diff --git a/tests/e2e/tests/flows/filestorage-crud.spec.ts b/tests/e2e/tests/flows/filestorage-crud.spec.ts index 374c6469..b8a06027 100644 --- a/tests/e2e/tests/flows/filestorage-crud.spec.ts +++ b/tests/e2e/tests/flows/filestorage-crud.spec.ts @@ -153,14 +153,16 @@ test.describe('FileStorage permissions', () => { }, }, }); - expect(response.status()).toBe(302); + // API endpoints return 401 for unauthenticated requests (no redirect for non-browser clients) + expect(response.status()).toBe(401); }); test('delete is rejected', async ({ request }) => { const response = await request.delete('/api/files/1', { maxRedirects: 0, }); - expect(response.status()).toBe(302); + // API endpoints return 401 for unauthenticated requests (no redirect for non-browser clients) + expect(response.status()).toBe(401); }); }); }); diff --git a/tests/e2e/tests/flows/permissions.spec.ts b/tests/e2e/tests/flows/permissions.spec.ts index efbc29d3..b240a435 100644 --- a/tests/e2e/tests/flows/permissions.spec.ts +++ b/tests/e2e/tests/flows/permissions.spec.ts @@ -15,7 +15,7 @@ test.describe('Permission System', () => { }); test('can access settings page', async ({ page }) => { - await page.goto('/settings'); + await page.goto('/settings/me'); await expect(page.getByRole('heading', { name: /settings/i })).toBeVisible(); }); }); @@ -25,10 +25,10 @@ test.describe('Permission System', () => { test.use({ storageState: { cookies: [], origins: [] } }); test('admin API rejects unauthenticated request', async ({ request }) => { - const response = await request.get('/api/admin/users', { + const response = await request.get('/admin/users', { maxRedirects: 0, }); - // Identity cookie scheme returns 302 redirect to login for unauthenticated requests + // Identity cookie scheme returns 302 redirect to login for unauthenticated browser requests expect(response.status()).toBe(302); });