Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

webauthn: add webdriver test #15969

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

webauthn: add webdriver test #15969

wants to merge 1 commit into from
+344 −0

Conversation

Kehrlann
Copy link
Contributor

reviewer: @rwinch

Overview

Add end-to-end tests for the webauthn registration and login, using Selenium + Chrome driver.

Chrome is the only browser supporting virtual authenticators as of today.

Notes

  • Maybe these should go into integration-test instead of test? Unsure what the rationale is to decide which source set this should go into.
  • Bring in Awaitility for assert-based waits. Selenium has waiting capabilities but it only allows for predicate-based waits. Awaitility is also present in Boot, so it is not a massive leap. Happy to reconsider.
  • The tests are ordered because I want to ensure that no authenticator is registered until the last test. One could imagine cleaning up the webauthn-related ...Repository between tests, but that would require exposing them as beans ; and their implementations do no expose deleteAll() or similar.
  • There is a lifecycle / temporal dependency issue: the port of the Server must be known before the SecurityFilterChain is created. The WebAuthnConfigurer must know the full list of allowedOrigins from which it will accept WebAuthN credentials. We could break this by finding the WebAuthnRelyingPartOperations implementation and updating the list of allowedOrigins at runtime, but it requires reflection and access modifiers. For now, the flow is:
    • Create and start the Server
    • Create the SecurityFilterChain
    • Register the SecurityFilterChain into the running server

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Oct 22, 2024
@Kehrlann Kehrlann force-pushed the webauthn-add-integration-test branch 3 times, most recently from 5fcd2fe to 379f23c Compare October 22, 2024 12:58
@sjohnr sjohnr requested a review from rwinch October 24, 2024 16:59
@sjohnr sjohnr added in: web An issue in web modules (web, webmvc) type: enhancement A general enhancement labels Oct 24, 2024
@Kehrlann
webauthn: add webdriver test
43342f9 
- These tests verify the full end-to-end flow, including the javascript
  code bundled in the default login and logout pages. They require a full
  web browser, with support for Virtual Authenticators for automated testing.
  At this point in time, only Chrome supports virutal authenticators.
@Kehrlann Kehrlann force-pushed the webauthn-add-integration-test branch from 379f23c to 43342f9 Compare October 25, 2024 19:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rwinch rwinch Awaiting requested review from rwinch

Assignees

@rwinch rwinch

Labels
in: web An issue in web modules (web, webmvc) status: waiting-for-triage An issue we've not yet triaged type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Kehrlann @rwinch @sjohnr @spring-projects-issues