DPC-4353 run automated accessibility tests

.github/workflows/dpc-portal-accessibility-test.yml

@@ -0,0 +1,15 @@
+name: dpc-portal accessibility test
+
+on:
+  workflow_dispatch:
+
+jobs:
+  test:
+    name: 'Run Axe Accessibility tests on DPC-Portal'
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@v1
+      - name: "Run Tests"
+        run: |
+          make ci-portal-accessibility

Makefile

@@ -215,6 +215,10 @@ ci-admin-portal: secure-envs
 ci-portal: secure-envs
 	@./dpc-portal-test.sh
 
+.PHONY: ci-portal-accessibility
+ci-portal-accessibility: secure-envs
+	@./dpc-portal-accessibility-test.sh
+
 .PHONY: ci-web-portal
 ci-web-portal: secure-envs
 	@./dpc-web-portal-test.sh

docker-compose.portals.yml

@@ -142,7 +142,7 @@ services:
 
       # Mount coverage and utility files
       - "./dpc-portal/coverage:/dpc-portal/coverage"
-      - ./tmp/letter_opener/portal:/dpc-portal/tmp/letter_opener
+      - ./tmp:/dpc-portal/tmp
     env_file:
       - ./ops/config/decrypted/local.env
     environment:

dpc-portal-accessibility-test.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+set -e
+
+function _finally {
+    docker compose -p start-v1-portals -f docker-compose.yml -f docker-compose.portals.yml down
+    docker volume rm start-v1-portals_pgdata14
+}
+trap _finally EXIT
+
+echo "┌──────────────---───────--------------──┐"
+echo "│                                        │"
+echo "│ Setting up Portal Accessibility Tests  |"
+echo "│                                        │"
+echo "└───────────────────-----------------────┘"
+
+# Build the container
+make portal
+
+# Prepare the environment 
+docker compose -p start-v1-portals -f docker-compose.yml -f docker-compose.portals.yml up start_core_dependencies
+docker compose -p start-v1-portals -f docker-compose.yml -f docker-compose.portals.yml run --entrypoint "bundle exec rails db:create db:migrate RAILS_ENV=test" dpc_portal
+
+# Run the tests
+echo "┌──────────────---───────--------------──┐"
+echo "│                                        │"
+echo "│   Running Portal Accessibility Tests   |"
+echo "│                                        │"
+echo "└──-─────────────────────────────-------─┘"
+
+docker compose -p start-v1-portals -f docker-compose.yml -f docker-compose.portals.yml run --entrypoint docker/accessibility-test.sh dpc_portal
+
+echo "┌──────────────---───────--------------──┐"
+echo "│                                        │"
+echo "│  Portal Accessibility Tests Complete   │"
+echo "│                                        │"
+echo "└──-─────────────────────────────-------─┘"

dpc-portal/Gemfile

@@ -88,7 +88,9 @@ group :development do
 end
 
 group :test do
-  gem 'capybara', '>= 2.15'
+  gem 'axe-core-capybara'
+  gem 'axe-core-rspec'
+  gem 'capybara'
   gem 'climate_control'
   gem 'fakefs', require: 'fakefs/safe'
   gem 'fakeredis'

dpc-portal/Gemfile.lock

@@ -112,6 +112,22 @@ GEM
       jmespath (~> 1, >= 1.6.1)
     aws-sigv4 (1.10.0)
       aws-eventstream (~> 1, >= 1.0.2)
+    axe-core-api (4.10.1)
+      dumb_delegator
+      ostruct
+      virtus
+    axe-core-capybara (4.10.1)
+      axe-core-api (= 4.10.1)
+      dumb_delegator
+    axe-core-rspec (4.10.1)
+      axe-core-api (= 4.10.1)
+      dumb_delegator
+      ostruct
+      virtus
+    axiom-types (0.1.1)
+      descendants_tracker (~> 0.0.4)
+      ice_nine (~> 0.11.0)
+      thread_safe (~> 0.3, >= 0.3.1)
     base64 (0.2.0)
     bcp47 (0.3.3)
       i18n
@@ -139,6 +155,8 @@ GEM
     cgi (0.4.1)
     climate_control (1.2.0)
     coderay (1.1.3)
+    coercible (1.0.0)
+      descendants_tracker (~> 0.0.1)
     concurrent-ruby (1.3.4)
     connection_pool (2.4.1)
     crack (1.0.0)
@@ -156,6 +174,8 @@ GEM
     database_cleaner-core (2.0.1)
     date (3.3.4)
     date_time_precision (0.8.1)
+    descendants_tracker (0.0.4)
+      thread_safe (~> 0.3, >= 0.3.1)
     devise (4.9.4)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
@@ -174,6 +194,7 @@ GEM
       dotenv (= 3.1.2)
       railties (>= 6.1)
     drb (2.2.1)
+    dumb_delegator (1.0.0)
     email_validator (2.2.4)
       activemodel
     erubi (1.13.0)
@@ -213,8 +234,9 @@ GEM
       railties (>= 5.0)
     htmlbeautifier (1.4.3)
     htmlentities (4.3.4)
-    i18n (1.14.5)
+    i18n (1.14.6)
       concurrent-ruby (~> 1.0)
+    ice_nine (0.11.2)
     io-console (0.7.2)
     irb (1.14.1)
       rdoc (>= 4.0.0)
@@ -344,6 +366,7 @@ GEM
       validate_url
       webfinger (~> 2.0)
     orm_adapter (0.5.0)
+    ostruct (0.6.0)
     parallel (1.26.3)
     parser (3.3.4.2)
       ast (~> 2.4.1)
@@ -522,6 +545,7 @@ GEM
       eventmachine (~> 1.0, >= 1.0.4)
       rack (>= 1, < 3)
     thor (1.3.1)
+    thread_safe (0.3.6)
     tilt (2.4.0)
     timecop (0.9.10)
     timeout (0.4.1)
@@ -537,10 +561,14 @@ GEM
       activemodel (>= 3.0.0)
       public_suffix
     version_gem (1.1.4)
-    view_component (3.13.0)
-      activesupport (>= 5.2.0, < 8.0)
+    view_component (3.19.0)
+      activesupport (>= 5.2.0, < 8.1)
       concurrent-ruby (~> 1.0)
       method_source (~> 1.0)
+    virtus (2.0.0)
+      axiom-types (~> 0.1)
+      coercible (~> 1.0)
+      descendants_tracker (~> 0.0, >= 0.0.3)
     warden (1.2.9)
       rack (>= 2.0.9)
     webdrivers (5.3.1)
@@ -582,11 +610,13 @@ DEPENDENCIES
   audited
   auto-session-timeout
   aws-sdk-cloudwatch
+  axe-core-capybara
+  axe-core-rspec
   bootsnap (>= 1.4.2)
   bundler (>= 1.15.0)
   bundler-audit
   byebug
-  capybara (>= 2.15)
+  capybara
   climate_control
   database_cleaner
   devise (>= 4.9.3)

dpc-portal/app/controllers/invitations_controller.rb

@@ -12,6 +12,7 @@ class InvitationsController < ApplicationController
   before_action :verify_ao_invitation, only: %i[accept confirm]
   before_action :verify_cd_invitation, only: %i[code verify_code confirm_cd]
   before_action :check_for_token, only: %i[accept confirm confirm_cd register]
+  before_action :block_test_utilities, only: %i[set_idp_token]
 
   def show
     render(Page::Invitations::StartComponent.new(@organization, @invitation))
@@ -92,6 +93,12 @@ def renew
     redirect_to accept_organization_invitation_url(@organization, @invitation)
   end
 
+  def set_idp_token
+    session[:login_dot_gov_token] = 'token'
+    session[:login_dot_gov_token_exp] = 2.days.from_now
+    head :ok
+  end
+
   private
 
   def invitation_matches_user
@@ -249,6 +256,10 @@ def check_for_token
     render(Page::Invitations::InvitationLoginComponent.new(@invitation))
   end
 
+  def block_test_utilities
+    render plain: :forbidden, status: :forbidden unless Rails.env.test?
+  end
+
   def log_ao_verification_error(error, service_unavailable)
     if service_unavailable
       logger.error(['CPI API Gateway unavailable',

dpc-portal/config/environments/test.rb

@@ -42,7 +42,8 @@
 
   config.action_mailer.default_url_options = { host: 'localhost', port: 3100 }
   config.action_mailer.asset_host = "http://localhost:3100"
-
+  # Need to have this set up for capybara accessibility tests
+  config.action_controller.asset_host = "file://#{::Rails.root}/public" if ENV['ACCESSIBILITY'] == 'true'
   # Tell Action Mailer not to deliver emails to the real world.
   # The :test delivery method accumulates sent emails in the
   # ActionMailer::Base.deliveries array.

dpc-portal/config/routes.rb

@@ -37,6 +37,7 @@
       post 'login', on: :member
       post 'renew', on: :member
       get 'confirm_cd', on: :member
+      get 'set_idp_token', on: :member
     end
     get 'tos_form', on: :member
     post 'sign_tos', on: :member

dpc-portal/docker/accessibility-test.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+
+apk add --no-cache firefox
+ACCESSIBILITY=true bundle exec rspec --tag type:system --format documentation

dpc-portal/spec/rails_helper.rb

@@ -7,6 +7,7 @@
 # Prevent database truncation if the environment is production
 abort('The Rails environment is running in production mode!') if Rails.env.production?
 require 'rspec/rails'
+require 'capybara/rails'
 require 'support/component_support'
 require 'support/dpc_client_support'
 require 'support/match_html_fragment'

dpc-portal/spec/requests/invitations_spec.rb

@@ -735,6 +735,26 @@
       end
     end
   end
+
+  describe 'GET /set_idp_token' do
+    let(:invitation) { create(:invitation, :ao) }
+    let(:org_id) { invitation.provider_organization.id }
+
+    it_behaves_like 'an invitation endpoint', :get, 'set_idp_token' do
+      let(:invitation) { create(:invitation, :ao) }
+    end
+
+    it 'should succeed in Rails.test' do
+      get "/organizations/#{org_id}/invitations/#{invitation.id}/set_idp_token"
+      expect(response).to be_ok
+      expect(response.body).to be_blank
+    end
+    it 'should fail outside Rails.test' do
+      allow(Rails.env).to receive(:test?).and_return false
+      get "/organizations/#{org_id}/invitations/#{invitation.id}/set_idp_token"
+      expect(response).to be_forbidden
+    end
+  end
 end
 
 def log_in

dpc-portal/spec/spec_helper.rb

@@ -2,6 +2,9 @@
 
 require 'simplecov'
 
+require 'axe-rspec'
+require 'capybara/rspec'
+
 SimpleCov.start 'rails' do
   add_group 'Serializers', 'app/serializers'
   add_group 'Services', 'app/services'
@@ -27,7 +30,7 @@
 end
 
 require 'webmock/rspec'
-WebMock.disable_net_connect!(allow_localhost: true)
+WebMock.disable_net_connect!(allow_localhost: true, allow: ['github.com', 'objects.githubusercontent.com'])
 
 require 'support/fake_cpi_gateway'
 
@@ -47,6 +50,7 @@
 #
 # See https://rubydoc.info/gems/rspec-core/RSpec/Core/Configuration
 RSpec.configure do |config|
+  config.filter_run_excluding type: :system
   # rspec-expectations config goes here. You can use an alternate
   # assertion/expectation library such as wrong or the stdlib/minitest
   # assertions if you prefer.

dpc-portal/spec/system/accessibility_spec.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Accessibility', type: :system do
+  include Devise::Test::IntegrationHelpers
+  include DpcClientSupport
+  before do
+    driven_by(:selenium_headless)
+  end
+  let(:dpc_api_organization_id) { 'some-gnarly-guid' }
+  context 'login' do
+    it 'shows login page ok' do
+      visit '/users/sign_in'
+      expect(page).to_not have_text('You need to sign in or sign up before continuing.')
+      expect(page).to have_text('Sign in')
+      expect(page).to be_axe_clean
+    end
+  end
+end