Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
17f2de5f4894c9ba57271a4527bc2ee20bc2231e
CapaKraken/apps/web/e2e/dev-system/password-reset.spec.ts
T
Hartmut 7c0110df91 fix(e2e): make email E2E tests green end-to-end 
- global-setup.ts: create reset-test@planarchy.dev directly via DB
  (argon2id hash computed in Node.js, inserted via docker exec psql stdin
   with correct camelCase quoted column names + createdAt/updatedAt;
   ON_ERROR_STOP=1 so failures propagate rather than being swallowed)
- helpers.ts: resetPasswordViaApi now updates passwordHash directly in DB
  (bypasses tRPC batch mutation format issues entirely);
  getLatestEmailTo decodes MIME parts per Content-Transfer-Encoding
  (quoted-printable soft line breaks were truncating 64-char tokens to ~14 chars)
- invite-flow.spec.ts: use fresh unauthenticated browser context for
  the invite accept page (admin context was inheriting cookies)
- docker-compose.yml: hardcode SMTP_HOST=mailhog for Docker app service
  (host .env value localhost doesn't reach Mailhog inside Docker network)

All 3 email E2E tests pass: invite flow, password reset flow, invalid token.

Co-Authored-By: claude-flow <ruv@ruv.net>
2026-04-02 13:53:47 +02:00

87 lines
3.4 KiB
TypeScript
Raw Blame History

/**
* E2E — Password reset flow
*
* Requires:
* - Dev server running on http://localhost:3100
* - Mailhog running on http://localhost:8025
* - SMTP_HOST=localhost, SMTP_PORT=1025, SMTP_TLS=false configured
*
* Uses a dedicated test user "reset-test@planarchy.dev" created by global-setup.ts.
* This avoids touching admin/manager/viewer passwords that other E2E suites depend on.
*
* Cleanup: afterEach resets the password back to Dev123456! via the reset-password
* API + a direct DB token read (no email roundtrip needed for teardown).
*/
import { expect, test } from "@playwright/test";
import { clearMailhog, extractUrlFromEmail, getLatestEmailTo, resetPasswordViaApi, signIn } from "./helpers.js";
const BASE_URL = "http://localhost:3100";
const RESET_USER = { email: "reset-test@planarchy.dev", originalPassword: "Dev123456!" };
const NEW_PASSWORD = "ResetPass456!";
test.describe("password reset flow", () => {
// No storageState — these tests exercise the unauthenticated flow
test.beforeEach(async () => {
await clearMailhog();
});
test.afterEach(async () => {
// Always restore the original password so subsequent runs start clean.
// Uses direct DB token read — no email roundtrip needed in teardown.
try {
await resetPasswordViaApi(BASE_URL, RESET_USER.email, RESET_USER.originalPassword);
} catch (err) {
console.warn("[afterEach] Password cleanup failed (may already be correct):", err);
}
});
test("user can reset password via email link", async ({ page }) => {
// Step 1: Request reset
await page.goto("/auth/forgot-password");
await page.fill('input[type="email"]', RESET_USER.email);
await page.click('button[type="submit"]');
// Step 2: Confirm success state (timing-safe — shown for any email)
await expect(page.locator("text=Check your email")).toBeVisible({ timeout: 10_000 });
// Step 3: Read reset email from Mailhog
const email = await getLatestEmailTo(RESET_USER.email, { timeoutMs: 15_000 });
expect(email.subject).toMatch(/reset/i);
const resetPath = new URL(extractUrlFromEmail(email, "/auth/reset-password/")).pathname;
// Step 4: Visit reset link
await page.goto(resetPath);
await expect(page.locator("text=Set a new password")).toBeVisible({ timeout: 10_000 });
// Step 5: Set new password
const passwordInputs = page.locator('input[type="password"]');
await passwordInputs.nth(0).fill(NEW_PASSWORD);
await passwordInputs.nth(1).fill(NEW_PASSWORD);
await page.click('button[type="submit"]');
await expect(page.locator("text=Password updated")).toBeVisible({ timeout: 15_000 });
// Step 6: Sign in with new password
await page.click('button:has-text("Go to sign in")');
await page.waitForURL(/\/auth\/signin/);
await signIn(page, RESET_USER.email, NEW_PASSWORD);
await page.waitForURL(/\/(dashboard|resources)/, { timeout: 15_000 });
});
test("invalid reset token shows an error message", async ({ page }) => {
await page.goto("/auth/reset-password/this-token-does-not-exist");
await page.waitForSelector('input[type="password"]');
const inputs = page.locator('input[type="password"]');
await inputs.nth(0).fill("SomePass1!");
await inputs.nth(1).fill("SomePass1!");
await page.click('button[type="submit"]');
// Error div with red styling should appear
await expect(page.locator('[class*="red"]').first()).toBeVisible({ timeout: 10_000 });
});
});
Reference in New Issue View Git Blame Copy Permalink