赛普拉斯的Azure OAuth:无限循环

时间:2020-11-05 19:46:46

标签: javascript oauth azure-active-directory cypress ui-testing

尝试设置赛普拉斯以测试针对Azure AD使用OAuth的应用程序。我的login命令的定义如下:

Cypress.Commands.add('login', () => {
    return cy.request('POST', Cypress.env('AccessTokenUrl') +
        '?grant_type=' + Cypress.env('GrantType') +
        '&client_id=' + Cypress.env('ClientId') +
        '&client_secret=' + Cypress.env('ClientSecret'))
})

这就是我在测试中所说的:

        cy.login().then(response => {
            expect(response.status).to.eq(200)
            expect(response.body).to.have.property('access_token')
            expect(response.body).to.have.property('token_type', 'Bearer')

            const {access_token, expires_in, id_token} = response.body
            cy.setCookie('access_token', access_token)
        })

        cy.visit('my-url')

验证通过。登录响应包含有效令牌。但是,ct.visit调用由于无限递归而失败,因为像&iframe-request-id=[some uuid]这样的参数会一遍又一遍地添加到login.microsoftonline.com URL中,直到最终返回HTTP Error 414. The request URL is too long.

以下是该URL的样子,其中一些信息被删节并且为了清晰起见具有一些格式:

https://login.microsoftonline.com/
    [tenant-id]/oauth2/v2.0/authorize
    ?response_type=code
    &client_id=[client-id]
    &redirect_uri=[my-url]
    &scope=openid+profile+email+https%3A%2F%2Fgraph.microsoft.com%2Fuser.read
    &iframe-request-id=1a9fdcbd-6b9e-46c8-93e3-ce0edf62b600
    &iframe-request-id=b5b5cf2b-e0a6-4d92-9e55-cf32208ab900
    &iframe-request-id=8471e17f-1d36-48f7-8419-f54e14b3b100
    &iframe-request-id=56113dad-6029-4a37-9758-5828f93f0300
    &iframe-request-id=51c06224-98f1-4b83-a8f2-84f8dfe9aa00
    &iframe-request-id=09775645-505c-42e0-ac56-1335b5a7ba00
    &iframe-request-id=5c98158b-b202-41fe-9d65-8fbfe4e46500
    &[and-so-on]

我在网络上找到了有关将Puppeteer用作Azure AD SSO任务的各种建议,但这些建议都没有达到我的目的。首先,他们试图解决实际上已经获得令牌的问题。其次,他们依靠呈现HTML表单的登录URL,而login.microsoftonline.com则不是这种情况。

您有什么建议?

更新:尝试其他解决方案时,收到一个有趣的错误。 loginMS命令:

import * as MSAL from '@azure/msal-browser'

Cypress.Commands.add('loginMS', () => {
    cy.request({
        method: 'POST',
        url: `https://login.microsoftonline.com/${Cypress.env('TenantId')}/oauth2/token`,
        form: true,
        body: {
            scope: Cypress.env('LoginScope'),
            client_id: Cypress.env('ClientId'),
            client_secret: Cypress.env('ClientSecret'),
            redirect_uri: Cypress.env('LoginRedirect'),
            grant_type: Cypress.env('GrantType'),
            username: Cypress.env('Username'),
            password: Cypress.env('Password'),
            response_type: 'code'
        }
    }).then(response => {
        console.log(response)
        window.localStorage.setItem(`msal.idtoken`, response.body.access_token);
        window.localStorage.setItem(`msal.client.info`, MSAL.clientInfo);
    })
})

错误是:

Failed to find a valid digest in the 'integrity' attribute for resource
'https://aadcdn.msauth.net/shared/1.0/content/js/OldConvergedLogin_PCore_Up8WrFIk8-TG_eqBz8MSlw2.js'
with computed SHA-256 integrity 'NxfOkHjbTYDy/EOknsK0PMOfym7iLRGY+yBShyznzx4='.
The resource has been blocked.

1 个答案:

答案 0 :(得分:0)

这实际上取决于被测应用程序如何处理请求。但我猜你用的是 adal 库。

https://mechanicalrock.github.io/2020/05/05/azure-ad-authentication-cypress.html 的帮助下,它在使用 adal v1 的 vuejs 应用程序中对我有用。

最重要的是

   localStorage.setItem("adal.token.keys", `${Cypress.config("clientId")}|`);
    localStorage.setItem(`adal.access.token.key${Cypress.config("clientId")}`, ADALToken);
    localStorage.setItem(`adal.expiration.key${Cypress.config("clientId")}`, expiresOn);
    localStorage.setItem("adal.idtoken", ADALToken);

我实际上并没有从 azure 请求令牌,而是在使用被测应用程序时复制了我看到的 F12 工具作为我的令牌。

相关问题
最新问题