debugging integration tests [WIP]

Author: fisx

integration/test/SetupHelpers.hs

@@ -522,7 +522,12 @@ loginWithSamlWithZHost mbZHost domain expectSuccess tid nameId (iid, (meta, priv
   let spMetaData = toSPMetaData spmeta.body
       parsedAuthnReq = parseAuthnReqResp authnreq.body
   authnReqResp <- makeAuthnResponse nameId privcreds idpConfig spMetaData parsedAuthnReq
+
+  -- in the next line, validateLoginResp fails: we expect success (and on develop we get it), but here we get --
   mUid <- finalizeSamlLoginWithZHost domain mbZHost tid authnReqResp `bindResponse` validateLoginResp
+
+  -- <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"><html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"><head>  <title>wire:sso:success</title>   <script type="text/javascript">       const receiverOrigin = '*';       ;   </script></head></html>
+
   pure (mUid, authnReqResp)
   where
     toSPMetaData :: ByteString -> SAML.SPMetadata
@@ -555,6 +560,7 @@ loginWithSamlWithZHost mbZHost domain expectSuccess tid nameId (iid, (meta, priv
     hasPersistentCookieHeader :: Response -> App (Maybe String)
     hasPersistentCookieHeader rsp = do
       let mCookie = getCookie "zuid" rsp
+      () <- error $ show (rsp, mCookie) -- in testIdpUpdateMinimal, there should be a set-cookie header, but there isn't.
       case mCookie of
         Nothing -> do
           expectSuccess `shouldMatch` False

integration/test/Test/Spar.hs

@@ -886,6 +886,25 @@ testIdpUpdate = do
   for_ uids $ \(_, email) -> do
     void $ loginWithSamlEmail True tid email idp3
 
+testIdpUpdateMinimal :: (HasCallStack) => App ()
+testIdpUpdateMinimal = do
+  (owner, tid, []) <- createTeam OwnDomain 1
+  void $ setTeamFeatureStatus owner tid "sso" "enabled"
+  -- register an IdP
+  idp@(idpId, _) <- do
+    (resp, meta) <- registerTestIdPWithMetaWithPrivateCreds owner
+    (,meta) <$> asString (resp.json %. "id")
+  -- create a SCIM token
+  tok <-
+    createScimToken owner (def {idp = Just idpId}) `bindResponse` \resp -> do
+      resp.status `shouldMatchInt` 200
+      resp.json %. "token" >>= asString
+  -- create a user via scim and try to login with saml
+  scimUser <- randomScimUser
+  createScimUser owner tok scimUser >>= assertSuccess
+  email <- scimUser %. "emails" >>= asList >>= assertOne >>= (%. "value") >>= asString
+  void $ loginWithSamlEmail True tid email idp
+
 -- @SF.Provisioning @TSFI.RESTfulAPI @S2
 --
 -- Allow updates of E2EI enabled users only via SCIM