Implement direct login in cypress tests

- there is a manualLogin for tests which test the manual logging in, all
  others just set the cookie in the frontend

cypress/integration/administration/TagsAndCategories.feature

@@ -14,9 +14,8 @@ Feature: Tags and Categories
   looking at the popularity of a tag.
 
   Background:
-    Given my user account has the role "admin"
+    Given I am logged in with a "admin" role
     And we have a selection of tags and categories as well as posts
-    And I am logged in
 
   Scenario: See an overview of categories
     When I navigate to the administration dashboard

cypress/integration/common/report.js

@@ -32,15 +32,20 @@ Given("I see David Irving's post on the post page", page => {
 Given('I am logged in with a {string} role', role => {
   cy.factory().build('user', {
     termsAndConditionsAgreedVersion: VERSION,
-    role
+    role,
+    name: `${role} is my name`
   }, {
     email: `${role}@example.org`,
     password: '1234',
   })
-  cy.login({
-    email: `${role}@example.org`,
-    password: '1234'
-  })
+  cy.neode()
+    .first("User", {
+      name: `${role} is my name`,
+    })
+    .then(async user => {
+      const userJson = await user.toJson()
+      cy.login(userJson)
+    })
 })
 
 When('I click on "Report Post" from the content menu of the post', () => {

cypress/integration/common/steps.js

@@ -35,9 +35,27 @@ const annoyingParams = {
 };
 
 Given("I am logged in", () => {
-  cy.login(loginCredentials);
+  cy.neode()
+    .first("User", {
+      name: narratorParams.name
+    })
+    .then(async user => {
+      const userJson = await user.toJson()
+      cy.login(userJson)
+    })
 });
 
+Given("I log in as {string}", name => {
+  cy.neode()
+    .first("User", {
+      name
+    })
+    .then(async user => {
+      const userJson = await user.toJson()
+      cy.login(userJson)
+    })
+})
+
 Given("the {string} user searches for {string}", (_, postTitle) => {
   cy.logout()
     .login({ email: annoyingParams.email, password: '1234' })
@@ -122,7 +140,7 @@ Given("I am on the {string} page", page => {
 });
 
 When("I fill in my email and password combination and click submit", () => {
-  cy.login(loginCredentials);
+  cy.manualLogin(loginCredentials);
 });
 
 When(/(?:when )?I refresh the page/, () => {
@@ -306,12 +324,21 @@ Then(
   }
 );
 
-Given("my user account has the following login credentials:", table => {
+Given("I am logged in with these credentials:", table => {
   loginCredentials = table.hashes()[0];
   cy.debug();
   cy.factory().build("user", {
     ...termsAndConditionsAgreedVersion,
+    name: loginCredentials.email,
   }, loginCredentials);
+  cy.neode()
+    .first("User", {
+      name: loginCredentials.email,
+    })
+    .then(async user => {
+      const userJson = await user.toJson()
+      cy.login(userJson)
+    })
 });
 
 When("I fill the password form with:", table => {
@@ -330,45 +357,16 @@ When("submit the form", () => {
 
 Then("I cannot login anymore with password {string}", password => {
   cy.reload();
-  const {
-    email
-  } = loginCredentials;
-  cy.visit(`/login`);
-  cy.get("input[name=email]")
-    .trigger("focus")
-    .type(email);
-  cy.get("input[name=password]")
-    .trigger("focus")
-    .type(password);
-  cy.get("button[name=submit]")
-    .as("submitButton")
-    .click();
-  cy.get(".iziToast-wrapper").should(
-    "contain",
-    "Incorrect email address or password."
-  );
+  const { email } = loginCredentials
+  cy.manualLogin({ email, password })
+    .get(".iziToast-wrapper").should("contain", "Incorrect email address or password.");
 });
 
 Then("I can login successfully with password {string}", password => {
   cy.reload();
-  cy.login({
-    ...loginCredentials,
-    ...{
-      password
-    }
-  });
-  cy.get(".iziToast-wrapper").should("contain", "You are logged in!");
-});
-
-When("I log in with the following credentials:", table => {
-  const {
-    email,
-    password
-  } = table.hashes()[0];
-  cy.login({
-    email,
-    password
-  });
+  const { email } = loginCredentials
+  cy.manualLogin({ email, password })
+    .get(".iziToast-wrapper").should("contain", "You are logged in!");
 });
 
 When("open the notification menu and click on the first item", () => {
@@ -559,18 +557,6 @@ When("a user has blocked me", () => {
     });
 });
 
-When("I log in with:", table => {
-  const [firstRow] = table.hashes();
-  const {
-    Email,
-    Password
-  } = firstRow;
-  cy.login({
-    email: Email,
-    password: Password
-  });
-});
-
 Then("I see only one post with the title {string}", title => {
   cy.get(".main-container")
     .find(".post-link")

cypress/integration/moderation/ReportContent.feature

@@ -62,9 +62,8 @@ Feature: Report and Moderate
     Given somebody reported the following posts:
       | submitterEmail           | resourceId | reasonCategory | reasonDescription |
       | p2.submitter@example.org | p2         | other          | Offensive content |
-    And my user account has the role "moderator"
+    And I am logged in with a "moderator" role
     And there is an annoying user who has muted me
-    And I am logged in
     When I click on the avatar menu in the top right corner
     And I click on "Moderation"
     Then I see all the reported posts including from the user who muted me

cypress/integration/notifications/Mentions.feature

@@ -11,9 +11,7 @@ Feature: Notification for a mention
       | Matt Rider        | matt-rider        | matt@example.org  | 4321     |
 
   Scenario: Mention another user, re-login as this user and see notifications
-    Given I log in with the following credentials:
-      | email             | password |
-      | wolle@example.org | 1234     |
+    Given I log in as "Wolle aus Hamburg"
     And I start to write a new post with the title "Hey Matt" beginning with:
       """
       Big shout to our fellow contributor
@@ -23,9 +21,7 @@ Feature: Notification for a mention
     And I choose "en" as the language for the post
     And I click on "Save"
     When I log out
-    And I log in with the following credentials:
-      | email            | password |
-      | matt@example.org | 4321     |
+    And I log in as "Matt Rider"
     And see 1 unread notifications in the top menu
     And open the notification menu and click on the first item
     Then I get to the post page of ".../hey-matt"

cypress/integration/user_account/ChangePassword.feature

@@ -9,10 +9,9 @@ Feature: Change password
   password or just out of an good habit, you want to change your password.
 
   Background:
-    Given my user account has the following login credentials:
+    Given I am logged in with these credentials:
       | email            | password |
       | user@example.org | exposed  |
-    And I am logged in
 
   Scenario: Change my password
     Given I am on the "settings" page

cypress/integration/user_account/Login.feature

@@ -7,7 +7,7 @@ Feature: Authentication
     Given I have a user account
 
   Scenario: Log in
-    When I visit the "/login" page
+    When I visit the "login" page
     And I fill in my email and password combination and click submit
     Then I can click on my profile picture in the top right corner
     And I can see my name "Peter Lustig" in the dropdown menu

cypress/plugins/index.js

@@ -23,7 +23,7 @@ module.exports = (on, config) => {
   config.env.NEO4J_URI = parsed.NEO4J_URI
   config.env.NEO4J_USERNAME = parsed.NEO4J_USERNAME
   config.env.NEO4J_PASSWORD = parsed.NEO4J_PASSWORD
-
+  config.env.JWT_SECRET = parsed.JWT_SECRET
   on('file:preprocessor', cucumber())
   return config
 }

cypress/support/commands.js

@@ -18,6 +18,7 @@ import helpers from "./helpers";
 import { GraphQLClient, request } from 'graphql-request'
 import { gql } from '../../backend/src/helpers/jest'
 import config from '../../backend/src/config'
+import encode from '../../backend/src/jwt/encode'
 
 const switchLang = name => {
   cy.get(".locale-menu").click();
@@ -47,7 +48,13 @@ Cypress.Commands.add("switchLanguage", (name, force) => {
   }
 });
 
-Cypress.Commands.add("login", ({ email, password }) => {
+Cypress.Commands.add("login", user => {
+  const token = encode(user)
+  cy.setCookie('human-connection-token', token)
+    .visit("/")
+});
+
+Cypress.Commands.add("manualLogin", ({ email, password }) => {
   cy.visit(`/login`);
   cy.get("input[name=email]")
     .trigger("focus")
@@ -58,11 +65,9 @@ Cypress.Commands.add("login", ({ email, password }) => {
   cy.get("button[name=submit]")
     .as("submitButton")
     .click();
-  cy.get(".iziToast-message").should("contain", "You are logged in!");
-  cy.location("pathname").should("eq", "/");
 });
 
-Cypress.Commands.add("logout", (email, password) => {
+Cypress.Commands.add("logout", () => {
   cy.visit(`/logout`);
   cy.location("pathname").should("contain", "/login"); // we're out
 });

package.json

@@ -52,5 +52,8 @@
   },
   "resolutions": {
     "set-value": "^2.0.1"
+  },
+  "dependencies": {
+    "jsonwebtoken": "^8.5.1"
   }
 }

yarn.lock

@@ -1763,6 +1763,11 @@ buffer-crc32@~0.2.3:
   resolved "https://registry.yarnpkg.com/buffer-crc32/-/buffer-crc32-0.2.13.tgz#0d333e3f00eac50aa1454abd30ef8c2a5d9a7242"
   integrity sha1-DTM+PwDqxQqhRUq9MO+MKl2ackI=
 
+buffer-equal-constant-time@1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz#f8e71132f7ffe6e01a5c9697a4c6f3e48d5cc819"
+  integrity sha1-+OcRMvf/5uAaXJaXpMbz5I1cyBk=
+
 buffer-from@^1.0.0:
   version "1.1.1"
   resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.1.1.tgz#32713bc028f75c02fdb710d7c7bcec1f2c6070ef"
@@ -2927,6 +2932,13 @@ ecc-jsbn@~0.1.1:
     jsbn "~0.1.0"
     safer-buffer "^2.1.0"
 
+ecdsa-sig-formatter@1.0.11:
+  version "1.0.11"
+  resolved "https://registry.yarnpkg.com/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz#ae0f0fa2d85045ef14a817daa3ce9acd0489e5bf"
+  integrity sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==
+  dependencies:
+    safe-buffer "^5.0.1"
+
 electron-to-chromium@^1.3.341:
   version "1.3.344"
   resolved "https://registry.yarnpkg.com/electron-to-chromium/-/electron-to-chromium-1.3.344.tgz#f1397a633c35e726730c24be1084cd25c3ee8148"
@@ -4336,6 +4348,22 @@ jsonparse@^1.2.0:
   resolved "https://registry.yarnpkg.com/jsonparse/-/jsonparse-1.3.1.tgz#3f4dae4a91fac315f71062f8521cc239f1366280"
   integrity sha1-P02uSpH6wxX3EGL4UhzCOfE2YoA=
 
+jsonwebtoken@^8.5.1:
+  version "8.5.1"
+  resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-8.5.1.tgz#00e71e0b8df54c2121a1f26137df2280673bcc0d"
+  integrity sha512-XjwVfRS6jTMsqYs0EsuJ4LGxXV14zQybNd4L2r0UvbVnSF9Af8x7p5MzbJ90Ioz/9TI41/hTCvznF/loiSzn8w==
+  dependencies:
+    jws "^3.2.2"
+    lodash.includes "^4.3.0"
+    lodash.isboolean "^3.0.3"
+    lodash.isinteger "^4.0.4"
+    lodash.isnumber "^3.0.3"
+    lodash.isplainobject "^4.0.6"
+    lodash.isstring "^4.0.1"
+    lodash.once "^4.0.0"
+    ms "^2.1.1"
+    semver "^5.6.0"
+
 jsprim@^1.2.2:
   version "1.4.1"
   resolved "https://registry.yarnpkg.com/jsprim/-/jsprim-1.4.1.tgz#313e66bc1e5cc06e438bc1b7499c2e5c56acb6a2"
@@ -4346,6 +4374,23 @@ jsprim@^1.2.2:
     json-schema "0.2.3"
     verror "1.10.0"
 
+jwa@^1.4.1:
+  version "1.4.1"
+  resolved "https://registry.yarnpkg.com/jwa/-/jwa-1.4.1.tgz#743c32985cb9e98655530d53641b66c8645b039a"
+  integrity sha512-qiLX/xhEEFKUAJ6FiBMbes3w9ATzyk5W7Hvzpa/SLYdxNtng+gcurvrI7TbACjIXlsJyr05/S1oUhZrc63evQA==
+  dependencies:
+    buffer-equal-constant-time "1.0.1"
+    ecdsa-sig-formatter "1.0.11"
+    safe-buffer "^5.0.1"
+
+jws@^3.2.2:
+  version "3.2.2"
+  resolved "https://registry.yarnpkg.com/jws/-/jws-3.2.2.tgz#001099f3639468c9414000e99995fa52fb478304"
+  integrity sha512-YHlZCB6lMTllWDtSPHz/ZXTsi8S00usEV6v1tjq8tOUZzw7DpSDWVXjXDre6ed1w/pd495ODpHZYSdkRTsa0HA==
+  dependencies:
+    jwa "^1.4.1"
+    safe-buffer "^5.0.1"
+
 kind-of@^3.0.2, kind-of@^3.0.3, kind-of@^3.2.0:
   version "3.2.2"
   resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-3.2.2.tgz#31ea21a734bab9bbb0f32466d893aea51e4a3c64"
@@ -4508,17 +4553,47 @@ lodash.clonedeep@4.5.0:
   resolved "https://registry.yarnpkg.com/lodash.clonedeep/-/lodash.clonedeep-4.5.0.tgz#e23f3f9c4f8fbdde872529c1071857a086e5ccef"
   integrity sha1-4j8/nE+Pvd6HJSnBBxhXoIblzO8=
 
+lodash.includes@^4.3.0:
+  version "4.3.0"
+  resolved "https://registry.yarnpkg.com/lodash.includes/-/lodash.includes-4.3.0.tgz#60bb98a87cb923c68ca1e51325483314849f553f"
+  integrity sha1-YLuYqHy5I8aMoeUTJUgzFISfVT8=
+
+lodash.isboolean@^3.0.3:
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz#6c2e171db2a257cd96802fd43b01b20d5f5870f6"
+  integrity sha1-bC4XHbKiV82WgC/UOwGyDV9YcPY=
+
+lodash.isinteger@^4.0.4:
+  version "4.0.4"
+  resolved "https://registry.yarnpkg.com/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz#619c0af3d03f8b04c31f5882840b77b11cd68343"
+  integrity sha1-YZwK89A/iwTDH1iChAt3sRzWg0M=
+
 lodash.ismatch@^4.4.0:
   version "4.4.0"
   resolved "https://registry.yarnpkg.com/lodash.ismatch/-/lodash.ismatch-4.4.0.tgz#756cb5150ca3ba6f11085a78849645f188f85f37"
   integrity sha1-dWy1FQyjum8RCFp4hJZF8Yj4Xzc=
 
+lodash.isnumber@^3.0.3:
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz#3ce76810c5928d03352301ac287317f11c0b1ffc"
+  integrity sha1-POdoEMWSjQM1IwGsKHMX8RwLH/w=
+
+lodash.isplainobject@^4.0.6:
+  version "4.0.6"
+  resolved "https://registry.yarnpkg.com/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz#7c526a52d89b45c45cc690b88163be0497f550cb"
+  integrity sha1-fFJqUtibRcRcxpC4gWO+BJf1UMs=
+
+lodash.isstring@^4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/lodash.isstring/-/lodash.isstring-4.0.1.tgz#d527dfb5456eca7cc9bb95d5daeaf88ba54a5451"
+  integrity sha1-1SfftUVuynzJu5XV2ur4i6VKVFE=
+
 lodash.memoize@~3.0.3:
   version "3.0.4"
   resolved "https://registry.yarnpkg.com/lodash.memoize/-/lodash.memoize-3.0.4.tgz#2dcbd2c287cbc0a55cc42328bd0c736150d53e3f"
   integrity sha1-LcvSwofLwKVcxCMovQxzYVDVPj8=
 
-lodash.once@^4.1.1:
+lodash.once@^4.0.0, lodash.once@^4.1.1:
   version "4.1.1"
   resolved "https://registry.yarnpkg.com/lodash.once/-/lodash.once-4.1.1.tgz#0dd3971213c7c56df880977d504c88fb471a97ac"
   integrity sha1-DdOXEhPHxW34gJd9UEyI+0cal6w=