test(FR-2639): add E2E regression for sToken login boundary routes by nowgnuesLee · Pull Request #6865 · lablup/backend.ai-webui

nowgnuesLee · 2026-04-22T03:13:23Z

Resolves FR-2639 and FR-2643 (under Stories FR-2626 / FR-2627, Epic FR-2616)

resolves #NNN (FR-MMM)

Checklist: (if applicable)

Documentation
Minium required manager version
Specific setting for review (eg., KB link, endpoint or how to setup)
Minimum requirements to check during review
Test case(s) to demonstrate the difference of before/after

Stack

Story 2/3 E2E regression for Epic FR-2616. Sits on top of the Story 2 (#6861) and Story 3 (#6864) implementation PRs.

nowgnuesLee · 2026-04-22T03:13:44Z

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

flow:merge-queue - adds this PR to the back of the merge queue
flow:hotfix - for urgent changes, fast-track this PR to the front of the merge queue

You must have a Graphite account in order to use the merge queue. Sign up using this link.

_{An organization admin has required the Graphite Merge Queue in this repository.} _{Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.}

This stack of pull requests is managed by Graphite. Learn more about stacking.

Copilot

Pull request overview

Adds Playwright E2E regressions for the new STokenLoginBoundary behavior across LoginView and EduAppLauncher routes, and updates the FR-2616 spec metadata to link the relevant implementation/testing PRs.

Changes:

Add E2E coverage for sToken boundary behavior on / and /interactive-login (invalid token UI + URL preservation; non-sToken path still shows login form).
Add E2E coverage for sToken boundary behavior on /edu-applauncher and /applauncher, including a regression guard ensuring LMS envelope params reach token_login.
Extend the draft spec metadata to record PR numbers/URLs and updated notes for Story 2/3.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
`e2e/auth/stoken-login.spec.ts`	New regression E2E for LoginView sToken boundary error/URL behavior and non-sToken passthrough.
`e2e/app-launcher/edu-applauncher-stoken.spec.ts`	New regression E2E for EduAppLauncher sToken boundary + POST body forwarding assertions via route mocks.
`.specs/draft-stoken-login-boundary/metadata.json`	Adds PR linkage metadata and updates spec notes for FR-2616 story tracking.

yomybaby

LGTM

graphite-app · 2026-04-23T10:31:31Z

Merge activity

Apr 23, 10:31 AM UTC: yomybaby added this pull request to the Graphite merge queue.
Apr 23, 10:32 AM UTC: The Graphite merge queue couldn't merge this PR because it had merge conflicts.
Apr 23, 10:32 AM UTC: The Graphite merge queue couldn't merge this PR because it had merge conflicts.
Apr 24, 7:47 AM UTC: yomybaby added this pull request to the Graphite merge queue.
Apr 24, 7:50 AM UTC: Merged by the Graphite merge queue.

…ary (#6864) Resolves FR-2641, FR-2642 (under Story [FR-2627](https://lablup.atlassian.net/browse/FR-2627), Epic [FR-2616](https://lablup.atlassian.net/browse/FR-2616)) ## Summary Story 3 of Epic FR-2616: route `/edu-applauncher` and `/applauncher` now authenticate through `STokenLoginBoundary` before `EduAppLauncher` mounts. `_token_login` and the manual `backend-ai-connected` dispatch are removed from the component. ### Scope - **Route wrapping** (`react/src/routes.tsx`): both edu-app routes read `sToken` via `useSToken()` and URL params via `useQueryStates(eduAppExtraParamSpec)`, then wrap `EduAppLauncherPage` with `STokenLoginBoundary`. The URL is intentionally not stripped on success (the launcher still passes `sToken` prop through for `eduApp.get_user_credential` and other params drive the launch sequence). - **`EduAppLauncher` cleanup** (`react/src/components/EduAppLauncher.tsx`): - Removed `_token_login()` method and the URL parsing it owned. - Removed the manual `document.dispatchEvent(new CustomEvent('backend-ai-connected'))` call (the boundary now dispatches this exactly once). - **Removed the `auth` stage from `EduAppLaunchStage`** — authentication is no longer represented in the launcher's state machine or its stepper UI. Since the boundary runs `connectViaGQL` before `EduAppLauncher` mounts, the component always starts with a fully authenticated client. - **Deleted `_prepareProjectInformation()`** — `connectViaGQL` already populates `groups` / `groupIds` / `current_group` / `current_group_id` with a superset of the fields this helper fetched. - Proxy URL attach (`_attachProxyURL`) remains but is no longer labeled "auth"; failures now surface under the session step. - The stepper UI drops from 3 steps to 2 (`Preparing Session` → `Launching App`). - **`extraParams` allowlist** (`react/src/routes.tsx:eduAppExtraParamSpec`): added `api_version`, `date`, `endpoint`. These are part of the LMS signing envelope forwarded with `sToken` in the old URL-scan based `_token_login`; the nuqs migration replaced the scan with an explicit allowlist and had dropped them, causing manager-side auth hooks that validate the signature against these fields to reject `token_login` as tampered. ## Test plan - [x] `bash scripts/verify.sh` → `ALL PASS` - [ ] Manual: launch from LMS URL `/edu-applauncher?sToken=<signed>&app=jupyterlab&api_version=...&date=...&endpoint=...&session_id=...` and confirm: - `POST /server/token-login` body contains all extra keys (check DevTools Network tab) - Stepper shows 2 steps ("Preparing Session", "Launching App") — no "Authentication" step - Successful launch opens the app in a new tab - [ ] Regression scenarios covered by PR #6865 E2E: with / without `session_id`, invalid sToken surfaces stepper-integrated error **Checklist:** - [ ] Documentation - [ ] Minium required manager version - [ ] Specific setting for review (eg., KB link, endpoint or how to setup) - [x] Minimum requirements to check during review - [x] Test case(s) to demonstrate the difference of before/after ## Stack Story 3 of Epic FR-2616. See [dev plan](../blob/main/.specs/draft-stoken-login-boundary/dev-plan.md) for the full story breakdown. [FR-2627]: https://lablup.atlassian.net/browse/FR-2627 [FR-2616]: https://lablup.atlassian.net/browse/FR-2616

…6865) Resolves FR-2639 and FR-2643 (under Stories [FR-2626](https://lablup.atlassian.net/browse/FR-2626) / [FR-2627](https://lablup.atlassian.net/browse/FR-2627), Epic [FR-2616](https://lablup.atlassian.net/browse/FR-2616)) resolves #NNN (FR-MMM)   **Checklist:** (if applicable) - [ ] Documentation - [ ] Minium required manager version - [ ] Specific setting for review (eg., KB link, endpoint or how to setup) - [ ] Minimum requirements to check during review - [ ] Test case(s) to demonstrate the difference of before/after ## Stack Story 2/3 E2E regression for Epic FR-2616. Sits on top of the Story 2 (#6861) and Story 3 (#6864) implementation PRs. [FR-2626]: https://lablup.atlassian.net/browse/FR-2626?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ [FR-2627]: https://lablup.atlassian.net/browse/FR-2627?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ [FR-2616]: https://lablup.atlassian.net/browse/FR-2616?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ

github-actions Bot assigned nowgnuesLee Apr 22, 2026

github-actions Bot added the size:L 100~500 LoC label Apr 22, 2026

nowgnuesLee mentioned this pull request Apr 22, 2026

feat(FR-2627): migrate EduAppLauncher sToken path to STokenLoginBoundary #6864

Merged

8 tasks

nowgnuesLee force-pushed the 04-22-test_fr-2639_add_e2e_regression_for_stoken_login_boundary_routes branch from 2f4d85c to 08977bf Compare April 22, 2026 03:14

nowgnuesLee changed the base branch from 04-22-feat_fr-2627_migrate_eduapplauncher_stoken_path_to_stokenloginboundary to graphite-base/6865 April 22, 2026 03:28

nowgnuesLee force-pushed the graphite-base/6865 branch from 9fcac0c to b229d79 Compare April 22, 2026 03:43

nowgnuesLee force-pushed the 04-22-test_fr-2639_add_e2e_regression_for_stoken_login_boundary_routes branch from 08977bf to 658c9bd Compare April 22, 2026 03:44

nowgnuesLee force-pushed the graphite-base/6865 branch from b229d79 to 541721c Compare April 22, 2026 03:53

nowgnuesLee force-pushed the 04-22-test_fr-2639_add_e2e_regression_for_stoken_login_boundary_routes branch 2 times, most recently from 5dfc734 to 43f4e07 Compare April 22, 2026 09:03

nowgnuesLee mentioned this pull request Apr 22, 2026

fix(FR-2627): forward api_version/date/endpoint to token_login #6893

Closed

3 tasks

nowgnuesLee force-pushed the 04-22-test_fr-2639_add_e2e_regression_for_stoken_login_boundary_routes branch from 43f4e07 to a231db5 Compare April 22, 2026 09:18

nowgnuesLee force-pushed the graphite-base/6865 branch from ca03dc3 to 41da011 Compare April 22, 2026 09:18

nowgnuesLee mentioned this pull request Apr 22, 2026

feat(FR-2616): handle totp and concurrent-session inline in STokenLoginBoundary #6897

Merged

5 tasks

nowgnuesLee force-pushed the 04-22-test_fr-2639_add_e2e_regression_for_stoken_login_boundary_routes branch from a231db5 to 17f7358 Compare April 23, 2026 05:39

nowgnuesLee changed the base branch from graphite-base/6865 to 04-22-feat_fr-2627_migrate_eduapplauncher_stoken_path_to_stokenloginboundary April 23, 2026 05:39

nowgnuesLee marked this pull request as ready for review April 23, 2026 06:09

Copilot AI review requested due to automatic review settings April 23, 2026 06:09

Copilot started reviewing on behalf of nowgnuesLee April 23, 2026 06:10 View session

Copilot AI reviewed Apr 23, 2026

View reviewed changes

Comment thread e2e/auth/stoken-login.spec.ts

Comment thread e2e/app-launcher/edu-applauncher-stoken.spec.ts

Comment thread e2e/app-launcher/edu-applauncher-stoken.spec.ts

nowgnuesLee force-pushed the 04-22-feat_fr-2627_migrate_eduapplauncher_stoken_path_to_stokenloginboundary branch from 41da011 to 7fba64c Compare April 23, 2026 07:57

nowgnuesLee force-pushed the 04-22-test_fr-2639_add_e2e_regression_for_stoken_login_boundary_routes branch from 17f7358 to a1a4a7a Compare April 23, 2026 07:57

nowgnuesLee force-pushed the 04-22-feat_fr-2627_migrate_eduapplauncher_stoken_path_to_stokenloginboundary branch from 7fba64c to 907c539 Compare April 23, 2026 08:02

nowgnuesLee force-pushed the 04-22-test_fr-2639_add_e2e_regression_for_stoken_login_boundary_routes branch 2 times, most recently from 6f5b6cd to abeb16c Compare April 23, 2026 08:35

nowgnuesLee force-pushed the 04-22-feat_fr-2627_migrate_eduapplauncher_stoken_path_to_stokenloginboundary branch from 907c539 to 87f643c Compare April 23, 2026 08:35

yomybaby approved these changes Apr 23, 2026

View reviewed changes

graphite-app Bot changed the base branch from 04-22-feat_fr-2627_migrate_eduapplauncher_stoken_path_to_stokenloginboundary to graphite-base/6865 April 23, 2026 10:37

nowgnuesLee force-pushed the 04-22-test_fr-2639_add_e2e_regression_for_stoken_login_boundary_routes branch from abeb16c to d650bff Compare April 24, 2026 07:30

nowgnuesLee force-pushed the graphite-base/6865 branch from 87f643c to 547b702 Compare April 24, 2026 07:30

nowgnuesLee changed the base branch from graphite-base/6865 to main April 24, 2026 07:30

github-actions Bot added size:XL 500~ LoC and removed size:L 100~500 LoC labels Apr 24, 2026

graphite-app Bot force-pushed the 04-22-test_fr-2639_add_e2e_regression_for_stoken_login_boundary_routes branch from d650bff to d7fb3b2 Compare April 24, 2026 07:48

graphite-app Bot merged commit d7fb3b2 into main Apr 24, 2026
8 checks passed

graphite-app Bot deleted the 04-22-test_fr-2639_add_e2e_regression_for_stoken_login_boundary_routes branch April 24, 2026 07:50

github-pages Bot temporarily deployed to github-pages April 24, 2026 07:50 Inactive

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

test(FR-2639): add E2E regression for sToken login boundary routes#6865

test(FR-2639): add E2E regression for sToken login boundary routes#6865
graphite-app[bot] merged 1 commit into
mainfrom
04-22-test_fr-2639_add_e2e_regression_for_stoken_login_boundary_routes

nowgnuesLee commented Apr 22, 2026 •

edited by atlassian Bot

Loading

Uh oh!

nowgnuesLee commented Apr 22, 2026 •

edited

Loading

Uh oh!

Copilot AI left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

yomybaby left a comment

Uh oh!

graphite-app Bot commented Apr 23, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

nowgnuesLee commented Apr 22, 2026 • edited by atlassian Bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Stack

Uh oh!

nowgnuesLee commented Apr 22, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

How to use the Graphite Merge Queue

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Reviewed changes

Uh oh!

Uh oh!

Uh oh!

Uh oh!

yomybaby left a comment

Choose a reason for hiding this comment

Uh oh!

graphite-app Bot commented Apr 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Merge activity

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

nowgnuesLee commented Apr 22, 2026 •

edited by atlassian Bot

Loading

nowgnuesLee commented Apr 22, 2026 •

edited

Loading

graphite-app Bot commented Apr 23, 2026 •

edited

Loading