web: Form validation regressions, consistency fixes

[GirlBossRush]

Details

This PR resolves a collection of form validation issues, as well as a partial fix for our WebDriverIO tests to run while Playwright is in review.

Fixed Issues

• ErrorProps containing strings are now parsed correctly instead of defaulting to a generic network error
• Single-step modal forms perform client-side validation before submitting their data
• Wizards now perform client-side validation before progressing to the next step
• Form Groups no longer fight for focus when multiple invalid inputs exist.
• Form Groups no longer scroll into view when a previously invalid field becomes valid
• Invalid inputs within Form Groups now wait for their parent to expand before attempting to focus the element while still hidden
• Both server and client-side errors now trigger Form Group expansion.
• Inputs with server-side errors are now marked with ARIA attributes to match their status
• The inner form element getter within AKForm now uses renderRoot over shadowRoot, fixing selector issues when in compatibility mode.

See also

• web/a11y: Associating labels with inputs #16119 (Split off from this PR)
• web/a11y: Flow Search #15876
• web/a11y: Wizards & Forms #15701

[netlify]

✅ Deploy Preview for authentik-docs canceled.

Name	Link
🔨 Latest commit	31db063
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-docs/deploys/689b48fee219de0008da8efb

[netlify]

✅ Deploy Preview for authentik-integrations canceled.

Name	Link
🔨 Latest commit	31db063
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-integrations/deploys/689b48fe03c66300085e39c7

[netlify]

✅ Deploy Preview for authentik-storybook ready!

Name	Link
🔨 Latest commit	31db063
🔍 Latest deploy log	https://app.netlify.com/projects/authentik-storybook/deploys/689b48fe94755f0008a7b558
😎 Deploy Preview	https://deploy-preview-15894--authentik-storybook.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.76%. Comparing base (e154fee) to head (31db063).
⚠️ Report is 8 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #15894      +/-   ##
==========================================
- Coverage   92.83%   92.76%   -0.07%     
==========================================
  Files         836      836              
  Lines       45160    45166       +6     
==========================================
- Hits        41924    41900      -24     
- Misses       3236     3266      +30     

Flag	Coverage Δ
e2e	46.60% <ø> (-0.09%)	⬇️
integration	23.59% <ø> (+0.01%)	⬆️
unit	90.91% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-31db063e479c1c0ed00fef1f8d9dd22dc8808117
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
    image:
        repository: ghcr.io/goauthentik/dev-server
        tag: gh-31db063e479c1c0ed00fef1f8d9dd22dc8808117

Afterwards, run the upgrade commands from the latest release notes.

[GirlBossRush]

WebDriver is still plagued with download issues, but this inclusion will let the legacy e2e test suite run when Chromium is manually installed.

[GirlBossRush]

TOOD: Circle back on this after #16010 gives us a reusable pattern with form internals

[GirlBossRush]

Unlikely but this has been technically possible with all uses of @query

[GirlBossRush]

Switch to getter to allow for overriding in application provider steps

[GirlBossRush]

TODO: This was subtle fix. Circle back on something like an <ak-url-input> to handle this sort of check.

[GirlBossRush]

AFAICT this is only true of the bindings step which has no form. Leaving it in for now to reduce the number of changes.

[GirlBossRush]

ApplicationWizardStep should also be abstract, but our typing on CustomEmitterElement makes this difficult to achieve without a lot of detangling.

[GirlBossRush]

AFAICT not showing field errors in the provider step seems to be a long standing bug we managed to surface when error parsing was introduced.

I suspect that ak-application-wizard-submit-step also has an expectation of field error name spacing that doesn't apply anymore.

[GirlBossRush]

Largely moved out of horizontal form for better consistency in inputs across all interfaces.

[GirlBossRush]

See #16119 for how this works with label input association.