search

gigascience / gigadb-website

Source code for running GigaDB
http://gigadb.org
GNU General Public License v3.0
9 stars 14 forks source link

Problem with affiliate sign in Behat tests #408

Open pli888 opened 4 years ago

pli888 commented 4 years ago

The Google affiliate sign in Behat test is broken when using the testerbotunleashed919468 sign in credentials. Here is the error output:

Running acceptance tests
+ [[ dev == \d\e\v ]]
+ bin/behat --tags @wip -v --stop-on-failure
@login @affiliate-login @issue-64 @ok-docker
Feature: sign in into the gigadb website with my social media credentials
  AS an author,
  I WANT TO sign in to the gigadb website with my social media credentials
  SO THAT I can upload and manage the datasets for my papers

  Background:                            # features/affiliate-login.feature:7
    Given test users are loaded          # AffiliateLoginContext::testUsersAreLoaded()
    And Gigadb has a "Facebook" API keys # AffiliateLoginContext::gigadbHasAApiKeys()
    And Gigadb has a "Google" API keys   # AffiliateLoginContext::gigadbHasAApiKeys()
    And Gigadb has a "Twitter" API keys  # AffiliateLoginContext::gigadbHasAApiKeys()
    And Gigadb has a "LinkedIn" API keys # AffiliateLoginContext::gigadbHasAApiKeys()
    And Gigadb has a "Orcid" API keys    # AffiliateLoginContext::gigadbHasAApiKeys()

  ┌─ @BeforeScenario @login # AffiliateLoginContext::initialize_session()
  │
  │  Terminating DB Backend... Removing Created Users... Restarting php container for deployment project...
  │  
  │
  @ok @javascript @google @done @wip
  Scenario: I sign in with Google with no existing Gigadb account   # features/affiliate-login.feature:29
    Given I have a "Google" account                                 # AffiliateLoginContext::iHaveAAccount()
    But I don't have a Gigadb account for my "Google" account email # AffiliateLoginContext::iDonTHaveAGigadbAccountForMyAccountEmail()
    When I am on "/site/login"                                      # Behat\MinkExtension\Context\MinkContext::visit()
    And I click on the "Google" button                              # AffiliateLoginContext::iClickOnTheButton()
    And I sign in to "Google"                                       # AffiliateLoginContext::iSignInTo()
    And I authorise gigadb for "Google"                             # AffiliateLoginContext::iAuthoriseGigadbFor()
    Then I'm logged in into the Gigadb web site                     # AffiliateLoginContext::iMLoggedInIntoTheGigadbWebSite()
      The text "GigaDB Page" was not found anywhere in the text of the current page. (Behat\Mink\Exception\ResponseTextException)
    │
    │  https://accounts.google.com/signin/challenge/ipp/4?continue=https%3A%2F%2Faccounts.google.com%2Fsignin%2Foauth%2Flegacy%2Fconsent%3Fauthuser%3D0%26part%3DAJi8hANrvXD-oZ6CBwS-hoJ0W1qCewdywYbOYSa9lg0AwUXm3CwssQbW7M2rfVSOHcERb7w-a_hpXOQ411eSan5431kTGV2aBMU5m47zE3HVUdBtGCdEZee5MoFkquu0lHV7VXhtd0JxZtJYIg2fl19Gw2nCuCHNlrwjZUIIsahMliGwX8sn5HFGYhTxDaIfx532AJKtpRW-EvecM4Vubr44mtczVAy5QqMlkbKS8NHB958WiRmEc0QZe5jNRHvyE-qGg94tQPdQ_b4HQHaaLBrvKywotlxCgb8kEPnUInHVqZMviAvCW0ZoC5SrWzP6sw7xFV2-7mGuQ9Z-biRa1i7k_VeDSMlxSsBPpYeqe_-Uk6PPE3JciRVxmPOLwoe1cX5-vTT25Qv7MRJ3iVaCCExN6cWX5liWo0cIBwbjPqP0tiWHO5L5JsY%26as%3D1WVqrsNbmXBVceCwAzhQ3w&rart=ANgoxccZVaOmMjjrrd6iLmK9_N26e1EL-nXrl7sHOmpYwHtRy3Osmi7JG9NAC7l3Tf5-hFdWonesPMfDTq2g6T1PDozNHhtbFQ&TL=AMV8YcRY78KEpeeXPL0ANKX1fa3Sr8KePI8i_Fa7Vg5FLe432j2NGaWfIUhU7qB6 
    │
    └─ @AfterStep # GigadbWebsiteContext::debugStep()
    And a new Gigadb account is created with my "Google" details    # AffiliateLoginContext::aNewGigadbAccountIsCreatedWithMyDetails()

--- Failed scenarios:

    features/affiliate-login.feature:29

1 scenario (1 failed)
14 steps (12 passed, 1 failed, 1 skipped)
0m33.93s (17.34Mb)

If the credentials from another Google account is used then the test passes:

+ bin/behat --tags @wip -v --stop-on-failure
@login @affiliate-login @issue-64 @ok-docker
Feature: sign in into the gigadb website with my social media credentials
  AS an author,
  I WANT TO sign in to the gigadb website with my social media credentials
  SO THAT I can upload and manage the datasets for my papers

  Background:                            # features/affiliate-login.feature:7
    Given test users are loaded          # AffiliateLoginContext::testUsersAreLoaded()
    And Gigadb has a "Facebook" API keys # AffiliateLoginContext::gigadbHasAApiKeys()
    And Gigadb has a "Google" API keys   # AffiliateLoginContext::gigadbHasAApiKeys()
    And Gigadb has a "Twitter" API keys  # AffiliateLoginContext::gigadbHasAApiKeys()
    And Gigadb has a "LinkedIn" API keys # AffiliateLoginContext::gigadbHasAApiKeys()
    And Gigadb has a "Orcid" API keys    # AffiliateLoginContext::gigadbHasAApiKeys()

  ┌─ @BeforeScenario @login # AffiliateLoginContext::initialize_session()
  │
  │  Terminating DB Backend... Removing Created Users... Restarting php container for deployment project...
  │  
  │
  @ok @javascript @google @done @wip
  Scenario: I sign in with Google with no existing Gigadb account   # features/affiliate-login.feature:29
    Given I have a "Google" account                                 # AffiliateLoginContext::iHaveAAccount()
    But I don't have a Gigadb account for my "Google" account email # AffiliateLoginContext::iDonTHaveAGigadbAccountForMyAccountEmail()
    When I am on "/site/login"                                      # Behat\MinkExtension\Context\MinkContext::visit()
    And I click on the "Google" button                              # AffiliateLoginContext::iClickOnTheButton()
    And I sign in to "Google"                                       # AffiliateLoginContext::iSignInTo()
    And I authorise gigadb for "Google"                             # AffiliateLoginContext::iAuthoriseGigadbFor()
    Then I'm logged in into the Gigadb web site                     # AffiliateLoginContext::iMLoggedInIntoTheGigadbWebSite()
    And a new Gigadb account is created with my "Google" details    # AffiliateLoginContext::aNewGigadbAccountIsCreatedWithMyDetails()

1 scenario (1 passed)
14 steps (14 passed)
0m24.98s (17.28Mb)

@rija Looks like the testerbotunleashed919468 account needs to undergo some verification process with Google?

pli888 commented 4 years ago

There seems to be a similar problem using the Twitter sign in functionality with the testerbot_unleashed919468 account:

@ok @twitter @done @first-non-js @wip
  Scenario: I sign in with Twitter with no existing Gigadb account   # features/affiliate-login.feature:40
    Given I have a "Twitter" account                                 # AffiliateLoginContext::iHaveAAccount()
    But I don't have a Gigadb account for my "Twitter" account email # AffiliateLoginContext::iDonTHaveAGigadbAccountForMyAccountEmail()
    When I am on "/site/login"                                       # Behat\MinkExtension\Context\MinkContext::visit()
    And I click on the "Twitter" button                              # AffiliateLoginContext::iClickOnTheButton()
    And I sign in to "Twitter"                                       # AffiliateLoginContext::iSignInTo()
    And I authorise gigadb for "Twitter"                             # AffiliateLoginContext::iAuthoriseGigadbFor()
      Link with id|title|alt|text "click here to continue" not found. (Behat\Mink\Exception\ElementNotFoundException)
    │
    │  https://twitter.com/account/login_challenge?platform=web&enc_user_id=AAAAEIAazsIUXyvlXdra2cT9rzA_UGonAZLZ3HJBKjDG3K8nHj_qghhTYCG_0v32kPbLjPhyNg&challenge_type=RetypePhoneNumber&challenge_id=m1gYttLz47i00FaMdWg3Ei0SRKJjKX4kAY%252BA&remember_me=false&redirect_after_login_verification=https%3A%2F%2Fapi.twitter.com%2Foauth%2Fauthenticate%3Foauth_token%3DKucE1AAAAAAA3i8sAAABcRAnvEY
    │
    └─ @AfterStep # GigadbWebsiteContext::debugStep()
    Then I'm logged in into the Gigadb web site                      # AffiliateLoginContext::iMLoggedInIntoTheGigadbWebSite()
    And a new Gigadb account is created with my "Twitter" details    # AffiliateLoginContext::aNewGigadbAccountIsCreatedWithMyDetails()

--- Failed scenarios:

    features/affiliate-login.feature:40

1 scenario (1 failed)
14 steps (11 passed, 1 failed, 2 skipped)
0m18.21s (17.98Mb)

Using another Twitter account allows this Behat test to pass. The problem might because the testerbot_unleashed919468 account needs to undergo some Twitter re-verification process.

pli888 commented 4 years ago

There's also a problem with sign in using LinkedIn:

Running acceptance tests
+ [[ dev == \d\e\v ]]
+ bin/behat --tags '@ok&&~@facebook&&@wip' -v --stop-on-failure
@login @affiliate-login @issue-64 @ok-docker
Feature: sign in into the gigadb website with my social media credentials
  AS an author,
  I WANT TO sign in to the gigadb website with my social media credentials
  SO THAT I can upload and manage the datasets for my papers

  Background:                            # features/affiliate-login.feature:7
    Given test users are loaded          # AffiliateLoginContext::testUsersAreLoaded()
    And Gigadb has a "Facebook" API keys # AffiliateLoginContext::gigadbHasAApiKeys()
    And Gigadb has a "Google" API keys   # AffiliateLoginContext::gigadbHasAApiKeys()
    And Gigadb has a "Twitter" API keys  # AffiliateLoginContext::gigadbHasAApiKeys()
    And Gigadb has a "LinkedIn" API keys # AffiliateLoginContext::gigadbHasAApiKeys()
    And Gigadb has a "Orcid" API keys    # AffiliateLoginContext::gigadbHasAApiKeys()

  ┌─ @BeforeScenario @login # AffiliateLoginContext::initialize_session()
  │
  │  Terminating DB Backend... Removing Created Users... Restarting php container for deployment project...
  │  
  │
  @ok @linkedin @javascript @done @wip
  Scenario: I sign in with LinkedIn with no existing Gigadb account   # features/affiliate-login.feature:51
    Given I have a "LinkedIn" account                                 # AffiliateLoginContext::iHaveAAccount()
    But I don't have a Gigadb account for my "LinkedIn" account email # AffiliateLoginContext::iDonTHaveAGigadbAccountForMyAccountEmail()
    When I am on "/site/login"                                        # Behat\MinkExtension\Context\MinkContext::visit()
    And I click on the "LinkedIn" button                              # AffiliateLoginContext::iClickOnTheButton()
    And I sign in to "LinkedIn"                                       # AffiliateLoginContext::iSignInTo()
      Form field with id|name|label|value|placeholder "session_key" not found. (Behat\Mink\Exception\ElementNotFoundException)
    │
    │  http://gigadb.dev/
    │
    └─ @AfterStep # GigadbWebsiteContext::debugStep()
    And I authorise gigadb for "LinkedIn"                             # AffiliateLoginContext::iAuthoriseGigadbFor()
    Then I'm logged in into the Gigadb web site                       # AffiliateLoginContext::iMLoggedInIntoTheGigadbWebSite()
    And a new Gigadb account is created with my "LinkedIn" details    # AffiliateLoginContext::aNewGigadbAccountIsCreatedWithMyDetails()

--- Failed scenarios:

    features/affiliate-login.feature:51

1 scenario (1 failed)
14 steps (10 passed, 1 failed, 3 skipped)
0m15.48s (17.20Mb)

I wonder if this problem is caused by a move from version 1 of the LinkedIn API to version 2.

pli888 commented 4 years ago

I wonder if this problem is caused by a move from version 1 of the LinkedIn API to version 2.

The broken LinkedIn acceptance test seems to be caused by the fact that this affiliate sign in functionality was using v1 of the LinkedIn API which has been deprecated since May 2019 and can have issues if still used.

The solution is to move to LinkedIn v2 API. The PHP package opauth/linkedin will need to be upgraded from 0.2.0 to 0.3.0 with the latter version being able to handle LinkedIn v2 API.

rija commented 4 years ago

Hi @pli888

The automated testing at integration and acceptance level of affiliate signin with social media services in general but particularly with Google is very hard to do and breaks easily because social media services actively deter and sabotage automation of their sign in process as counter-measure to hacking and account-hijacking.

Facebook and LinkedIn allow setting up test accounts, but we can't do that with Google and Twitter.

Also the latter two need manual authentication first (and from time to time if the service thinks there's fraud like when developer from different countries running the tests) from the same computer intended to run the automation, which you cannot do if you are on CI (that's why affiliate-login tests are not run on CI) or if you don't have access ot the email account used (seems like what happened to you with Twitter).

Additional problem is that Google (and LinkedIn IIRC) adapt their interface to the language of the geo location of the person connecting. So tests need to find form element whatever language of the interface when developers are scattered around the world.

Last problem is the fact that the oauth library (opauth) used in Gigadb website is old and barely maintained.

Going forward, this is I think how we should approach this:

Alternative to the first point is to let each developer use their own social media account, but that doesn't work for running these tests on CI.

only1chunts commented 4 years ago

This all sounds very time-consuming. Given the very small numbers of users expected to use these affiliate log-in options, is there a simpler quicker fix that will allow you to work on the many other tasks that have a bigger impact? Perhaps just comment out the troublesome options and allow only linkedin and facebook if they work?

pli888 commented 4 years ago

Given the very small numbers of users expected to use these affiliate log-in options, is there a simpler quicker fix that will allow you to work on the many other tasks that have a bigger impact? Perhaps just comment out the troublesome options and allow only linkedin and facebook if they work?

@only1chunts I believe @rija is describing some work to be done in the future. I have already created a pull request #447 that provides a fix for the LinkedIn affiliate sign in functionality and its acceptance test for the time being, .

pli888 commented 4 years ago

Any acceptance test checking the functionality of the ORCID affiliate sign on will fail because the ORCID sign in button on the /site/login page has been commented out by Jesse:

@ok @orcid @javascript @done @wip
  Scenario: I sign in with ORCID with no existing Gigadb account   # features/affiliate-login.feature:62
    Given I have a "Orcid" account                                 # AffiliateLoginContext::iHaveAAccount()
    But I don't have a Gigadb account for my "Orcid" account email # AffiliateLoginContext::iDonTHaveAGigadbAccountForMyAccountEmail()
    When I am on "/site/login"                                     # Behat\MinkExtension\Context\MinkContext::visit()
    And I click on the "ORCID" button                              # AffiliateLoginContext::iClickOnTheButton()
      Link with id|title|alt|text "ORCID" not found. (Behat\Mink\Exception\ElementNotFoundException)
    │
    │  http://gigadb.dev/site/login
    │
    └─ @AfterStep # GigadbWebsiteContext::debugStep()
    And I sign in to "Orcid"                                       # AffiliateLoginContext::iSignInTo()
    And I authorise gigadb for "Orcid"                             # AffiliateLoginContext::iAuthoriseGigadbFor()
    Then I'm logged in into the Gigadb web site                    # AffiliateLoginContext::iMLoggedInIntoTheGigadbWebSite()
    And a new Gigadb account is created with my "Orcid" details    # AffiliateLoginContext::aNewGigadbAccountIsCreatedWithMyDetails()

--- Failed scenarios:

    features/affiliate-login.feature:62

1 scenario (1 failed)

The reason why ORCID login has been disabled is because extra coding is required to retrieve the user's email address from the ORCID API to be stored in the GigaDB - see #64. N.B. our paid membership of ORCID allows us to retrieve email addresses now.

Since all ORCID acceptance tests are failing because the ORCID sign in button has been commented out, they will not be executed.