Add feature test for WebAuthn registration (!113493) · Merge requests · GitLab.org / GitLab

Eduardo Sanz García requested to merge eduardosanz/improve-backend-test into master Mar 03, 2023

What does this MR do and why?

Added a set of feature specs for the WebAuthn registration when the webauthn_without_totp feature flag is enabled, as promised in Frontend: Enable WebAuthn device registration w... (!111659 - merged) (see bottom of the description). The tests are quite similar to the other context (where the feature flag is disabled). There are a couple of differences:

a password is required now
when registering the first device, recovery codes are generated

On the first commit, we narrow down the webauthn_without_totp feature flag context to include only the registration (not the authentication). That will make easier to cleanup after webauthn_without_totp feature flag is disabled.

On the second commit, we add the new set of feature tests.

On the third commit, we make a small change in the Registration Vue component so that we can pass the feature test. See the commit message for more details, but the change doesn't have any effect in real life. The warning still displays if the browser uses insecure HTTP:

Screenshots or screen recordings

No change.

How to set up and validate locally

N/A

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Add feature test for WebAuthn registration

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports