recipe-maintainers/cc-ci
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2f3d5aa78fe5f31227ad7933d3e29fa0ea9d6a48
cc-ci/tests/n8n/functional/test_login_state.py
autonomic-bot 2f3d5aa78f feat(2): Q1.2 — n8n Phase-2 parity + functional + robust install (full e2e green) 
- tests/n8n/PARITY.md: parity table (health_check ported) + 2 recipe-specific
  functional tests with rationale + data-integrity section pointing to
  Phase-1d/1e lifecycle overlays.
- tests/n8n/functional/test_health_check.py: parity port of
  recipe-info/n8n/tests/health_check.py — SOURCE comment.
- tests/n8n/functional/test_rest_settings.py: NEW recipe-specific — polls
  /rest/settings until response is application/json (not the 'n8n is starting
  up' SPA placeholder); asserts known n8n public-settings keys
  (userManagement/defaultLocale/authCookie) in the 'data' envelope. Proves the
  editor SPA's primary API contract is intact.
- tests/n8n/functional/test_login_state.py: NEW recipe-specific — polls
  /rest/login until response is JSON; proves the user-management/auth subsystem
  initialized on top of the public-settings layer.
- tests/n8n/test_install.py: install overlay's Playwright now polls page.goto
  until status==200 (n8n's / route can return 404 briefly while the SPA route
  registers on top of /healthz=200). Bounded poll, no bare sleep, raise on
  persistent failure — same robustness pattern as Phase-1e exec_in_app.

Cold-verifiable on cc-ci (log /root/ccci-q1-n8n-r3.log):
  RECIPE=n8n cc-ci-run runner/run_recipe_ci.py
  all 5 stages PASS, deploy-count=1, head_ref=63dd3e0f==chaos-version=63dd3e0f,
  version 3.1.0+2.9.4 -> 3.2.0+2.20.6 (HC1 non-vacuous), 5 lifecycle assertions
  + 3 custom-stage assertions all PASS.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-28 06:48:00 +01:00

97 lines
4.1 KiB
Python
Raw Blame History

"""n8n — recipe-specific functional test (Phase 2 P3, ≥2 beyond parity).
n8n's `/rest/login` reports the auth/owner state — what the editor SPA calls right after settings
to decide between "show the owner-setup wizard" vs "show the login page" vs "we already have a
session". A fresh-deploy n8n with user-management enabled MUST return a JSON body indicating no
owner exists yet (status=200 + a no-owner / no-session shape). A still-starting n8n returns the
"n8n is starting up" placeholder HTML with the same 200; this test polls until a real JSON shape
arrives and asserts the auth subsystem responded — proving the user-management layer initialized
on top of the public settings (distinct from test_rest_settings.py, which only proves the public
settings endpoint).
Runs in the custom tier against the shared post-install deployment.
"""
from __future__ import annotations
import json
import os
import ssl
import sys
import urllib.request
sys.path.insert(0, os.path.join(os.path.dirname(__file__), "..", "..", "..", "runner"))
from harness import http as harness_http # noqa: E402
def _raw_get(url: str, timeout: int = 15):
"""Same shape as test_rest_settings._raw_get_json: returns (status, content_type, json_or_None,
raw_excerpt_or_err)."""
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
req = urllib.request.Request(url, method="GET")
try:
resp = urllib.request.urlopen(req, timeout=timeout, context=ctx)
except urllib.error.HTTPError as e:
# n8n's /rest/login may return 4xx on a fresh install (no session); still informative
ct = e.headers.get("Content-Type", "") if e.headers else ""
try:
raw = e.read()
except Exception: # noqa: BLE001
return e.code, ct, None, "<read-failed>"
if "application/json" not in ct:
return e.code, ct, None, raw.decode(errors="replace")[:80]
try:
return e.code, ct, json.loads(raw), None
except (json.JSONDecodeError, ValueError) as je:
return e.code, ct, None, str(je)
except Exception as e: # noqa: BLE001
return 0, "", None, str(e)
ct = resp.headers.get("Content-Type", "")
raw = resp.read()
resp.close()
if "application/json" not in ct:
return resp.status, ct, None, raw.decode(errors="replace")[:80]
try:
return resp.status, ct, json.loads(raw), None
except (json.JSONDecodeError, ValueError) as je:
return resp.status, ct, None, str(je)
def test_login_endpoint_returns_json(live_app):
"""Poll /rest/login until it returns a real JSON response (not the SPA placeholder). Assert the
response indicates the auth subsystem is up — either a JSON error envelope (no session) or a
user / state object. n8n's exact response shape evolves: pre-1.x returned a flat error; recent
versions return {"code":..., "message":..., "hint":...} for the no-session case. We accept any
JSON object — but reject the placeholder HTML."""
url = f"https://{live_app}/rest/login"
state: dict = {}
def _ready():
status, ct, body, err = _raw_get(url)
state.update({"status": status, "ct": ct, "err": err, "body": body})
if status == 0:
return None
# The "starting up" placeholder is text/html with 200 -> body is None, ct doesn't contain
# application/json. Reject until ct says JSON.
if "application/json" not in ct:
return None
return body if body is not None else None
body = harness_http.assert_converges(
_ready,
f"GET {url} returns JSON (n8n auth subsystem ready)",
max_wait=180,
interval=5,
)
# The auth endpoint returned a JSON body — that's the proof. The shape varies, but JSON it is.
assert body is not None, f"/rest/login returned no parseable JSON: state={state}"
# If it's a dict, it's the expected envelope; if it's a list, n8n shouldn't do that on this
# endpoint, but accept either; only reject obvious non-shapes.
assert isinstance(body, (dict, list)), (
f"/rest/login returned unexpected JSON type {type(body).__name__}: {body!r}"
)
Reference in New Issue View Git Blame Copy Permalink