Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Re-enable semaphoreci live test [tom to update google admin settings] #1850

Open
ioanmo226 opened this issue Oct 4, 2022 · 17 comments · May be fixed by #2290
Open

Re-enable semaphoreci live test [tom to update google admin settings] #1850

ioanmo226 opened this issue Oct 4, 2022 · 17 comments · May be fixed by #2290

Comments

@ioanmo226
Copy link
Collaborator

    Let me create new issue for this so that we don't forget to re-enable.

Originally posted by @ioanmo226 in #1849 (comment)

@tomholub tomholub added this to the 1.2.0: Drafts milestone Oct 4, 2022
@sosnovsky sosnovsky self-assigned this Oct 17, 2022
@sosnovsky sosnovsky added the in progress Work on the issue is in progress label Nov 17, 2022
@tomholub tomholub assigned ioanmo226 and unassigned sosnovsky Dec 21, 2022
@ioanmo226
Copy link
Collaborator Author

@sosnovsky Please confirm if you are working/worked on this task.

@sosnovsky
Copy link
Collaborator

@ioanmo226 I tried to re-enable live test in https://github.com/FlowCrypt/flowcrypt-ios/tree/bugfix/issue-1850-semaphore-live-test, but it fails because Google asks for additional verification on login.

Probably 1 successful login will be enough and then live test should work without issues, but I wasn't able to pass verification on remote machine - I tried to make screenshots of remote Semaphore machine to choose right number for verification, but it still failed to sign in.

@sosnovsky sosnovsky removed the in progress Work on the issue is in progress label Dec 21, 2022
@tomholub
Copy link
Collaborator

this will need my help, probably

i was thinking to maybe use a test domain with our own idp instead of google. then we can control it

easier option may be to attempt to disable these other verifications. previously not possible, but i saw some new options i think

@ioanmo226
Copy link
Collaborator Author

Like browser extension which uses flowcrypt.dev domain with auth0?

@tomholub
Copy link
Collaborator

it doesn't.. or does it? i'm forgetting.

the intention was to do something like that, yes. i forgot we actually did that before. if we did, does it still work?

@ioanmo226
Copy link
Collaborator Author

It does. we are currently using [email protected] account with auth0 (IDP) for browser extension live test
Live tests are working fine in browser extension :-)

@FlowCrypt FlowCrypt deleted a comment from github-actions bot Dec 21, 2022
@tomholub
Copy link
Collaborator

we could use the same exact account here. we'd just need to add missing sample emails, if any, needed by ios tests

@tomholub
Copy link
Collaborator

before that though, i'll go through google admin settings. that would be less work, if i can get it to work that way

@tomholub tomholub changed the title Re-enable semaphoreci live test Re-enable semaphoreci live test [tom to update google admin settings] Jan 5, 2023
@tomholub tomholub self-assigned this Jan 5, 2023
@tomholub
Copy link
Collaborator

tomholub commented Jan 20, 2023

There is a way to turn off "challenges" for 10 minutes at a time. They say the challenge is only needed on new devices (which in the cloud, every device is a new device, almost).

image

If we were to back up the login state at the end of a successful local run. Wherever the ios device saves the google login information. Is that in the web browser cookies or elsewhere? If we could export that, add that to semaphore secrets, and have the semaphore code load that into the iOS emulator when starting, that would mean it would appear to be the same device, meaning same session, and there should be no challenges, or they should not be that frequent.

@sosnovsky
Copy link
Collaborator

Previously we didn't need to pass these challenges on each live test run. I think this problem appeared when we switched from macos-xcode13 to macos-xcode14 machine on Semaphore, so maybe some cookies are persisted between CI test runs.

We can try to disable this login challenge for 10 minutes and run live test on Semaphore, to check if sign in works well in this case. Then we should check if re-running live test still shows login challenge or login passes without it.

@tomholub
Copy link
Collaborator

From my experience on browser extension, if you do the 10 minute thing enough times, you may cover most of the machines they allocate to you, and you'll mostly be ok. But changes in tooling suddenly bring those challenges back, like it did here.

@tomholub
Copy link
Collaborator

Also can use https://accounts.google.com/b/0/DisplayUnlockCaptcha (where the 0 is the account number you are logged into, else you are unlocking another account. You can find out by logging into gmail with the target account and seeing what number is in URL). It does the same thing - remove challenge for 10 minutes.

If you try that a few times before running live tests, you may find that it may stop giving us trouble.

@tomholub tomholub added this to the 1.2.5: Maintenance milestone Feb 10, 2023
@ioanmo226 ioanmo226 linked a pull request Jul 19, 2023 that will close this issue
5 tasks
@ioanmo226
Copy link
Collaborator Author

ioanmo226 commented Jul 20, 2023

@tomholub, I've fixed the live tests. They were even failing locally due to some keys no longer existing, environment support issues, and so on.
However, they are still failing on SemaphoreCI because of the 2-step verification.

Perhaps we could create a new account, [email protected], and remove the [email protected] account? Alternatively, we could use the existing [email protected] account, which I believe is currently being used for the browser test.

If we continue to use this [email protected], same problem would appear again in the future I think.
Or maybe we could try disabling the login challenge, then let SemaphoreCI run, and hope the issue doesn't reappear. (disabling login challenge is only 10 mins and running live test takes about 40 mins though. first build xcode project, run mock other test and then live test)

@FlowCrypt FlowCrypt deleted a comment from github-actions bot Jul 20, 2023
@FlowCrypt FlowCrypt deleted a comment from github-actions bot Jul 20, 2023
@FlowCrypt FlowCrypt deleted a comment from github-actions bot Jul 20, 2023
@ioanmo226
Copy link
Collaborator Author

DisplayUnlockCaptcha is not available though.
image

@ioanmo226
Copy link
Collaborator Author

@tomholub In case you missed it

@tomholub
Copy link
Collaborator

tomholub commented Aug 2, 2023

This will basically be a never ending problem unless we completely sidestep Google for authentication, and configure our domain to use a 3rd party IdP instead.

I'll try it on the flowcrypt.dev domain first. The way it works, a Google auth prompt gets popped up (where you maybe click on your account to choose it) and after it understands which account you want to log in for, Google forwards the user to an auth window hosted by another IdP, like Auth0. Now, Auth0 can be reliably configured to just use email + password without further hassles. The only thing on the client app tests, I think we'll have to update the selectors of which fields to fill based on whatever the other IdP presents.

I've been hesitating with this, because I don't properly understand it, and I worry if I misconfigure it, we'll never be able to log in again (if I break it and even the account of the admin cannot log into Google Admin Console to fix it). But starting out on the flowcrypt.dev domain would make it less risky.

@tomholub
Copy link
Collaborator

tomholub commented Sep 8, 2023

Unfortunately still didn't get to this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants