc-agent
```

### Ubuntu/Debian

```bash
sudo apt update
sudo apt install oidc-agent
```

### Arch Linux

```bash
sudo pacman -S oidc-agent
```

After installation, verify the version:

```bash
oidc-agent --version
```

## Starting the OIDC Agent

Start oidc-agent in your terminal:

```bash
eval "$(oidc-agent)"
```

If you want the agent to load automatically when starting a terminal, add this to your shell configuration:

```bash
# For zsh users
echo 'eval "$(oidc-agent)"' >> ~/.zshrc

# For bash users
echo 'eval "$(oidc-agent)"' >> ~/.bashrc
```

Check if the agent is running:

```bash
oidc-add --list
```

## Manual Configuration of an OIDC Account

Since OIDC providers like shniq.cloud don't support dynamic client registration, we need to create the configuration manually:

```bash
oidc-gen OpenCloudDesktop --manual
```

Follow the interactive prompts:

1. Issuer URL:
```
https://shniq.cloud/
```

2. Client ID:
```
OpenCloudDesktop
```

> Note: We're using the "OpenCloudDesktop" client ID because this client is already registered in the Identity Provider with the appropriate localhost redirect URI. For the mobile app, OpenCloudIOS/OpenCloudAndroid would normally be the correct client IDs.

3. Client Secret:
Since this is a public client, leave it empty (just press Enter).

4. Scopes:
```
max
```

This includes all supported scopes:
- openid
- offline_access
- email
- LibgreGraph.UUID
- LibreGraph.RawSub
- profile

5. Redirect URIs:
```
http://localhost:5173/*
```

After entering the information, oidc-agent generates the configuration. You'll receive a link that you need to open in your browser to authorize access.

Once you've confirmed authorization, you'll be prompted to create a password for the configuration:

```
Enter encryption password for account configuration 'OpenCloudDesktop':
Confirm encryption password:
```

## Retrieving an Access Token

After your OIDC profile has been successfully set up, you can retrieve your first access token:

```bash
oidc-token OpenCloudDesktop
```

This returns a JWT token that can be used for API authentication.

To set the token as an environment variable:

```bash
export OIDC_ACCESS_TOKEN=$(oidc-token OpenCloudDesktop)
```

## Automatic Use of the Refresh Token

Since we specified `offline_access` as a scope, oidc-agent has also stored a refresh token. This means:

- oidc-agent automatically renews your access token when it expires
- You can retrieve a new token at any time:
```bash
oidc-token OpenCloudDesktop
```
- To force a new token:
```bash
oidc-token OpenCloudDesktop --force-new
```
- To check if a refresh token exists:
```bash
oidc-token -i OpenCloudDesktop
```

## Usage with E2E Tests

For use in E2E tests, we've implemented two approaches:

### 1. Using the NPM Script

Simply run:

```bash
npm run test:e2e:oidc:token
```

This runs the test with the default OIDC profile `OpenCloudDesktop` and the default server `https://shniq.cloud`.

### 2. With Direct Script Call and Custom Parameters

```bash
node .maestro/run-with-oidc-token.js .maestro/flows/06_oidc_token_login.yaml OpenCloudDesktop https://shniq.cloud
```

This allows you to specify a different OIDC profile and server URL.

## How It Works

1. The script retrieves an access token from oidc-agent
2. It checks if a refresh token exists
3. It runs the Maestro test and passes the tokens as environment variables
4. The test in `06_oidc_token_login.yaml` uses JavaScript injection to set the tokens in the app's local storage
5. This bypasses the need to go through the WebView authentication process

## Troubleshooting

### oidc-agent is not installed or not running

Error message:
```
Error: oidc-token command not found
```

Solution:
```bash
brew install oidc-agent
eval "$(oidc-agent)"
```

### OIDC profile does not exist

Error message:
```
Error retrieving tokens: Error: Command failed: oidc-token OpenCloudDesktop
```

Solution:
```bash
oidc-gen OpenCloudDesktop --manual
```

### Token has expired and refresh token is missing

If the access token has expired and no refresh token is available, you need to re-authenticate the profile:

```bash
oidc-gen OpenCloudDesktop --reauthenticate
```

### Additional Management Commands

- Remove OIDC account from oidc-agent:
```bash
oidc-add --remove OpenCloudDesktop
```
- List all stored accounts:
```bash
oidc-add --list
```
Loading