Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[LiveComponent] Testing combining user login and actions is not working as expected #2338

Open
Nek- opened this issue Nov 4, 2024 · 5 comments
Labels

Comments

@Nek-
Copy link
Contributor

Nek- commented Nov 4, 2024

I'm testing my component, and the test looks like this:

$adminUser = AdminUserFactory::find(['email' => 'adminUserDocuments-1@dev.com']);
$repository = $this->getContainer()->get(Resource::class);

$testComponent = $this->createLiveComponent(
    name: 'MyAwesomeComponent',
    data: ['hotel' => $repository->find(1)],
);

$this->assertStringContainsString('Select a contract model', $testComponent->render());
$testComponent->set('contractModel', 2);

// askForDocument is protected and requires special rights
$testComponent->actingAs($adminUser->_real(), 'admin');

$testComponent->call('askForDocument');
// Fail! I get the error Symfony\Component\HttpKernel\Exception\BadRequestHttpException: Invalid CSRF token.

$this->assertStringContainsString('Success!', $testComponent->render());

I assume the CSRF protection emulation for tests (in the TestLiveComponent::request()) does not work as expected. It makes sense because here is what's happening under the hood:

  1. I navigate in my component (it generates the csrf token expected)
  2. I log in to be able to make the request (clears the session and hydrate with the user)
  3. I request my component again with a CSRF based on... the cleared session?

It's somehow connected to #1150

Notice: No, I cannot set the user in the first statement of the test because the session is not kept during the process, a way to fix this issue may be to keep it.

@Nek- Nek- added the Bug Bug Fix label Nov 4, 2024
@Nek- Nek- changed the title [LiveComponent] [LiveComponent] Testing combining user login and actions is not working as expected Nov 4, 2024
@Nek-
Copy link
Contributor Author

Nek- commented Nov 4, 2024

I'm getting rid of the error when adding the following configuration globally:

when@test:
    framework:
        csrf_protection: false

But I still have issues with the actingAs that do not seems to have effect :/ .

@smnandre
Copy link
Member

smnandre commented Nov 4, 2024

Same thing if you call actingAs() before any actions (render, setter, ..)?

$testComponent = $this->createLiveComponent(
    name: 'MyAwesomeComponent',
    data: ['hotel' => $repository->find(1)],
);

- $this->assertStringContainsString('Select a contract model', $testComponent->render());
- $testComponent->set('contractModel', 2);

// askForDocument is protected and requires special rights
$testComponent->actingAs($adminUser->_real(), 'admin');

+ $testComponent->render();

@Nek-
Copy link
Contributor Author

Nek- commented Nov 5, 2024

@smnandre indeed my actingAs was in the wrong place (it was not obvious because of project-related issues). No issue here.

The CSRF token generation failing is however a thing. I tried to render before my call and it still do not work (without my trick).

Also I notice the document seems to stand something wrong about CSRF being disabled in test env.

If you want this built-in CSRF protection to be effective, mind your CORS headers (e.g. DO NOT use Access-Control-Allow-Origin: *).

(In test-mode, the CSRF protection is disabled to make testing easier.)
https://symfony.com/bundles/ux-live-component/current/index.html#actions-and-csrf-protection

@smnandre
Copy link
Member

smnandre commented Nov 5, 2024

actingAs was in the wrong place

How would you rearrange the documentation to make this more explicit ?

Also I notice the document seems to stand something wrong about CSRF being disabled in test env.

Arf indeed... it will be released in the next version (mid/late november). You can test it pulling the "2.x-dev" branch if you want.

We do not have versioning for documentation so it has been deployed a bit early, sorry for that.

@Nek-
Copy link
Contributor Author

Nek- commented Nov 5, 2024

actingAs was in the wrong place

How would you rearrange the documentation to make this more explicit ?

Nothing to be done here! (except more than a class for the testing section maybe 😉 , but it's good enough yet)

Arf indeed... it will be released in the next version (mid/late november). You can test it pulling the "2.x-dev" branch if you want.

We do not have versioning for documentation so it has been deployed a bit early, sorry for that.

Okkkkkk. That explains a lot 😅 . I guess the release will fix this issue then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants