Merge pull request #20323 from mozilla/fxa-13401-otp-prod-tests

StaberindeZA · web-flow · commit 14ef748f9ab4 · 2026-04-07T09:26:18.000-04:00
fix(func-tests): update otp tests for prod
diff --git a/packages/functional-tests/lib/testAccountTracker.ts b/packages/functional-tests/lib/testAccountTracker.ts
@@ -25,7 +25,6 @@ enum EmailPrefix {
   SYNC = 'sync',
 }
 
-const RELIER_CLIENT_ID = 'dcdb5ae7add825d2';
 const SUPPORTED_SERVICE = 'smoketests';
 
 type AccountDetails = {
@@ -263,7 +262,7 @@ export class TestAccountTracker {
 
     // Send passwordless code
     await this.target.authClient.passwordlessSendCode(email, {
-      clientId: RELIER_CLIENT_ID,
+      clientId: this.target.relierClientID,
       service: SUPPORTED_SERVICE,
     });
 
@@ -275,7 +274,7 @@ export class TestAccountTracker {
       email,
       code,
       {
-        clientId: RELIER_CLIENT_ID,
+        clientId: this.target.relierClientID,
         service: SUPPORTED_SERVICE,
       }
     );
@@ -459,7 +458,7 @@ export class TestAccountTracker {
     try {
       // Send passwordless code
       await this.target.authClient.passwordlessSendCode(account.email, {
-        clientId: RELIER_CLIENT_ID,
+        clientId: this.target.relierClientID,
         service: SUPPORTED_SERVICE,
       });
 
@@ -473,7 +472,7 @@ export class TestAccountTracker {
         account.email,
         code,
         {
-          clientId: RELIER_CLIENT_ID,
+          clientId: this.target.relierClientID,
           service: SUPPORTED_SERVICE,
         }
       );
diff --git a/packages/functional-tests/tests/passwordless/passwordlessApi.spec.ts b/packages/functional-tests/tests/passwordless/passwordlessApi.spec.ts
@@ -5,7 +5,6 @@
 import { expect, test } from '../../lib/fixtures/standard';
 import { getTotpCode } from '../../lib/totp';
 
-const CLIENT_ID = 'dcdb5ae7add825d2';
 const SUPPORTED_SERVICE = 'smoketests';
 
 async function getPasswordlessSession(
@@ -14,14 +13,14 @@ async function getPasswordlessSession(
   isNew: boolean
 ) {
   await target.authClient.passwordlessSendCode(email, {
-    clientId: CLIENT_ID,
+    clientId: target.relierClientID,
     service: SUPPORTED_SERVICE,
   });
   const code = isNew
     ? await target.emailClient.getPasswordlessSignupCode(email)
     : await target.emailClient.getPasswordlessSigninCode(email);
   return target.authClient.passwordlessConfirmCode(email, code, {
-    clientId: CLIENT_ID,
+    clientId: target.relierClientID,
     service: SUPPORTED_SERVICE,
   });
 }
@@ -38,7 +37,7 @@ test.describe('severity-2', () => {
           testAccountTracker.generatePasswordlessAccountDetails();
 
         await target.authClient.passwordlessSendCode(email, {
-          clientId: CLIENT_ID,
+          clientId: target.relierClientID,
           service: SUPPORTED_SERVICE,
         });
 
@@ -53,7 +52,7 @@ test.describe('severity-2', () => {
         const { email } = await testAccountTracker.signUpPasswordless();
 
         await target.authClient.passwordlessSendCode(email, {
-          clientId: CLIENT_ID,
+          clientId: target.relierClientID,
           service: SUPPORTED_SERVICE,
         });
 
@@ -69,7 +68,7 @@ test.describe('severity-2', () => {
 
         try {
           await target.authClient.passwordlessSendCode(credentials.email, {
-            clientId: CLIENT_ID,
+            clientId: target.relierClientID,
             service: SUPPORTED_SERVICE,
           });
           expect(
@@ -114,7 +113,7 @@ test.describe('severity-2', () => {
         );
 
         await target.authClient.passwordlessSendCode(email, {
-          clientId: CLIENT_ID,
+          clientId: target.relierClientID,
           service: SUPPORTED_SERVICE,
         });
 
@@ -123,7 +122,7 @@ test.describe('severity-2', () => {
           email,
           code,
           {
-            clientId: CLIENT_ID,
+            clientId: target.relierClientID,
             service: SUPPORTED_SERVICE,
           }
         );
@@ -152,7 +151,7 @@ test.describe('severity-2', () => {
         const password = account?.password || '';
 
         await target.authClient.passwordlessSendCode(email, {
-          clientId: CLIENT_ID,
+          clientId: target.relierClientID,
           service: SUPPORTED_SERVICE,
         });
 
@@ -161,7 +160,7 @@ test.describe('severity-2', () => {
           email,
           code,
           {
-            clientId: CLIENT_ID,
+            clientId: target.relierClientID,
             service: SUPPORTED_SERVICE,
           }
         );
@@ -187,7 +186,7 @@ test.describe('severity-2', () => {
           testAccountTracker.generatePasswordlessAccountDetails();
 
         await target.authClient.passwordlessSendCode(email, {
-          clientId: CLIENT_ID,
+          clientId: target.relierClientID,
           service: SUPPORTED_SERVICE,
         });
 
@@ -196,7 +195,7 @@ test.describe('severity-2', () => {
 
         try {
           await target.authClient.passwordlessConfirmCode(email, '00000000', {
-            clientId: CLIENT_ID,
+            clientId: target.relierClientID,
             service: SUPPORTED_SERVICE,
           });
           expect(
@@ -233,15 +232,15 @@ test.describe('severity-2', () => {
         }
 
         await target.authClient.passwordlessSendCode(email, {
-          clientId: CLIENT_ID,
+          clientId: target.relierClientID,
           service: SUPPORTED_SERVICE,
         });
 
         const code = await target.emailClient.getPasswordlessSigninCode(email);
         const result = await target.authClient.passwordlessConfirmCode(
           email,
           code,
-          { clientId: CLIENT_ID, service: SUPPORTED_SERVICE }
+          { clientId: target.relierClientID, service: SUPPORTED_SERVICE }
         );
 
         expect(result.verified).toBe(false);
@@ -275,14 +274,14 @@ test.describe('severity-2', () => {
         );
 
         await target.authClient.passwordlessSendCode(email, {
-          clientId: CLIENT_ID,
+          clientId: target.relierClientID,
           service: SUPPORTED_SERVICE,
         });
 
         await target.emailClient.getPasswordlessSignupCode(email);
 
         await target.authClient.passwordlessResendCode(email, {
-          clientId: CLIENT_ID,
+          clientId: target.relierClientID,
           service: SUPPORTED_SERVICE,
         });
 
@@ -291,7 +290,7 @@ test.describe('severity-2', () => {
         const result = await target.authClient.passwordlessConfirmCode(
           email,
           code,
-          { clientId: CLIENT_ID, service: SUPPORTED_SERVICE }
+          { clientId: target.relierClientID, service: SUPPORTED_SERVICE }
         );
         expect(result.verified).toBe(true);
 
@@ -432,7 +431,7 @@ test.describe('severity-2', () => {
         // Passwordless send should be rejected after password creation
         try {
           await target.authClient.passwordlessSendCode(email, {
-            clientId: CLIENT_ID,
+            clientId: target.relierClientID,
             service: SUPPORTED_SERVICE,
           });
           expect(
diff --git a/packages/functional-tests/tests/passwordless/signinPasswordless.spec.ts b/packages/functional-tests/tests/passwordless/signinPasswordless.spec.ts
@@ -166,14 +166,14 @@ test.describe('severity-1 #smoke', () => {
         // Use the API directly to get an unverified session token
         // (bypasses browser UI so we can test the session before TOTP)
         await target.authClient.passwordlessSendCode(email, {
-          clientId: 'dcdb5ae7add825d2',
+          clientId: target.relierClientID,
         });
         const otpCode =
           await target.emailClient.getPasswordlessSigninCode(email);
         const confirmResult = await target.authClient.passwordlessConfirmCode(
           email,
           otpCode,
-          { clientId: 'dcdb5ae7add825d2' }
+          { clientId: target.relierClientID }
         );
 
         // The session should be unverified (TOTP pending)
@@ -184,7 +184,7 @@ test.describe('severity-1 #smoke', () => {
         try {
           await target.authClient.createOAuthCode(
             confirmResult.sessionToken,
-            'dcdb5ae7add825d2',
+            target.relierClientID,
             'teststate',
             { scope: 'profile' }
           );
@@ -217,7 +217,6 @@ test.describe('severity-1 #smoke', () => {
     });
 
     test.describe('Session verification state invariants', () => {
-      const CLIENT_ID = 'dcdb5ae7add825d2';
       const SUPPORTED_SERVICE = 'smoketests';
 
       async function getPasswordlessSession(
@@ -226,14 +225,14 @@ test.describe('severity-1 #smoke', () => {
         isNew: boolean
       ) {
         await target.authClient.passwordlessSendCode(email, {
-          clientId: CLIENT_ID,
+          clientId: target.relierClientID,
           service: SUPPORTED_SERVICE,
         });
         const code = isNew
           ? await target.emailClient.getPasswordlessSignupCode(email)
           : await target.emailClient.getPasswordlessSigninCode(email);
         return target.authClient.passwordlessConfirmCode(email, code, {
-          clientId: CLIENT_ID,
+          clientId: target.relierClientID,
           service: SUPPORTED_SERVICE,
         });
       }
@@ -356,7 +355,7 @@ test.describe('severity-1 #smoke', () => {
 
           const oauthResult = await target.authClient.createOAuthCode(
             result.sessionToken,
-            CLIENT_ID,
+            target.relierClientID,
             'teststate',
             { scope: 'profile' }
           );
@@ -530,7 +529,7 @@ test.describe('severity-1 #smoke', () => {
           // OAuth should now succeed
           const oauthResult = await target.authClient.createOAuthCode(
             result.sessionToken,
-            CLIENT_ID,
+            target.relierClientID,
             'teststate',
             { scope: 'profile' }
           );
@@ -578,7 +577,7 @@ test.describe('severity-1 #smoke', () => {
           // Account now has a password — passwordless send should be rejected
           try {
             await target.authClient.passwordlessSendCode(email, {
-              clientId: CLIENT_ID,
+              clientId: target.relierClientID,
             });
             expect(
               true,
@@ -758,14 +757,14 @@ test.describe('severity-1 #smoke', () => {
         // Cleanup: Set password so testAccountTracker can sign in and destroy
         // Re-authenticate to get a fresh session since the old one may be stale
         await target.authClient.passwordlessSendCode(email, {
-          clientId: 'dcdb5ae7add825d2',
+          clientId: target.relierClientID,
         });
         const cleanupCode =
           await target.emailClient.getPasswordlessSigninCode(email);
         const cleanupResult = await target.authClient.passwordlessConfirmCode(
           email,
           cleanupCode,
-          { clientId: 'dcdb5ae7add825d2' }
+          { clientId: target.relierClientID }
         );
         // Elevate to AAL2 for password creation
         const cleanupTotpCode = await getTotpCode(secret);
@@ -937,13 +936,13 @@ test.describe('severity-2', () => {
 
       // Create a password on the first account via API
       await target.authClient.passwordlessSendCode(email, {
-        clientId: 'dcdb5ae7add825d2',
+        clientId: target.relierClientID,
       });
       const otpCode = await target.emailClient.getPasswordlessSigninCode(email);
       const result = await target.authClient.passwordlessConfirmCode(
         email,
         otpCode,
-        { clientId: 'dcdb5ae7add825d2' }
+        { clientId: target.relierClientID }
       );
       await target.authClient.createPassword(
         result.sessionToken,
@@ -1148,7 +1147,12 @@ test.describe('severity-2', () => {
 
     test('passwordless signin via Relay OAuth flow - account with 2FA proceeds to TOTP verification', async ({
       target,
-      syncOAuthBrowserPages: { page, signin, signinPasswordlessCode, signinTotpCode },
+      syncOAuthBrowserPages: {
+        page,
+        signin,
+        signinPasswordlessCode,
+        signinTotpCode,
+      },
       testAccountTracker,
     }) => {
       // Create passwordless account and set up TOTP via API
@@ -1204,14 +1208,14 @@ test.describe('severity-2', () => {
 
       // Cleanup: set password so testAccountTracker can destroy the account
       await target.authClient.passwordlessSendCode(email, {
-        clientId: 'dcdb5ae7add825d2',
+        clientId: target.relierClientID,
       });
       const cleanupCode =
         await target.emailClient.getPasswordlessSigninCode(email);
       const cleanupResult = await target.authClient.passwordlessConfirmCode(
         email,
         cleanupCode,
-        { clientId: 'dcdb5ae7add825d2' }
+        { clientId: target.relierClientID }
       );
       const cleanupTotpCode = await getTotpCode(secret);
       await target.authClient.verifyTotpCode(
