authelia/internal/suites/scenario_regulation_test.go

package suites

import (
	"context"
	"log"
	"testing"
	"time"

	"github.com/stretchr/testify/require"
	"github.com/stretchr/testify/suite"
)

type RegulationScenario struct {
	*SeleniumSuite
}

func NewRegulationScenario() *RegulationScenario {
	return &RegulationScenario{
		SeleniumSuite: new(SeleniumSuite),
	}
}

func (s *RegulationScenario) SetupSuite() {
	wds, err := StartWebDriver()

	if err != nil {
		log.Fatal(err)
	}

	s.WebDriverSession = wds
}

func (s *RegulationScenario) TearDownSuite() {
	err := s.WebDriverSession.Stop()

	if err != nil {
		log.Fatal(err)
	}
}

func (s *RegulationScenario) SetupTest() {
	ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
	defer cancel()

	s.doLogout(ctx, s.T())
	s.doVisit(s.T(), HomeBaseURL)
	s.verifyIsHome(ctx, s.T())
}

func (s *RegulationScenario) TestShouldBanUserAfterTooManyAttempt() {
	ctx, cancel := context.WithTimeout(context.Background(), 45*time.Second)
	defer cancel()

	s.doVisitLoginPage(ctx, s.T(), "")
	s.doFillLoginPageAndClick(ctx, s.T(), "john", "bad-password", false)
	s.verifyNotificationDisplayed(ctx, s.T(), "Incorrect username or password.")

	for i := 0; i < 3; i++ {
		err := s.WaitElementLocatedByID(ctx, s.T(), "password-textfield").SendKeys("bad-password")
		require.NoError(s.T(), err)
		err = s.WaitElementLocatedByID(ctx, s.T(), "sign-in-button").Click()
		require.NoError(s.T(), err)
		time.Sleep(1 * time.Second)
	}

	// Enter the correct password and test the regulation lock out
	err := s.WaitElementLocatedByID(ctx, s.T(), "password-textfield").SendKeys("password")
	require.NoError(s.T(), err)
	err = s.WaitElementLocatedByID(ctx, s.T(), "sign-in-button").Click()
	require.NoError(s.T(), err)
	s.verifyNotificationDisplayed(ctx, s.T(), "Incorrect username or password.")

	time.Sleep(1 * time.Second)
	s.verifyIsFirstFactorPage(ctx, s.T())
	time.Sleep(9 * time.Second)

	// Enter the correct password and test a successful login
	err = s.WaitElementLocatedByID(ctx, s.T(), "password-textfield").SendKeys("password")
	require.NoError(s.T(), err)
	err = s.WaitElementLocatedByID(ctx, s.T(), "sign-in-button").Click()
	require.NoError(s.T(), err)
	s.verifyIsSecondFactorPage(ctx, s.T())
}

func TestBlacklistingScenario(t *testing.T) {
	suite.Run(t, NewRegulationScenario())
}
Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00			`package suites`

			`import (`
			`"context"`
			`"log"`
			`"testing"`
			`"time"`

[MISC] Refactor and address most errcheck linter ignores (#1511) * [MISC] Refactor and address most errcheck linter ignores This is mostly a quality of life change. When we first implemented the errcheck linter we ignored a number of items in our legacy codebase with intent to revisit down the track. * Handle errors for regulation marks and remove unnecessary logging 2020-12-16 01:47:31 +00:00			`"github.com/stretchr/testify/require"`
Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00			`"github.com/stretchr/testify/suite"`
			`)`

			`type RegulationScenario struct {`
			`*SeleniumSuite`
			`}`

			`func NewRegulationScenario() *RegulationScenario {`
			`return &RegulationScenario{`
			`SeleniumSuite: new(SeleniumSuite),`
			`}`
			`}`

			`func (s *RegulationScenario) SetupSuite() {`
			`wds, err := StartWebDriver()`

			`if err != nil {`
			`log.Fatal(err)`
			`}`

			`s.WebDriverSession = wds`
			`}`

			`func (s *RegulationScenario) TearDownSuite() {`
			`err := s.WebDriverSession.Stop()`

			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`}`

			`func (s *RegulationScenario) SetupTest() {`
			`ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)`
			`defer cancel()`

			`s.doLogout(ctx, s.T())`
			`s.doVisit(s.T(), HomeBaseURL)`
			`s.verifyIsHome(ctx, s.T())`
			`}`

			`func (s *RegulationScenario) TestShouldBanUserAfterTooManyAttempt() {`
[FEATURE] Delay 1FA Authentication (#993) * adaptively delay 1FA by the actual execution time of authentication * should grow and shrink over time as successful attempts are made * uses the average of the last 10 successful attempts to calculate * starts at an average of 1000ms * minimum is 250ms * a random delay is added to the largest of avg or minimum * the random delay is between 0ms and 85ms * bump LDAP suite to 80s timeout * bump regulation scenario to 45s * add mutex locking * amend logging * add docs * add tests Co-authored-by: Clément Michaud <clement.michaud34@gmail.com> 2020-05-20 22:03:15 +00:00			`ctx, cancel := context.WithTimeout(context.Background(), 45*time.Second)`
Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00			`defer cancel()`

			`s.doVisitLoginPage(ctx, s.T(), "")`
			`s.doFillLoginPageAndClick(ctx, s.T(), "john", "bad-password", false)`
[FEATURE] Autofocus on authentication and OTP pages (#806) * [FEATURE] Autofocus on authentication and OTP pages This change sets the input focus on the first factor authentication and OTP pages. The behaviour for the first factor authentication page has also been amended slightly, if an incorrect username or password is provided the password field will be cleared and set as the focus. One thing to note is that the OTP page does not focus on any re-rendering and this is because the component doesn't handle focusing. This means that the OTP input only is auto-focused when you first visit it, if you enter an incorrect OTP there will be no focus. Ideally we should be looking for a different library or writing a component for this ourselves in future. Closes #511. * Add TODO markers for potential refactor 2020-03-31 23:27:54 +00:00			`s.verifyNotificationDisplayed(ctx, s.T(), "Incorrect username or password.")`
Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00
			`for i := 0; i < 3; i++ {`
[MISC] Refactor and address most errcheck linter ignores (#1511) * [MISC] Refactor and address most errcheck linter ignores This is mostly a quality of life change. When we first implemented the errcheck linter we ignored a number of items in our legacy codebase with intent to revisit down the track. * Handle errors for regulation marks and remove unnecessary logging 2020-12-16 01:47:31 +00:00			`err := s.WaitElementLocatedByID(ctx, s.T(), "password-textfield").SendKeys("bad-password")`
			`require.NoError(s.T(), err)`
			`err = s.WaitElementLocatedByID(ctx, s.T(), "sign-in-button").Click()`
			`require.NoError(s.T(), err)`
Fix and parallelize integration tests. 2019-11-30 16:49:52 +00:00			`time.Sleep(1 * time.Second)`
Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00			`}`

[FEATURE] Autofocus on authentication and OTP pages (#806) * [FEATURE] Autofocus on authentication and OTP pages This change sets the input focus on the first factor authentication and OTP pages. The behaviour for the first factor authentication page has also been amended slightly, if an incorrect username or password is provided the password field will be cleared and set as the focus. One thing to note is that the OTP page does not focus on any re-rendering and this is because the component doesn't handle focusing. This means that the OTP input only is auto-focused when you first visit it, if you enter an incorrect OTP there will be no focus. Ideally we should be looking for a different library or writing a component for this ourselves in future. Closes #511. * Add TODO markers for potential refactor 2020-03-31 23:27:54 +00:00			`// Enter the correct password and test the regulation lock out`
[MISC] Refactor and address most errcheck linter ignores (#1511) * [MISC] Refactor and address most errcheck linter ignores This is mostly a quality of life change. When we first implemented the errcheck linter we ignored a number of items in our legacy codebase with intent to revisit down the track. * Handle errors for regulation marks and remove unnecessary logging 2020-12-16 01:47:31 +00:00			`err := s.WaitElementLocatedByID(ctx, s.T(), "password-textfield").SendKeys("password")`
			`require.NoError(s.T(), err)`
			`err = s.WaitElementLocatedByID(ctx, s.T(), "sign-in-button").Click()`
			`require.NoError(s.T(), err)`
[FEATURE] Autofocus on authentication and OTP pages (#806) * [FEATURE] Autofocus on authentication and OTP pages This change sets the input focus on the first factor authentication and OTP pages. The behaviour for the first factor authentication page has also been amended slightly, if an incorrect username or password is provided the password field will be cleared and set as the focus. One thing to note is that the OTP page does not focus on any re-rendering and this is because the component doesn't handle focusing. This means that the OTP input only is auto-focused when you first visit it, if you enter an incorrect OTP there will be no focus. Ideally we should be looking for a different library or writing a component for this ourselves in future. Closes #511. * Add TODO markers for potential refactor 2020-03-31 23:27:54 +00:00			`s.verifyNotificationDisplayed(ctx, s.T(), "Incorrect username or password.")`
Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00
			`time.Sleep(1 * time.Second)`
			`s.verifyIsFirstFactorPage(ctx, s.T())`
			`time.Sleep(9 * time.Second)`

[FEATURE] Autofocus on authentication and OTP pages (#806) * [FEATURE] Autofocus on authentication and OTP pages This change sets the input focus on the first factor authentication and OTP pages. The behaviour for the first factor authentication page has also been amended slightly, if an incorrect username or password is provided the password field will be cleared and set as the focus. One thing to note is that the OTP page does not focus on any re-rendering and this is because the component doesn't handle focusing. This means that the OTP input only is auto-focused when you first visit it, if you enter an incorrect OTP there will be no focus. Ideally we should be looking for a different library or writing a component for this ourselves in future. Closes #511. * Add TODO markers for potential refactor 2020-03-31 23:27:54 +00:00			`// Enter the correct password and test a successful login`
[MISC] Refactor and address most errcheck linter ignores (#1511) * [MISC] Refactor and address most errcheck linter ignores This is mostly a quality of life change. When we first implemented the errcheck linter we ignored a number of items in our legacy codebase with intent to revisit down the track. * Handle errors for regulation marks and remove unnecessary logging 2020-12-16 01:47:31 +00:00			`err = s.WaitElementLocatedByID(ctx, s.T(), "password-textfield").SendKeys("password")`
			`require.NoError(s.T(), err)`
			`err = s.WaitElementLocatedByID(ctx, s.T(), "sign-in-button").Click()`
			`require.NoError(s.T(), err)`
Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00			`s.verifyIsSecondFactorPage(ctx, s.T())`
			`}`

			`func TestBlacklistingScenario(t *testing.T) {`
			`suite.Run(t, NewRegulationScenario())`
			`}`