Adds support for E2E tests against OIE org

Addresses Aaron's comments and adds facebook login tests

OKTA-384942
<<<Jenkins Check-In of Tested SHA: 542c40b for [email protected]>>>
Artifact: okta-auth-js
Files changed count: 10

Author: vijetmahabaleshwar-okta

.bacon.yml

@@ -20,6 +20,13 @@ test_suites:
       script_name: e2e
       criteria: MERGE
       queue_name: small
+    - name: e2e-oie
+      script_path: /root/okta/okta-auth-js/scripts
+      sort_order: '3'
+      timeout: '10'
+      script_name: e2e-oie
+      criteria: MERGE
+      queue_name: small
     - name: publish
       script_path: /root/okta/okta-auth-js/scripts
       sort_order: '4'

scripts/e2e-oie.sh

@@ -0,0 +1,39 @@
+#!/bin/bash -x
+
+source ${OKTA_HOME}/${REPO}/scripts/setup.sh
+
+setup_service java 1.8.222
+setup_service google-chrome-stable 85.0.4183.102-1
+
+export TEST_SUITE_TYPE="junit"
+export TEST_RESULT_FILE_DIR="${REPO}/build2/reports/e2e"
+
+export ISSUER=https://oie-widget-tests.sigmanetcorp.us/oauth2/default
+export [email protected]
+get_secret prod/okta-sdk-vars/password PASSWORD
+
+export CI=true
+export DBUS_SESSION_BUS_ADDRESS=/dev/null
+export ORG_OIE_ENABLED=true
+
+# build is required to run E2E tests
+if ! yarn build; then
+  echo "build failed! Exiting..."
+  exit ${TEST_FAILURE}
+fi
+
+# This client has refresh token enabled
+export CLIENT_ID=0oa3n0cgbfiNvI6Aa0g7
+export REFRESH_TOKEN=true
+
+export [email protected] 
+get_secret prod/okta-sdk-vars/fb_password FB_PASSWORD
+
+if ! yarn test:e2e; then
+  echo "OIE e2e tests failed! Exiting..."
+  exit ${TEST_FAILURE}
+fi
+
+echo ${TEST_SUITE_TYPE} > ${TEST_SUITE_TYPE_FILE}
+echo ${TEST_RESULT_FILE_DIR} > ${TEST_RESULT_FILE_DIR_FILE}
+exit ${PUBLISH_TYPE_AND_RESULT_DIR}

test/e2e/pageobjects/OktaHome.js

@@ -3,14 +3,14 @@ class OktaLogin {
   get userMenu() { return $('[data-se="user-menu"] > a.link-button');}
   get signOutBtn() { return $('[data-se="user-menu"] a[data-se="logout-link"]'); }
   get popUpCloseButton() { return $('a[data-role="close-button"]'); }
+  get widgetFormTitle() { return $('.okta-form-title.o-form-head'); }
 
   async signOut() {
     await browser.waitUntil(async () => this.userMenu.then(el => el.isDisplayed()), 5000, 'wait for user menu');
     await this.userMenu.then(el => el.click());
     await browser.waitUntil(async () => this.signOutBtn.then(el => el.isDisplayed()), 5000, 'wait for signout btn');
-    const url = await browser.getUrl();
     await this.signOutBtn.then(el => el.click());
-    await browser.waitUntil(async () => browser.getUrl().then(cur => (cur !== url)), 5000, 'wait for url change');
+    await browser.waitUntil(async () => this.widgetFormTitle.then(el => el.isDisplayed()), 5000, 'wait for widget');
   }
 
   async waitForLoad() {

test/e2e/pageobjects/OktaLogin.js

@@ -5,15 +5,58 @@ class OktaLogin {
   get signinPassword() { return $('#okta-signin-password'); }
   get signinSubmitBtn() { return $('#okta-signin-submit'); }
 
+  get OIEsigninForm() { return $('form[data-se="o-form"]');}
+  get OIEsigninUsername() { return  $('[name="identifier"]'); }
+  get OIEsigninPassword() { return $('[name="credentials.passcode"]'); }
+  get OIEsigninSubmitBtn() { return $('[data-type="save"]'); }
+  get facebookLoginBtn() { return $('[data-se="social-auth-facebook-button"]');}
+  get facebookEmail() { return $('#email');}
+  get facebookPassword() { return $('#pass');}
+  get facebookSubmitBtn() { return $('#loginbutton');}
+
   async signin(username, password) {
     await this.waitForLoad();
+
+    if (process.env.ORG_OIE_ENABLED) {
+      this.signinOIE(username, password);
+    } else { 
+      this.signinLegacy(username, password);
+    }
+  }
+
+  async signinOIE(username, password) {
+    await this.OIEsigninUsername.then(el => el.setValue(username));
+    await this.OIEsigninPassword.then(el => el.setValue(password));
+    await this.OIEsigninSubmitBtn.then(el => el.click());
+  }
+
+  async signinLegacy(username, password) {
     await this.signinUsername.then(el => el.setValue(username));
     await this.signinPassword.then(el => el.setValue(password));
     await this.signinSubmitBtn.then(el => el.click());
   }
 
   async waitForLoad() {
-    return browser.waitUntil(async () => this.signinSubmitBtn.then(el => el.isDisplayed()), 5000, 'wait for signin btn');
+    if (process.env.ORG_OIE_ENABLED) {
+      return browser.waitUntil(async () => this.OIEsigninSubmitBtn.then(el => el.isDisplayed()), 5000, 'wait for signin btn');
+    } else {
+      return browser.waitUntil(async () => this.signinSubmitBtn.then(el => el.isDisplayed()), 5000, 'wait for signin btn');
+    }
+  }
+
+  async signinFacebook(username, password) {
+    await this.waitForLoad();
+    await this.facebookLoginBtn.then(el => el.click());
+
+    (await this.facebookEmail).isDisplayed().then(async(displayed) => {
+      // If a facebook session already exists, the email input won't display
+      // it'll automatically log you in
+      if (displayed) {
+        await this.facebookEmail.then(el => el.setValue(username));
+        await this.facebookPassword.then(el => el.setValue(password));
+        await this.facebookSubmitBtn.then(el => el.click());   
+      }
+    });
   }
 }
 

test/e2e/pageobjects/TestApp.js

@@ -39,6 +39,7 @@ class TestApp {
   get pkceOption() { return $('#pkce-on'); }
   get clientId() { return $('#clientId'); }
   get issuer() { return $('#issuer'); }
+  get interactionCodeOption() { return $('#useInteractionCodeFlow-on'); }
 
   // Callback
   get callbackSelector() { return $('#root.callback'); }

test/e2e/runner.js

@@ -20,10 +20,6 @@ waitOn({
     wdioConfig = 'sauce.wdio.conf.js';
   }
 
-  if (process.env.REFRESH_TOKEN) {
-    wdioConfig = 'tokens.wdio.conf.js'; 
-  }
-
   let opts = process.argv.slice(2); // pass extra arguments through
   const runner = spawn('./node_modules/.bin/wdio', [
     'run',

test/e2e/specs/interactionFlow.js

@@ -10,7 +10,7 @@ describe('interaction flow', () => {
   it('detects `interaction_required` on the redirect callback', async () => {
     await openPKCE({});
     await TestApp.loginRedirect();
-    await OktaLogin.signin(USERNAME, PASSWORD); // on Okta
+    await OktaLogin.signin(USERNAME, PASSWORD);
     await TestApp.waitForCallback();
 
     // Manually change the URL. All other data should be present in browser storage

test/e2e/specs/login.js

@@ -1,7 +1,7 @@
 import assert from 'assert';
 import TestApp from '../pageobjects/TestApp';
 import { flows, openImplicit, openPKCE } from '../util/appUtils';
-import { loginWidget, loginRedirect, loginPopup, loginDirect } from '../util/loginUtils';
+import { loginWidget, loginRedirect, loginPopup, loginDirect, loginWidgetFacebook } from '../util/loginUtils';
 
 describe('E2E login', () => {
 
@@ -11,6 +11,7 @@ describe('E2E login', () => {
     await TestApp.responseModeFragment.then(el => el.isSelected()).then(isSelected => {
       assert(isSelected === true);
     });
+    await TestApp.interactionCodeOption.then(el => el.click());
     await loginRedirect('pkce', 'fragment');
     await TestApp.getUserInfo();
     await TestApp.assertUserInfo();
@@ -24,15 +25,23 @@ describe('E2E login', () => {
       }
 
       it('can login using signin widget (no redirect)', async () => {
-        await bootstrap();
+        let options = {};
+        if (process.env.ORG_OIE_ENABLED && flow === 'pkce') {
+          options = { useInteractionCodeFlow: true };
+        }
+        await bootstrap(options);
         await loginWidget(flow);
         await TestApp.getUserInfo();
         await TestApp.assertUserInfo();
         await TestApp.logoutRedirect();
       });
 
       it('can login using signin widget (with redirect)', async () => {
-        await bootstrap({ _forceRedirect: true });
+        let options = { _forceRedirect: true };
+        if (process.env.ORG_OIE_ENABLED && flow === 'pkce') {
+          options = Object.assign({ useInteractionCodeFlow: true }, options);
+        }
+        await bootstrap(options);
         await loginWidget(flow, true);
         await TestApp.getUserInfo();
         await TestApp.assertUserInfo();
@@ -62,6 +71,35 @@ describe('E2E login', () => {
         await TestApp.assertUserInfo();
         await TestApp.logoutRedirect();
       });
+
+      it('can login to social idp using signin widget (with redirect)', async () => {
+        // Federated social auth with pinned social login buttons only works with OIE
+        if (!process.env.ORG_OIE_ENABLED) {
+          return;
+        }
+
+        let options = { _forceRedirect: true };
+        await bootstrap(options);
+        await loginWidgetFacebook(flow, true);
+        await TestApp.getUserInfo();
+        await TestApp.assertUserInfo();
+        await TestApp.logoutRedirect();
+      });
+
+      it('can login to social idp using signin widget (no redirect)', async () => {
+        // Federated social auth with pinned social login buttons only works with OIE
+        if (!process.env.ORG_OIE_ENABLED) {
+          return;
+        }
+
+        let options = { useInteractionCodeFlow: true };
+        await bootstrap(options);
+        await loginWidgetFacebook(flow, true);
+        await TestApp.getUserInfo();
+        await TestApp.assertUserInfo();
+        await TestApp.logoutRedirect();
+      });
+
     });
   });
 });

test/e2e/util/loginUtils.js

@@ -5,6 +5,8 @@ import { switchToPopupWindow, switchToLastFocusedWindow } from './browserUtils';
 
 const USERNAME = process.env.USERNAME;
 const PASSWORD = process.env.PASSWORD;
+const FB_USERNAME = process.env.FB_USERNAME;
+const FB_PASSWORD = process.env.FB_PASSWORD;
 
 function assertPKCE(url, responseMode) {
   const char = responseMode === 'fragment' ? '#' : '?';
@@ -32,7 +34,13 @@ async function loginPopup() {
   const existingHandlesCount = (await browser.getWindowHandles()).length;
   await TestApp.loginPopup();
   await switchToPopupWindow(existingHandlesCount);
-  await OktaLogin.signin(USERNAME, PASSWORD);
+
+  if (process.env.ORG_OIE_ENABLED) {
+    await OktaLogin.signinOIE(USERNAME, PASSWORD);
+  } else {
+    await OktaLogin.signinLegacy(USERNAME, PASSWORD);
+  }
+
   await switchToLastFocusedWindow();
   await TestApp.assertLoggedIn();
 }
@@ -50,13 +58,31 @@ async function loginDirect(flow) {
   return handleCallback(flow);
 }
 
-async function loginWidget(flow, forceRedirect) {
+async function loginWidget(flow, forceRedirect=false) {
   await TestApp.showLoginWidget();
-  await OktaLogin.signin(USERNAME, PASSWORD);
+
+  // OIE widget is only displayed for direct auth with PKCE even with OIE enabled orgs
+  // For direct auth implicit flow, we still use the v1 flow (since interaction code doesn't)
+  if (flow === 'implicit' || !process.env.ORG_OIE_ENABLED) {
+    await OktaLogin.signinLegacy(USERNAME, PASSWORD);   
+  } else {
+    await OktaLogin.signinOIE(USERNAME, PASSWORD);
+  }
+  
+  if (forceRedirect) {
+    return handleCallback(flow);
+  }
+  await TestApp.assertLoggedIn();
+}
+
+async function loginWidgetFacebook(flow, forceRedirect) {
+  await TestApp.loginRedirect();
+  await OktaLogin.signinFacebook(FB_USERNAME, FB_PASSWORD);
+
   if (forceRedirect) {
     return handleCallback(flow);
   }
   await TestApp.assertLoggedIn();
 }
 
-export { loginWidget, loginDirect, loginPopup, loginRedirect };
+export { loginWidget, loginDirect, loginPopup, loginRedirect, loginWidgetFacebook };

test/e2e/wdio.conf.js

@@ -5,13 +5,16 @@ require('regenerator-runtime'); // Allows use of async/await
 const DEBUG = process.env.DEBUG;
 const CI = process.env.CI;
 const REFRESH_TOKEN = process.env.REFRESH_TOKEN;
+const ORG_OIE_ENABLED = process.env.ORG_OIE_ENABLED;
 const defaultTimeoutInterval = DEBUG ? (24 * 60 * 60 * 1000) : 10000;
 const logLevel = CI ? 'warn' : 'info';
 const browserOptions = {
     args: []
 };
-const specs = REFRESH_TOKEN ? ['./specs/**/refreshTokens.js', './specs/**/crossTabs.js'] : ['./specs/**/*.js'];
-const excludeSpecs = REFRESH_TOKEN ? [] : ['./specs/**/refreshTokens.js'];
+
+/* eslint-disable max-len */
+const specs = (REFRESH_TOKEN && !ORG_OIE_ENABLED) ? ['./specs/**/refreshTokens.js', './specs/**/crossTabs.js'] : ['./specs/**/*.js'];
+const excludeSpecs = (REFRESH_TOKEN || ORG_OIE_ENABLED) ? [] : ['./specs/**/refreshTokens.js'];
 
 if (CI) {
     browserOptions.args = browserOptions.args.concat([
@@ -21,7 +24,8 @@ if (CI) {
         '--no-sandbox',
         '--whitelisted-ips',
         '--disable-extensions',
-        '--verbose'
+        '--verbose',
+        '--disable-dev-shm-usage'
     ]);
 }