Refactor e2e test infrastruction to allow easier way to lookup REST API info and generate CSRF tokens

tdonohue · tdonohue · commit a581219df59b · 2024-01-17T11:16:54.000-06:00
diff --git a/cypress/plugins/index.ts b/cypress/plugins/index.ts
@@ -1,5 +1,11 @@
 const fs = require('fs');
 
+// These two global variables are used to store information about the REST API used
+// by these e2e tests. They are filled out prior to running any tests in the before()
+// method of e2e.ts. They can then be accessed by any tests via the getters below.
+let REST_BASE_URL: string;
+let REST_DOMAIN: string;
+
 // Plugins enable you to tap into, modify, or extend the internal behavior of Cypress
 // For more info, visit https://on.cypress.io/plugins-api
 module.exports = (on, config) => {
@@ -30,6 +36,24 @@ module.exports = (on, config) => {
             }
 
             return null;
+        },
+        // Save value of REST Base URL, looked up before all tests.
+        // This allows other tests to use it easily via getRestBaseURL() below.
+        saveRestBaseURL(url: string) {
+            return (REST_BASE_URL = url);
+        },
+        // Retrieve currently saved value of REST Base URL
+        getRestBaseURL() {
+            return REST_BASE_URL ;
+        },
+        // Save value of REST Domain, looked up before all tests.
+        // This allows other tests to use it easily via getRestBaseDomain() below.
+        saveRestBaseDomain(domain: string) {
+            return (REST_DOMAIN = domain);
+        },
+        // Retrieve currently saved value of REST Domain
+        getRestBaseDomain() {
+            return REST_DOMAIN ;
         }
     });
 };
diff --git a/cypress/support/commands.ts b/cypress/support/commands.ts
@@ -5,11 +5,7 @@
 
 import { AuthTokenInfo, TOKENITEM } from 'src/app/core/auth/models/auth-token-info.model';
 import { DSPACE_XSRF_COOKIE, XSRF_REQUEST_HEADER } from 'src/app/core/xsrf/xsrf.constants';
-
-// NOTE: FALLBACK_TEST_REST_BASE_URL is only used if Cypress cannot read the REST API BaseURL
-// from the Angular UI's config.json. See 'login()'.
-export const FALLBACK_TEST_REST_BASE_URL = 'http://localhost:8080/server';
-export const FALLBACK_TEST_REST_DOMAIN = 'localhost';
+import { v4 as uuidv4 } from 'uuid';
 
 // Declare Cypress namespace to help with Intellisense & code completion in IDEs
 // ALL custom commands MUST be listed here for code completion to work
@@ -41,6 +37,13 @@ declare global {
              * @param dsoType type of DSpace Object (e.g. "item", "collection", "community")
              */
             generateViewEvent(uuid: string, dsoType: string): typeof generateViewEvent;
+
+            /**
+             * Create a new CSRF token and add to required Cookie. CSRF Token is returned
+             * in chainable in order to allow it to be sent also in required CSRF header.
+             * @returns Chainable reference to allow CSRF token to also be sent in header.
+             */
+            createCSRFCookie(): Chainable<any>;
         }
     }
 }
@@ -54,59 +57,32 @@ declare global {
  * @param password password to login as
  */
 function login(email: string, password: string): void {
-    // Cypress doesn't have access to the running application in Node.js.
-    // So, it's not possible to inject or load the AppConfig or environment of the Angular UI.
-    // Instead, we'll read our running application's config.json, which contains the configs &
-    // is regenerated at runtime each time the Angular UI application starts up.
-    cy.task('readUIConfig').then((str: string) => {
-        // Parse config into a JSON object
-        const config = JSON.parse(str);
-
-        // Find the URL of our REST API. Have a fallback ready, just in case 'rest.baseUrl' cannot be found.
-        let baseRestUrl = FALLBACK_TEST_REST_BASE_URL;
-        if (!config.rest.baseUrl) {
-            console.warn("Could not load 'rest.baseUrl' from config.json. Falling back to " + FALLBACK_TEST_REST_BASE_URL);
-        } else {
-            //console.log("Found 'rest.baseUrl' in config.json. Using this REST API for login: ".concat(config.rest.baseUrl));
-            baseRestUrl = config.rest.baseUrl;
-        }
-
-        // Now find domain of our REST API, again with a fallback.
-        let baseDomain = FALLBACK_TEST_REST_DOMAIN;
-        if (!config.rest.host) {
-            console.warn("Could not load 'rest.host' from config.json. Falling back to " + FALLBACK_TEST_REST_DOMAIN);
-        } else {
-            baseDomain = config.rest.host;
-        }
-
-        // Create a fake CSRF Token.  Set it in the required server-side cookie
-        const csrfToken = 'fakeLoginCSRFToken';
-        cy.setCookie(DSPACE_XSRF_COOKIE, csrfToken, { 'domain': baseDomain });
-
-        // Now, send login POST request including that CSRF token
-        cy.request({
-            method: 'POST',
-            url: baseRestUrl + '/api/authn/login',
-            headers: { [XSRF_REQUEST_HEADER]: csrfToken},
-            form: true, // indicates the body should be form urlencoded
-            body: { user: email, password: password }
-        }).then((resp) => {
-            // We expect a successful login
-            expect(resp.status).to.eq(200);
-            // We expect to have a valid authorization header returned (with our auth token)
-            expect(resp.headers).to.have.property('authorization');
-
-            // Initialize our AuthTokenInfo object from the authorization header.
-            const authheader = resp.headers.authorization as string;
-            const authinfo: AuthTokenInfo = new AuthTokenInfo(authheader);
-
-            // Save our AuthTokenInfo object to our dsAuthInfo UI cookie
-            // This ensures the UI will recognize we are logged in on next "visit()"
-            cy.setCookie(TOKENITEM, JSON.stringify(authinfo));
+    // Create a fake CSRF cookie/token to use in POST
+    cy.createCSRFCookie().then((csrfToken: string) => {
+        // get our REST API's base URL, also needed for POST
+        cy.task('getRestBaseURL').then((baseRestUrl: string) => {
+            // Now, send login POST request including that CSRF token
+            cy.request({
+                method: 'POST',
+                url: baseRestUrl + '/api/authn/login',
+                headers: { [XSRF_REQUEST_HEADER]: csrfToken},
+                form: true, // indicates the body should be form urlencoded
+                body: { user: email, password: password }
+            }).then((resp) => {
+                // We expect a successful login
+                expect(resp.status).to.eq(200);
+                // We expect to have a valid authorization header returned (with our auth token)
+                expect(resp.headers).to.have.property('authorization');
+
+                // Initialize our AuthTokenInfo object from the authorization header.
+                const authheader = resp.headers.authorization as string;
+                const authinfo: AuthTokenInfo = new AuthTokenInfo(authheader);
+
+                // Save our AuthTokenInfo object to our dsAuthInfo UI cookie
+                // This ensures the UI will recognize we are logged in on next "visit()"
+                cy.setCookie(TOKENITEM, JSON.stringify(authinfo));
+            });
         });
-
-        // Remove cookie with fake CSRF token, as it's no longer needed
-        cy.clearCookie(DSPACE_XSRF_COOKIE);
     });
 }
 // Add as a Cypress command (i.e. assign to 'cy.login')
@@ -141,56 +117,53 @@ Cypress.Commands.add('loginViaForm', loginViaForm);
  * @param dsoType type of DSpace Object (e.g. "item", "collection", "community")
  */
 function generateViewEvent(uuid: string, dsoType: string): void {
-    // Cypress doesn't have access to the running application in Node.js.
-    // So, it's not possible to inject or load the AppConfig or environment of the Angular UI.
-    // Instead, we'll read our running application's config.json, which contains the configs &
-    // is regenerated at runtime each time the Angular UI application starts up.
-    cy.task('readUIConfig').then((str: string) => {
-        // Parse config into a JSON object
-        const config = JSON.parse(str);
+    // Create a fake CSRF cookie/token to use in POST
+    cy.createCSRFCookie().then((csrfToken: string) => {
+        // get our REST API's base URL, also needed for POST
+        cy.task('getRestBaseURL').then((baseRestUrl: string) => {
+            // Now, send 'statistics/viewevents' POST request including that fake CSRF token in required header
+            cy.request({
+                method: 'POST',
+                url: baseRestUrl + '/api/statistics/viewevents',
+                headers: {
+                    [XSRF_REQUEST_HEADER] : csrfToken,
+                    // use a known public IP address to avoid being seen as a "bot"
+                    'X-Forwarded-For': '1.1.1.1',
+                    // Use a user-agent of a Firefox browser on Windows. This again avoids being seen as a "bot"
+                    'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0',
+                },
+                //form: true, // indicates the body should be form urlencoded
+                body: { targetId: uuid, targetType: dsoType },
+            }).then((resp) => {
+                // We expect a 201 (which means statistics event was created)
+                expect(resp.status).to.eq(201);
+            });
+        });
+    });
+}
+// Add as a Cypress command (i.e. assign to 'cy.generateViewEvent')
+Cypress.Commands.add('generateViewEvent', generateViewEvent);
 
-        // Find the URL of our REST API. Have a fallback ready, just in case 'rest.baseUrl' cannot be found.
-        let baseRestUrl = FALLBACK_TEST_REST_BASE_URL;
-        if (!config.rest.baseUrl) {
-            console.warn("Could not load 'rest.baseUrl' from config.json. Falling back to " + FALLBACK_TEST_REST_BASE_URL);
-        } else {
-            baseRestUrl = config.rest.baseUrl;
-        }
 
-        // Now find domain of our REST API, again with a fallback.
-        let baseDomain = FALLBACK_TEST_REST_DOMAIN;
-        if (!config.rest.host) {
-            console.warn("Could not load 'rest.host' from config.json. Falling back to " + FALLBACK_TEST_REST_DOMAIN);
-        } else {
-            baseDomain = config.rest.host;
-        }
+/**
+ * Can be used by tests to generate a random XSRF/CSRF token and save it to
+ * the required XSRF/CSRF cookie for usage when sending POST requests or similar.
+ * The generated CSRF token is returned in a Chainable to allow it to be also sent
+ * in the CSRF HTTP Header.
+ * @returns a Cypress Chainable which can be used to get the generated CSRF Token
+ */
+function createCSRFCookie(): Cypress.Chainable {
+    // Generate a new token which is a random UUID
+    const csrfToken: string = uuidv4();
 
+    // Save it to our required cookie
+    cy.task('getRestBaseDomain').then((baseDomain: string) => {
         // Create a fake CSRF Token.  Set it in the required server-side cookie
-        const csrfToken = 'fakeGenerateViewEventCSRFToken';
         cy.setCookie(DSPACE_XSRF_COOKIE, csrfToken, { 'domain': baseDomain });
-
-        // Now, send 'statistics/viewevents' POST request including that fake CSRF token in required header
-        cy.request({
-            method: 'POST',
-            url: baseRestUrl + '/api/statistics/viewevents',
-            headers: {
-                [XSRF_REQUEST_HEADER] : csrfToken,
-                // use a known public IP address to avoid being seen as a "bot"
-                'X-Forwarded-For': '1.1.1.1',
-                // Use a user-agent of a Firefox browser on Windows. This again avoids being seen as a "bot"
-                'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0',
-            },
-            //form: true, // indicates the body should be form urlencoded
-            body: { targetId: uuid, targetType: dsoType },
-        }).then((resp) => {
-            // We expect a 201 (which means statistics event was created)
-            expect(resp.status).to.eq(201);
-        });
-
-        // Remove cookie with fake CSRF token, as it's no longer needed
-        cy.clearCookie(DSPACE_XSRF_COOKIE);
     });
-}
-// Add as a Cypress command (i.e. assign to 'cy.generateViewEvent')
-Cypress.Commands.add('generateViewEvent', generateViewEvent);
 
+    // return the generated token wrapped in a chainable
+    return cy.wrap(csrfToken);
+}
+// Add as a Cypress command (i.e. assign to 'cy.createCSRFCookie')
+Cypress.Commands.add('createCSRFCookie', createCSRFCookie);
diff --git a/cypress/support/e2e.ts b/cypress/support/e2e.ts
@@ -19,23 +19,49 @@ import './commands';
 // Import Cypress Axe tools for all tests
 // https://github.com/component-driven/cypress-axe
 import 'cypress-axe';
+import { DSPACE_XSRF_COOKIE } from 'src/app/core/xsrf/xsrf.constants';
+
+
+// Runs once before all tests
+before(() => {
+  // Cypress doesn't have access to the running application in Node.js.
+  // So, it's not possible to inject or load the AppConfig or environment of the Angular UI.
+  // Instead, we'll read our running application's config.json, which contains the configs &
+  // is regenerated at runtime each time the Angular UI application starts up.
+  cy.task('readUIConfig').then((str: string) => {
+    // Parse config into a JSON object
+    const config = JSON.parse(str);
+
+    // Find URL of our REST API & save to global variable via task
+    let baseRestUrl = FALLBACK_TEST_REST_BASE_URL;
+    if (!config.rest.baseUrl) {
+        console.warn("Could not load 'rest.baseUrl' from config.json. Falling back to " + FALLBACK_TEST_REST_BASE_URL);
+    } else {
+        baseRestUrl = config.rest.baseUrl;
+    }
+    cy.task('saveRestBaseURL', baseRestUrl);
+
+    // Find domain of our REST API & save to global variable via task.
+    let baseDomain = FALLBACK_TEST_REST_DOMAIN;
+    if (!config.rest.host) {
+        console.warn("Could not load 'rest.host' from config.json. Falling back to " + FALLBACK_TEST_REST_DOMAIN);
+    } else {
+        baseDomain = config.rest.host;
+    }
+    cy.task('saveRestBaseDomain', baseDomain);
+
+  });
+});
 
 // Runs once before the first test in each "block"
 beforeEach(() => {
     // Pre-agree to all Klaro cookies by setting the klaro-anonymous cookie
     // This just ensures it doesn't get in the way of matching other objects in the page.
     cy.setCookie('klaro-anonymous', '{%22authentication%22:true%2C%22preferences%22:true%2C%22acknowledgement%22:true%2C%22google-analytics%22:true%2C%22google-recaptcha%22:true}');
-});
-
-// For better stability between tests, we visit "about:blank" (i.e. blank page) after each test.
-// This ensures any remaining/outstanding XHR requests are killed, so they don't affect the next test.
-// Borrowed from: https://glebbahmutov.com/blog/visit-blank-page-between-tests/
-/*afterEach(() => {
-    cy.window().then((win) => {
-      win.location.href = 'about:blank';
-    });
-});*/
 
+    // Remove any CSRF cookies saved from prior tests
+    cy.clearCookie(DSPACE_XSRF_COOKIE);
+});
 
 // Global constants used in tests
 // May be overridden in our cypress.json config file using specified environment variables.
@@ -57,7 +83,10 @@ export const TEST_SUBMIT_COLLECTION_NAME = Cypress.env('DSPACE_TEST_SUBMIT_COLLE
 export const TEST_SUBMIT_COLLECTION_UUID = Cypress.env('DSPACE_TEST_SUBMIT_COLLECTION_UUID') || '9d8334e9-25d3-4a67-9cea-3dffdef80144';
 export const TEST_SUBMIT_USER = Cypress.env('DSPACE_TEST_SUBMIT_USER') || 'dspacedemo+submit@gmail.com';
 export const TEST_SUBMIT_USER_PASSWORD = Cypress.env('DSPACE_TEST_SUBMIT_USER_PASSWORD') || 'dspace';
-
+// NOTE: FALLBACK_TEST_REST_BASE_URL is only used if Cypress cannot read the REST API BaseURL
+// from the Angular UI's config.json. See 'before()' above.
+const FALLBACK_TEST_REST_BASE_URL = 'http://localhost:8080/server';
+const FALLBACK_TEST_REST_DOMAIN = 'localhost';
 
 // USEFUL REGEX for testing
 
