bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test(portal): align onboarding E2E with vaultwarden-first flow

Browse Source
This commit is contained in:
Brad Stein 2026-01-04 23:00:40 -03:00
parent eff9bfb761
commit 2e52956155
1 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
scripts/tests/test_portal_onboarding_flow.py
View File

@ -387,14 +387,21 @@ def main() -> int:
if isinstance(required_actions, list): if isinstance(required_actions, list):
required = {a for a in required_actions if isinstance(a, str)} required = {a for a in required_actions if isinstance(a, str)}
missing = [name for name in ("UPDATE_PASSWORD", "VERIFY_EMAIL") if name not in required] unexpected = sorted(required.intersection({"UPDATE_PASSWORD", "VERIFY_EMAIL", "CONFIGURE_TOTP"}))
if missing: if unexpected:
raise SystemExit(f"Keycloak user missing required actions {missing}: requiredActions={sorted(required)}")
if "CONFIGURE_TOTP" in required:
raise SystemExit( raise SystemExit(
f"Keycloak user should not require CONFIGURE_TOTP at first login: requiredActions={sorted(required)}" "Keycloak user should not require actions at first login "
f"(Vaultwarden-first onboarding): unexpected requiredActions={unexpected} full={sorted(required)}"
) )
email_verified = full.get("emailVerified")
if email_verified is not True:
raise SystemExit(f"Keycloak user should have emailVerified=true: emailVerified={email_verified!r}")
kc_email = full.get("email")
if isinstance(kc_email, str) and contact_email and kc_email != contact_email:
raise SystemExit(f"Keycloak user email mismatch: expected {contact_email!r} got {kc_email!r}")
print(f"PASS: onboarding provisioning completed for {request_code} ({username})") print(f"PASS: onboarding provisioning completed for {request_code} ({username})")
return 0 return 0