akanealw/caddy-proxy-manager
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
Files
7d61528dad317439e9ebc43b329fb64d93cffa62
caddy-proxy-manager/tests/e2e/auth.spec.ts
fuomag9 7d61528dad Fix login rejection for usernames containing hyphens 
better-auth's default username validator only allows [a-zA-Z0-9_.],
rejecting hyphens with a generic "invalid username or password" error.
Added a custom validator that also permits hyphens.

Closes #112

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-18 12:15:18 +02:00

55 lines
2.5 KiB
TypeScript
Raw Blame History

import { test, expect } from '@playwright/test';
// Auth tests run WITHOUT pre-authenticated state
test.use({ storageState: { cookies: [], origins: [] } });
test.describe('Authentication', () => {
test('unauthenticated access to / redirects to /login', async ({ page }) => {
await page.goto('/');
await expect(page).toHaveURL(/\/login/);
});
test('unauthenticated access to /proxy-hosts redirects to /login', async ({ page }) => {
await page.goto('/proxy-hosts');
await expect(page).toHaveURL(/\/login/);
});
test('/login page renders the login form', async ({ page }) => {
await page.goto('/login');
await expect(page.getByRole('textbox', { name: /username/i })).toBeVisible();
await expect(page.getByRole('textbox', { name: /password/i })).toBeVisible();
await expect(page.getByRole('button', { name: /sign in/i })).toBeVisible();
});
test('/login with wrong password shows an error message', async ({ page }) => {
await page.goto('/login');
await page.getByRole('textbox', { name: /username/i }).fill('testadmin');
await page.getByRole('textbox', { name: /password/i }).fill('WrongPassword!');
await page.getByRole('button', { name: /sign in/i }).click();
// Should show an error and stay on login
await expect(page).toHaveURL(/\/login/);
await expect(page.locator('text=/invalid|error|incorrect/i')).toBeVisible({ timeout: 5000 });
});
test('/login with correct credentials lands on dashboard', async ({ page }) => {
await page.goto('/login');
await page.getByRole('textbox', { name: /username/i }).fill('testadmin');
await page.getByRole('textbox', { name: /password/i }).fill('TestPassword2026!');
await page.getByRole('button', { name: /sign in/i }).click();
// Should redirect away from login
await expect(page).not.toHaveURL(/\/login/, { timeout: 10000 });
});
test('hyphenated username passes validation (not rejected as invalid)', async ({ page }) => {
// Regression test for #112: better-auth default username validator rejects hyphens.
// A non-existent hyphenated user should get 401 (wrong credentials), not 422 (invalid username).
const res = await page.request.post('http://localhost:3000/api/auth/sign-in/username', {
data: { username: 'test-hyphen', password: 'SomePassword123!' },
headers: { 'Content-Type': 'application/json', 'Origin': 'http://localhost:3000' },
});
// 401 = passed validation, user not found → correct
// 422 = username rejected by validator → bug
expect(res.status()).toBe(401);
});
});
Reference in New Issue View Git Blame Copy Permalink