Skip to content

Commit c3fc7ce

Browse files
vbudhramvbudhram
committed
fix(func-tests): pass WAF bypass header to passwordless API calls
1 parent 125e37d commit c3fc7ce

3 files changed

Lines changed: 201 additions & 96 deletions

File tree

packages/functional-tests/lib/testAccountTracker.ts

Lines changed: 20 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -261,10 +261,14 @@ export class TestAccountTracker {
261261
const password = this.generatePassword();
262262

263263
// Send passwordless code
264-
await this.target.authClient.passwordlessSendCode(email, {
265-
clientId: this.target.relierClientID,
266-
service: SUPPORTED_SERVICE,
267-
});
264+
await this.target.authClient.passwordlessSendCode(
265+
email,
266+
{
267+
clientId: this.target.relierClientID,
268+
service: SUPPORTED_SERVICE,
269+
},
270+
this.target.ciHeader
271+
);
268272

269273
// Get OTP from email
270274
const code = await this.target.emailClient.getPasswordlessSignupCode(email);
@@ -276,7 +280,8 @@ export class TestAccountTracker {
276280
{
277281
clientId: this.target.relierClientID,
278282
service: SUPPORTED_SERVICE,
279-
}
283+
},
284+
this.target.ciHeader
280285
);
281286

282287
// Track for cleanup - mark as passwordless so cleanup knows to handle specially
@@ -457,10 +462,14 @@ export class TestAccountTracker {
457462
): Promise<void> {
458463
try {
459464
// Send passwordless code
460-
await this.target.authClient.passwordlessSendCode(account.email, {
461-
clientId: this.target.relierClientID,
462-
service: SUPPORTED_SERVICE,
463-
});
465+
await this.target.authClient.passwordlessSendCode(
466+
account.email,
467+
{
468+
clientId: this.target.relierClientID,
469+
service: SUPPORTED_SERVICE,
470+
},
471+
this.target.ciHeader
472+
);
464473

465474
// Get OTP from email
466475
const code = await this.target.emailClient.getPasswordlessSigninCode(
@@ -474,7 +483,8 @@ export class TestAccountTracker {
474483
{
475484
clientId: this.target.relierClientID,
476485
service: SUPPORTED_SERVICE,
477-
}
486+
},
487+
this.target.ciHeader
478488
);
479489

480490
let sessionToken = result.sessionToken;

packages/functional-tests/tests/passwordless/passwordlessApi.spec.ts

Lines changed: 121 additions & 59 deletions
Original file line numberDiff line numberDiff line change
@@ -12,17 +12,26 @@ async function getPasswordlessSession(
1212
email: string,
1313
isNew: boolean
1414
) {
15-
await target.authClient.passwordlessSendCode(email, {
16-
clientId: target.relierClientID,
17-
service: SUPPORTED_SERVICE,
18-
});
15+
await target.authClient.passwordlessSendCode(
16+
email,
17+
{
18+
clientId: target.relierClientID,
19+
service: SUPPORTED_SERVICE,
20+
},
21+
target.ciHeader
22+
);
1923
const code = isNew
2024
? await target.emailClient.getPasswordlessSignupCode(email)
2125
: await target.emailClient.getPasswordlessSigninCode(email);
22-
return target.authClient.passwordlessConfirmCode(email, code, {
23-
clientId: target.relierClientID,
24-
service: SUPPORTED_SERVICE,
25-
});
26+
return target.authClient.passwordlessConfirmCode(
27+
email,
28+
code,
29+
{
30+
clientId: target.relierClientID,
31+
service: SUPPORTED_SERVICE,
32+
},
33+
target.ciHeader
34+
);
2635
}
2736

2837
test.describe('severity-2', () => {
@@ -36,10 +45,14 @@ test.describe('severity-2', () => {
3645
const { email } =
3746
testAccountTracker.generatePasswordlessAccountDetails();
3847

39-
await target.authClient.passwordlessSendCode(email, {
40-
clientId: target.relierClientID,
41-
service: SUPPORTED_SERVICE,
42-
});
48+
await target.authClient.passwordlessSendCode(
49+
email,
50+
{
51+
clientId: target.relierClientID,
52+
service: SUPPORTED_SERVICE,
53+
},
54+
target.ciHeader
55+
);
4356

4457
const code = await target.emailClient.getPasswordlessSignupCode(email);
4558
expect(code).toBeTruthy();
@@ -51,10 +64,14 @@ test.describe('severity-2', () => {
5164
}) => {
5265
const { email } = await testAccountTracker.signUpPasswordless();
5366

54-
await target.authClient.passwordlessSendCode(email, {
55-
clientId: target.relierClientID,
56-
service: SUPPORTED_SERVICE,
57-
});
67+
await target.authClient.passwordlessSendCode(
68+
email,
69+
{
70+
clientId: target.relierClientID,
71+
service: SUPPORTED_SERVICE,
72+
},
73+
target.ciHeader
74+
);
5875

5976
const code = await target.emailClient.getPasswordlessSigninCode(email);
6077
expect(code).toBeTruthy();
@@ -67,10 +84,14 @@ test.describe('severity-2', () => {
6784
const credentials = await testAccountTracker.signUp();
6885

6986
try {
70-
await target.authClient.passwordlessSendCode(credentials.email, {
71-
clientId: target.relierClientID,
72-
service: SUPPORTED_SERVICE,
73-
});
87+
await target.authClient.passwordlessSendCode(
88+
credentials.email,
89+
{
90+
clientId: target.relierClientID,
91+
service: SUPPORTED_SERVICE,
92+
},
93+
target.ciHeader
94+
);
7495
expect(
7596
true,
7697
'passwordlessSendCode should have been rejected for password account'
@@ -88,9 +109,13 @@ test.describe('severity-2', () => {
88109
testAccountTracker.generatePasswordlessAccountDetails();
89110

90111
try {
91-
await target.authClient.passwordlessSendCode(email, {
92-
clientId: 'deadbeefdeadbeef',
93-
});
112+
await target.authClient.passwordlessSendCode(
113+
email,
114+
{
115+
clientId: 'deadbeefdeadbeef',
116+
},
117+
target.ciHeader
118+
);
94119
expect(
95120
true,
96121
'passwordlessSendCode should have been rejected for non-allowlisted client'
@@ -112,10 +137,14 @@ test.describe('severity-2', () => {
112137
(a) => a.email === email
113138
);
114139

115-
await target.authClient.passwordlessSendCode(email, {
116-
clientId: target.relierClientID,
117-
service: SUPPORTED_SERVICE,
118-
});
140+
await target.authClient.passwordlessSendCode(
141+
email,
142+
{
143+
clientId: target.relierClientID,
144+
service: SUPPORTED_SERVICE,
145+
},
146+
target.ciHeader
147+
);
119148

120149
const code = await target.emailClient.getPasswordlessSignupCode(email);
121150
const result = await target.authClient.passwordlessConfirmCode(
@@ -124,7 +153,8 @@ test.describe('severity-2', () => {
124153
{
125154
clientId: target.relierClientID,
126155
service: SUPPORTED_SERVICE,
127-
}
156+
},
157+
target.ciHeader
128158
);
129159

130160
expect(result.verified).toBe(true);
@@ -150,10 +180,14 @@ test.describe('severity-2', () => {
150180
);
151181
const password = account?.password || '';
152182

153-
await target.authClient.passwordlessSendCode(email, {
154-
clientId: target.relierClientID,
155-
service: SUPPORTED_SERVICE,
156-
});
183+
await target.authClient.passwordlessSendCode(
184+
email,
185+
{
186+
clientId: target.relierClientID,
187+
service: SUPPORTED_SERVICE,
188+
},
189+
target.ciHeader
190+
);
157191

158192
const code = await target.emailClient.getPasswordlessSigninCode(email);
159193
const result = await target.authClient.passwordlessConfirmCode(
@@ -162,7 +196,8 @@ test.describe('severity-2', () => {
162196
{
163197
clientId: target.relierClientID,
164198
service: SUPPORTED_SERVICE,
165-
}
199+
},
200+
target.ciHeader
166201
);
167202

168203
expect(result.verified).toBe(true);
@@ -185,19 +220,28 @@ test.describe('severity-2', () => {
185220
const { email } =
186221
testAccountTracker.generatePasswordlessAccountDetails();
187222

188-
await target.authClient.passwordlessSendCode(email, {
189-
clientId: target.relierClientID,
190-
service: SUPPORTED_SERVICE,
191-
});
223+
await target.authClient.passwordlessSendCode(
224+
email,
225+
{
226+
clientId: target.relierClientID,
227+
service: SUPPORTED_SERVICE,
228+
},
229+
target.ciHeader
230+
);
192231

193232
// Consume the real code so we can test with a bogus one
194233
await target.emailClient.getPasswordlessSignupCode(email);
195234

196235
try {
197-
await target.authClient.passwordlessConfirmCode(email, '00000000', {
198-
clientId: target.relierClientID,
199-
service: SUPPORTED_SERVICE,
200-
});
236+
await target.authClient.passwordlessConfirmCode(
237+
email,
238+
'00000000',
239+
{
240+
clientId: target.relierClientID,
241+
service: SUPPORTED_SERVICE,
242+
},
243+
target.ciHeader
244+
);
201245
expect(
202246
true,
203247
'passwordlessConfirmCode should have rejected invalid OTP'
@@ -231,16 +275,21 @@ test.describe('severity-2', () => {
231275
account.sessionToken = sessionToken;
232276
}
233277

234-
await target.authClient.passwordlessSendCode(email, {
235-
clientId: target.relierClientID,
236-
service: SUPPORTED_SERVICE,
237-
});
278+
await target.authClient.passwordlessSendCode(
279+
email,
280+
{
281+
clientId: target.relierClientID,
282+
service: SUPPORTED_SERVICE,
283+
},
284+
target.ciHeader
285+
);
238286

239287
const code = await target.emailClient.getPasswordlessSigninCode(email);
240288
const result = await target.authClient.passwordlessConfirmCode(
241289
email,
242290
code,
243-
{ clientId: target.relierClientID, service: SUPPORTED_SERVICE }
291+
{ clientId: target.relierClientID, service: SUPPORTED_SERVICE },
292+
target.ciHeader
244293
);
245294

246295
expect(result.verified).toBe(false);
@@ -273,24 +322,33 @@ test.describe('severity-2', () => {
273322
(a) => a.email === email
274323
);
275324

276-
await target.authClient.passwordlessSendCode(email, {
277-
clientId: target.relierClientID,
278-
service: SUPPORTED_SERVICE,
279-
});
325+
await target.authClient.passwordlessSendCode(
326+
email,
327+
{
328+
clientId: target.relierClientID,
329+
service: SUPPORTED_SERVICE,
330+
},
331+
target.ciHeader
332+
);
280333

281334
await target.emailClient.getPasswordlessSignupCode(email);
282335

283-
await target.authClient.passwordlessResendCode(email, {
284-
clientId: target.relierClientID,
285-
service: SUPPORTED_SERVICE,
286-
});
336+
await target.authClient.passwordlessResendCode(
337+
email,
338+
{
339+
clientId: target.relierClientID,
340+
service: SUPPORTED_SERVICE,
341+
},
342+
target.ciHeader
343+
);
287344

288345
const code = await target.emailClient.getPasswordlessSignupCode(email);
289346

290347
const result = await target.authClient.passwordlessConfirmCode(
291348
email,
292349
code,
293-
{ clientId: target.relierClientID, service: SUPPORTED_SERVICE }
350+
{ clientId: target.relierClientID, service: SUPPORTED_SERVICE },
351+
target.ciHeader
294352
);
295353
expect(result.verified).toBe(true);
296354

@@ -430,10 +488,14 @@ test.describe('severity-2', () => {
430488

431489
// Passwordless send should be rejected after password creation
432490
try {
433-
await target.authClient.passwordlessSendCode(email, {
434-
clientId: target.relierClientID,
435-
service: SUPPORTED_SERVICE,
436-
});
491+
await target.authClient.passwordlessSendCode(
492+
email,
493+
{
494+
clientId: target.relierClientID,
495+
service: SUPPORTED_SERVICE,
496+
},
497+
target.ciHeader
498+
);
437499
expect(
438500
true,
439501
'passwordlessSendCode should have been rejected for account with password'

0 commit comments

Comments
 (0)