larvit/plainpages
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

E2E for token timeout + refresh (todo §4); full-stack auth-refresh.spec.ts (real Ory stack): a lapsed session JWT is silently re-minted from the live Kratos session (roles re-read from Keto), and cleared once the session is revoked; ory/kratos/e2e.yml shortens the tokenizer ttl to 8s + adds JWT_CLOCK_SKEW_SEC config so re-mint fires at expiry; scope visual suite to visual.spec.ts

Browse Source
This commit is contained in:
Lilleman auf Larv
2026-06-18 11:32:23 +02:00
parent 4b2173cb84
commit b5af4ba6cd
9 changed files with 204 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
compose.e2e-auth.yml Normal file
View File

@@ -0,0 +1,40 @@
# Full-stack auth E2E — token timeout + silent re-mint ("stay signed in", §4). The Ory-free
# visual suite (compose.e2e.yml) covers the design system; this is its full-stack counterpart:
# real Postgres + Kratos + Keto + bootstrap + web, with a SHORT tokenizer TTL (ory/kratos/e2e.yml)
# and zero clock skew, so the JWT lapses and re-mints within seconds instead of ~10m.
# docker compose -f compose.yml -f compose.e2e-auth.yml run --build --rm e2e
# docker compose -f compose.yml -f compose.e2e-auth.yml down -v # tear down after
services:
web:
# Dev throwaways are fine for the test stack; the runner hits web over http; treat the JWT as
# expired the instant its TTL lapses (no 60s leeway) so the re-mint fires promptly.
environment:
CACHE_TEMPLATES: "true"
JWT_CLOCK_SKEW_SEC: "0"
REQUIRE_SECURE_SECRETS: "false"
SECURE_COOKIES: "false"
healthcheck:
test: ["CMD", "wget", "-q", "-O", "-", "http://localhost:3000/"]
interval: 2s
timeout: 4s
retries: 30
# Shorten the session→JWT TTL and expose a network-resolvable base_url (ory/kratos/e2e.yml),
# merged after the base config.
kratos:
command: serve -c /etc/config/kratos/kratos.yml -c /etc/config/kratos/e2e.yml --watch-courier
e2e:
build:
context: .
dockerfile: Dockerfile.e2e
depends_on:
web:
condition: service_healthy
environment:
BASE_URL: http://web:3000
KRATOS_ADMIN_URL: http://kratos:4434
KRATOS_PUBLIC_URL: http://kratos:4433
command: ["npx", "playwright", "test", "auth-refresh.spec.ts"]
volumes:
- ./e2e/artifacts:/e2e/artifacts