discourse/spec
Alan Guo Xiang Tan 6e9fbb5bab
DEV: Do not process requests initiated by browser in a different example (#25809)
Why this change?

We noticed that running `LOAD_PLUGINS=1 rspec --seed=38855 plugins/chat/spec/system/chat_new_message_spec.rb` locally
results in the system tests randomly failing. When we inspected the
request logs closely, we noticed that a `/presence/get` request from a
previous rspec example was being processed when a new rspec example is
already being run. We know it was from the previous rspec example
because inspecting the auth token showed the request using the auth
token of a user from the previous example. However, when a request using
an auth token from a previous example is used it ends up logging out the
same user on the server side because the user id in the cookie is the same
due to the use of `fab!`.

I did some research and there is apparently no way to wait until all
inflight requests by the browser has completed through capybara or
selenium. Therefore, we will add an identifier by attaching a cookie to all non-xhr requests so that
xhr requests which are triggered subsequently will contain the cookie in the request.

In the `BlockRequestsMiddleware` middleware, we will then reject any
requests when the value of the identifier in the cookie does not match the current rspec's example
location.

To see the problem locally, change `Auth::DefaultCurrentUserProvider.find_v1_auth_cookie` to the following:

```
  def self.find_v1_auth_cookie(env)
    return env[DECRYPTED_AUTH_COOKIE] if env.key?(DECRYPTED_AUTH_COOKIE)

    env[DECRYPTED_AUTH_COOKIE] = begin
      request = ActionDispatch::Request.new(env)
      cookie = request.cookies[TOKEN_COOKIE]

      # don't even initialize a cookie jar if we don't have a cookie at all
      if cookie&.valid_encoding? && cookie.present?
        puts "#{env["REQUEST_PATH"]} #{request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access}"
        request.cookie_jar.encrypted[TOKEN_COOKIE]&.with_indifferent_access
      end
    end
  end
```

After which run the following command: `LOAD_PLUGINS=1 rspec --format documentation --seed=38855 plugins/chat/spec/system/chat_new_message_spec.rb`

It takes a few tries but the last spec should fail and you should see something like this:

```
assets/chunk.c16f6ba8b6824baa47ac.d41d8cd9.js {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/assets/chunk.050148142e1d2dc992dd.d41d8cd9.js {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/chat/api/channels/527/messages {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
/uploads/default/test_0/optimized/1X/_129430568242d1b7f853bb13ebea28b3f6af4e7_2_512x512.png {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
    redirects to existing chat channel
    redirects to chat channel if recipients param is missing (PENDING: Temporarily skipped with xit)
  with multiple users
/favicon.ico {"token"=>"9a75c114c4d3401509a23d240f0a46d4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591736}
/chat/new-message {"token"=>"9a75c114c4d3401509a23d240f0a46d4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591736}
/presence/get {"token"=>"37d995a4b65395d3b343ec70fff915b4", "user_id"=>3382, "username"=>"bruce0", "trust_level"=>1, "issued_at"=>1708591735}
 ```
 
 Note how the `/presence/get` request is using a token from the previous example. 

Co-authored-by: David Taylor <david@taylorhq.com>
2024-02-22 19:41:10 +08:00
..
fabricators DEV: Automatically update groups for test users with explicit TL (#25415) 2024-01-29 17:52:02 +08:00
fixtures DEV: Refactor subclasses in ThemeSettingsManager to individual files (#25605) 2024-02-08 12:59:52 +08:00
generator DEV: Improve site setting rename generator (#25354) 2024-01-25 10:45:46 +10:00
helpers FEATURE: Add experimental option for strict-dynamic CSP (#25664) 2024-02-16 11:16:54 +00:00
import_export DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
initializers DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
integration DEV: Automatically update groups for test users with explicit TL (#25415) 2024-01-29 17:52:02 +08:00
integrity Enable Embroider/Webpack code spliting for Wizard (#24919) 2023-12-20 13:15:06 +00:00
jobs DEV: Increase default SMTP read timeout to 30s (#25763) 2024-02-21 07:13:18 +10:00
lib DEV: Change shape of errors in ThemeSettingsObjectValidator (#25784) 2024-02-21 15:27:42 +08:00
mailers DEV: Automatically update groups for test users with explicit TL (#25415) 2024-01-29 17:52:02 +08:00
migrations DEV: Switch over category settings to new table - Part 3 (#20657) 2023-09-12 09:51:49 +08:00
models DEV: Set a bytesize limit for ThemeSetting#json_value (#25761) 2024-02-21 08:09:37 +08:00
multisite DEV: Add S3 upload system specs using minio (#22975) 2023-08-23 11:18:33 +10:00
requests FIX: Load categories with search topic results (#25700) 2024-02-21 17:29:47 +02:00
script/import_scripts DEV: Allow fab! without block (#24314) 2023-11-09 16:47:59 -06:00
serializers FIX: Preload parent categories for sidebar (#25726) 2024-02-16 16:39:18 +02:00
services DEV: Change min_trust_level_to_allow_profile_background to trust level setting (#25721) 2024-02-19 10:47:47 +10:00
support FEATURE: Add experimental option for strict-dynamic CSP (#25664) 2024-02-16 11:16:54 +00:00
system FIX: Customize form template view modal footer buttons (#25804) 2024-02-21 22:20:56 -08:00
tasks DEV: Add file_size_restriction site setting type (#24704) 2023-12-13 16:22:48 -07:00
views FIX: Use subfolder-safe url for category in html view (#24595) 2023-11-28 19:08:14 +08:00
rails_helper.rb DEV: Do not process requests initiated by browser in a different example (#25809) 2024-02-22 19:41:10 +08:00
regenerate_swagger_docs
swagger_helper.rb DEV: Bump rswag-specs from 2.11.0 to 2.13.0 (#24654) 2023-12-07 08:16:47 +08:00