From 9b267c499709472cd20d95df76b53fc6c571e797 Mon Sep 17 00:00:00 2001
From: mo khan <mo@mokhan.ca>
Date: Wed, 12 Mar 2025 16:15:20 -0600
Subject: feat: require a login before authorizing an auth grant

---
 test/e2e_test.go | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'test')

diff --git a/test/e2e_test.go b/test/e2e_test.go
index 12e28ed..b465d76 100644
--- a/test/e2e_test.go
+++ b/test/e2e_test.go
@@ -43,6 +43,7 @@ func TestAuthx(t *testing.T) {
 		}
 
 		t.Run("GET http://ui.example.com:8080/saml/new", func(t *testing.T) {
+			assert.NoError(t, page.Context().ClearCookies())
 			x.Must(page.Goto("http://ui.example.com:8080/saml/new"))
 			action := x.Must(page.Locator("#idp-form").GetAttribute("action"))
 			assert.Equal(t, "http://idp.example.com:8080/saml/new", action)
@@ -61,8 +62,15 @@ func TestAuthx(t *testing.T) {
 
 	t.Run("OIDC", func(t *testing.T) {
 		t.Run("GET http://ui.example.com:8080/oidc/new", func(t *testing.T) {
+			assert.NoError(t, page.Context().ClearCookies())
 			x.Must(page.Goto("http://ui.example.com:8080/oidc/new"))
-			assert.Contains(t, page.URL(), "http://idp.example.com:8080/oauth/authorize")
+
+			assert.Contains(t, page.URL(), "http://idp.example.com:8080/sessions/new")
+			page.Locator("#username").Fill("username1")
+			page.Locator("#password").Fill("password1")
+			assert.NoError(t, page.Locator("#login-button").Click())
+
+			assert.Contains(t, page.URL(), "http://idp.example.com:8080/oauth/authorize/continue")
 			assert.NoError(t, page.Locator("#submit-button").Click())
 
 			assert.Contains(t, page.URL(), "http://ui.example.com:8080/oauth/callback")
@@ -177,7 +185,13 @@ func TestAuthx(t *testing.T) {
 				oauth2.SetAuthURLParam("response_type", "code"),
 				oauth2.SetAuthURLParam("response_mode", "fragment"),
 			)
+			assert.NoError(t, page.Context().ClearCookies())
 			x.Must(page.Goto(authURL))
+
+			page.Locator("#username").Fill("username1")
+			page.Locator("#password").Fill("password1")
+			assert.NoError(t, page.Locator("#login-button").Click())
+
 			assert.NoError(t, page.Locator("#submit-button").Click())
 
 			uri := x.Must(url.Parse(page.URL()))
-- 
cgit v1.2.3