Skip to content

e2e(FR-2434): add E2E test for allowed IP restriction enforcement during active session#6318

Open
ironAiken2 wants to merge 2 commits intomainfrom
04-01-e2e_fr-2434_add_e2e_test_for_allowed_ip_restriction_enforcement_during_active_session
Open

e2e(FR-2434): add E2E test for allowed IP restriction enforcement during active session#6318
ironAiken2 wants to merge 2 commits intomainfrom
04-01-e2e_fr-2434_add_e2e_test_for_allowed_ip_restriction_enforcement_during_active_session

Conversation

@ironAiken2
Copy link
Copy Markdown
Contributor

@ironAiken2 ironAiken2 commented Apr 1, 2026
edited
Loading

Resolves #6316 (FR-2434)

Summary

  • Add E2E test for IP-based access restriction enforcement during an active session
  • Test flow: create user → admin sets allowed IP → verify access → admin revokes IP and sets arbitrary IP → verify access denied → cleanup (deactivate user)
  • Uses multi-browser-context pattern (browser.newContext()) to maintain simultaneous admin and user sessions

Known Issue

Due to a purge_user API error (user_uuid must be set for RBAC validation), test users created during the test run may not be permanently deleted. The cleanup step only deactivates the user. If you need full cleanup, please use a manager version 26.4.0 or above, or modify src/lib/backend.ai-client-esm.ts to adjust the feature flag accordingly.

Test Recordings

Test Recording
Admin can create a test user
Admin can clean up: remove IP restriction and delete test user

Note: Tests 2–3 (User can access pages when their current IP is in the allowed list, User is denied access after admin revokes their IP) use browser.newContext() to create manual browser contexts for multi-session testing. Playwright's video: "on" config only applies to the built-in page fixture, so these manually created contexts were not recorded.

Test plan

  • Run npx playwright test e2e/user-profile/user-ip-restriction-enforcement.spec.ts against a local Backend.AI cluster
  • Verify all 4 serial tests pass: user creation, IP allow verification, IP deny verification, cleanup
  • Confirm no test user artifacts remain after test completion

🤖 Generated with Claude Code

Copilot AI review requested due to automatic review settings April 1, 2026 05:28
@github-actions github-actions bot added the size:L 100~500 LoC label Apr 1, 2026
@ironAiken2 Graphite App
Copy link
Copy Markdown
Contributor Author

ironAiken2 commented Apr 1, 2026

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

  • flow:merge-queue - adds this PR to the back of the merge queue
  • flow:hotfix - for urgent changes, fast-track this PR to the front of the merge queue

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has required the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

Copilot AI reviewed Apr 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new Playwright E2E spec under e2e/user-profile/ to verify that Allowed Client IP restrictions are enforced even for an already-authenticated user once the admin updates the allowed list.

Changes:

  • Introduces a serial E2E flow that creates a user, captures the user’s current client IP, allows it, verifies access, then revokes it and verifies access is denied.
  • Adds cleanup steps to remove the restriction and purge the created test user.

@ironAiken2 ironAiken2 force-pushed the 04-01-e2e_fr-2434_add_e2e_test_for_allowed_ip_restriction_enforcement_during_active_session branch from 8e03a39 to 9c95d5a Compare April 1, 2026 06:23
nowgnuesLee
nowgnuesLee requested changes Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@nowgnuesLee nowgnuesLee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please update webm files too.

ironAiken2 and others added 2 commits April 2, 2026 15:55
@ironAiken2
e2e(FR-2434): add E2E test for allowed IP restriction enforcement dur…
e8391f1 
…ing active session
@ironAiken2 @claude
e2e(FR-2434): fix BAINameActionCell action locators and cleanup test …
ea5776c 
…stability

- Add clickRowAction helper to handle icon-only buttons in BAINameActionCell
- Fix Edit button locator using icon aria-label instead of button name
- Fix Deactivate action: remove incorrect popconfirm expectation (mutation fires directly)
- Fix cleanup test: use dispatchEvent for checkbox click to handle table re-renders
- Increase cleanup test timeout to 60s for reliability

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ironAiken2 ironAiken2 force-pushed the 04-01-e2e_fr-2434_add_e2e_test_for_allowed_ip_restriction_enforcement_during_active_session branch from 9c95d5a to ea5776c Compare April 2, 2026 07:37
ironAiken2 added a commit that referenced this pull request Apr 2, 2026
@ironAiken2
chore: add e2e test recordings for PR #6318
c90c12a
@ironAiken2 ironAiken2 requested a review from nowgnuesLee April 2, 2026 07:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@agatha197 agatha197 Awaiting requested review from agatha197

@yomybaby yomybaby Awaiting requested review from yomybaby

@nowgnuesLee nowgnuesLee Awaiting requested review from nowgnuesLee

Requested changes must be addressed to merge this pull request.

Assignees

@ironAiken2 ironAiken2

Labels

e2e size:L 100~500 LoC test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add E2E test for allowed IP restriction enforcement during active session

3 participants

@ironAiken2 @nowgnuesLee