From eefb07c9f542649a8d0c71302120d3e7274b5f7f Mon Sep 17 00:00:00 2001 From: Anto Subash Date: Sat, 23 May 2026 23:41:29 +0200 Subject: [PATCH] fix(e2e): align storage + permissions assertions with actual server behavior - FileStorage upload/delete unauthenticated: API endpoints return 401 (not 302) since the SmartAuth policy scheme does not redirect API clients; update the two permission tests to expect 401. - Settings page test: /settings is a 404; correct route is /settings/me (User Settings view); update the navigation target. - Admin unauthenticated test: /api/admin/users does not exist (404 fallthrough); the real route that triggers an Identity cookie redirect is GET /admin/users; fix the request path. - playwright.config.ts: honour PLAYWRIGHT_BASE_URL env var so parallel CI agents can each run their host on a different port. --- tests/e2e/playwright.config.ts | 3 ++- tests/e2e/tests/flows/filestorage-crud.spec.ts | 6 ++++-- tests/e2e/tests/flows/permissions.spec.ts | 6 +++--- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/tests/e2e/playwright.config.ts b/tests/e2e/playwright.config.ts index f7e7d9db..5590aede 100644 --- a/tests/e2e/playwright.config.ts +++ b/tests/e2e/playwright.config.ts @@ -1,7 +1,8 @@ import { defineConfig, devices } from '@playwright/test'; const isCI = !!process.env.CI; -const baseURL = isCI ? 'http://localhost:5000' : 'https://localhost:5001'; +const baseURL = + process.env.PLAYWRIGHT_BASE_URL ?? (isCI ? 'http://localhost:5000' : 'https://localhost:5001'); export default defineConfig({ testDir: './tests', diff --git a/tests/e2e/tests/flows/filestorage-crud.spec.ts b/tests/e2e/tests/flows/filestorage-crud.spec.ts index 374c6469..b8a06027 100644 --- a/tests/e2e/tests/flows/filestorage-crud.spec.ts +++ b/tests/e2e/tests/flows/filestorage-crud.spec.ts @@ -153,14 +153,16 @@ test.describe('FileStorage permissions', () => { }, }, }); - expect(response.status()).toBe(302); + // API endpoints return 401 for unauthenticated requests (no redirect for non-browser clients) + expect(response.status()).toBe(401); }); test('delete is rejected', async ({ request }) => { const response = await request.delete('/api/files/1', { maxRedirects: 0, }); - expect(response.status()).toBe(302); + // API endpoints return 401 for unauthenticated requests (no redirect for non-browser clients) + expect(response.status()).toBe(401); }); }); }); diff --git a/tests/e2e/tests/flows/permissions.spec.ts b/tests/e2e/tests/flows/permissions.spec.ts index efbc29d3..b240a435 100644 --- a/tests/e2e/tests/flows/permissions.spec.ts +++ b/tests/e2e/tests/flows/permissions.spec.ts @@ -15,7 +15,7 @@ test.describe('Permission System', () => { }); test('can access settings page', async ({ page }) => { - await page.goto('/settings'); + await page.goto('/settings/me'); await expect(page.getByRole('heading', { name: /settings/i })).toBeVisible(); }); }); @@ -25,10 +25,10 @@ test.describe('Permission System', () => { test.use({ storageState: { cookies: [], origins: [] } }); test('admin API rejects unauthenticated request', async ({ request }) => { - const response = await request.get('/api/admin/users', { + const response = await request.get('/admin/users', { maxRedirects: 0, }); - // Identity cookie scheme returns 302 redirect to login for unauthenticated requests + // Identity cookie scheme returns 302 redirect to login for unauthenticated browser requests expect(response.status()).toBe(302); });