Test more login flows

[Tug]

Copying the list of cases from our internal trello board to a github issue for more visibility:

We have a lot of possible cases for login that could benefit from e2e testing:

• [x] Login with username and password
• [ ] Login with email and password
• [x] Login with email and password and 2fa sms
• [x] Login with email and password and 2fa otp
• [ ] Login with email and password and 2fa backup code
• [x] Login with email and password and 2fa push
• [x] Login with a magic link email for a normal account (/log-in/link)
• [x] Login with a magic link email for a passwordless account
• [x] Login with a magic link email for a passwordless account with 2fa sms
• [x] Login with a magic link email for a passwordless account with 2fa otp
• [ ] Login with google using the popup flow
• [ ] Login with google using the popup flow for an account with 2fa code
• [ ] Login with google using the redirect flow
• [ ] Login with google using the redirect flow for an account with 2fa code
• [ ] Login from woocommerce.com with email and password
• [ ] Login from woocommerce.com with email and password and 2fa code
• [ ] Login from woocommerce.com with a magic link email for a passwordless account
• [ ] Login from woocommerce.com with a magic link email for a passwordless account with 2fa code
• [ ] Login from woocommerce.com with google using the popup flow
• [ ] Login from woocommerce.com with google using the popup flow for an account with 2fa code
• [ ] Login from woocommerce.com with google using the redirect flow
• [ ] Login from woocommerce.com with google using the redirect flow for an account with 2fa code
• [x] Login from Jetpack connect (SSO) with email and password
• [ ] Login from Jetpack connect (SSO) with email and password and 2fa code
• [ ] Login from Jetpack connect (SSO) with a magic link email for a passwordless account
• [ ] Login from Jetpack connect (SSO) with a magic link email for a passwordless account with 2fa code
• [ ] Login page text is correctly translated in another locale than english (/log-in/fr)
• [ ] Login page text is correctly translated in the user's locale (/log-in) when user is logged in
• [ ] Login page text is correctly translated in another locale than english (/log-in/fr) when user is logged in
• [ ] Login page redirect_to external links
• [ ] Login page redirect_to internal (calypso) links
• [ ] Login page redirect_to after google connect
• [ ] Login page redirect_to after magic link
• [ ] Login page redirect_to after 2fa sms

[alisterscott]

Hi @Tug

@Automattic/flowpatrol have been having trouble with the existing tests for 2fa etc. since they use the shared accounts accessed randomly they sometimes fail due to lots of runs happening and so aren't consistent

Do you have any thoughts on this?

We have a magic login test for a new customer, so maybe we could just extend that to create a simple, single 2fa scenario that is repeatable? Something like

1. Create new free account
2. Login to new account using magic link
3. Add 2fa device
4. Login using 2fa code
5. Login via magic link (and 2fa) code

What do you think?

Thanks

[Tug]

Surely, not all 2FA tests should be run for all PRs. As you said they might fail if they're run too frequently and they're quite slow! I wonder if, much like with eslint on calypso, it would be possible to detect changes in some files related to 2FA and run those tests only in that case. Would that be a useful feature for wp-e2e-tests you think?

[alisterscott]

I wonder if, much like with eslint on calypso, it would be possible to detect changes in some files related to 2FA and run those tests only in that case. Would that be a useful feature for wp-e2e-tests you think?

Good idea, we'll plan to do this