zitadel · peintnermax · Nov 19, 2024 · Oct 28, 2024 · Oct 30, 2024 · Oct 31, 2024
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -4,10 +4,6 @@ on: pull_request
 
 jobs:
   quality:
-    env:
-      ZITADEL_IMAGE: ghcr.io/zitadel/zitadel:v2.65.0
-      POSTGRES_IMAGE: postgres:17.0-alpine3.19
-
     name: Ensure Quality
 
     runs-on: ubuntu-latest

diff --git a/acceptance/docker-compose.yaml b/acceptance/docker-compose.yaml
@@ -1,7 +1,7 @@
 services:
   zitadel:
     user: "${ZITADEL_DEV_UID}"
-    image: "${ZITADEL_IMAGE:-ghcr.io/zitadel/zitadel:latest}"
+    image: ghcr.io/zitadel/zitadel:v2.65.0
     command: 'start-from-init --masterkey "MasterkeyNeedsToHave32Characters" --tlsMode disabled --config /zitadel.yaml --steps /zitadel.yaml'
     ports:
       - "8080:8080"
@@ -14,7 +14,7 @@ services:
 
   db:
     restart: "always"
-    image: "${POSTGRES_IMAGE:-postgres:latest}"
+    image: postgres:17.0-alpine3.19
     environment:
       - POSTGRES_USER=zitadel
       - PGUSER=zitadel
@@ -44,9 +44,11 @@ services:
       PAT_FILE: /pat/zitadel-admin-sa.pat
       ZITADEL_API_INTERNAL_URL: http://zitadel:8080
       WRITE_ENVIRONMENT_FILE: /apps/login/.env.local
+      WRITE_TEST_ENVIRONMENT_FILE: /acceptance/tests/.env.local
     volumes:
       - "./pat:/pat"
       - "../apps/login:/apps/login"
+      - "../acceptance/tests:/acceptance/tests"
     depends_on:
       wait_for_zitadel:
         condition: "service_completed_successfully"
diff --git a/acceptance/setup.sh b/acceptance/setup.sh
@@ -26,15 +26,19 @@ fi
 
 WRITE_ENVIRONMENT_FILE=${WRITE_ENVIRONMENT_FILE:-$(dirname "$0")/../apps/login/.env.local}
 echo "Writing environment file to ${WRITE_ENVIRONMENT_FILE} when done."
+WRITE_TEST_ENVIRONMENT_FILE=${WRITE_TEST_ENVIRONMENT_FILE:-$(dirname "$0")/../acceptance/tests/.env.local}
+echo "Writing environment file to ${WRITE_TEST_ENVIRONMENT_FILE} when done."
 
 echo "ZITADEL_API_URL=${ZITADEL_API_URL}
 ZITADEL_SERVICE_USER_ID=${ZITADEL_SERVICE_USER_ID}
 ZITADEL_SERVICE_USER_TOKEN=${PAT}
-DEBUG=true" > ${WRITE_ENVIRONMENT_FILE}
-
+DEBUG=true"| tee "${WRITE_ENVIRONMENT_FILE}" "${WRITE_TEST_ENVIRONMENT_FILE}" > /dev/null
 echo "Wrote environment file ${WRITE_ENVIRONMENT_FILE}"
 cat ${WRITE_ENVIRONMENT_FILE}
 
+echo "Wrote environment file ${WRITE_TEST_ENVIRONMENT_FILE}"
+cat ${WRITE_TEST_ENVIRONMENT_FILE}
+
 DEFAULTORG_RESPONSE_RESULTS=0
 # waiting for default organization
 until [ ${DEFAULTORG_RESPONSE_RESULTS} -eq 1 ]

diff --git a/acceptance/tests/admin.spec.ts b/acceptance/tests/admin.spec.ts
@@ -0,0 +1,7 @@
+import { test } from "@playwright/test";
+import { loginScreenExpect, loginWithPassword } from "./login";
+
+test("admin login", async ({ page }) => {
+  await loginWithPassword(page, "[email protected]", "Password1!");
+  await loginScreenExpect(page, "ZITADEL Admin");
+});
diff --git a/acceptance/tests/idp-apple.spec.ts b/acceptance/tests/idp-apple.spec.ts
@@ -0,0 +1,94 @@
+// Note for all tests, in case Apple doesn't deliver all relevant information per default
+// We should add an action in the needed cases
+
+import test from "@playwright/test";
+
+test("login with Apple IDP", async ({ page }) => {
+  // Given an Apple IDP is configured on the organization
+  // Given the user has an Apple added as auth method
+  // User authenticates with Apple
+  // User is redirected back to login
+  // User is redirected to the app
+});
+
+test("login with Apple IDP - error", async ({ page }) => {
+  // Given an Apple IDP is configured on the organization
+  // Given the user has an Apple added as auth method
+  // User is redirected to Apple
+  // User authenticates with Apple and gets an error
+  // User is redirect back to login
+  // An error is shown to the user "Something went wrong in Apple Login"
+});
+
+test("login with Apple IDP, no user existing - auto register", async ({ page }) => {
+  // Given idp Apple is configure on the organization as only authencation method
+  // Given idp Apple is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Apple
+  // User authenticates in Apple
+  // User is redirect to ZITADEL login
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Apple IDP, no user existing - auto register not possible", async ({ page }) => {
+  // Given idp Apple is configure on the organization as only authencation method
+  // Given idp Apple is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Apple
+  // User authenticates in Apple
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // User will see the registration page with pre filled user information
+  // User fills missing information
+  // User clicks register button
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Apple IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({
+  page,
+}) => {
+  // Given idp Apple is configure on the organization as only authencation method
+  // Given idp Apple is configure with account creation not allowed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Apple
+  // User authenticates in Apple
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // Error message is shown, that registration of the user was not possible due to missing information
+});
+
+test("login with Apple IDP, no user linked - auto link", async ({ page }) => {
+  // Given idp Apple is configure on the organization as only authencation method
+  // Given idp Apple is configure with account linking allowed, and linking set to existing email
+  // Given user with email address [email protected] exists
+  // User is automatically redirected to Apple
+  // User authenticates in Apple with [email protected]
+  // User is redirect to ZITADEL login
+  // User is linked with existing user in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Apple IDP, no user linked, linking not possible", async ({ page }) => {
+  // Given idp Apple is configure on the organization as only authencation method
+  // Given idp Apple is configure with manually account linking  not allowed, and linking set to existing email
+  // Given user with email address [email protected] doesn't exists
+  // User is automatically redirected to Apple
+  // User authenticates in Apple with [email protected]
+  // User is redirect to ZITADEL login
+  // User with email address [email protected] can not be found
+  // User will get an error message that account linking wasn't possible
+});
+
+test("login with Apple IDP, no user linked, user link successful", async ({ page }) => {
+  // Given idp Apple is configure on the organization as only authencation method
+  // Given idp Apple is configure with manually account linking allowed, and linking set to existing email
+  // Given user with email address [email protected] doesn't exists
+  // User is automatically redirected to Apple
+  // User authenticates in Apple with [email protected]
+  // User is redirect to ZITADEL login
+  // User with email address [email protected] can not be found
+  // User is prompted to link the account manually
+  // User is redirected to the app (default redirect url)
+});
diff --git a/acceptance/tests/idp-generic-jwt.spec.ts b/acceptance/tests/idp-generic-jwt.spec.ts
@@ -0,0 +1,91 @@
+import test from "@playwright/test";
+
+test("login with Generic JWT IDP", async ({ page }) => {
+  // Given a Generic JWT IDP is configured on the organization
+  // Given the user has Generic JWT IDP added as auth method
+  // User authenticates with the Generic JWT IDP
+  // User is redirected back to login
+  // User is redirected to the app
+});
+
+test("login with Generic JWT IDP - error", async ({ page }) => {
+  // Given the Generic JWT IDP is configured on the organization
+  // Given the user has Generic JWT IDP added as auth method
+  // User is redirected to the Generic JWT IDP
+  // User authenticates with the Generic JWT IDP and gets an error
+  // User is redirected back to login
+  // An error is shown to the user "Something went wrong"
+});
+
+test("login with Generic JWT IDP, no user existing - auto register", async ({ page }) => {
+  // Given idp Generic JWT is configure on the organization as only authencation method
+  // Given idp Generic JWT is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Generic JWT
+  // User authenticates in Generic JWT
+  // User is redirect to ZITADEL login
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Generic JWT IDP, no user existing - auto register not possible", async ({ page }) => {
+  // Given idp Generic JWT is configure on the organization as only authencation method
+  // Given idp Generic JWT is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Generic JWT
+  // User authenticates in Generic JWT
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // User will see the registration page with pre filled user information
+  // User fills missing information
+  // User clicks register button
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Generic JWT IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({
+  page,
+}) => {
+  // Given idp Generic JWT is configure on the organization as only authencation method
+  // Given idp Generic JWT is configure with account creation not allowed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Generic JWT
+  // User authenticates in Generic JWT
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // Error message is shown, that registration of the user was not possible due to missing information
+});
+
+test("login with Generic JWT IDP, no user linked - auto link", async ({ page }) => {
+  // Given idp Generic JWT is configure on the organization as only authencation method
+  // Given idp Generic JWT is configure with account linking allowed, and linking set to existing email
+  // Given user with email address [email protected] exists
+  // User is automatically redirected to Generic JWT
+  // User authenticates in Generic JWT with [email protected]
+  // User is redirect to ZITADEL login
+  // User is linked with existing user in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Generic JWT IDP, no user linked, linking not possible", async ({ page }) => {
+  // Given idp Generic JWT is configure on the organization as only authencation method
+  // Given idp Generic JWT is configure with manually account linking  not allowed, and linking set to existing email
+  // Given user with email address [email protected] doesn't exists
+  // User is automatically redirected to Generic JWT
+  // User authenticates in Generic JWT with [email protected]
+  // User is redirect to ZITADEL login
+  // User with email address [email protected] can not be found
+  // User will get an error message that account linking wasn't possible
+});
+
+test("login with Generic JWT IDP, no user linked, linking successful", async ({ page }) => {
+  // Given idp Generic JWT is configure on the organization as only authencation method
+  // Given idp Generic JWT is configure with manually account linking allowed, and linking set to existing email
+  // Given user with email address [email protected] doesn't exists
+  // User is automatically redirected to Generic JWT
+  // User authenticates in Generic JWT with [email protected]
+  // User is redirect to ZITADEL login
+  // User with email address [email protected] can not be found
+  // User is prompted to link the account manually
+  // User is redirected to the app (default redirect url)
+});
diff --git a/acceptance/tests/idp-generic-oauth.spec.ts b/acceptance/tests/idp-generic-oauth.spec.ts
@@ -0,0 +1,91 @@
+import test from "@playwright/test";
+
+test("login with Generic OAuth IDP", async ({ page }) => {
+  // Given a Generic OAuth IDP is configured on the organization
+  // Given the user has Generic OAuth IDP added as auth method
+  // User authenticates with the Generic OAuth IDP
+  // User is redirected back to login
+  // User is redirected to the app
+});
+
+test("login with Generic OAuth IDP - error", async ({ page }) => {
+  // Given the Generic OAuth IDP is configured on the organization
+  // Given the user has Generic OAuth IDP added as auth method
+  // User is redirected to the Generic OAuth IDP
+  // User authenticates with the Generic OAuth IDP and gets an error
+  // User is redirected back to login
+  // An error is shown to the user "Something went wrong"
+});
+
+test("login with Generic OAuth IDP, no user existing - auto register", async ({ page }) => {
+  // Given idp Generic OAuth is configure on the organization as only authencation method
+  // Given idp Generic OAuth is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Generic OAuth
+  // User authenticates in Generic OAuth
+  // User is redirect to ZITADEL login
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Generic OAuth IDP, no user existing - auto register not possible", async ({ page }) => {
+  // Given idp Generic OAuth is configure on the organization as only authencation method
+  // Given idp Generic OAuth is configure with account creation alloweed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Generic OAuth
+  // User authenticates in Generic OAuth
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // User will see the registration page with pre filled user information
+  // User fills missing information
+  // User clicks register button
+  // User is created in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Generic OAuth IDP, no user existing - auto register enabled - manual creation disabled, creation not possible", async ({
+  page,
+}) => {
+  // Given idp Generic OAuth is configure on the organization as only authencation method
+  // Given idp Generic OAuth is configure with account creation not allowed, and automatic creation enabled
+  // Given no user exists yet
+  // User is automatically redirected to Generic OAuth
+  // User authenticates in Generic OAuth
+  // User is redirect to ZITADEL login
+  // Because of missing informaiton on the user auto creation is not possible
+  // Error message is shown, that registration of the user was not possible due to missing information
+});
+
+test("login with Generic OAuth IDP, no user linked - auto link", async ({ page }) => {
+  // Given idp Generic OAuth is configure on the organization as only authencation method
+  // Given idp Generic OAuth is configure with account linking allowed, and linking set to existing email
+  // Given user with email address [email protected] exists
+  // User is automatically redirected to Generic OAuth
+  // User authenticates in Generic OAuth with [email protected]
+  // User is redirect to ZITADEL login
+  // User is linked with existing user in ZITADEL
+  // User is redirected to the app (default redirect url)
+});
+
+test("login with Generic OAuth IDP, no user linked, linking not possible", async ({ page }) => {
+  // Given idp Generic OAuth is configure on the organization as only authencation method
+  // Given idp Generic OAuth is configure with manually account linking  not allowed, and linking set to existing email
+  // Given user with email address [email protected] doesn't exists
+  // User is automatically redirected to Generic OAuth
+  // User authenticates in Generic OAuth with [email protected]
+  // User is redirect to ZITADEL login
+  // User with email address [email protected] can not be found
+  // User will get an error message that account linking wasn't possible
+});
+
+test("login with Generic OAuth IDP, no user linked, linking successful", async ({ page }) => {
+  // Given idp Generic OAuth is configure on the organization as only authencation method
+  // Given idp Generic OAuth is configure with manually account linking allowed, and linking set to existing email
+  // Given user with email address [email protected] doesn't exists
+  // User is automatically redirected to Generic OAuth
+  // User authenticates in Generic OAuth with [email protected]
+  // User is redirect to ZITADEL login
+  // User with email address [email protected] can not be found
+  // User is prompted to link the account manually
+  // User is redirected to the app (default redirect url)
+});