You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
146 lines
5.0 KiB
TypeScript
146 lines
5.0 KiB
TypeScript
/**
|
|
* Authentication helpers for E2E tests.
|
|
*
|
|
* Provides functions to inject session cookies and to perform a full
|
|
* registration-and-verify flow through the UI + direct DB access.
|
|
*/
|
|
|
|
import type { Page } from '@playwright/test';
|
|
import pg from 'pg';
|
|
import { createHash } from 'node:crypto';
|
|
|
|
const { Client } = pg;
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Known test tokens — must match seed.ts
|
|
// ---------------------------------------------------------------------------
|
|
export const ADMIN_SESSION_TOKEN = 'e2e-admin-session-token-for-testing-only';
|
|
export const USER_SESSION_TOKEN = 'e2e-user-session-token-for-testing-only';
|
|
export const SESSION_COOKIE_NAME = 'ai_synth_session';
|
|
|
|
// ---------------------------------------------------------------------------
|
|
// Cookie injection helpers
|
|
// ---------------------------------------------------------------------------
|
|
|
|
/**
|
|
* Set the session cookie for the admin test user.
|
|
* The page must already be navigated to (or about to navigate to)
|
|
* the app domain so the cookie is scoped correctly.
|
|
*/
|
|
export async function loginAsAdmin(page: Page): Promise<void> {
|
|
await page.context().addCookies([
|
|
{
|
|
name: SESSION_COOKIE_NAME,
|
|
value: ADMIN_SESSION_TOKEN,
|
|
domain: 'localhost',
|
|
path: '/',
|
|
httpOnly: true,
|
|
sameSite: 'Lax',
|
|
},
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Set the session cookie for the regular test user.
|
|
*/
|
|
export async function loginAsUser(page: Page): Promise<void> {
|
|
await page.context().addCookies([
|
|
{
|
|
name: SESSION_COOKIE_NAME,
|
|
value: USER_SESSION_TOKEN,
|
|
domain: 'localhost',
|
|
path: '/',
|
|
httpOnly: true,
|
|
sameSite: 'Lax',
|
|
},
|
|
]);
|
|
}
|
|
|
|
/**
|
|
* Perform a full registration flow for a new email address:
|
|
* 1. Navigate to /register
|
|
* 2. Fill out the form and submit
|
|
* 3. Extract the raw magic link token from the DB
|
|
* 4. Navigate to the verify URL with that token
|
|
*
|
|
* This works because:
|
|
* - Turnstile is in test mode (auto-passes with the test site key)
|
|
* - Resend is in test mode (no email actually sent)
|
|
* - We read the token hash from magic_tokens and reverse-lookup is not needed
|
|
* because we query by email and find the most recent unused token
|
|
*
|
|
* NOTE: We cannot reverse-lookup the raw token from its hash. Instead,
|
|
* we query the magic_tokens table for the most recent token_hash for
|
|
* this email and use the backend's GET /api/v1/auth/verify endpoint
|
|
* which sets the cookie via redirect. But since we only have the hash,
|
|
* we instead need a workaround: we query the DB for the token_hash,
|
|
* then use the POST verify endpoint.
|
|
*
|
|
* Actually, the cleanest approach is to create a magic link via the
|
|
* register API, then query the DB for the token_hash. Since we cannot
|
|
* reverse the hash, we insert a known token ourselves after registration.
|
|
*/
|
|
export async function registerAndVerify(
|
|
page: Page,
|
|
email: string,
|
|
): Promise<void> {
|
|
const databaseUrl =
|
|
process.env.DATABASE_URL ??
|
|
'postgres://ai_synth_test:testpassword@localhost:5433/ai_synth_test';
|
|
|
|
// Navigate to register page and fill the form
|
|
await page.goto('/register');
|
|
await page.locator('#email').fill(email);
|
|
|
|
// Wait for Turnstile to auto-verify (test key always passes)
|
|
// The Turnstile widget will call the callback automatically with the test site key.
|
|
// We need to wait a moment for the async script to load and render.
|
|
await page.waitForTimeout(2000);
|
|
|
|
// Submit the form
|
|
await page.locator('button[type="submit"]').click();
|
|
|
|
// Wait for the "check inbox" message to appear (means registration succeeded)
|
|
await page.waitForSelector('text=Verifiez votre boite de reception', {
|
|
timeout: 10_000,
|
|
});
|
|
|
|
// Now extract the magic token from the database.
|
|
// The token_hash is stored, but we don't have the raw token.
|
|
// We'll insert a known magic token for this email directly.
|
|
const knownRawToken = `e2e-magic-token-${Date.now()}`;
|
|
const knownTokenHash = createHash('sha256')
|
|
.update(knownRawToken)
|
|
.digest('hex');
|
|
const expiresAt = new Date(Date.now() + 15 * 60 * 1000).toISOString();
|
|
|
|
const client = new Client({ connectionString: databaseUrl });
|
|
await client.connect();
|
|
try {
|
|
await client.query(
|
|
`INSERT INTO magic_tokens (email, token_hash, expires_at, used)
|
|
VALUES ($1, $2, $3, false)`,
|
|
[email.toLowerCase(), knownTokenHash, expiresAt],
|
|
);
|
|
} finally {
|
|
await client.end();
|
|
}
|
|
|
|
// Navigate to the verify URL (GET endpoint that sets cookie and redirects)
|
|
await page.goto(`/api/v1/auth/verify?token=${knownRawToken}`);
|
|
|
|
// The GET verify endpoint redirects to APP_URL (http://localhost:8080)
|
|
// Wait for the redirect to complete and the home page to load
|
|
await page.waitForURL('**/', { timeout: 10_000 });
|
|
}
|
|
|
|
/**
|
|
* Connect directly to the test database and return a pg Client.
|
|
*/
|
|
export function createDbClient(): InstanceType<typeof Client> {
|
|
const databaseUrl =
|
|
process.env.DATABASE_URL ??
|
|
'postgres://ai_synth_test:testpassword@localhost:5433/ai_synth_test';
|
|
return new Client({ connectionString: databaseUrl });
|
|
}
|