Skip to content

test: stop login tests from opening real browser tabs#375

Open
gtsiolis wants to merge 2 commits into
mainfrom
devx-982-make-test-opens-real-browser-tabs-3c06
Open

test: stop login tests from opening real browser tabs#375
gtsiolis wants to merge 2 commits into
mainfrom
devx-982-make-test-opens-real-browser-tabs-3c06

Conversation

@gtsiolis

@gtsiolis gtsiolis commented Jul 9, 2026

Copy link
Copy Markdown
Member

Problem

The device-flow login opens the auth URL in a real browser (browser.OpenURL in internal/auth/login.go). The UI login tests and the integration login tests exercise the real login flow against an httptest.Server, so running make test / make test-integration on a machine with a GUI spawned real browser tabs (three from the unit tests, two from the integration tests). It's invisible in CI because headless runners have no open/xdg-open target, so the open just fails silently.

Worse than a nuisance: the auth URL is built from the web app URL, not the API endpoint, and the integration tests only overrode LSTK_API_ENDPOINT — so the two integration-test tabs pointed at the production https://app.localstack.cloud/auth/request/… with synthetic auth-request IDs.

This is a test-side issue only — auto-opening the browser on a real lstk login is intended (DEVX-530).

Changes

No change to login behavior; the only production-code change is a test seam.

  • internal/auth: loginProvider gains an injectable openBrowser func(string) error field (defaulting to the existing browser.OpenURL call, moved into defaultOpenBrowser). auth.New accepts variadic Options, with WithBrowserOpener to override the opener.
  • TUI login tests (internal/ui/run_login_test.go): all three device-flow tests inject a browserRecorder via auth.WithBrowserOpener and now assert the exact URL that would have been opened.
  • Integration tests (test/integration/login_test.go): the real binary can't take a Go func, so a new fakeBrowserOpener helper prepends a temp dir to PATH with fake open/xdg-open/x-www-browser/www-browser scripts that record the URL to a file instead of spawning a tab. Both device-flow tests assert the recorded URL and set LSTK_WEB_APP_URL to the mock server (alongside the existing LSTK_API_ENDPOINT override), making them fully hermetic — nothing references production anymore.
  • test/integration/env: new Path and WebAppURL env keys.

Both assertions fail before the fix (no URL recorded / real tab) and pass after.

The device-flow login opens the auth URL in a real browser via
browser.OpenURL. The UI and integration login tests exercise the real
login flow, so running `make test`/`make test-integration` on a machine
with a GUI spawned real browser tabs (invisible in CI, where the open
fails silently).

Add two seams:

- Unit: make the opener injectable via a new auth.WithBrowserOpener
  option on auth.New (loginProvider.openBrowser defaults to
  browser.OpenURL). The UI tests inject a recorder and assert the URL
  that would have been opened.
- Integration (real binary, no Go seam): prepend a temp dir to PATH with
  fake open/xdg-open scripts that record the URL to a file, then assert
  it. No production-code changes needed there.

Generated with [Linear](https://linear.app/localstack/issue/DEVX-982/make-test-opens-real-browser-tabs#agent-session-19a20b08)

Co-authored-by: linear-code[bot] <222613912+linear-code[bot]@users.noreply.github.com>
@gtsiolis gtsiolis added semver: patch docs: skip Pull request does not require documentation changes labels Jul 9, 2026
The device-flow tests overrode LSTK_API_ENDPOINT but the auth URL opened
in the browser is built from LSTK_WEB_APP_URL, which stayed at the
production default - so the recorded URL was app.localstack.cloud, not
the mock server. Point the web app URL at the mock server too, making
the tests fully hermetic.
@gtsiolis gtsiolis self-assigned this Jul 9, 2026
@gtsiolis gtsiolis marked this pull request as ready for review July 9, 2026 09:27
@gtsiolis gtsiolis requested a review from a team as a code owner July 9, 2026 09:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

docs: skip Pull request does not require documentation changes semver: patch

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant