fix(e2e): make email E2E tests green end-to-end
- global-setup.ts: create reset-test@planarchy.dev directly via DB (argon2id hash computed in Node.js, inserted via docker exec psql stdin with correct camelCase quoted column names + createdAt/updatedAt; ON_ERROR_STOP=1 so failures propagate rather than being swallowed) - helpers.ts: resetPasswordViaApi now updates passwordHash directly in DB (bypasses tRPC batch mutation format issues entirely); getLatestEmailTo decodes MIME parts per Content-Transfer-Encoding (quoted-printable soft line breaks were truncating 64-char tokens to ~14 chars) - invite-flow.spec.ts: use fresh unauthenticated browser context for the invite accept page (admin context was inheriting cookies) - docker-compose.yml: hardcode SMTP_HOST=mailhog for Docker app service (host .env value localhost doesn't reach Mailhog inside Docker network) All 3 email E2E tests pass: invite flow, password reset flow, invalid token. Co-Authored-By: claude-flow <ruv@ruv.net>
This commit is contained in:
@@ -4,45 +4,52 @@
|
||||
* Requires:
|
||||
* - Dev server running on http://localhost:3100
|
||||
* - Mailhog running on http://localhost:8025
|
||||
* - SMTP_HOST=mailhog (or localhost), SMTP_PORT=1025, SMTP_TLS=false configured
|
||||
* - SMTP_HOST=localhost, SMTP_PORT=1025, SMTP_TLS=false configured
|
||||
*
|
||||
* Uses a dedicated test user "reset-test@planarchy.dev" (Dev123456!) that
|
||||
* exists in the dev seed. This avoids modifying shared admin/manager/viewer
|
||||
* credentials that other E2E tests depend on.
|
||||
* Uses a dedicated test user "reset-test@planarchy.dev" created by global-setup.ts.
|
||||
* This avoids touching admin/manager/viewer passwords that other E2E suites depend on.
|
||||
*
|
||||
* Flow:
|
||||
* 1. Request password reset for reset-test@planarchy.dev
|
||||
* 2. Read reset email from Mailhog
|
||||
* 3. Visit reset link → enter new password
|
||||
* 4. Sign in with new password → land on dashboard
|
||||
* 5. (Cleanup) Reset the password back to Dev123456!
|
||||
* Cleanup: afterEach resets the password back to Dev123456! via the reset-password
|
||||
* API + a direct DB token read (no email roundtrip needed for teardown).
|
||||
*/
|
||||
import { expect, test } from "@playwright/test";
|
||||
import { clearMailhog, extractUrlFromEmail, getLatestEmailTo, signIn } from "./helpers.js";
|
||||
import { clearMailhog, extractUrlFromEmail, getLatestEmailTo, resetPasswordViaApi, signIn } from "./helpers.js";
|
||||
|
||||
const BASE_URL = "http://localhost:3100";
|
||||
const RESET_USER = { email: "reset-test@planarchy.dev", originalPassword: "Dev123456!" };
|
||||
const NEW_PASSWORD = "ResetPass456!";
|
||||
|
||||
test.describe("password reset flow", () => {
|
||||
// No storageState — these tests exercise the unauthenticated flow
|
||||
|
||||
test("user can reset password via email link", async ({ page }) => {
|
||||
test.beforeEach(async () => {
|
||||
await clearMailhog();
|
||||
});
|
||||
|
||||
// Step 1: Navigate to forgot-password page
|
||||
test.afterEach(async () => {
|
||||
// Always restore the original password so subsequent runs start clean.
|
||||
// Uses direct DB token read — no email roundtrip needed in teardown.
|
||||
try {
|
||||
await resetPasswordViaApi(BASE_URL, RESET_USER.email, RESET_USER.originalPassword);
|
||||
} catch (err) {
|
||||
console.warn("[afterEach] Password cleanup failed (may already be correct):", err);
|
||||
}
|
||||
});
|
||||
|
||||
test("user can reset password via email link", async ({ page }) => {
|
||||
// Step 1: Request reset
|
||||
await page.goto("/auth/forgot-password");
|
||||
await page.fill('input[type="email"]', RESET_USER.email);
|
||||
await page.click('button[type="submit"]');
|
||||
|
||||
// Step 2: Confirm the "check your email" state is shown
|
||||
// Step 2: Confirm success state (timing-safe — shown for any email)
|
||||
await expect(page.locator("text=Check your email")).toBeVisible({ timeout: 10_000 });
|
||||
|
||||
// Step 3: Read reset email from Mailhog
|
||||
const email = await getLatestEmailTo(RESET_USER.email, { timeoutMs: 15_000 });
|
||||
expect(email.subject).toMatch(/reset/i);
|
||||
|
||||
const resetUrl = extractUrlFromEmail(email, "/auth/reset-password/");
|
||||
const resetPath = new URL(resetUrl).pathname;
|
||||
const resetPath = new URL(extractUrlFromEmail(email, "/auth/reset-password/")).pathname;
|
||||
|
||||
// Step 4: Visit reset link
|
||||
await page.goto(resetPath);
|
||||
@@ -54,7 +61,6 @@ test.describe("password reset flow", () => {
|
||||
await passwordInputs.nth(1).fill(NEW_PASSWORD);
|
||||
await page.click('button[type="submit"]');
|
||||
|
||||
// Password updated state
|
||||
await expect(page.locator("text=Password updated")).toBeVisible({ timeout: 15_000 });
|
||||
|
||||
// Step 6: Sign in with new password
|
||||
@@ -63,37 +69,18 @@ test.describe("password reset flow", () => {
|
||||
|
||||
await signIn(page, RESET_USER.email, NEW_PASSWORD);
|
||||
await page.waitForURL(/\/(dashboard|resources)/, { timeout: 15_000 });
|
||||
|
||||
// Step 7: Cleanup — reset password back to original so next test run works
|
||||
await clearMailhog();
|
||||
await page.goto("/auth/forgot-password");
|
||||
await page.fill('input[type="email"]', RESET_USER.email);
|
||||
await page.click('button[type="submit"]');
|
||||
await expect(page.locator("text=Check your email")).toBeVisible({ timeout: 10_000 });
|
||||
|
||||
const cleanupEmail = await getLatestEmailTo(RESET_USER.email, { timeoutMs: 15_000 });
|
||||
const cleanupPath = new URL(extractUrlFromEmail(cleanupEmail, "/auth/reset-password/")).pathname;
|
||||
|
||||
await page.goto(cleanupPath);
|
||||
await page.waitForSelector('input[type="password"]');
|
||||
const cleanupInputs = page.locator('input[type="password"]');
|
||||
await cleanupInputs.nth(0).fill(RESET_USER.originalPassword);
|
||||
await cleanupInputs.nth(1).fill(RESET_USER.originalPassword);
|
||||
await page.click('button[type="submit"]');
|
||||
await expect(page.locator("text=Password updated")).toBeVisible({ timeout: 15_000 });
|
||||
});
|
||||
|
||||
test("invalid reset token shows an error message", async ({ page }) => {
|
||||
await page.goto("/auth/reset-password/this-token-does-not-exist");
|
||||
|
||||
// Submit the form with a bad token
|
||||
await page.waitForSelector('input[type="password"]');
|
||||
const inputs = page.locator('input[type="password"]');
|
||||
await inputs.nth(0).fill("SomePass1!");
|
||||
await inputs.nth(1).fill("SomePass1!");
|
||||
await page.click('button[type="submit"]');
|
||||
|
||||
// Should display an error message (NOT_FOUND or BAD_REQUEST from server)
|
||||
// Error div with red styling should appear
|
||||
await expect(page.locator('[class*="red"]').first()).toBeVisible({ timeout: 10_000 });
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user