remove demo code
This commit is contained in:
@@ -198,7 +198,7 @@ test.describe('Website Auth Flow - API Integration', () => {
|
||||
expect(session).toBeDefined();
|
||||
});
|
||||
|
||||
test('demo login flow works', async ({ page, context }) => {
|
||||
test('normal login flow works', async ({ page, context }) => {
|
||||
// Clear any existing cookies
|
||||
await context.clearCookies();
|
||||
|
||||
@@ -208,10 +208,13 @@ test.describe('Website Auth Flow - API Integration', () => {
|
||||
// Verify login page loads
|
||||
await expect(page.locator('body')).toBeVisible();
|
||||
|
||||
// Note: Actual demo login form interaction would go here
|
||||
// Note: Actual login form interaction would go here
|
||||
// For now, we'll test the API endpoint directly
|
||||
const response = await page.request.post(`${getWebsiteBaseUrl()}/api/auth/demo-login`, {
|
||||
data: { role: 'driver' }
|
||||
const response = await page.request.post(`${getWebsiteBaseUrl()}/api/auth/login`, {
|
||||
data: {
|
||||
email: 'demo.driver@example.com',
|
||||
password: 'Demo1234!'
|
||||
}
|
||||
});
|
||||
|
||||
expect(response.ok()).toBe(true);
|
||||
@@ -222,24 +225,20 @@ test.describe('Website Auth Flow - API Integration', () => {
|
||||
expect(gpSession).toBeDefined();
|
||||
});
|
||||
|
||||
test('auth API handles different roles correctly', async ({ page }) => {
|
||||
const roles = ['driver', 'sponsor', 'admin'] as const;
|
||||
|
||||
for (const role of roles) {
|
||||
const response = await page.request.post(`${getWebsiteBaseUrl()}/api/auth/demo-login`, {
|
||||
data: { role }
|
||||
});
|
||||
|
||||
expect(response.ok()).toBe(true);
|
||||
|
||||
const session = await response.json();
|
||||
expect(session.user).toBeDefined();
|
||||
|
||||
// Verify role-specific data
|
||||
if (role === 'sponsor') {
|
||||
expect(session.user.sponsorId).toBeDefined();
|
||||
test('auth API handles login with seeded credentials', async ({ page }) => {
|
||||
// Test normal login with seeded demo user credentials
|
||||
const response = await page.request.post(`${getWebsiteBaseUrl()}/api/auth/login`, {
|
||||
data: {
|
||||
email: 'demo.driver@example.com',
|
||||
password: 'Demo1234!'
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
expect(response.ok()).toBe(true);
|
||||
|
||||
const session = await response.json();
|
||||
expect(session.user).toBeDefined();
|
||||
expect(session.user.email).toBe('demo.driver@example.com');
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
@@ -6,16 +6,7 @@ export type WebsiteAuthContext = 'public' | 'auth' | 'admin' | 'sponsor';
|
||||
export type WebsiteSessionDriftMode = 'invalid-cookie' | 'expired' | 'missing-sponsor-id';
|
||||
export type WebsiteFaultMode = 'null-array' | 'missing-field' | 'invalid-date';
|
||||
|
||||
type DemoLoginRole =
|
||||
| 'driver'
|
||||
| 'sponsor'
|
||||
| 'league-owner'
|
||||
| 'league-steward'
|
||||
| 'league-admin'
|
||||
| 'system-owner'
|
||||
| 'super-admin';
|
||||
|
||||
const demoSessionCookieCache = new Map<DemoLoginRole, string>();
|
||||
const demoSessionCookieCache = new Map<string, string>();
|
||||
|
||||
export function authContextForAccess(access: RouteAccess): WebsiteAuthContext {
|
||||
if (access === 'public') return 'public';
|
||||
@@ -33,23 +24,8 @@ function getWebsiteBaseUrl(): string {
|
||||
return 'http://localhost:3100';
|
||||
}
|
||||
|
||||
function demoLoginRoleForAuthContext(auth: WebsiteAuthContext): DemoLoginRole | null {
|
||||
switch (auth) {
|
||||
case 'public':
|
||||
return null;
|
||||
case 'auth':
|
||||
return 'driver';
|
||||
case 'sponsor':
|
||||
return 'sponsor';
|
||||
case 'admin':
|
||||
// Website "admin" pages need an elevated role; use the strongest demo role.
|
||||
return 'super-admin';
|
||||
default: {
|
||||
const exhaustive: never = auth;
|
||||
return exhaustive;
|
||||
}
|
||||
}
|
||||
}
|
||||
// Note: All authenticated contexts use the same seeded demo driver user
|
||||
// Role-based access control is tested separately in integration tests
|
||||
|
||||
function extractCookieValue(setCookieHeader: string, cookieName: string): string | null {
|
||||
// set-cookie header value: "name=value; Path=/; HttpOnly; ..."
|
||||
@@ -58,24 +34,27 @@ function extractCookieValue(setCookieHeader: string, cookieName: string): string
|
||||
return match?.[1] ?? null;
|
||||
}
|
||||
|
||||
async function ensureDemoSessionCookie(role: DemoLoginRole): Promise<string> {
|
||||
const cached = demoSessionCookieCache.get(role);
|
||||
async function ensureNormalSessionCookie(): Promise<string> {
|
||||
const cached = demoSessionCookieCache.get('driver');
|
||||
if (cached) return cached;
|
||||
|
||||
const baseUrl = getWebsiteBaseUrl();
|
||||
const url = `${baseUrl}/api/auth/demo-login`;
|
||||
const url = `${baseUrl}/api/auth/login`;
|
||||
|
||||
const response = await fetch(url, {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'content-type': 'application/json',
|
||||
},
|
||||
body: JSON.stringify({ role }),
|
||||
body: JSON.stringify({
|
||||
email: 'demo.driver@example.com',
|
||||
password: 'Demo1234!',
|
||||
}),
|
||||
});
|
||||
|
||||
if (!response.ok) {
|
||||
const body = await response.text().catch(() => '');
|
||||
throw new Error(`Smoke demo-login failed for role=${role}. ${response.status} ${response.statusText}. ${body}`);
|
||||
throw new Error(`Normal login failed. ${response.status} ${response.statusText}. ${body}`);
|
||||
}
|
||||
|
||||
// In Node (playwright runner) `headers.get('set-cookie')` returns a single comma-separated string.
|
||||
@@ -91,18 +70,18 @@ async function ensureDemoSessionCookie(role: DemoLoginRole): Promise<string> {
|
||||
const gpSessionPair = cookieHeaderPairs.find((pair) => pair.startsWith('gp_session='));
|
||||
if (!gpSessionPair) {
|
||||
throw new Error(
|
||||
`Smoke demo-login did not return gp_session cookie for role=${role}. set-cookie header: ${rawSetCookie}`,
|
||||
`Normal login did not return gp_session cookie. set-cookie header: ${rawSetCookie}`,
|
||||
);
|
||||
}
|
||||
|
||||
const gpSessionValue = extractCookieValue(gpSessionPair, 'gp_session');
|
||||
if (!gpSessionValue) {
|
||||
throw new Error(
|
||||
`Smoke demo-login returned a gp_session cookie, but it could not be parsed for role=${role}. Pair: ${gpSessionPair}`,
|
||||
`Normal login returned a gp_session cookie, but it could not be parsed. Pair: ${gpSessionPair}`,
|
||||
);
|
||||
}
|
||||
|
||||
demoSessionCookieCache.set(role, gpSessionValue);
|
||||
demoSessionCookieCache.set('driver', gpSessionValue);
|
||||
return gpSessionValue;
|
||||
}
|
||||
|
||||
@@ -128,12 +107,10 @@ export async function setWebsiteAuthContext(
|
||||
return;
|
||||
}
|
||||
|
||||
const demoRole = demoLoginRoleForAuthContext(auth);
|
||||
if (!demoRole) {
|
||||
throw new Error(`Expected a demo role for auth context ${auth}`);
|
||||
}
|
||||
|
||||
const gpSessionValue = await ensureDemoSessionCookie(demoRole);
|
||||
// For authenticated contexts, use normal login with seeded demo user
|
||||
// Note: All auth contexts use the same seeded demo driver user for simplicity
|
||||
// Role-based access control is tested separately in integration tests
|
||||
const gpSessionValue = await ensureNormalSessionCookie();
|
||||
|
||||
// Only set gp_session cookie (no demo mode or sponsor cookies)
|
||||
// For Docker/local testing, ensure cookies work with localhost
|
||||
|
||||
@@ -22,8 +22,8 @@ export async function setWebsiteAuthContext(
|
||||
const base = { domain, path: '/' };
|
||||
|
||||
// The website uses `gp_session` cookie for authentication
|
||||
// For smoke tests, we now use demo login API to get real session cookies
|
||||
// instead of static cookie values
|
||||
// For smoke tests, we use normal login API with seeded demo user credentials
|
||||
// to get real session cookies
|
||||
|
||||
if (auth === 'public') {
|
||||
// No authentication needed
|
||||
@@ -31,46 +31,33 @@ export async function setWebsiteAuthContext(
|
||||
return;
|
||||
}
|
||||
|
||||
// For authenticated contexts, we need to perform a demo login
|
||||
// For authenticated contexts, we need to perform a normal login
|
||||
// This ensures we get real session cookies with proper structure
|
||||
// Note: All auth contexts use the same seeded demo driver user for simplicity
|
||||
// Role-based access control is tested separately in integration tests
|
||||
|
||||
// Determine which demo role to use based on auth context
|
||||
let demoRole: string;
|
||||
switch (auth) {
|
||||
case 'sponsor':
|
||||
demoRole = 'sponsor';
|
||||
break;
|
||||
case 'admin':
|
||||
demoRole = 'league-admin'; // Real admin role from AuthSessionDTO
|
||||
break;
|
||||
case 'auth':
|
||||
default:
|
||||
demoRole = 'driver';
|
||||
break;
|
||||
}
|
||||
|
||||
// Call the demo login API directly (not through Next.js rewrite)
|
||||
// This bypasses any proxy/cookie issues
|
||||
const response = await fetch('http://localhost:3101/auth/demo-login', {
|
||||
// Call the normal login API with seeded demo user credentials
|
||||
// Use demo.driver@example.com for all auth contexts (driver role)
|
||||
const response = await fetch('http://localhost:3101/auth/login', {
|
||||
method: 'POST',
|
||||
headers: {
|
||||
'Content-Type': 'application/json',
|
||||
},
|
||||
body: JSON.stringify({
|
||||
role: demoRole,
|
||||
rememberMe: true
|
||||
email: 'demo.driver@example.com',
|
||||
password: 'Demo1234!',
|
||||
}),
|
||||
credentials: 'include',
|
||||
});
|
||||
|
||||
if (!response.ok) {
|
||||
throw new Error(`Demo login failed: ${response.status}`);
|
||||
throw new Error(`Normal login failed: ${response.status}`);
|
||||
}
|
||||
|
||||
// Extract cookies from the response
|
||||
const setCookieHeader = response.headers.get('set-cookie');
|
||||
if (!setCookieHeader) {
|
||||
throw new Error('No cookies set by demo login');
|
||||
throw new Error('No cookies set by normal login');
|
||||
}
|
||||
|
||||
// Parse the Set-Cookie headers
|
||||
|
||||
Reference in New Issue
Block a user