TopherMayor/comparaison
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e0cbba6dc589ca718fa0d730f1df8f934e53905b
comparaison/e2e/auth.spec.ts
Hermes Agent 26c7ad4d7b Add Playwright E2E test suite (25 tests across 4 specs) 
- playwright.config.ts: headless CI setup with JSON/HTML reporters
- e2e/global-setup.ts: app reachability check before tests
- e2e/auth.spec.ts: 6 auth tests (sign-in, session, protected routes)
- e2e/compare.spec.ts: 8 API tests (validation, SSE flow, DB persistence)
- e2e/comparisons.spec.ts: 6 CRUD tests (list, detail, 404, view counts)
- e2e/user.spec.ts: 5 user tests (stats, pagination, session binding)
- e2e/helpers.ts: shared SSE parsing, auth, URL resolution utilities
- e2e/README.md: setup and run instructions
- AGENTS.md: updated with LLM provider notes and testing docs
- .gitignore: added playwright report/result directories
- package.json: added @playwright/test and test:e2e scripts
2026-04-27 20:48:05 -07:00

73 lines
3.0 KiB
TypeScript
Raw Blame History

import { test, expect, type Page } from "@playwright/test";
import { resolveUrl, getSessionCookie, testUser } from "./helpers";
/**
* E2E tests for authentication flows.
* Covers: sign-in, sign-out, protected routes, and session persistence.
*/
test.describe("Auth", () => {
// ─── Helpers ───────────────────────────────────────────────────────────────
async function signInViaUI(page: Page, email = testUser.email, password = testUser.password) {
await page.goto(resolveUrl("/"));
await page.getByRole("link", { name: /sign in/i }).click();
await page.getByPlaceholder("you@example.com").fill(email);
await page.getByPlaceholder("your password").fill(password);
await page.getByRole("button", { name: /sign in/i }).click();
await page.waitForURL("**/");
}
// ─── Tests ────────────────────────────────────────────────────────────────
test("1. Homepage loads without auth", async ({ page }) => {
const res = await page.request.get(resolveUrl("/"));
expect(res.status()).toBeGreaterThanOrEqual(200);
expect(res.status()).toBeLessThan(400);
});
test("2. Sign in via API returns session cookie", async ({ page }) => {
const res = await page.request.post(resolveUrl("/api/auth/sign-in/email"), {
data: { email: testUser.email, password: testUser.password },
headers: { "Content-Type": "application/json" },
});
expect(res.status()).toBe(200);
const setCookie = res.headers()["set-cookie"] ?? "";
expect(setCookie).toContain("session_token=");
});
test("3. Sign in with wrong credentials returns 401", async ({ page }) => {
const res = await page.request.post(resolveUrl("/api/auth/sign-in/email"), {
data: { email: "bad@example.com", password: "wrongpass" },
headers: { "Content-Type": "application/json" },
});
expect(res.status()).toBe(401);
});
test("4. Protected API route requires auth", async ({ page }) => {
const res = await page.request.post(resolveUrl("/api/compare"), {
data: { items: ["A", "B"] },
headers: { "Content-Type": "application/json" },
});
expect(res.status()).toBe(401);
const body = await res.json();
expect(body.error).toMatch(/auth/i);
});
test("5. Authenticated session persists across requests", async ({ page }) => {
const cookie = await getSessionCookie(page);
// Should be able to hit protected endpoints with the cookie
const res = await page.request.get(resolveUrl("/api/user/stats"), {
headers: { Cookie: cookie },
});
expect(res.status()).toBe(200);
});
test("6. UI sign-in flow works", async ({ page }) => {
await signInViaUI(page);
// After sign-in, user should see their name or a dashboard link
const bodyText = await page.content();
expect(bodyText.toLowerCase()).not.toContain("sign in");
});
});
Reference in New Issue View Git Blame Copy Permalink