[PR #7248] Fix playwright: get the test suite back to green against bundled web-vault v2026.4.1 #26122

New Issue

Open

opened 2026-05-29 05:07:22 -05:00 by GiteaMirror · 0 comments

GiteaMirror commented 2026-05-29 05:07:22 -05:00

Owner

Copy Link

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/7248
Author: @zaid-marji
Created: 5/24/2026
Status: 🔄 Open

Base: main ← Head: playwright-helpers-fix

---

📝 Commits (8)

• c0589bb playwright: fix stale Master password selectors against bundled web vault
• c02ced4 playwright: fix TOTP setup flow against bundled web vault
• f30847d playwright: serve the test Vaultwarden over HTTPS
• a3fb027 gitignore: catch stray playwright artifacts at the repo root
• 9186ec2 playwright: fix stale org-nav selectors against bundled web vault
• 0c009d6 playwright: fix invitation-accepted toast text + SSO existing-account redirect
• ad582b4 playwright: centralize web-vault selectors into shared setup helpers
• 88ab514 playwright: centralize 2FA challenge handling

📊 Changes

17 files changed (+241 additions, -122 deletions)

View changed files

📝 .gitignore (+6 -0)
📝 playwright/.env.template (+2 -1)
📝 playwright/compose/warden/Dockerfile (+12 -0)
📝 playwright/global-utils.ts (+1 -1)
📝 playwright/playwright.config.ts (+1 -0)
📝 playwright/test.env (+2 -1)
📝 playwright/tests/login.smtp.spec.ts (+5 -16)
📝 playwright/tests/login.spec.ts (+2 -17)
📝 playwright/tests/organization.smtp.spec.ts (+6 -7)
📝 playwright/tests/setups/2fa.ts (+96 -38)
📝 playwright/tests/setups/orgs.ts (+14 -6)
📝 playwright/tests/setups/sso.ts (+7 -25)
📝 playwright/tests/setups/user.ts (+78 -4)
📝 playwright/tests/sso_login.smtp.spec.ts (+1 -1)
📝 playwright/tests/sso_login.spec.ts (+1 -1)
📝 playwright/tests/sso_organization.smtp.spec.ts (+6 -3)
📝 playwright/tests/sso_organization.spec.ts (+1 -1)

📄 Description

Summary

The bundled web vault (v2026.4.1 per docker/DockerSettings.yaml) refuses
the playwright suite's interactions for several compounding reasons: stale
label selectors, stale org-nav selectors, a renamed invitation-acceptance
toast, an SSO existing-account flow that no longer auto-redirects to the
IdP, and the web vault refusing plain HTTP. login.spec.ts and every spec
calling createAccount / logUser / activateTOTP / orgs.* /
*.smtp.spec.ts org-invite flows fails before doing anything useful. This
PR restores the suite to green against the current bundled vault, and along
the way centralises the selectors and 2FA-challenge flow so the next
web-vault bump has one place to update.

Eight commits, each with a single concern (commit bodies have the full
motivation):

• fix stale Master password selectors — the input lost its
  (required) suffix. Switch to getByLabel('Master password') and anchor
  the ambiguous new/confirm fields by formcontrolname.
• fix TOTP setup flow — Continue race with Angular updateOn: 'blur'
  (submit via Enter), Key selector ambiguous with Yubico SVG aria-label
  (anchor { exact: true }), Close button transiently disabled during the
  success-dialog transition (drop the click; dialog auto-closes).
• serve the test Vaultwarden over HTTPS — the web vault refuses
  registration over HTTP. Self-signed cert generated in the test image,
  ROCKET_TLS pointed at it, DOMAIN switched to https://,
  ignoreHTTPSErrors: true set on every playwright context.
• gitignore: catch stray playwright artifacts at the repo root —
  adds test-results/ and playwright-report/ to root .gitignore.
• fix stale org-nav selectors — product-switch nav links and the
  in-org "Members" entry are icon-only; switch to
  getByRole('link', { name: '…' }) and force-click past the hover
  tooltip that intercepts the click.
• fix invitation-accepted toast text + SSO existing-account redirect
  — toast is now "Successfully accepted your invitation"; the SSO
  invited-with-existing-account flow no longer auto-redirects to Keycloak
  (explicit "Use single sign-on" click required).
• centralize web-vault selectors into shared setup helpers — extracts
  the avatar menu, registration MP-fill, user-verification gate, and the
  TOTP/email enrol+disable flow into shared helpers in setups/. Future
  web-vault selector changes only have to be updated in one place.
• centralize 2FA challenge handling — submitTwoFactor(test, page, twoFactor) with a TwoFactor discriminated union (totp / mail2fa /
  fido2) drives the /#/2fa page from setups/2fa.ts. Both logUser
  variants (MP and SSO) gain a twoFactor?: TwoFactor option that delegates
  to it; the four inline 2FA submission blocks across login.spec.ts,
  login.smtp.spec.ts, sso_login.spec.ts, and sso_login.smtp.spec.ts
  collapse to one line each.

Test plan

Verified against bundled web-vault v2026.4.1 over the full
parallel-projects docker suite (sqlite + mariadb + mysql + postgres + four
SSO variants, 140 tests, 129 pass). Every previously-broken
master-password / TOTP / org-nav / invite-toast / HTTPS path now passes on
every DB backend.

The remaining failures are unrelated to this branch's scope: PBKDF2-key-
derivation timing flakes under the saturated parallel-projects suite (the
same tests pass on sibling DB projects under identical code).

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/7248 **Author:** [@zaid-marji](https://github.com/zaid-marji) **Created:** 5/24/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `playwright-helpers-fix` --- ### 📝 Commits (8) - [`c0589bb`](https://github.com/dani-garcia/vaultwarden/commit/c0589bbd749b3e7dcdf47e50c253c94968426ee6) playwright: fix stale Master password selectors against bundled web vault - [`c02ced4`](https://github.com/dani-garcia/vaultwarden/commit/c02ced432dc5feabc0ba7078390a5664a08910e0) playwright: fix TOTP setup flow against bundled web vault - [`f30847d`](https://github.com/dani-garcia/vaultwarden/commit/f30847d15e4b86671829ffd3ece180e18414772f) playwright: serve the test Vaultwarden over HTTPS - [`a3fb027`](https://github.com/dani-garcia/vaultwarden/commit/a3fb02776dd1b12108869df7dd6141b1c07c930a) gitignore: catch stray playwright artifacts at the repo root - [`9186ec2`](https://github.com/dani-garcia/vaultwarden/commit/9186ec245b0127e314c2ffcc1ff790fda79804f2) playwright: fix stale org-nav selectors against bundled web vault - [`0c009d6`](https://github.com/dani-garcia/vaultwarden/commit/0c009d679d8a61ecfa47f142511037d02711a803) playwright: fix invitation-accepted toast text + SSO existing-account redirect - [`ad582b4`](https://github.com/dani-garcia/vaultwarden/commit/ad582b460acaaa3199ad3b3f6189c7a90c139cd9) playwright: centralize web-vault selectors into shared setup helpers - [`88ab514`](https://github.com/dani-garcia/vaultwarden/commit/88ab51443a4f84b6d239263f78663c9648d6b97e) playwright: centralize 2FA challenge handling ### 📊 Changes **17 files changed** (+241 additions, -122 deletions) <details> <summary>View changed files</summary> 📝 `.gitignore` (+6 -0) 📝 `playwright/.env.template` (+2 -1) 📝 `playwright/compose/warden/Dockerfile` (+12 -0) 📝 `playwright/global-utils.ts` (+1 -1) 📝 `playwright/playwright.config.ts` (+1 -0) 📝 `playwright/test.env` (+2 -1) 📝 `playwright/tests/login.smtp.spec.ts` (+5 -16) 📝 `playwright/tests/login.spec.ts` (+2 -17) 📝 `playwright/tests/organization.smtp.spec.ts` (+6 -7) 📝 `playwright/tests/setups/2fa.ts` (+96 -38) 📝 `playwright/tests/setups/orgs.ts` (+14 -6) 📝 `playwright/tests/setups/sso.ts` (+7 -25) 📝 `playwright/tests/setups/user.ts` (+78 -4) 📝 `playwright/tests/sso_login.smtp.spec.ts` (+1 -1) 📝 `playwright/tests/sso_login.spec.ts` (+1 -1) 📝 `playwright/tests/sso_organization.smtp.spec.ts` (+6 -3) 📝 `playwright/tests/sso_organization.spec.ts` (+1 -1) </details> ### 📄 Description ## Summary The bundled web vault (`v2026.4.1` per `docker/DockerSettings.yaml`) refuses the playwright suite's interactions for several compounding reasons: stale label selectors, stale org-nav selectors, a renamed invitation-acceptance toast, an SSO existing-account flow that no longer auto-redirects to the IdP, and the web vault refusing plain HTTP. `login.spec.ts` and every spec calling `createAccount` / `logUser` / `activateTOTP` / `orgs.*` / `*.smtp.spec.ts` org-invite flows fails before doing anything useful. This PR restores the suite to green against the current bundled vault, and along the way centralises the selectors and 2FA-challenge flow so the next web-vault bump has one place to update. Eight commits, each with a single concern (commit bodies have the full motivation): - **`fix stale Master password selectors`** — the input lost its `(required)` suffix. Switch to `getByLabel('Master password')` and anchor the ambiguous new/confirm fields by `formcontrolname`. - **`fix TOTP setup flow`** — Continue race with Angular `updateOn: 'blur'` (submit via `Enter`), Key selector ambiguous with Yubico SVG aria-label (anchor `{ exact: true }`), Close button transiently disabled during the success-dialog transition (drop the click; dialog auto-closes). - **`serve the test Vaultwarden over HTTPS`** — the web vault refuses registration over HTTP. Self-signed cert generated in the test image, `ROCKET_TLS` pointed at it, `DOMAIN` switched to `https://`, `ignoreHTTPSErrors: true` set on every playwright context. - **`gitignore: catch stray playwright artifacts at the repo root`** — adds `test-results/` and `playwright-report/` to root `.gitignore`. - **`fix stale org-nav selectors`** — product-switch nav links and the in-org "Members" entry are icon-only; switch to `getByRole('link', { name: '…' })` and force-click past the hover tooltip that intercepts the click. - **`fix invitation-accepted toast text + SSO existing-account redirect`** — toast is now `"Successfully accepted your invitation"`; the SSO invited-with-existing-account flow no longer auto-redirects to Keycloak (explicit "Use single sign-on" click required). - **`centralize web-vault selectors into shared setup helpers`** — extracts the avatar menu, registration MP-fill, user-verification gate, and the TOTP/email enrol+disable flow into shared helpers in `setups/`. Future web-vault selector changes only have to be updated in one place. - **`centralize 2FA challenge handling`** — `submitTwoFactor(test, page, twoFactor)` with a `TwoFactor` discriminated union (`totp` / `mail2fa` / `fido2`) drives the `/#/2fa` page from `setups/2fa.ts`. Both `logUser` variants (MP and SSO) gain a `twoFactor?: TwoFactor` option that delegates to it; the four inline 2FA submission blocks across `login.spec.ts`, `login.smtp.spec.ts`, `sso_login.spec.ts`, and `sso_login.smtp.spec.ts` collapse to one line each. ## Test plan Verified against bundled web-vault `v2026.4.1` over the full parallel-projects docker suite (sqlite + mariadb + mysql + postgres + four SSO variants, **140 tests**, **129 pass**). Every previously-broken master-password / TOTP / org-nav / invite-toast / HTTPS path now passes on every DB backend. The remaining failures are unrelated to this branch's scope: PBKDF2-key- derivation timing flakes under the saturated parallel-projects suite (the same tests pass on sibling DB projects under identical code). --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

GiteaMirror added the pull-request label 2026-05-29 05:07:22 -05:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.36.0

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

wontfix

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#26122