Jennie Robinson Faber
c40f2c7c63
Add aria-labels to form controls (selects, checkboxes, switches), set html lang attribute and page title, fix color contrast for --candle-dim and --text-faint tokens, underline inline links, remove opacity hack. Harden dev login endpoints with atomic findOneAndUpdate and tokenVersion in JWT. Update Playwright timeouts and E2E test helpers.
58 lines
2.3 KiB
JavaScript
58 lines
2.3 KiB
JavaScript
import { test, expect } from '@playwright/test'
|
|
import { loginAsAdmin, loginAsMember } from './helpers/auth.js'
|
|
|
|
test.describe('Authentication flows', () => {
|
|
test('protected page shows sign-in prompt when logged out', async ({ page }) => {
|
|
// Navigate to a protected member page without being logged in
|
|
await page.goto('/member/dashboard')
|
|
|
|
// Page shows the unauth state with sign-in button
|
|
await expect(page.getByRole('heading', { name: 'Sign in required' })).toBeVisible({ timeout: 10000 })
|
|
await expect(page.getByRole('button', { name: 'Sign In' })).toBeVisible()
|
|
|
|
// Clicking Sign In opens the login modal with email input
|
|
await page.getByRole('button', { name: 'Sign In' }).click()
|
|
await expect(page.locator('.modal-title')).toBeVisible({ timeout: 5000 })
|
|
await expect(page.locator('input[type="email"]')).toBeVisible()
|
|
})
|
|
|
|
test('admin login sets auth cookie', async ({ page }) => {
|
|
await loginAsAdmin(page)
|
|
|
|
// Verify cookie was set
|
|
const cookies = await page.context().cookies()
|
|
const authCookie = cookies.find((c) => c.name === 'auth-token')
|
|
expect(authCookie).toBeTruthy()
|
|
|
|
// Navigate to admin page — should show admin layout
|
|
await page.goto('/admin')
|
|
await expect(page.locator('.admin-tag')).toBeVisible({ timeout: 15000 })
|
|
})
|
|
|
|
test('member login sets auth cookie', async ({ page }) => {
|
|
await loginAsMember(page, 'test-admin@ghostguild.dev')
|
|
|
|
const cookies = await page.context().cookies()
|
|
const authCookie = cookies.find((c) => c.name === 'auth-token')
|
|
expect(authCookie).toBeTruthy()
|
|
})
|
|
|
|
test('logout clears auth', async ({ page }) => {
|
|
await loginAsAdmin(page)
|
|
await page.goto('/admin')
|
|
await expect(page.locator('.admin-tag')).toBeVisible({ timeout: 15000 })
|
|
|
|
// Set up response listener BEFORE clicking to avoid race
|
|
const logoutResponse = page.waitForResponse((resp) => resp.url().includes('/api/auth/logout'))
|
|
|
|
// Click the "Sign out" link in the sidebar meta area
|
|
await page.locator('.sidebar-meta a').filter({ hasText: 'Sign out' }).click()
|
|
|
|
// Wait for the logout API call to complete
|
|
await logoutResponse
|
|
|
|
// Navigating to a protected page should show the sign-in prompt
|
|
await page.goto('/member/dashboard')
|
|
await expect(page.getByRole('heading', { name: 'Sign in required' })).toBeVisible({ timeout: 10000 })
|
|
})
|
|
})
|