Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] clientCertificates troubleshooting #32004

Closed
mxschmitt opened this issue Aug 5, 2024 · 15 comments
Closed

[BUG] clientCertificates troubleshooting #32004

mxschmitt opened this issue Aug 5, 2024 · 15 comments
Labels

Comments

@mxschmitt
Copy link
Member

          > Update: This issue should be fixed in the latest [@canary](https://playwright.dev/docs/canary-releases). See #31906 for further discussions.

Hi @mxschmitt I have tried this with the beta release and testOptions but it doesn't works as expected, I am still getting the pop-up asking to select the certificate.

image

here's my config:
image

package.json:
image

test file:
image

Originally posted by @amitAutoS in #1799 (comment)

@mxschmitt
Copy link
Member Author

@amitAutoS posting it here, so that we don't send notifications to the others. I see you are on Windows, are you using Google Chrome by any chance?

Do you mind providing us your full playwright.config.ts?

@amitAutoS
Copy link

@amitAutoS posting it here, so that we don't send notifications to the others. I see you are on Windows, are you using Google Chrome by any chance?

Do you mind providing us your full playwright.config.ts?

sure, here it is:

import { defineConfig, devices } from "@playwright/test";
import { resolve } from "path";
import { readFileSync } from "fs";

/**

  • See https://playwright.dev/docs/test-configuration.
    /
    // const pfxPaths = resolve(__dirname, "./certs/DavidJonesTest_G5.pfx");
    // console.log("pfxPaths: " + pfxPaths);
    export default defineConfig({
    testDir: "./e2e",
    /
    Run tests in files in parallel /
    fullyParallel: true,
    /
    Fail the build on CI if you accidentally left test.only in the source code. /
    forbidOnly: !!process.env.CI,
    /
    Retry on CI only /
    retries: process.env.CI ? 2 : 0,
    /
    Opt out of parallel tests on CI. /
    workers: process.env.CI ? 1 : undefined,
    /
    Reporter to use. See https://playwright.dev/docs/test-reporters /
    reporter: [["list"], ["html", { open: "never" }]],
    /
    Shared settings for all the projects below. See https://playwright.dev/docs/api/class-testoptions. /
    use: {
    /
    Base URL to use in actions like await page.goto('/'). */
    // baseURL: 'http://127.0.0.1:3000',

    /* Collect trace when retrying the failed test. See https://playwright.dev/docs/trace-viewer */
    trace: "on-first-retry",
    headless: false,
    ignoreHTTPSErrors: true,
    clientCertificates: [
    {
    origin: "https://myurl.com/",
    pfxPath: "C:/Users/myusername/Downloads/client_cert/Test_G5.pfx",
    passphrase: "passwordhere",
    },
    ],
    },

/* Configure projects for major browsers /
projects: [
// {
// name: "chromium",
// use: {
// ...devices["Desktop Chrome"],
// },
// },
// {
// name: "firefox",
// use: {
// ...devices["Desktop Firefox"],
// },
// },
// {
// name: "webkit",
// use: { ...devices["Desktop Safari"] },
// },
/
Test against branded browsers. */
// {
// name: 'Microsoft Edge',
// use: { ...devices['Desktop Edge'], channel: 'msedge' },
// },
{
name: "Google Chrome",
use: { ...devices["Desktop Chrome"], channel: "chrome" },
},
],

/* Run your local dev server before starting the tests */
// webServer: {
// command: 'npm run start',
// url: 'http://127.0.0.1:3000',
// reuseExistingServer: !process.env.CI,
// },
});

@mxschmitt
Copy link
Member Author

mxschmitt commented Aug 5, 2024

I see! Google chrome has a bug (which is already fixed on beta). In order to workaround it, you need to specify a "dummy proxy" on global level. e.g.

    launchOptions: {
      proxy: {
        server: 'per-context'
      }
    }

You should be able to remove this workaround in when chrome releases version 128 on Tue, Aug 20, 2024.

@amitAutoS
Copy link

I'll try the chrome workaround but I tried on Firefox browser. I do not see the cert popup anymore with the settings I shared above but the page keeps on loading but fail to load the URL I am trying. ANd just dies there.
Shouldn't it be working with the cert options set in config file?

image

@amitAutoS
Copy link

And Edge browser is also showing same popup still?

image

@mxschmitt
Copy link
Member Author

mxschmitt commented Aug 5, 2024

Yes Edge Stable and Chrome Stable have both the same bug. Could you try e.g. just chromium -> no channel?

Firefox is hanging which is unexpected!

@amitAutoS
Copy link

Tried Chromium with no channel. Same behavior as Firefox. Tried to load the page(I dont see the cert popup) but couldn't load and dies.

@mxschmitt
Copy link
Member Author

Could you try to set the DEBUG=pw:client-certificates environment variable and rerun it? If this doesn't yield anything helpful, we need to add more debug logs to troubleshoot this issue.

@amitAutoS
Copy link

getting this error:

image

@mxschmitt
Copy link
Member Author

So no additional output when you set the envs? Do you mind pinging me on Discord? Happy to investigate further there.

@ArmandGrechScerri
Copy link

I am also encountering the exact same above issue. Has a fix/ workaround been found?

@mxschmitt
Copy link
Member Author

I am also encountering the exact same above issue. Has a fix/ workaround been found?

Please provide us your config file, this would help us a ton in order to triage this issue further.

@ArmandGrechScerri
Copy link

ArmandGrechScerri commented Aug 12, 2024

We use a bit of a custom launcher. I can also ping you on discord for more data and info. Here is the config I am using for this specific issue:

import { cpus } from "os";

import type { PlaywrightTestConfig } from "@playwright/test";
import { loadProjects } from "e2e/src/services/playwright.service";

// Generate unique output folder to store old local test run reports
const currentDateTime = new Date().toISOString().replace(/[:.]/g, "_").slice(0, -1);
const localOutputFolder = `../test-reports/obgaj-end-to-end-${currentDateTime}`;

const ciOutputFolder = `../test-reports`;

/**
 * See https://playwright.dev/docs/test-configuration.
 */
const config: PlaywrightTestConfig = {
	testDir: `../../../apps/${process.env.PWC_DOMAIN ?? "adaptive"}/end-to-end`,
	/* Maximum time one test can run for. */
	timeout: 180_000,
	expect: {
		/**
		 * Maximum time expect() should wait for the condition to be met.
		 * For example in `await expect(locator).toHaveText();`
		 */
		timeout: 20_000,
	},
	/* Run tests in files in parallel */
	fullyParallel: true,
	/* Retry on CI only */
	retries: 1,
	/* Opt out of parallel tests on CI. */
	workers: process.env.CI ? 3 : Math.floor(cpus().length * 0.35),
	/* Reporter to use. See https://playwright.dev/docs/test-reporters */
	reporter: process.env.CI
		? [["blob", { outputDir: ciOutputFolder }]]
		: [["list"], ["html", { outputFolder: localOutputFolder }], ["../src/custom-reporters/pass-rate-reporter.ts"]],
	/* Shared settings for all the projects below. See https://playwright.dev/docs/api/class-testoptions. */
	use: {
		headless: true,
		viewport: { width: 1280, height: 720 },
		ignoreHTTPSErrors: true,
		video: process.env.CI ? "off" : "retain-on-failure",
		trace: process.env.CI ? "off" : "on-first-retry",
		screenshot: "only-on-failure",
		navigationTimeout: 30_000,
		testIdAttribute: "data-test-id",
		actionTimeout: 30_000,
		clientCertificates: [
			{
				origin: "*ORIGIN URL*",
				certPath: "../certs/cert.pem",
				keyPath: "../certs/key.pem",
				passphrase: "*PASSPHRASE*",
			},
		],
	},
	testMatch: /.*e2e\.(js|ts|mjs)/,
	projects: loadProjects(),
};

export default config;

@mxschmitt
Copy link
Member Author

Feel free to ping me on Discord. loadProjects would be the interesting piece.

mxschmitt added a commit that referenced this issue Aug 14, 2024
Certain https servers like Microsoft IIS aka. TLS servers do the TLS
renegotiation after the TLS handshake. This ends up in two
`'secureConnect'` events due to an upstream Node.js bug:
nodejs/node#54362

Drive-by: Move other listeners like `'close'` / `'end'` to `once()` as
well.

Relates #32004
mxschmitt added a commit that referenced this issue Aug 14, 2024
…enegotiation

Certain https servers like Microsoft IIS aka. TLS servers do the TLS
renegotiation after the TLS handshake. This ends up in two
`'secureConnect'` events due to an upstream Node.js bug:
nodejs/node#54362

Drive-by: Move other listeners like `'close'` / `'end'` to `once()` as
well.

Relates #32004
@mxschmitt
Copy link
Member Author

mxschmitt commented Aug 15, 2024

I'm going to close this one for now since I believe the issues in this issue were addressed. We recommend

npm install -D @playwright/test@beta

until we have released v1.46.1. Thank you both for your time to debug these issues together. For further reference:

For future users running into issues, please file separate bug reports - thanks!

@mxschmitt mxschmitt added v1.46 and removed v1.47 labels Aug 15, 2024
kodiakhq bot referenced this issue in cloudquery/cloudquery Sep 1, 2024
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | devDependencies | patch | [`1.46.0` -> `1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.46.0/1.46.1) |
| [@playwright/test](https://playwright.dev) ([source](https://togithub.com/microsoft/playwright)) | devDependencies | minor | [`1.45.3` -> `1.46.1`](https://renovatebot.com/diffs/npm/@playwright%2ftest/1.45.3/1.46.1) |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>microsoft/playwright (@&#8203;playwright/test)</summary>

### [`v1.46.1`](https://togithub.com/microsoft/playwright/releases/tag/v1.46.1)

[Compare Source](https://togithub.com/microsoft/playwright/compare/v1.46.0...v1.46.1)

##### Highlights

[https://github.com/microsoft/playwright/issues/32004](https://togithub.com/microsoft/playwright/issues/32004) - \[REGRESSION]: Client Certificates don't work with Microsoft IIS[https://github.com/microsoft/playwright/issues/32004](https://togithub.com/microsoft/playwright/issues/32004)4 - \[REGRESSION]: Websites stall on TLS handshake errors when using Client Certificate[https://github.com/microsoft/playwright/issues/32146](https://togithub.com/microsoft/playwright/issues/32146)46 - \[BUG]: Credential scanners warn about internal socks-proxy TLS certificat[https://github.com/microsoft/playwright/issues/32056](https://togithub.com/microsoft/playwright/issues/32056)056 - \[REGRESSION]: 1.46.0 (TypeScript) - custom fixtures extend no longer chaina[https://github.com/microsoft/playwright/issues/32070](https://togithub.com/microsoft/playwright/issues/32070)2070 - \[Bug]: --only-changed flag and project dependen[https://github.com/microsoft/playwright/issues/32188](https://togithub.com/microsoft/playwright/issues/32188)32188 - \[Bug]: --only-changed with shallow clone throws "unknown revision" error

##### Browser Versions

-   Chromium 128.0.6613.18
-   Mozilla Firefox 128.0
-   WebKit 18.0

This version was also tested against the following stable channels:

-   Google Chrome 127
-   Microsoft Edge 127

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.

---

 - [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants