cypress icon indicating copy to clipboard operation
cypress copied to clipboard

Published 20 hours ago verified publisher icon cypress-io

10.11.0 and upwards versions break support for oauth flow with Spotify

Open hanna-becker opened this issue 2 years ago • 6 comments

Current behavior

We reported this bug before for version 10.3.0 and were thankful that it got quickly fixed in version 10.3.1. See this issue: https://github.com/cypress-io/cypress/issues/22674

Unfortunately, it reappears with the exact same symptoms when we upgrade from 10.10.0 to 10.11.0 or the latest version 12.3.0.

Desired behavior

This worked before.

Test code to reproduce

See previous issue: https://github.com/cypress-io/cypress/issues/22674

Cypress Version

10.11.0, 12.3.0

Node version

v16.18.1

Operating System

Ubuntu 22.04

Debug Logs

No response

Other

No response

hanna-becker avatar Jan 13 '23 11:01 hanna-becker

I (re)confirmed this fails in 12.3.0 with the following:

  it('logs in with spotify', () => {
    cy.origin('accounts.spotify.com', () => {
      cy.visit('https://accounts.spotify.com/en/login')
      cy.get('input#login-username').click().type(Cypress.env('spotify-username'))
      cy.get('input#login-password').click().type(Cypress.env('spotify-password'))
      cy.get('#login-button').click()
    })
  })

I'll route this to my team to investigate.

chrisbreiding avatar Jan 17 '23 14:01 chrisbreiding

I think this is a pretty big problem. It currently stops us from migrating to anything 10.11.0 or above. Does anybody know a solution or is there a fix in the pipeline?

SilverLinings89 avatar Jun 22 '23 15:06 SilverLinings89

I noticed that login works when I use "accounts.spotify.com" as a baseUrl, so it seems to be a problem with the cy.origin() command. Possibly this is related to: https://github.com/cypress-io/cypress/issues/23165

Unfortunately, this is not a suitable workaround for my tests, as it tests the oauth flow we implemented to integrate with Spotify.

hanna-becker avatar Jun 30 '23 11:06 hanna-becker

We found a workaround by doing the following:

  1. Let the test trigger the redirect to the Spotify login page through our app, just like it would happen when a user clicks on our "connect Spotify button".
  2. Copy over the Spotify cookies to the cy.origin() context like so:
    cy.location().then((location) => {
      cy.getAllCookies().then((cookies) => {
        const spotifyCookies = cookies.filter((cookie) => cookie.domain.toLowerCase().includes('spotify'));
        const args = {
          pathname: location.pathname,
          search: location.search,
          email: user.email,
          spotifyPw: user.spotifyPw,
          spotifyCookies,
        };
        cy.origin(location.origin, { args }, ({ pathname, search, email, spotifyPw, spotifyCookies }) => {
          spotifyCookies.forEach((cookie) =>
            cy.setCookie(cookie.name, cookie.value, {
              ...cookie,
              sameSite: 'no_restriction',
            })
          );
          cy.visit(`${pathname}${search}`);
          cy.get('input#login-username').click().type(email);
          cy.get('input#login-password').click().type(spotifyPw);
          cy.get('#login-button').click();
        });
      });
    });

The request wouldn't allow the cookies with their original sameSite property of 'Lax', but overriding it 'no_restriction' did the job.

hanna-becker avatar Jun 30 '23 14:06 hanna-becker

I (re)confirmed this fails in 12.17.4 version

ogorouli avatar Aug 16 '23 13:08 ogorouli

This issue has not had any activity in 180 days. Cypress evolves quickly and the reported behavior should be tested on the latest version of Cypress to verify the behavior is still occurring. It will be closed in 14 days if no updates are provided.

cypress-app-bot avatar Feb 13 '24 01:02 cypress-app-bot

This issue has been closed due to inactivity.

cypress-app-bot avatar Feb 28 '24 01:02 cypress-app-bot