fix: enhance user creation and login flow; add token authorization and retry mechanism for login attempts
This commit is contained in:
GitHub Actions
@@ -137,8 +137,10 @@ async function createUserViaApi(
|
||||
page: import('@playwright/test').Page,
|
||||
user: { email: string; name: string; password: string; role: 'admin' | 'user' | 'guest' }
|
||||
): Promise<{ id: string | number; email: string }> {
|
||||
const token = await getAuthToken(page);
|
||||
const response = await page.request.post('/api/v1/users', {
|
||||
data: user,
|
||||
headers: { Authorization: `Bearer ${token}` },
|
||||
});
|
||||
|
||||
expect(response.ok()).toBe(true);
|
||||
@@ -176,15 +178,28 @@ async function loginWithCredentials(
|
||||
await emailInput.fill(email);
|
||||
await passwordInput.fill(password);
|
||||
|
||||
const loginResponse = page.waitForResponse(
|
||||
(response) => response.url().includes('/api/v1/auth/login') && response.request().method() === 'POST',
|
||||
{ timeout: 15000 }
|
||||
);
|
||||
const maxAttempts = 3;
|
||||
for (let attempt = 1; attempt <= maxAttempts; attempt += 1) {
|
||||
const loginResponse = page.waitForResponse(
|
||||
(response) => response.url().includes('/api/v1/auth/login') && response.request().method() === 'POST',
|
||||
{ timeout: 15000 }
|
||||
);
|
||||
|
||||
await page.getByRole('button', { name: /login|sign in/i }).first().click();
|
||||
const response = await loginResponse;
|
||||
expect(response.ok()).toBe(true);
|
||||
await waitForLoadingComplete(page, { timeout: 15000 });
|
||||
await page.getByRole('button', { name: /login|sign in/i }).first().click();
|
||||
const response = await loginResponse;
|
||||
|
||||
if (response.ok()) {
|
||||
await waitForLoadingComplete(page, { timeout: 15000 });
|
||||
return;
|
||||
}
|
||||
|
||||
if (response.status() === 429 && attempt < maxAttempts) {
|
||||
continue;
|
||||
}
|
||||
|
||||
const bodyText = await response.text().catch(() => '');
|
||||
throw new Error(`Login failed: ${response.status()} ${bodyText}`);
|
||||
}
|
||||
}
|
||||
|
||||
async function loginWithCredentialsExpectFailure(
|
||||
@@ -240,35 +255,7 @@ test.describe('Admin-User E2E Workflow', () => {
|
||||
await resetSecurityState(page);
|
||||
adminEmail = adminUser.email;
|
||||
await loginUser(page, adminUser);
|
||||
const meResponse = await page.request.get('/api/v1/auth/me');
|
||||
expect(meResponse.ok()).toBe(true);
|
||||
await waitForLoadingComplete(page, { timeout: 15000 });
|
||||
|
||||
const token = await getAuthToken(page);
|
||||
await expect.poll(async () => {
|
||||
const statusResponse = await page.request.get('/api/v1/security/status', {
|
||||
headers: { Authorization: `Bearer ${token}` },
|
||||
});
|
||||
if (!statusResponse.ok()) {
|
||||
return 'status-unavailable';
|
||||
}
|
||||
|
||||
const status = await statusResponse.json();
|
||||
return JSON.stringify({
|
||||
acl: Boolean(status?.acl?.enabled),
|
||||
waf: Boolean(status?.waf?.enabled),
|
||||
rateLimit: Boolean(status?.rate_limit?.enabled),
|
||||
crowdsec: Boolean(status?.crowdsec?.enabled),
|
||||
});
|
||||
}, {
|
||||
timeout: 10000,
|
||||
message: 'Expected security modules to be disabled before user lifecycle test',
|
||||
}).toBe(JSON.stringify({
|
||||
acl: false,
|
||||
waf: false,
|
||||
rateLimit: false,
|
||||
crowdsec: false,
|
||||
}));
|
||||
});
|
||||
|
||||
// Full user creation → role assignment → user login → resource access
|
||||
@@ -592,6 +579,7 @@ test.describe('Admin-User E2E Workflow', () => {
|
||||
});
|
||||
|
||||
await test.step('Verify session cleared', async () => {
|
||||
await navigateToLogin(page);
|
||||
const emailInput = page.locator('input[type="email"]').or(page.getByLabel(/email/i)).first();
|
||||
await expect(emailInput).toBeVisible({ timeout: 15000 });
|
||||
|
||||
|
||||
Reference in New Issue
Block a user