Merge pull request #5779 from Automattic/develop

Staging release v20240806.1
Automattic · Aug 6, 2024 · 49d12df · 49d12df
2 parents 2222e04 + bf42581
commit 49d12df
Show file tree

Hide file tree

Showing 11 changed files with 297 additions and 207 deletions.
diff --git a/.husky/pre-commit b/.husky/pre-commit
@@ -1,6 +1,3 @@
 #!/bin/sh
 
-# shellcheck disable=SC1091
-. "$(dirname "$0")/_/husky.sh"
-
 npx lint-staged
diff --git a/__tests__/e2e/lib/global-setup.ts b/__tests__/e2e/lib/global-setup.ts
@@ -25,6 +25,9 @@ async function globalSetup( config: FullConfig ) {
 	page.setDefaultNavigationTimeout( timeout );
 	await context.tracing.start( { name: 'global-setup', screenshots: true, snapshots: true } );
 
+	process.env.E2E_USER = user;
+	process.env.E2E_PASSWORD = pass;
+
 	try {
 		// Log in to wp-admin
 		await goToPage( page, baseURL! + '/wp-login.php' );

diff --git a/__tests__/e2e/lib/pages/lost-password-page.ts b/__tests__/e2e/lib/pages/lost-password-page.ts
@@ -0,0 +1,30 @@
+import type { Locator, Page, Response } from '@playwright/test';
+
+export class LostPasswordPage {
+	public readonly loginField: Locator;
+	public readonly getPasswordButton: Locator;
+	public readonly loginErrorBlock: Locator;
+	public readonly loginLink: Locator;
+	public readonly registerLink: Locator;
+	public readonly backToBlogLink: Locator;
+
+	public constructor( private readonly page: Page ) {
+		this.loginField = page.locator( 'input#user_login' );
+		this.getPasswordButton = page.locator( 'input#wp-submit' );
+		this.loginErrorBlock = page.locator( 'div#login_error' );
+		this.loginLink = page.locator( '#nav a[href$="wp-login.php"]' );
+		this.registerLink = page.locator( '#nav a[href*="wp-login.php?action=register"]' );
+		this.backToBlogLink = page.locator( '#backtoblog a' );
+	}
+
+	public visit(): Promise<Response> {
+		return this.page.goto( './wp-login.php?action=lostpassword' ) as Promise<Response>;
+	}
+
+	public async resetPassword( login: string ): Promise<Response> {
+		await this.loginField.fill( login );
+		const responsePromise = this.page.waitForResponse( ( resp ) => resp.url().includes( '/wp-login.php' ) && resp.request().method() === 'GET' );
+		await this.getPasswordButton.click();
+		return responsePromise;
+	}
+}
diff --git a/__tests__/e2e/lib/pages/wp-login-page.ts b/__tests__/e2e/lib/pages/wp-login-page.ts
@@ -4,6 +4,7 @@ const selectors = {
 	userField: '#user_login',
 	passwordField: '#user_pass',
 	submitButton: '#wp-submit',
+	lostPasswordLink: '#nav a[href*="wp-login.php?action=lostpassword"]',
 };
 
 export class LoginPage {
@@ -20,7 +21,6 @@ export class LoginPage {
 
 	/**
 	 * Navigate to login page
-	 *
 	 */
 	public visit(): Promise<unknown> {
 		return this.page.goto( '/wp-login.php' );
@@ -37,4 +37,11 @@ export class LoginPage {
 		await this.page.fill( selectors.passwordField, password );
 		return Promise.all( [ this.page.waitForURL( '**/wp-admin/**' ), this.page.click( selectors.submitButton ) ] );
 	}
+
+	public lostPassword(): Promise<unknown> {
+		return Promise.all( [
+			this.page.waitForURL( /\/wp-login\.php\?action=lostpassword/ ),
+			this.page.locator( selectors.lostPasswordLink ).click(),
+		] );
+	}
 }
diff --git a/__tests__/e2e/package-lock.json b/__tests__/e2e/package-lock.json
diff --git a/__tests__/e2e/specs/security.spec.ts b/__tests__/e2e/specs/security.spec.ts
@@ -0,0 +1,33 @@
+import { expect, test } from '@playwright/test';
+
+import { LostPasswordPage } from '../lib/pages/lost-password-page';
+import { LoginPage } from '../lib/pages/wp-login-page';
+
+test.describe( 'Security', () => {
+	test.beforeEach( async ( { page, context } ) => {
+		await context.clearCookies();
+		await page.goto( '/wp-login.php' );
+	} );
+
+	test( 'Reset password for existing user', async ( { page } ) => {
+		const loginPage = new LoginPage( page );
+		await loginPage.lostPassword();
+
+		const lostPasswordPage = new LostPasswordPage( page );
+		const response = await lostPasswordPage.resetPassword( process.env.E2E_USER! );
+
+		expect( response.status() ).toBe( 200 );
+		expect( response.url() ).toContain( '/wp-login.php?checkemail=confirm' );
+	} );
+
+	test( 'Reset password for existing non-existing user', async ( { page } ) => {
+		const loginPage = new LoginPage( page );
+		await loginPage.lostPassword();
+
+		const lostPasswordPage = new LostPasswordPage( page );
+		const response = await lostPasswordPage.resetPassword( 'this-user-does-not-exist' );
+
+		expect( response.status() ).toBe( 200 );
+		expect( response.url() ).toContain( '/wp-login.php?checkemail=confirm' );
+	} );
+} );
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -9,12 +9,12 @@
     "phpcs:fix": "vendor/bin/phpcbf",
     "lint": "npm run phplint && npm run phpcs",
     "update-es-wp-query": "git subtree pull --prefix search/es-wp-query [email protected]:Automattic/es-wp-query master --squash",
-    "prepare": "husky install",
+    "prepare": "husky",
     "search-build": "cd ./tests/search/e2e && 10up-toolkit build",
     "search-env": "wp-env",
     "search-env:install-tests-cli": "./bin/search/install-wp-cli.sh tests-wordpress",
-    "search-env:start": "wp-env start && npm run search-env:install-tests-cli && cd bin/search/es-docker/ && docker-compose up -d",
-    "search-env:stop": "wp-env stop && cd bin/search/es-docker/ && docker-compose down",
+    "search-env:start": "wp-env start && npm run search-env:install-tests-cli && cd bin/search/es-docker/ && docker compose up -d",
+    "search-env:stop": "wp-env stop && cd bin/search/es-docker/ && docker compose down",
     "cypress:delete:reports": "rm cypress/results/* || true",
     "cypress:setup": "./bin/search/setup-cypress-env.sh",
     "cypress:open": "cypress open --config-file tests/search/e2e/cypress.config.js",
@@ -30,7 +30,7 @@
     "cypress-file-upload": "^5.0.8",
     "cypress-multi-reporters": "^1.6.1",
     "eslint-plugin-cypress": "^3.0.3",
-    "husky": "9.1.3",
+    "husky": "9.1.4",
     "jsdoc": "^4.0.0",
     "lint-staged": "^15.0.1",
     "mocha-junit-reporter": "^2.1.1",