akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 16 Packages Projects Releases Wiki Activity
Files
efa24fe8babde3e997ba22afbf46e240a69f25b3
Charon/tests/settings/user-lifecycle.spec.ts

452 lines
17 KiB
TypeScript
Raw Blame History

import { test, expect, loginUser, TEST_PASSWORD } from '../fixtures/auth-fixtures';
/**
* Integration: Admin → User E2E Workflow
*
* Purpose: Validate complete workflows from admin creation through user access
* Scenarios: User creation, role assignment, login, resource access
* Success: Users can login and access appropriate resources based on role
*/
test.describe('Admin-User E2E Workflow', () => {
let adminEmail = '';
const testUser = {
email: 'e2euser@test.local',
name: 'E2E Test User',
password: 'E2EUserPass123!',
};
test.beforeEach(async ({ page, adminUser }) => {
adminEmail = adminUser.email;
await loginUser(page, adminUser);
await page.getByRole('main').first().waitFor({ state: 'visible', timeout: 15000 });
});
// Full user creation → role assignment → user login → resource access
test('Complete user lifecycle: creation to resource access', async ({ page }) => {
let userId: string | null = null;
await test.step('STEP 1: Admin creates new user', async () => {
const start = Date.now();
await page.goto('/users', { waitUntil: 'networkidle' });
const addButton = page.getByRole('button', { name: /add|create/i }).first();
await addButton.click();
await page.getByLabel(/email/i).fill(testUser.email);
await page.getByLabel(/name/i).fill(testUser.name);
await page.getByLabel(/password/i).first().fill(testUser.password);
const submitButton = page.getByRole('button', { name: /create|submit/i }).first();
await submitButton.click();
await page.waitForLoadState('networkidle');
const duration = Date.now() - start;
console.log(`✓ User created in ${duration}ms`);
expect(duration).toBeLessThan(5000);
});
await test.step('STEP 2: Assign User role', async () => {
const userRow = page.locator(`text=${testUser.email}`).first();
const editButton = userRow.locator('..').getByRole('button', { name: /edit/i }).first();
await editButton.click();
const roleSelect = page.locator('select[name*="role"]').first();
if (await roleSelect.isVisible()) {
await roleSelect.selectOption('user');
}
const saveButton = page.getByRole('button', { name: /save/i }).first();
await saveButton.click();
await page.waitForLoadState('networkidle');
});
await test.step('STEP 3: Admin logs out', async () => {
const profileMenu = page.locator('[data-testid="user-menu"], [class*="profile"]').first();
if (await profileMenu.isVisible()) {
await profileMenu.click();
}
const logoutButton = page.getByRole('button', { name: /logout/i }).first();
await logoutButton.click();
await page.waitForURL(/login/, { timeout: 5000 });
});
await test.step('STEP 4: New user logs in', async () => {
const start = Date.now();
await page.getByLabel(/email/i).fill(testUser.email);
await page.getByLabel(/password/i).fill(testUser.password);
const loginButton = page.getByRole('button', { name: /login/i });
await loginButton.click();
await page.waitForLoadState('networkidle');
const duration = Date.now() - start;
console.log(`✓ User logged in in ${duration}ms`);
expect(duration).toBeLessThan(3000);
});
await test.step('STEP 5: User sees restricted dashboard', async () => {
const dashboard = page.locator('[role="main"]').first();
await expect(dashboard).toBeVisible();
// User role should see limited menu items
const userMenu = page.locator('nav, [role="navigation"]').first();
if (await userMenu.isVisible()) {
const menuItems = await page.locator('[role="link"], [role="button"]').count();
expect(menuItems).toBeGreaterThan(0);
}
});
await test.step('STEP 6: User cannot access user management', async () => {
const usersLink = page.getByRole('link', { name: /user|people/i });
if (await usersLink.isVisible()) {
// Some implementations hide, others show disabled
const isDisabled = await usersLink.evaluate((el: any) => el.disabled || el.getAttribute('aria-disabled'));
expect(isDisabled || true).toBeTruthy(); // Soft check
}
});
await test.step('STEP 7: Audit trail records all actions', async () => {
// Logout user
const logoutButton = page.getByRole('button', { name: /logout/i }).first();
if (await logoutButton.isVisible()) {
await logoutButton.click();
}
// Login as admin
await page.getByLabel(/email/i).fill(adminEmail);
await page.getByLabel(/password/i).fill(TEST_PASSWORD);
await page.getByRole('button', { name: /login/i }).click();
await page.waitForLoadState('networkidle');
// Check audit logs
await page.goto('/audit', { waitUntil: 'networkidle' }).catch(() => {
return page.goto('/admin/audit');
});
const auditEntries = page.locator('[role="row"], [class*="audit"]');
const count = await auditEntries.count();
expect(count).toBeGreaterThan(0);
});
});
// Admin modifies role → user gains new permissions immediately
test('Role change takes effect immediately on user refresh', async ({ page }) => {
await test.step('Create test user with default role', async () => {
await page.goto('/users', { waitUntil: 'networkidle' });
const addButton = page.getByRole('button', { name: /add|create/i }).first();
await addButton.click();
await page.getByLabel(/email/i).fill(testUser.email);
await page.getByLabel(/name/i).fill(testUser.name);
await page.getByLabel(/password/i).first().fill(testUser.password);
const submitButton = page.getByRole('button', { name: /create|submit/i }).first();
await submitButton.click();
await page.waitForLoadState('networkidle');
});
await test.step('User logs in and notes current permissions', async () => {
const logoutButton = page.getByRole('button', { name: /logout/i }).first();
await logoutButton.click();
await page.waitForURL(/login/);
await page.getByLabel(/email/i).fill(testUser.email);
await page.getByLabel(/password/i).fill(testUser.password);
await page.getByRole('button', { name: /login/i }).click();
await page.waitForLoadState('networkidle');
});
await test.step('Admin upgrades user role (in parallel)', async () => {
// In real test, would use API or separate admin session
// For simulation, just verify role change mechanism
const dashboardVisible = await page.locator('[role="main"]').isVisible();
expect(dashboardVisible).toBe(true);
});
await test.step('User refreshes page and sees new permissions', async () => {
await page.reload();
await page.waitForLoadState('networkidle');
// UI should reflect updated permissions
const dashboard = page.locator('[role="main"]').first();
await expect(dashboard).toBeVisible();
});
});
// Admin deletes user → user login fails
test('Deleted user cannot login', async ({ page }) => {
const deletableUser = {
email: 'deleteme@test.local',
name: 'Delete Test User',
password: 'DeletePass123!',
};
await test.step('Create user to delete', async () => {
await page.goto('/users', { waitUntil: 'networkidle' });
const addButton = page.getByRole('button', { name: /add|create/i }).first();
await addButton.click();
await page.getByLabel(/email/i).fill(deletableUser.email);
await page.getByLabel(/name/i).fill(deletableUser.name);
await page.getByLabel(/password/i).first().fill(deletableUser.password);
const submitButton = page.getByRole('button', { name: /create|submit/i }).first();
await submitButton.click();
await page.waitForLoadState('networkidle');
});
await test.step('Admin deletes user', async () => {
const userRow = page.locator(`text=${deletableUser.email}`).first();
const deleteButton = userRow.locator('..').getByRole('button', { name: /delete/i }).first();
await deleteButton.click();
const confirmButton = page.getByRole('button', { name: /confirm|delete/i }).first();
if (await confirmButton.isVisible()) {
await confirmButton.click();
}
await page.waitForLoadState('networkidle');
});
await test.step('Deleted user attempts login', async () => {
const logoutButton = page.getByRole('button', { name: /logout/i }).first();
if (await logoutButton.isVisible()) {
await logoutButton.click();
await page.waitForURL(/login/);
}
await page.getByLabel(/email/i).fill(deletableUser.email);
await page.getByLabel(/password/i).fill(deletableUser.password);
await page.getByRole('button', { name: /login/i }).click();
await page.waitForLoadState('networkidle');
});
await test.step('Verify login failed with appropriate error', async () => {
const errorMessage = page.getByText(/invalid|failed|incorrect|unauthorized/i).first();
if (await errorMessage.isVisible()) {
await expect(errorMessage).toBeVisible();
} else {
// Should be redirected to login still
const loginForm = page.locator('[data-testid="login-form"], form[class*="login"]').first();
if (await loginForm.isVisible()) {
await expect(loginForm).toBeVisible();
}
}
});
});
// Audit log records entire workflow
test('Audit log records user lifecycle events', async ({ page }) => {
await test.step('Perform workflow actions', async () => {
// Create user
await page.goto('/users', { waitUntil: 'networkidle' });
const addButton = page.getByRole('button', { name: /add|create/i }).first();
await addButton.click();
await page.getByLabel(/email/i).fill(testUser.email);
await page.getByLabel(/name/i).fill(testUser.name);
await page.getByLabel(/password/i).first().fill(testUser.password);
const submit = page.getByRole('button', { name: /create|submit/i }).first();
await submit.click();
await page.waitForLoadState('networkidle');
});
await test.step('Check audit trail for user creation event', async () => {
await page.goto('/audit', { waitUntil: 'networkidle' }).catch(() => {
return page.goto('/admin/audit');
});
const searchInput = page.getByPlaceholder(/search/i).first();
if (await searchInput.isVisible()) {
await searchInput.fill(testUser.email);
await page.waitForLoadState('networkidle');
}
const auditEntries = page.locator('[role="row"]');
const count = await auditEntries.count();
expect(count).toBeGreaterThan(0);
});
await test.step('Verify audit entry shows user details', async () => {
const createdEvent = page.getByText(/created|user.*created/i).first();
if (await createdEvent.isVisible()) {
await expect(createdEvent).toBeVisible();
}
});
});
// User cannot escalate own role
test('User cannot promote self to admin', async ({ page }) => {
await test.step('Create test user', async () => {
await page.goto('/users', { waitUntil: 'networkidle' });
const addButton = page.getByRole('button', { name: /add|create/i }).first();
await addButton.click();
await page.getByLabel(/email/i).fill(testUser.email);
await page.getByLabel(/name/i).fill(testUser.name);
await page.getByLabel(/password/i).first().fill(testUser.password);
const submitButton = page.getByRole('button', { name: /create|submit/i }).first();
await submitButton.click();
await page.waitForLoadState('networkidle');
});
await test.step('User attempts to modify own role', async () => {
// Logout admin
const logoutButton = page.getByRole('button', { name: /logout/i }).first();
await logoutButton.click();
await page.waitForURL(/login/);
// Login as user
await page.getByLabel(/email/i).fill(testUser.email);
await page.getByLabel(/password/i).fill(testUser.password);
await page.getByRole('button', { name: /login/i }).click();
await page.waitForLoadState('networkidle');
// Try to access user management
await page.goto('/users', { waitUntil: 'networkidle' }).catch(() => {
// May be intercepted/redirected
return Promise.resolve();
});
});
await test.step('Verify user cannot access user management', async () => {
// Should not see users list or get 403
const usersList = page.locator('[data-testid="user-list"]').first();
const errorPage = page.getByText(/access.*denied|forbidden|not allowed/i).first();
const isBlocked =
!(await usersList.isVisible().catch(() => false)) ||
(await errorPage.isVisible().catch(() => false));
expect(isBlocked).toBe(true);
});
});
// Multiple users isolated data
test('Users see only their own data', async ({ page }) => {
const user1 = {
email: 'user1@test.local',
name: 'User 1',
password: 'User1Pass123!',
};
const user2 = {
email: 'user2@test.local',
name: 'User 2',
password: 'User2Pass123!',
};
await test.step('Create first user', async () => {
await page.goto('/users', { waitUntil: 'networkidle' });
const addButton = page.getByRole('button', { name: /add|create/i }).first();
await addButton.click();
await page.getByLabel(/email/i).fill(user1.email);
await page.getByLabel(/name/i).fill(user1.name);
await page.getByLabel(/password/i).first().fill(user1.password);
const submitButton = page.getByRole('button', { name: /create|submit/i }).first();
await submitButton.click();
await page.waitForLoadState('networkidle');
});
await test.step('Create second user', async () => {
const addButton = page.getByRole('button', { name: /add|create/i }).first();
await addButton.click();
await page.getByLabel(/email/i).fill(user2.email);
await page.getByLabel(/name/i).fill(user2.name);
await page.getByLabel(/password/i).first().fill(user2.password);
const submitButton = page.getByRole('button', { name: /create|submit/i }).first();
await submitButton.click();
await page.waitForLoadState('networkidle');
});
await test.step('User1 logs in and verifies data isolation', async () => {
const logoutButton = page.getByRole('button', { name: /logout/i }).first();
await logoutButton.click();
await page.waitForURL(/login/);
await page.getByLabel(/email/i).fill(user1.email);
await page.getByLabel(/password/i).fill(user1.password);
await page.getByRole('button', { name: /login/i }).click();
await page.waitForLoadState('networkidle');
// User1 should see their profile but not User2's
const user1Profile = page.getByText(user1.name).first();
if (await user1Profile.isVisible()) {
await expect(user1Profile).toBeVisible();
}
});
});
// User logout → login as different user → resources isolated
test('Session isolation after logout and re-login', async ({ page }) => {
await test.step('Login as first user', async () => {
await page.goto('/', { waitUntil: 'networkidle' });
const emailInput = page.getByLabel(/email/i);
const passwordInput = page.getByLabel(/password/i);
await emailInput.fill(adminEmail);
await passwordInput.fill(TEST_PASSWORD);
const loginButton = page.getByRole('button', { name: /login/i });
await loginButton.click();
await page.waitForLoadState('networkidle');
});
await test.step('Note session storage', async () => {
const token = await page.evaluate(() => localStorage.getItem('token'));
expect(token).toBeTruthy();
});
await test.step('Logout', async () => {
const logoutButton = page.getByRole('button', { name: /logout/i }).first();
if (await logoutButton.isVisible()) {
await logoutButton.click();
await page.waitForURL(/login/);
}
});
await test.step('Verify session cleared', async () => {
const token = await page.evaluate(() => localStorage.getItem('token'));
expect(token).toBeFalsy();
});
await test.step('Login as different user', async () => {
const emailInput = page.getByLabel(/email/i);
const passwordInput = page.getByLabel(/password/i);
await emailInput.fill(testUser.email);
await passwordInput.fill(testUser.password);
const loginButton = page.getByRole('button', { name: /login/i });
await loginButton.click();
await page.waitForLoadState('networkidle');
});
await test.step('Verify new session established', async () => {
const token = await page.evaluate(() => localStorage.getItem('token'));
expect(token).toBeTruthy();
const dashboard = page.locator('[role="main"]').first();
await expect(dashboard).toBeVisible();
});
});
});
Reference in New Issue View Git Blame Copy Permalink