mirror of
https://github.com/open-metadata/OpenMetadata
synced 2026-05-24 09:39:11 +00:00
ca2d0122db
* test(playwright): add nightly SAML session renewal spec Covers OM's JWT refresh behavior for SAML sessions end-to-end against the local Keycloak fixture: silent refresh after expiry, concurrent 401s queuing behind a single refresh call, and forced re-login when the server-side SAML HttpSession is gone. Reuses the snapshot/restore mechanism and keycloak-azure-saml provider helper introduced in #27164; shortens samlConfiguration.security.token Validity to 10s so the suite observes multiple expiry cycles in <60s. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * Update openmetadata-ui/src/main/resources/ui/playwright/utils/sessionRenewal.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * test(playwright): drop expiry wait from refresh-on-reload SSO specs The reactive 401 refresh path races with the AuthProvider useEffect that wires tokenService.renewToken from authenticatorRef — if the 401 from /users/loggedInUser lands before that effect commits the populated ref, refreshToken() returns null and the user is logged out instead of refreshed. With tokenValidity=10s (< EXPIRY_THRESHOLD_MILLES=60s), the UI's proactive timer in startTokenExpiryTimer fires immediately on every mount, so /auth/refresh is exercised on each reload regardless of expiry state. Assertions on token rotation and session continuity still cover "silent refresh works end-to-end". The SAML-session-gone case still waits for expiry — it needs to. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * test(playwright): trigger refresh via SPA nav in SSO renewal specs page.reload() remounts React and re-races the axios interceptor setup in AuthProvider — the useEffect that wires authenticatorRef.renewIdToken onto TokenService has a ref-typed dependency that doesn't reliably re-run, so the first 401 after reload sometimes finds renewToken=null and the interceptor silently logs the user out instead of refreshing. Click the Explore sidebar link instead. The click triggers authenticated API calls while staying inside the already-mounted React tree, so the interceptor always reaches the wired TokenService. Spec now passes 10/10 locally. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Siddhant <siddhant@MacBook-Pro-621.local> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| actions | ||
| ISSUE_TEMPLATE | ||
| scripts | ||
| trivy/templates | ||
| workflows | ||
| CODEOWNERS | ||
| copilot-instructions.md | ||
| e2eLabeler.yml | ||
| labeler.yml | ||
| pull_request_template.md | ||
| teams.yml | ||