Merge branch 'master' into jsonnet

# Conflicts: # selfservice/strategy/oidc/strategy.go
ory · May 5, 2020 · e0f3b92 · e0f3b92
2 parents 0a1b244 + 97b9895
commit e0f3b92
Show file tree

Hide file tree

Showing 57 changed files with 1,997 additions and 1,257 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,22 +5,23 @@
 **Table of Contents**
 
 - [Unreleased (2020-05-05)](#unreleased-2020-05-05)
+ - [Code Refactoring](#code-refactoring)
  - [0.2.1-alpha.1 (2020-05-05)](#021-alpha1-2020-05-05)
  - [Documentation](#documentation)
 - [0.2.0-alpha.2 (2020-05-04)](#020-alpha2-2020-05-04)
  - [Bug Fixes](#bug-fixes)
- - [Code Refactoring](#code-refactoring)
+ - [Code Refactoring](#code-refactoring-1)
  - [Documentation](#documentation-1)
  - [Features](#features)
  - [Unclassified](#unclassified)
  - [BREAKING CHANGES](#breaking-changes)
  - [0.1.1-alpha.1 (2020-02-18)](#011-alpha1-2020-02-18)
  - [Bug Fixes](#bug-fixes-1)
- - [Code Refactoring](#code-refactoring-1)
+ - [Code Refactoring](#code-refactoring-2)
  - [Documentation](#documentation-2)
 - [0.1.0-alpha.6 (2020-02-16)](#010-alpha6-2020-02-16)
  - [Bug Fixes](#bug-fixes-2)
- - [Code Refactoring](#code-refactoring-2)
+ - [Code Refactoring](#code-refactoring-3)
  - [Documentation](#documentation-3)
  - [Features](#features-1)
 - [0.1.0-alpha.5 (2020-02-06)](#010-alpha5-2020-02-06)
@@ -70,9 +71,14 @@
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
-# Unreleased (2020-05-05)
+# [Unreleased](https:/ory/kratos/compare/v0.2.1-alpha.1...f9a50790637a848897ba275373bc538728e09f3d) (2020-05-05)
+
+
+### Code Refactoring
+
+* Improve oidc flows and payloads and add e2e tests ([#381](https:/ory/kratos/issues/381)) ([f9a5079](https:/ory/kratos/commit/f9a50790637a848897ba275373bc538728e09f3d)), closes [#387](https:/ory/kratos/issues/387):
+ > This patch improves the OpenID Connect login and registration user experience by simplifying the network flows and introduces e2e tests using ORY Hydra.
 
-No significant changes have been made for this release.
 
 
 ## [0.2.1-alpha.1](https:/ory/kratos/compare/v0.2.0-alpha.2...v0.2.1-alpha.1) (2020-05-05)

diff --git a/Makefile b/Makefile
@@ -10,6 +10,7 @@ export PATH := $(pwd)/.bin:${PATH}
 deps:
 ifneq ("v0", $(shell cat .bin/.lock))
  curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b .bin/ v1.24.0
+ bash <(curl https://raw.githubusercontent.com/ory/hydra/master/install.sh) -b .bin/ v1.4.10
  go build -o .bin/go-acc github.com/ory/go-acc
  go build -o .bin/goreturns github.com/sqs/goreturns
  go build -o .bin/listx github.com/ory/x/tools/listx

diff --git a/UPGRADE.md b/UPGRADE.md
@@ -5,6 +5,19 @@ possible. Please note that not all breaking changes might be included here.
 Please check the [CHANGELOG.md](./CHANGELOG.md) for a full list of changes
 before finalizing the upgrade process.
 
+## unreleased
+
+These changes have not yet been released and this area's purpose is to keep
+track of future changes.
+
+### OpenID Connect and OAuth2 now official!
+
+Using social profiles to sign up and log in is now as easy as setting two config entries! Check out
+
+- [The OpenID Connect & OAuth2 Credential Documentation](https://www.ory.sh/kratos/docs/concepts/credentials/openid-connect-oidc-oauth2);
+- [The Flow Description](https://www.ory.sh/kratos/docs/concepts/credentials/openid-connect-oidc-oauth2);
+- [The "Sign in with GitHub" Guide](https://www.ory.sh/kratos/docs/guides/sign-in-with-github)!
+
 ## v0.2.0-alpha.2
 
 This is a heavy release with over hundreds of commits and files changed! Let's

diff --git a/cypress/integration/profiles/email/logout/success.spec.js b/cypress/integration/profiles/email/logout/success.spec.js
@@ -14,9 +14,7 @@ context('Login', () => {
 
  it('should sign out and be able to sign in again', () => {
  cy.get('a[href*="logout"]').click()
-
  cy.noSession()
-
  cy.url().should('include', '/auth/login')
  })
 })
diff --git a/cypress/integration/profiles/oidc/login/error.spec.js b/cypress/integration/profiles/oidc/login/error.spec.js
@@ -0,0 +1,39 @@
+import {APP_URL, gen, website} from "../../../../helpers";
+
+context('Login', () => {
+ beforeEach(() => {
+ cy.clearCookies()
+ cy.visit(APP_URL + '/auth/login')
+ })
+
+ it('should fail when the login request is rejected', () => {
+ const email = gen.email()
+ cy.get('button[value="hydra"]').click()
+ cy.get('#reject').click()
+ cy.location('pathname').should('equal','/auth/login')
+ cy.get('.form-errors .message').should('contain.text', 'login rejected request')
+ cy.noSession()
+ })
+
+ it('should fail when the consent request is rejected', () => {
+ const email = gen.email()
+ cy.get('button[value="hydra"]').click()
+ cy.get('#username').type(email)
+ cy.get('#accept').click()
+ cy.get('#reject').click()
+ cy.location('pathname').should('equal','/auth/login')
+ cy.get('.form-errors .message').should('contain.text', 'consent rejected request')
+ cy.noSession()
+ })
+
+ it('should fail when the id_token is missing', () => {
+ const email = gen.email()
+ cy.get('button[value="hydra"]').click()
+ cy.get('#username').type(email)
+ cy.get('#accept').click()
+ cy.get('#website').type(website)
+ cy.get('#accept').click()
+ cy.location('pathname').should('equal','/auth/login')
+ cy.get('.form-errors .message').should('contain.text', 'no id_token')
+ })
+})
diff --git a/cypress/integration/profiles/oidc/login/success.spec.js b/cypress/integration/profiles/oidc/login/success.spec.js
@@ -0,0 +1,16 @@
+import { APP_URL, gen, website } from '../../../../helpers'
+
+context('Login', () => {
+ beforeEach(() => {
+ cy.clearCookies()
+ })
+
+ it('should be able to sign up, sign out, and then sign in', () => {
+ const email = gen.email()
+
+ cy.registerOidc({email, website})
+ cy.get('a[href*="logout"]').click()
+ cy.noSession()
+ cy.loginOidc({email})
+ })
+})
diff --git a/cypress/integration/profiles/oidc/logout/success.spec.js b/cypress/integration/profiles/oidc/logout/success.spec.js
@@ -0,0 +1,19 @@
+import { APP_URL, gen, password, website } from '../../../../helpers'
+
+context('Login', () => {
+ const email = gen.email()
+
+ before(() => {
+ cy.registerOidc({email, website})
+ })
+
+ beforeEach(() => {
+ cy.visit(APP_URL + '/')
+ })
+
+ it('should sign out and be able to sign in again', () => {
+ cy.get('a[href*="logout"]').click()
+ cy.noSession()
+ cy.url().should('include', '/auth/login')
+ })
+})
diff --git a/cypress/integration/profiles/oidc/registration/error.spec.js b/cypress/integration/profiles/oidc/registration/error.spec.js
@@ -0,0 +1,39 @@
+import {APP_URL, gen, website} from "../../../../helpers";
+
+context('Register', () => {
+ beforeEach(() => {
+ cy.clearCookies()
+ cy.visit(APP_URL + '/auth/registration')
+ })
+
+ it('should fail when the login request is rejected', () => {
+ const email = gen.email()
+ cy.get('button[value="hydra"]').click()
+ cy.get('#reject').click()
+ cy.location('pathname').should('equal','/auth/registration')
+ cy.get('.form-errors .message').should('contain.text', 'login rejected request')
+ cy.noSession()
+ })
+
+ it('should fail when the consent request is rejected', () => {
+ const email = gen.email()
+ cy.get('button[value="hydra"]').click()
+ cy.get('#username').type(email)
+ cy.get('#accept').click()
+ cy.get('#reject').click()
+ cy.location('pathname').should('equal','/auth/registration')
+ cy.get('.form-errors .message').should('contain.text', 'consent rejected request')
+ cy.noSession()
+ })
+
+ it('should fail when the id_token is missing', () => {
+ const email = gen.email()
+ cy.get('button[value="hydra"]').click()
+ cy.get('#username').type(email)
+ cy.get('#accept').click()
+ cy.get('#website').type(website)
+ cy.get('#accept').click()
+ cy.location('pathname').should('equal','/auth/registration')
+ cy.get('.form-errors .message').should('contain.text', 'no id_token')
+ })
+})
diff --git a/cypress/integration/profiles/oidc/registration/success.spec.js b/cypress/integration/profiles/oidc/registration/success.spec.js
@@ -0,0 +1,83 @@
+import {APP_URL, gen, website} from '../../../../helpers'
+
+context('Register', () => {
+ beforeEach(() => {
+ cy.clearCookies()
+ cy.visit(APP_URL + '/auth/registration')
+ })
+
+ const shouldSession = (email) => (session) => {
+ const {identity} = session
+ expect(identity.id).to.not.be.empty
+ expect(identity.traits_schema_id).to.equal('default')
+ expect(identity.traits_schema_url).to.equal(
+ `${APP_URL}/.ory/kratos/public/schemas/default`
+ )
+ expect(identity.traits.website).to.equal(website)
+ expect(identity.traits.email).to.equal(email)
+ }
+
+ it('should be able to sign up with incomplete data and finally be signed in', () => {
+ const email = gen.email()
+
+ cy.registerOidc({email, expectSession: false})
+
+ cy.get('#registration-password').should('not.exist');
+ cy.get('#registration-oidc input[name="traits.email"]').should('have.value', email)
+ cy.get('#registration-oidc form > *:last-child').should('have.attr', 'name', 'provider')
+ cy.get('.form-errors .message').should('contain.text', 'missing properties: "website"')
+ cy.get('#registration-oidc input[name="traits.website"]').type("http://s")
+
+ cy.get('button[value="hydra"]').click()
+
+ cy.get('#registration-password').should('not.exist');
+ cy.get('#registration-oidc input[name="traits.email"]').should('have.value', email)
+ cy.get('#registration-oidc form > *:last-child').should('have.attr', 'name', 'provider')
+ cy.get('.form-errors .message').should('contain.text', 'length must be >= 10')
+ cy.get('#registration-oidc input[name="traits.website"]').should('have.value', 'http://s').clear().type(website)
+
+ cy.get('button[value="hydra"]').click()
+
+ cy.session().should(shouldSession(email))
+ })
+
+ it('should be able to sign up with complete data', () => {
+ const email = gen.email()
+
+ cy.registerOidc({email, website})
+ cy.session().should(shouldSession(email))
+ })
+ it('should be able to convert a sign up flow to a sign in flow', () => {
+ const email = gen.email()
+
+ cy.registerOidc({email, website})
+ cy.get('a[href*="logout"]').click()
+ cy.noSession()
+ cy.visit(APP_URL + '/auth/registration')
+ cy.get('button[value="hydra"]').click()
+
+ cy.session().should(shouldSession(email))
+ })
+
+ it('should be able to convert a sign in flow to a sign up flow', () => {
+ const email = gen.email()
+ cy.visit(APP_URL + '/auth/login')
+ cy.get('button[value="hydra"]').click()
+ cy.get('#username').clear().type(email)
+ cy.get('#remember').click()
+ cy.get('#accept').click()
+ cy.get('input[name="scope"]').each($el => cy.wrap($el).click())
+ cy.get('#remember').click()
+ cy.get('#accept').click()
+
+ cy.get('.form-errors .message').should('contain.text', 'missing properties: "website"')
+ cy.get('#registration-oidc input[name="traits.website"]').type("http://s")
+ cy.get('button[value="hydra"]').click()
+
+ cy.get('.form-errors .message').should('contain.text', 'length must be >= 10')
+ cy.get('#registration-oidc input[name="traits.website"]').should('have.value', 'http://s').clear().type(website)
+ cy.get('button[value="hydra"]').click()
+
+ cy.session().should(shouldSession(email))
+ })
+})
diff --git a/cypress/plugins/index.js b/cypress/plugins/index.js
@@ -1,4 +1,4 @@
-/// <reference types="cypress" />
+ /// <reference types="cypress" />
 // ***********************************************************
 // This example plugins/index.js can be used to load plugins
 //