Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Why do we need a dedicated login test ?
Our first implementation of e2e tests uses GLPI UI to login before a given test.
As per cypress official recommandations, this should be avoided: https://docs.cypress.io/guides/references/best-practices#Organizing-Tests-Logging-In-Controlling-State.
More details can be found in the cypress presentation from the assertjs 2018 conference: https://www.youtube.com/watch?v=5XQOK0v_YRE
To sum it up, the login process should be validated from the UI once in a dedicated test.
Then, all others tests should programmatically log into the application using some kind of direct HTTP requests.
Thus, I have moved the current login implementation into a dedicated test and added a new programmatic login command that can be used for all others tests.
Programmatic login
To implements programmatic login, we have two barriers:
Randomized inputs
To fix the randomized names issue, I've added some changes to the login front file.
It will now use predetermined names (username, password, remember_me) if it receives a request from a
testing
environnements that doesn't come from the UI.CSRF
For the CSRF tokens, cypress give some example of the possibles strategies here: https://github.com/cypress-io/cypress-example-recipes/blob/master/examples/logging-in__csrf-tokens/cypress/e2e/logging-in-csrf-tokens-spec.cy.js
I've chosen the 3rd strategy "expose CSRF via a route when not in production", which should bring the most performances while being easy to maintain.
The CSRF token will thus be retrieved by doing a
GET
request onfront/csrf.php
, a special page that does not return anything if the environnements is nottesting
.