[Bug 42705] New: OPAC/SCO_spec.ts is failing
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 Bug ID: 42705 Summary: OPAC/SCO_spec.ts is failing Initiative type: --- Sponsorship --- status: Product: Koha Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: Test Suite Assignee: chris@bigballofwax.co.nz Reporter: jonathan.druart@gmail.com QA Contact: testopia@bugs.koha-community.org 00:37:23 <?xml version="1.0" encoding="UTF-8"?> 00:37:23 <testsuites name="Mocha Tests" time="17.238" tests="1" failures="2"> 00:37:23 <testsuite name="Root Suite" timestamp="2026-05-26T22:36:21" tests="0" file="t/cypress/integration/OPAC/SCO_spec.ts" time="0.000" failures="0"> 00:37:23 </testsuite> 00:37:23 <testsuite name="SCO" timestamp="2026-05-26T22:36:21" tests="1" time="17.060" failures="2"> 00:37:23 <testcase name="SCO Should not crash if barcode contains '+'" time="0.000" classname="Should not crash if barcode contains '+'"> 00:37:23 <failure message="Timed out retrying after 10000ms: Expected to find element: `#patronlogin`, but never found it." type="AssertionError"><![CDATA[AssertionError: Timed out retrying after 10000ms: Expected to find element: `#patronlogin`, but never found it. 00:37:23 at Context.eval (webpack://koha/./t/cypress/integration/OPAC/SCO_spec.ts:26:31)]]></failure> 00:37:23 </testcase> 00:37:23 <testcase name="SCO "after each" hook for "Should not crash if barcode contains '+'"" time="0.000" classname=""after each" hook for "Should not crash if barcode contains '+'""> 00:37:23 <failure message="TypeError: Cannot read properties of undefined (reading 'map') 00:37:23 00:37:23 Because this error occurred during a `after each` hook we are skipping the remaining tests in the current suite: `SCO`" type="Error"><![CDATA[Error: TypeError: Cannot read properties of undefined (reading 'map') 00:37:23 00:37:23 Because this error occurred during a `after each` hook we are skipping the remaining tests in the current suite: `SCO` 00:37:23 at HttpClient._fetchJSON (http://koha:8081/intranet-tmpl/prog/js/fetch/http-client.js:105:26)]]></failure> 00:37:23 </testcase> 00:37:23 </testsuite> 00:37:23 </testsuites> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|chris@bigballofwax.co.nz |jonathan.druart@gmail.com Status|NEW |ASSIGNED Depends on| |27826 Keywords| |roadmap_26_05 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=27826 [Bug 27826] Self checkout dies on '?' as a barcode -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 --- Comment #1 from Jonathan Druart <jonathan.druart@gmail.com> --- Created attachment 199611 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199611&action=edit Bug 42705: Setup self-checkout for SCO_spec.t There are several weird things going on here. I've experienced several weird login issues at the OPAC (403) when switching from SCO to OPAC, some are I guess expected, but others were definitely not. It is highlighted in the Cypress tests as I had to workaround to make them almost pass. Finally I hit a problem with restoring the syspref values in afterEach, mainly because we use both staff and OPAC interfaces in the tests but also because it seems that Cypress teardown several "things" in afterEach and random behaviours were appearing. I have spent way too much time on this, and I don't think this is ready yet but basically this is what the patch does: 1. Set the CSRF token in a Cypress env var in beforeEach so the set_syspref command can reuse it and does not need to be logged in 2. Create a self checkout patron to auto login. Otherwise the tests were not passing and I also got weird random UI behaviours: 403 and login form not submitted (??) 3. Enforce the filling of the credentials on the login form. But I don't think it's still necessary (it was a try to fix the login in afterEach) All of that to say: Feel free to suggest a better fix, or even delete the whole test file, I am giving up! :D -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 --- Comment #2 from Pedro Amorim (ammopt) <pedro.amorim@openfifth.co.uk> --- Created attachment 199734 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199734&action=edit Bug 42705: Make http-client.js handle svc endpoint error The afterEach calls cy.login() then immediately posts to the syspref endpoint. On CI, the machine is slow enough that the POST fires before the login redirect completes — no valid session yet — so the endpoint returns a C4::Service auth error in this format: { "type": "auth", "message": "expired" } http-client.js only knew how to parse modern REST API errors (json.error or json.errors[]). Neither field exists here, so json.errors.map(...) crashed with a TypeError instead of surfacing the actual error message. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 --- Comment #3 from Pedro Amorim (ammopt) <pedro.amorim@openfifth.co.uk> --- Created attachment 199735 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199735&action=edit Bug 42705: Add HttpClient_spec.ts This fails without the fix patch in this set: cypress run --spec t/cypress/integration/HttpClient_spec.ts It passes with the fix -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 --- Comment #4 from Pedro Amorim (ammopt) <pedro.amorim@openfifth.co.uk> --- Created attachment 199754 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199754&action=edit Bug 42705: Enable WebBasedSelfCheck in SCO spec beforeEach Patch from commit 07daac6 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 Pedro Amorim (ammopt) <pedro.amorim@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pedro.amorim@openfifth.co.u | |k Attachment #199754|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 --- Comment #5 from Pedro Amorim (ammopt) <pedro.amorim@openfifth.co.uk> --- Created attachment 199813 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199813&action=edit Bug 42705: Fix SCO spec WebBasedSelfCheck setup cy.login() in beforeEach broke the test in two ways: the intranet staff session cookie bled into the OPAC request (HTTP cookies have no port scope in browsers), and navigating from intranet→OPAC mid-test hit a cross-origin block in Cypress. The afterEach suffered the same race condition — the syspref ▎ POST fired before the login redirect completed. Replace with cy.request(), which makes HTTP calls at the runner level without touching the browser's current origin. cy.visitOpac() is then the first browser navigation, so no cross-origin issue arises. A three-step flow satisfies Koha's CSRF middleware: 1) GET the login page to obtain a session and its token 2) POST credentials to authenticate 3) POST to the svc endpoint. This fixes the #barcode and #patronlogin not found issues The CSRF token also requires encodeURIComponent() — base64 uses +, which a URL-encoded form body decodes as a space, silently corrupting the token and causing the login to fail. This resolves the 403 Forbidden issue Everything must pass: $ cypress run --spec t/cypress/integration/OPAC/SCO_spec.ts as well as npm run cypress open (cypress ui) ktd selenium: $ perl /kohadevbox/misc4dev/run_tests.pl --run-only t/cypress/integration/OPAC/SCO_spec.ts -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 Pedro Amorim (ammopt) <pedro.amorim@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #199813|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 --- Comment #6 from Pedro Amorim (ammopt) <pedro.amorim@openfifth.co.uk> --- Created attachment 199814 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199814&action=edit Bug 42705: Fix SCO spec WebBasedSelfCheck setup cy.login() in beforeEach broke the test in two ways: the intranet staff session cookie bled into the OPAC request (HTTP cookies have no port scope in browsers), and navigating from intranet→OPAC mid-test hit a cross-origin block in Cypress. The afterEach suffered the same race condition - the syspref POST fired before the login redirect completed. Replace with cy.request(), which makes HTTP calls at the runner level without touching the browser's current origin. cy.visitOpac() is then the first browser navigation, so no cross-origin issue arises. A three-step flow satisfies Koha's CSRF middleware: 1) GET the login page to obtain a session and its token 2) POST credentials to authenticate 3) POST to the svc endpoint. This fixes the #barcode and #patronlogin not found issues The CSRF token also requires encodeURIComponent() — base64 uses +, which a URL-encoded form body decodes as a space, silently corrupting the token and causing the login to fail. This resolves the 403 Forbidden issue Everything must pass: $ cypress run --spec t/cypress/integration/OPAC/SCO_spec.ts as well as npm run cypress open (cypress ui) ktd selenium: $ perl /kohadevbox/misc4dev/run_tests.pl --run-only t/cypress/integration/OPAC/SCO_spec.ts -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 Pedro Amorim (ammopt) <pedro.amorim@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #199814|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 --- Comment #7 from Pedro Amorim (ammopt) <pedro.amorim@openfifth.co.uk> --- Created attachment 199815 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199815&action=edit Bug 42705: Fix SCO spec WebBasedSelfCheck setup cy.login() in beforeEach broke the test in two ways: the intranet staff session cookie bled into the OPAC request (HTTP cookies have no port scope in browsers), and navigating from intranet→OPAC mid-test hit a cross-origin block in Cypress. The afterEach suffered the same race condition - the syspref POST fired before the login redirect completed. Replace with cy.request(), which makes HTTP calls at the runner level without touching the browser's current origin. cy.visitOpac() is then the first browser navigation, so no cross-origin issue arises. A three-step flow satisfies Koha's CSRF middleware: 1) GET the login page to obtain a session and its token 2) POST credentials to authenticate 3) POST to the svc endpoint. This fixes the #barcode and #patronlogin not found issues The CSRF token also requires encodeURIComponent() — base64 uses +, which a URL-encoded form body decodes as a space, silently corrupting the token and causing the login to fail. This resolves the 403 Forbidden issue Everything must pass: $ cypress run --spec t/cypress/integration/OPAC/SCO_spec.ts as well as npm run cypress open (cypress ui) ktd selenium: $ perl /kohadevbox/misc4dev/run_tests.pl --run-only t/cypress/integration/OPAC/SCO_spec.ts squash -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |martin.renvoize@openfifth.c | |o.uk --- Comment #8 from Martin Renvoize (ashimema) <martin.renvoize@openfifth.co.uk> --- This all looks like solid improvements to me guys.. good sleuthing -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 --- Comment #9 from Jonathan Druart <jonathan.druart@gmail.com> --- The last patch does not seem solid to me. It's not reusable... I prefer the "optionally pass the token" solution proposed in the first patch. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 --- Comment #10 from Jonathan Druart <jonathan.druart@gmail.com> --- And the tests are still failing on Cypress UI, if selfcheckout is not setup from misc4dev. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 --- Comment #11 from Jonathan Druart <jonathan.druart@gmail.com> --- I really don't see how you could login with only one login form. When I use Koha on the browser I do see 2 login forms. One for the selfcheckout user, one for the regular user. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #199734|0 |1 is obsolete| | Attachment #199735|0 |1 is obsolete| | Attachment #199815|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 --- Comment #12 from Jonathan Druart <jonathan.druart@gmail.com> --- Created attachment 199822 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199822&action=edit Bug 42705: Make http-client.js handle svc endpoint error The afterEach calls cy.login() then immediately posts to the syspref endpoint. On CI, the machine is slow enough that the POST fires before the login redirect completes — no valid session yet — so the endpoint returns a C4::Service auth error in this format: { "type": "auth", "message": "expired" } http-client.js only knew how to parse modern REST API errors (json.error or json.errors[]). Neither field exists here, so json.errors.map(...) crashed with a TypeError instead of surfacing the actual error message. Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 --- Comment #13 from Jonathan Druart <jonathan.druart@gmail.com> --- Created attachment 199823 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199823&action=edit Bug 42705: Add HttpClient_spec.ts This fails without the fix patch in this set: cypress run --spec t/cypress/integration/HttpClient_spec.ts It passes with the fix Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 --- Comment #14 from Jonathan Druart <jonathan.druart@gmail.com> --- Created attachment 199824 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=199824&action=edit Bug 42705: Fix SCO spec WebBasedSelfCheck setup cy.login() in beforeEach broke the test in two ways: the intranet staff session cookie bled into the OPAC request (HTTP cookies have no port scope in browsers), and navigating from intranet→OPAC mid-test hit a cross-origin block in Cypress. The afterEach suffered the same race condition - the syspref POST fired before the login redirect completed. Replace with cy.request(), which makes HTTP calls at the runner level without touching the browser's current origin. cy.visitOpac() is then the first browser navigation, so no cross-origin issue arises. A three-step flow satisfies Koha's CSRF middleware: 1) GET the login page to obtain a session and its token 2) POST credentials to authenticate 3) POST to the svc endpoint. This fixes the #barcode and #patronlogin not found issues The CSRF token also requires encodeURIComponent() — base64 uses +, which a URL-encoded form body decodes as a space, silently corrupting the token and causing the login to fail. This resolves the 403 Forbidden issue Everything must pass: $ cypress run --spec t/cypress/integration/OPAC/SCO_spec.ts as well as npm run cypress open (cypress ui) ktd selenium: $ perl /kohadevbox/misc4dev/run_tests.pl --run-only t/cypress/integration/OPAC/SCO_spec.ts squash Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |Passed QA --- Comment #15 from Jonathan Druart <jonathan.druart@gmail.com> --- Passing QA so we can see how jenkins behave but: 1. The tests are failing locally when using cypress open after a "misc4dev/run_tests.pl --run-only". Which means there is still something wrong 2. The code in the tests is not reusable 3. I don't understand how it can work if you login only once. You could if a selfcheckout user is set in AutoSelfCheckID and AutoSelfCheckPass 4. Making the CSRF token a parameter of fetch seems a flexible and reusable solution. This is what the last patch does but in an ugly way. 5. We are modifying the error handling of the low level fetch function in js/fetch/http-client.js, which may cause regressions. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 Jonathan Druart <jonathan.druart@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #199611|0 |1 is obsolete| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 Pedro Amorim (ammopt) <pedro.amorim@openfifth.co.uk> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Passed QA |Pushed to main Version(s)| |26.11.00 released in| | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 --- Comment #16 from Pedro Amorim (ammopt) <pedro.amorim@openfifth.co.uk> --- Thanks everyone! Pushed to main for 26.11! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 Lucas Gass (lukeg) <lucas@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to main |Pushed to stable CC| |lucas@bywatersolutions.com Version(s)|26.11.00 |26.11.00,26.05.01 released in| | --- Comment #17 from Lucas Gass (lukeg) <lucas@bywatersolutions.com> --- Pushed to 26.05.x for upcoming 25.06.01 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 Baptiste Wojtkowski (bwoj) <baptiste.wojtkowski@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |baptiste.wojtkowski@biblibr | |e.com Version(s)|26.11.00,26.05.01 |26.11.00,26.05.01,25.11.07 released in| | --- Comment #18 from Baptiste Wojtkowski (bwoj) <baptiste.wojtkowski@biblibre.com> --- Pushed into 25.11.x for 25.11.07 nice work everyone -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42705 Baptiste Wojtkowski (bwoj) <baptiste.wojtkowski@biblibre.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to stable |Pushed to oldstable -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org