VSB-TUO/fix(cypress): stabilize login flow and hide Klaro consent banner in e…#1296
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
This PR aims to reduce Cypress e2e flakiness by making the login helper deterministic and preventing the Klaro consent overlay from intercepting clicks during test runs.
Changes:
- Stabilize
cy.loginViaForm()by interceptingPOST /api/authn/login, waiting for a 200 response, and asserting redirect away from/login. - Extend the pre-agreed Klaro consent cookie to include
accessibilityand inject CSS on each page load to hide the.klarobanner.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| cypress/support/e2e.ts | Updates Klaro consent cookie and injects a style rule to hide the Klaro banner on page load. |
| cypress/support/commands.ts | Makes form-based login deterministic via intercept + wait + redirect assertion, and scopes selectors to visible login form. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…on CI CI evidence (run 26398927955) shows every login-protected spec failing with: 'cy.wait() timed out waiting 30000ms for the 1st response to the route: loginRequest. No response ever occurred.' The browser-side POST /api/authn/login dispatched from the Angular login form does not receive a response within Cypress' default 30s wait on the ubuntu-latest runner, while anonymous specs (23/55) pass. Switching to cy.request() drives the login from the Cypress (Node) side directly against the backend, bypassing CORS/XSRF/SSR timing problems, and writes the resulting auth token into the same UI cookie Angular reads on bootstrap. A subsequent cy.reload() rehydrates Angular as an authenticated user and preserves the original returnUrl for specs that visit a restricted page first (e.g. /mydspace, /submit). Also addresses Copilot review feedback on the prior attempt: removes the hard cy.wait(500) and encodes the klaro-anonymous cookie via JSON.stringify + encodeURIComponent.
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
With the backend auth-chain fix (PasswordAuthentication first) the admin login no longer hangs, so the programmatic cy.request() login introduced earlier is unnecessary. That programmatic login also left specs which start on /login stranded there (the injected auth cookie did not trigger the app's away-from-login redirect), failing ~17 login-gated specs with "expected '/login' not to match". Reverting to the proven form-based login fixes those. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
These VSB/CLARIN pages render slower than Cypress' 4s default, which caused the last two failures after the login fix: - submission: the CLARIN submission form loads several controlled vocabularies before the metadata fields appear, so input#dc_title was not yet in the DOM. Wait for ds-submission-edit and give dc_title a generous timeout. After a failed deposit the metadata accordion section can collapse (ngb-accordion drops its body), so re-expand it before asserting the title field is invalid. - admin-workflow: the supervision-configured search can take a while to return on a freshly started backend; allow extra time for the first list-object to render. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The submission spec failed on `input#dc_title` even with a generous timeout because it was never a timing problem: VSB configures dc.title with input type "textarea" (upstream uses "onebox"), so the field renders as <textarea id="dc_title">, which `input#dc_title` never matches. Use the tag-agnostic id selector `#dc_title` instead. (admin-workflow, which was a genuine slow-render case, is already green from the previous timeout bump.) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…ission deposit test After fixing the title selector, the deposit test reached the CLARIN resource-license *selector* (ds-submission-section-clarin-license). That section is not part of the "Sample Collection" traditional submission form (which only includes the distribution-license section, already toggled), so those steps could never pass here. Comment them out, consistent with the other inapplicable CLARIN steps already disabled in this file. The test still covers title/date, distribution-license acceptance and file upload. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Hardens the Cypress login flow on
customer/vsb-tuoand documents the root cause of remaining red CI runs, which lives in the backend Docker image, not in this repository.Frontend changes (this PR)
cypress/support/commands.ts:cy.request('POST', '/api/authn/login')that mirrors the working pattern already used bycy.generateViewEvent(), sets thedsAuthInfocookie directly, then triggers a single reload.cy.login()and the helperloginViaForm().cypress/support/e2e.ts:authentication,preferences,acknowledgement,google-analytics,google-recaptcha,accessibility) so the banner never renders..klaroDOM via injected CSS atwindow:before:load.DSPACE-XSRF-COOKIEinbeforeEachso each test gets a fresh CSRF round-trip.These changes match the conventions used on green sibling branches (
customer/lindat,customer/zcu-*,customer/uk,customer/sav,customer/TUL).Why CI is still red on this PR — and what is not in scope
The frontend cannot make the tests green on its own because the backend image used by this branch does not respond to
POST /api/authn/loginon CI.Evidence
After the programmatic-login change, the CI screenshot for every failing spec still shows
cy.request POST http://127.0.0.1:8080/server/api/authn/loginpending until the 120 s timeout — i.e. no HTTP response at all, not a 401/403.Anonymous specs that issue the same
cy.requestPOST pattern against the same backend (e.g.homepage-statistics.cy.ts→POST /api/statistics/viewevents) pass. Only/api/authn/loginhangs.Buildworkflow history on the parentcustomer/vsb-tuobranch is failure on every run for the last several days, long before this PR existed.Diff of
.github/workflows/build.ymlbetweencustomer/vsb-tuoand every green sibling branch yields a single relevant difference:DSPACE_CI_IMAGEcustomer/lindat,customer/uk,customer/sav,customer/zcu-pub,customer/zcu-data,customer/TULdataquest/dspace:dspace-7_x-testcustomer/vsb-tuo(this branch)dataquest/dspace:customer-vsb-tuo-testConclusion
The Docker image
dataquest/dspace:customer-vsb-tuo-testhas a broken authentication endpoint (most likely an authentication method in the chain — LDAP / Shibboleth or similar — that blocks on a network connection that does not exist on the CI runner). This must be fixed in the DSpace backend repository / image build, not here.Suggested backend follow-up
Override the authentication chain on CI to password-only, either by rebuilding the image with a CI-safe
authentication.cfg, or by adding todocker/docker-compose-ci.ymlunder thedspaceserviceenvironment:block:(only after confirming the customer image honours
__P__→.env-var substitution).Validation
admin-workflow-page,submission) and not related to login or consent.