Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
fceceeee4bd9f018438acc41d2739ee685ea7376
CapaKraken/apps/web/e2e/dev-system/helpers.ts
T
Hartmut fceceeee4b feat: SMTP full ENV override, password reset flow, and E2E email testing 
- SMTP: SMTP_HOST/PORT/USER/FROM/TLS now all have ENV override support
  (previously only SMTP_PASSWORD was env-aware). ENV takes priority over DB.
- docker-compose.yml: forward all SMTP_* env vars to app container + add
  Mailhog service (ports 1025 SMTP / 8025 HTTP, always available in dev)
- Password reset: PasswordResetToken Prisma model + authRouter with
  requestPasswordReset (timing-safe, no email enumeration) + resetPassword
- UI: /auth/forgot-password, /auth/reset-password/[token] pages +
  "Forgot password?" link on sign-in page
- E2E: Mailhog helpers (getLatestEmailTo, clearMailhog, extractUrlFromEmail)
  + invite-flow.spec.ts + password-reset.spec.ts

Co-Authored-By: claude-flow <ruv@ruv.net>
2026-04-02 08:55:39 +02:00

139 lines
5.2 KiB
TypeScript
Raw Blame History

import { expect, type Page } from "@playwright/test";
/** Dev-system credentials — these exist in the planarchy.dev seed data */
export const DEV_USERS = {
admin: { email: "admin@planarchy.dev", password: "admin123" },
manager: { email: "manager@planarchy.dev", password: "manager123" },
viewer: { email: "viewer@planarchy.dev", password: "viewer123" },
} as const;
export async function signIn(page: Page, email: string, password: string) {
await page.goto("/auth/signin");
await page.fill('input[type="email"]', email);
await page.fill('input[type="password"]', password);
await page.click('button[type="submit"]');
await expect(page).toHaveURL(/\/(dashboard|resources)/, { timeout: 15000 });
}
export async function signOut(page: Page) {
// next-auth/react signOut() POSTs to /auth/signout with a CSRF token.
// There is no GET-accessible signout page in this app (/auth/signout returns 404).
// Replicate what the client-side signOut() function does:
// 1. Fetch the CSRF token from /auth/csrf
// 2. POST to /auth/signout with that token
// 3. Follow the redirect to /auth/signin
await page.goto("/dashboard"); // land on any authenticated page for cookie context
await page.evaluate(async () => {
const csrfRes = await fetch("/api/auth/csrf");
const { csrfToken } = await csrfRes.json() as { csrfToken: string };
await fetch("/api/auth/signout", {
method: "POST",
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: new URLSearchParams({ csrfToken, callbackUrl: "/auth/signin", json: "true" }),
redirect: "follow",
});
});
// After the POST clears the session cookie, navigating to a protected route
// should redirect to sign-in.
await page.goto("/dashboard");
await page.waitForURL(/\/auth\/signin/, { timeout: 10000 });
}
// ── Mailhog helpers ────────────────────────────────────────────────────────────
const MAILHOG_API = process.env["MAILHOG_API"] ?? "http://localhost:8025";
type MailhogMessage = {
Content: {
Headers: { Subject?: string[]; To?: string[] };
Body: string;
};
MIME: { Parts?: Array<{ Headers: { "Content-Type"?: string[] }; Body: string }> } | null;
};
type MailhogResponse = {
count: number;
items: MailhogMessage[];
};
/** Delete all messages in Mailhog (call in beforeEach to prevent cross-test contamination). */
export async function clearMailhog(): Promise<void> {
await fetch(`${MAILHOG_API}/api/v1/messages`, { method: "DELETE" });
}
/**
* Poll Mailhog until a message to `address` appears. Returns the message.
* Throws after `timeoutMs` if no matching message is found.
*/
export async function getLatestEmailTo(
address: string,
{ timeoutMs = 10_000, pollIntervalMs = 500 }: { timeoutMs?: number; pollIntervalMs?: number } = {},
): Promise<{ subject: string; body: string; html: string }> {
const deadline = Date.now() + timeoutMs;
while (Date.now() < deadline) {
const res = await fetch(`${MAILHOG_API}/api/v2/messages?limit=50`);
if (res.ok) {
const data = (await res.json()) as MailhogResponse;
const match = data.items.find((msg) => {
const to = msg.Content.Headers.To ?? [];
return to.some((t) => t.toLowerCase().includes(address.toLowerCase()));
});
if (match) {
const subject = (match.Content.Headers.Subject ?? [])[0] ?? "";
const htmlPart = match.MIME?.Parts?.find((p) =>
(p.Headers["Content-Type"]?.[0] ?? "").includes("text/html"),
);
const html = htmlPart?.Body ?? match.Content.Body;
return { subject, body: match.Content.Body, html };
}
}
await new Promise((resolve) => setTimeout(resolve, pollIntervalMs));
}
throw new Error(`No email to "${address}" found within ${timeoutMs}ms`);
}
/**
* Extract a URL from email body/html matching a path prefix.
* e.g. extractUrlFromEmail(email, "/invite/") → "http://localhost:3100/invite/abc123"
*/
export function extractUrlFromEmail(
email: { body: string; html: string },
pathPrefix: string,
): string {
const text = email.html || email.body;
const match = text.match(new RegExp(`https?://[^\\s"'<>]*${pathPrefix.replace("/", "\\/")}[^\\s"'<>]*`));
if (!match?.[0]) {
throw new Error(`No URL with prefix "${pathPrefix}" found in email`);
}
return match[0];
}
// ── tRPC helpers ───────────────────────────────────────────────────────────────
/**
* Intercept all tRPC batch responses and assert none return HTTP 401.
* Returns a list of intercepted tRPC paths that were called.
*/
export async function assertNoTrpc401s(page: Page, action: () => Promise<void>) {
const failures: string[] = [];
page.on("response", (response) => {
if (response.url().includes("/api/trpc/") && response.status() === 401) {
const url = new URL(response.url());
failures.push(url.pathname + url.search.slice(0, 80));
}
});
await action();
if (failures.length > 0) {
throw new Error(
`tRPC 401 responses detected (session registry / auth broken):\n${failures.join("\n")}`,
);
}
}
Reference in New Issue View Git Blame Copy Permalink