Skip to content

Commit 06a137a

Browse files
tjementumtjementum
committed
Update e2e tests
1 parent d0eba76 commit 06a137a

File tree

2 files changed

+119
-86
lines changed

2 files changed

+119
-86
lines changed

application/account-management/WebApp/tests/e2e/login.spec.ts

Lines changed: 11 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,6 @@ test.describe("Login", () => {
1212
const existingUser = tenant.owner;
1313
const context = createTestContext(page);
1414

15-
// === EMAIL VALIDATION EDGE CASES ===
1615
// Act & Assert: Test empty email validation & verify error message
1716
await page.goto("/login");
1817
await expect(page.getByRole("heading", { name: "Hi! Welcome back" })).toBeVisible();
@@ -30,7 +29,6 @@ test.describe("Login", () => {
3029
await page.getByRole("button", { name: "Continue" }).click();
3130
await expect(page).toHaveURL("/login"); // Verify form submission was blocked
3231

33-
// === KEYBOARD NAVIGATION AND ACCESSIBILITY ===
3432
// Act & Assert: Test form submission with Enter key & verify navigation
3533
await page.getByRole("textbox", { name: "Email" }).fill(existingUser.email);
3634
await page.keyboard.press("Enter"); // Submit form using Enter
@@ -44,7 +42,6 @@ test.describe("Login", () => {
4442
const codeInput = page.getByLabel("Login verification code").locator("input").first();
4543
await expect(codeInput).toHaveAttribute("type", "text");
4644

47-
// === WRONG VERIFICATION CODE HANDLING (FROM SMOKE TEST) ===
4845
// Act & Assert: Test wrong verification code & verify error and focus reset
4946
await page.keyboard.type("WRONG1");
5047
await page.getByRole("button", { name: "Verify" }).click();
@@ -58,73 +55,25 @@ test.describe("Login", () => {
5855
await expect(page).toHaveURL("/admin");
5956
await expect(page.getByRole("heading", { name: "Welcome home" })).toBeVisible();
6057

61-
// === LANGUAGE PERSISTENCE WITH RATE LIMITING LOGOUT ===
62-
// Act & Assert: Logout and start fresh login for rate limiting test & verify logout
58+
// Act & Assert: Logout to test security edge cases
6359
await page.getByRole("button", { name: "User profile menu" }).click();
6460
await page.getByRole("menuitem", { name: "Log out" }).click();
6561
await expect(page).toHaveURL("/login?returnPath=%2Fadmin");
6662

67-
// Act & Assert: Change language to Danish before verification attempts & verify language change
68-
await page.getByRole("button", { name: "Select language" }).click();
69-
await page.getByRole("menuitem", { name: "Dansk" }).click();
70-
await expect(page.getByRole("button", { name: "Vælg sprog" })).toBeVisible();
63+
// Act & Assert: Test malicious redirect prevention with external URL
64+
await page.goto("/login?returnPath=http://hacker.com");
65+
await expect(page).toHaveURL("/login");
7166

72-
// Act & Assert: Start new login for rate limiting test & verify navigation
73-
await page.getByRole("textbox", { name: "E-mail" }).fill(existingUser.email);
74-
await page.getByRole("button", { name: "Fortsæt" }).click();
75-
await expect(page).toHaveURL("/login/verify?returnPath=%2Fadmin");
76-
77-
// Act & Assert: First failed attempt & verify error and focus reset
78-
await page.keyboard.type("WRONG1");
79-
await page.getByRole("button", { name: "Bekræft" }).click();
80-
await assertToastMessage(context, 400, "The code is wrong or no longer valid.");
81-
await expect(page.locator('input[autocomplete="one-time-code"]').first()).toBeFocused();
82-
83-
// Act & Assert: Second failed attempt & verify error and focus reset
84-
await page.keyboard.type("WRONG2");
85-
await page.getByRole("button", { name: "Bekræft" }).click();
86-
await assertToastMessage(context, 400, "The code is wrong or no longer valid.");
87-
await expect(page.locator('input[autocomplete="one-time-code"]').first()).toBeFocused();
88-
89-
// Act & Assert: Third failed attempt & verify error and focus reset
90-
await page.keyboard.type("WRONG3");
91-
await page.getByRole("button", { name: "Bekræft" }).click();
92-
await assertToastMessage(context, 400, "The code is wrong or no longer valid.");
93-
await expect(page.locator('input[autocomplete="one-time-code"]').first()).toBeFocused();
94-
95-
// Act & Assert: Fourth failed attempt triggers rate limiting & verify forbidden error
96-
await page.keyboard.type("WRONG4");
97-
await page.getByRole("button", { name: "Bekræft" }).click();
98-
await assertToastMessage(context, "Forbidden", "Too many attempts, please request a new code.");
99-
100-
// Act & Assert: Navigate back to login & verify language persists after rate limiting
101-
await page.goto("/login");
102-
await expect(page.getByRole("heading", { name: "Hej! Velkommen tilbage" })).toBeVisible();
103-
104-
// Act & Assert: Change language on login page & verify update
105-
await page.getByRole("button", { name: "Vælg sprog" }).click();
106-
await page.getByRole("menuitem", { name: "Nederlands" }).click();
107-
await expect(page.getByRole("heading", { name: "Hallo! Welkom terug" })).toBeVisible();
108-
109-
// === NON-EXISTENT USER HANDLING ===
110-
// Act & Assert: Test login with non-existent email & verify navigation to verify page
111-
await page.goto("/login");
112-
const nonExistentEmail = `nonexistent.user.${Date.now()}@platformplatform.net`;
113-
await page.getByRole("textbox", { name: "E-mail" }).fill(nonExistentEmail);
114-
await page.getByRole("button", { name: "Verder" }).click();
67+
// Act & Assert: Test browser back navigation after authenticated session
68+
await page.getByRole("textbox", { name: "Email" }).fill(existingUser.email);
69+
await page.getByRole("button", { name: "Continue" }).click();
11570
await expect(page).toHaveURL("/login/verify");
116-
await expect(page.getByRole("heading", { name: "Voer je verificatiecode in" })).toBeVisible();
117-
118-
// Act & Assert: Verify code fails for non-existent user & verify error
119-
await page.locator('input[autocomplete="one-time-code"]').first().focus();
71+
await expect(page.locator('input[autocomplete="one-time-code"]').first()).toBeFocused();
12072
await page.keyboard.type(getVerificationCode());
121-
await page.getByRole("button", { name: "Verifiëren" }).click();
122-
await assertToastMessage(context, 400, "The code is wrong or no longer valid.");
73+
await expect(page.getByRole("button", { name: "Verify" })).toBeEnabled();
74+
await page.getByRole("button", { name: "Verify" }).click();
75+
await expect(page).toHaveURL("/admin");
12376

124-
// === RETURN PATH VALIDATION ===
125-
// Act & Assert: Go directly to login (rate limiting already logged us out) & verify we're at login
126-
await page.goto("/login");
127-
await expect(page.getByRole("heading", { name: "Hallo! Welkom terug" })).toBeVisible();
12877
});
12978

13079
test("should handle viewport responsiveness and resend functionality", async ({ page }) => {

0 commit comments

Comments
 (0)