counterweight/arbret
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

merged tests

Browse source
This commit is contained in:
counterweight 2025-12-24 23:52:52 +01:00
parent 4be45f8f7c
commit 67ffe6a823
Signed by: counterweight
GPG key ID: 883EDBAA726BD96C
7 changed files with 212 additions and 599 deletions
Download patch file Download diff file Expand all files Collapse all files

79
frontend/e2e/admin-invites.spec.ts
View file

@ -21,14 +21,12 @@ test.describe("Admin Invites Page", () => {
await loginAsAdmin(page);
});
test("admin can access invites page", async ({ page }) => {
test("admin can access invites page and UI elements are correct", async ({ page }) => {
await page.goto("/admin/invites");
// Check page headings
await expect(page.getByRole("heading", { name: "Create Invite" })).toBeVisible();
await expect(page.getByRole("heading", { name: "All Invites" })).toBeVisible();
});
test("godfather selection is a dropdown with users, not a number input", async ({ page }) => {
await page.goto("/admin/invites");
// The godfather selector should be a <select> element, not an <input type="number">
const selectElement = page.locator("select").first();
@ -49,28 +47,7 @@ test.describe("Admin Invites Page", () => {
await expect(numberInput).toHaveCount(0);
});
test("can create invite by selecting user from dropdown", async ({ page }) => {
await page.goto("/admin/invites");
// Wait for page to load
await page.waitForSelector("select");
// Select the regular user as godfather
const godfatherSelect = page.locator("select").first();
await godfatherSelect.selectOption({ label: REGULAR_USER_EMAIL });
// Click create invite
await page.click('button:has-text("Create Invite")');
// Wait for the invite to appear in the table
await expect(page.locator("table")).toContainText(REGULAR_USER_EMAIL);
// Verify an invite code appears (format: word-word-NN)
const inviteCodeCell = page.locator("td").first();
await expect(inviteCodeCell).toHaveText(/^[a-z]+-[a-z]+-\d{2}$/);
});
test("create button is disabled when no user selected", async ({ page }) => {
test("can create invite with proper button state management", async ({ page }) => {
await page.goto("/admin/invites");
// Wait for page to load
@ -86,9 +63,19 @@ test.describe("Admin Invites Page", () => {
// Now the button should be enabled
await expect(createButton).toBeEnabled();
// Click create invite
await page.click('button:has-text("Create Invite")');
// Wait for the invite to appear in the table
await expect(page.locator("table")).toContainText(REGULAR_USER_EMAIL);
// Verify an invite code appears (format: word-word-NN)
const inviteCodeCell = page.locator("td").first();
await expect(inviteCodeCell).toHaveText(/^[a-z]+-[a-z]+-\d{2}$/);
});
test("can revoke a ready invite", async ({ page }) => {
test("can revoke invite and filter by status", async ({ page }) => {
await page.goto("/admin/invites");
await page.waitForSelector("select");
@ -96,6 +83,7 @@ test.describe("Admin Invites Page", () => {
const godfatherSelect = page.locator("select").first();
await godfatherSelect.selectOption({ label: REGULAR_USER_EMAIL });
await page.click('button:has-text("Create Invite")');
await expect(page.locator("table")).toContainText("ready");
// Wait for the new invite to appear and capture its code
// The new invite should be the first row with godfather = REGULAR_USER_EMAIL and status = ready
@ -115,35 +103,30 @@ test.describe("Admin Invites Page", () => {
// Verify this specific invite now shows "revoked"
const revokedRow = page.locator("tr").filter({ hasText: inviteCode! });
await expect(revokedRow).toContainText("revoked");
});
test("status filter works", async ({ page }) => {
await page.goto("/admin/invites");
await page.waitForSelector("select");
// Create an invite
const godfatherSelect = page.locator("select").first();
await godfatherSelect.selectOption({ label: REGULAR_USER_EMAIL });
await page.click('button:has-text("Create Invite")');
await expect(page.locator("table")).toContainText("ready");
// Filter by "revoked" status - should show no ready invites
// Test status filter - filter by "revoked" status
const statusFilter = page.locator("select").nth(1); // Second select is the status filter
await statusFilter.selectOption("revoked");
// Wait for the filter to apply
await page.waitForResponse((resp) => resp.url().includes("status=revoked"));
// Filter by "ready" status - should show our invite
// Filter by "ready" status - should show our invite (if we create another one)
await statusFilter.selectOption("ready");
await page.waitForResponse((resp) => resp.url().includes("status=ready"));
await expect(page.locator("table")).toContainText("ready");
});
});
test.describe("Admin Invites Access Control", () => {
test("regular user cannot access admin invites page", async ({ page }) => {
// Login as regular user
test("regular user and unauthenticated user cannot access admin invites page", async ({
page,
}) => {
// Test unauthenticated access
await page.context().clearCookies();
await page.goto("/admin/invites");
await expect(page).toHaveURL("/login");
// Test regular user access
await page.goto("/login");
await page.fill('input[type="email"]', REGULAR_USER_EMAIL);
await page.fill('input[type="password"]', "user123");
@ -156,12 +139,4 @@ test.describe("Admin Invites Access Control", () => {
// Should be redirected away (to home page based on fallbackRedirect)
await expect(page).not.toHaveURL("/admin/invites");
});
test("unauthenticated user cannot access admin invites page", async ({ page }) => {
await page.context().clearCookies();
await page.goto("/admin/invites");
// Should be redirected to login
await expect(page).toHaveURL("/login");
});
});

157
frontend/e2e/auth.spec.ts
View file

@ -44,43 +44,39 @@ test.describe("Authentication Flow", () => {
await clearAuth(page);
});
test("redirects to login when not authenticated", async ({ page }) => {
test("redirects to login when not authenticated and auth pages have correct UI", async ({
page,
}) => {
// Test redirect
await page.goto("/");
await expect(page).toHaveURL("/login");
});
test("login page has correct form elements", async ({ page }) => {
// Test login page UI
await page.goto("/login");
await expect(page.locator("h1")).toHaveText("Welcome back");
await expect(page.locator('input[type="email"]')).toBeVisible();
await expect(page.locator('input[type="password"]')).toBeVisible();
await expect(page.locator('button[type="submit"]')).toHaveText("Sign in");
await expect(page.locator('a[href="/signup"]')).toBeVisible();
});
test("signup page has invite code form", async ({ page }) => {
await page.goto("/signup");
// Test navigation to signup
await page.click('a[href="/signup"]');
await expect(page).toHaveURL("/signup");
// Test signup page UI
await expect(page.locator("h1")).toHaveText("Join with Invite");
await expect(page.locator("input#inviteCode")).toBeVisible();
await expect(page.locator('button[type="submit"]')).toHaveText("Continue");
await expect(page.locator('a[href="/login"]')).toBeVisible();
});
test("can navigate from login to signup", async ({ page }) => {
await page.goto("/login");
await page.click('a[href="/signup"]');
await expect(page).toHaveURL("/signup");
});
test("can navigate from signup to login", async ({ page }) => {
await page.goto("/signup");
// Test navigation back to login
await page.click('a[href="/login"]');
await expect(page).toHaveURL("/login");
});
});
test.describe("Logged-in User Visiting Invite URL", () => {
test("redirects to exchange when logged-in user visits direct invite URL", async ({
test("redirects to exchange when logged-in user visits invite URL or signup page", async ({
page,
request,
}) => {
@ -105,26 +101,6 @@ test.describe("Logged-in User Visiting Invite URL", () => {
// Visit invite URL while logged in - should redirect to exchange
await page.goto(`/signup/${anotherInvite}`);
await expect(page).toHaveURL("/exchange");
});
test("redirects to exchange when logged-in user visits signup page", async ({
page,
request,
}) => {
const email = uniqueEmail();
const inviteCode = await createInvite(request);
// Sign up and stay logged in
await page.goto("/signup");
await page.fill("input#inviteCode", inviteCode);
await page.click('button[type="submit"]');
await expect(page.locator("h1")).toHaveText("Create account");
await page.fill("input#email", email);
await page.fill("input#password", "password123");
await page.fill("input#confirmPassword", "password123");
await page.click('button[type="submit"]');
await expect(page).toHaveURL("/exchange");
// Try to visit signup page while logged in - should redirect to exchange
await page.goto("/signup");
@ -194,37 +170,29 @@ test.describe("Signup with Invite", () => {
await expect(page.getByText(/not found/i)).toBeVisible();
});
test("shows error for password mismatch", async ({ page, request }) => {
test("shows validation errors for password mismatch and short password", async ({
page,
request,
}) => {
const inviteCode = await createInvite(request);
await page.goto("/signup");
await page.fill("input#inviteCode", inviteCode);
await page.click('button[type="submit"]');
await expect(page.locator("h1")).toHaveText("Create account");
// Test password mismatch
await page.fill("input#email", uniqueEmail());
await page.fill("input#password", "password123");
await page.fill("input#confirmPassword", "differentpassword");
await page.click('button[type="submit"]');
await expect(page.getByText("Passwords do not match")).toBeVisible();
});
test("shows error for short password", async ({ page, request }) => {
const inviteCode = await createInvite(request);
await page.goto("/signup");
await page.fill("input#inviteCode", inviteCode);
await page.click('button[type="submit"]');
await expect(page.locator("h1")).toHaveText("Create account");
// Test short password
await page.fill("input#email", uniqueEmail());
await page.fill("input#password", "short");
await page.fill("input#confirmPassword", "short");
await page.click('button[type="submit"]');
await expect(page.getByText("Password must be at least 6 characters")).toBeVisible();
});
});
@ -263,21 +231,19 @@ test.describe("Login", () => {
await expect(page.getByRole("heading", { name: "Exchange Bitcoin" })).toBeVisible();
});
test("shows error for wrong password", async ({ page }) => {
test("shows error for wrong password and non-existent user", async ({ page }) => {
// Test wrong password
await page.goto("/login");
await page.fill('input[type="email"]', testEmail);
await page.fill('input[type="password"]', "wrongpassword");
await page.click('button[type="submit"]');
await expect(page.getByText("Incorrect email or password")).toBeVisible();
});
test("shows error for non-existent user", async ({ page }) => {
// Test non-existent user
await page.goto("/login");
await page.fill('input[type="email"]', "nonexistent@example.com");
await page.fill('input[type="password"]', "password123");
await page.click('button[type="submit"]');
await expect(page.getByText("Incorrect email or password")).toBeVisible();
});
@ -293,7 +259,7 @@ test.describe("Login", () => {
});
test.describe("Logout", () => {
test("can logout", async ({ page, request }) => {
test("can logout and cannot access protected pages after logout", async ({ page, request }) => {
const email = uniqueEmail();
const inviteCode = await createInvite(request);
@ -311,29 +277,6 @@ test.describe("Logout", () => {
// Click logout
await page.click("text=Sign out");
// Should redirect to login
await expect(page).toHaveURL("/login");
});
test("cannot access home after logout", async ({ page, request }) => {
const email = uniqueEmail();
const inviteCode = await createInvite(request);
// Sign up
await page.goto("/signup");
await page.fill("input#inviteCode", inviteCode);
await page.click('button[type="submit"]');
await expect(page.locator("h1")).toHaveText("Create account");
await page.fill("input#email", email);
await page.fill("input#password", "password123");
await page.fill("input#confirmPassword", "password123");
await page.click('button[type="submit"]');
await expect(page).toHaveURL("/exchange");
// Logout
await page.click("text=Sign out");
await expect(page).toHaveURL("/login");
// Try to access exchange (protected page)
@ -343,7 +286,10 @@ test.describe("Logout", () => {
});
test.describe("Session Persistence", () => {
test("session persists after page reload", async ({ page, request }) => {
test("session persists after page reload and cookies are managed correctly", async ({
page,
request,
}) => {
const email = uniqueEmail();
const inviteCode = await createInvite(request);
@ -360,56 +306,23 @@ test.describe("Session Persistence", () => {
await expect(page).toHaveURL("/exchange");
await expect(page.getByRole("heading", { name: "Exchange Bitcoin" })).toBeVisible();
// Reload page
await page.reload();
// Should still be logged in on exchange page
await expect(page).toHaveURL("/exchange");
await expect(page.getByRole("heading", { name: "Exchange Bitcoin" })).toBeVisible();
});
test("auth cookie is set after signup", async ({ page, request }) => {
const email = uniqueEmail();
const inviteCode = await createInvite(request);
await page.goto("/signup");
await page.fill("input#inviteCode", inviteCode);
await page.click('button[type="submit"]');
await expect(page.locator("h1")).toHaveText("Create account");
await page.fill("input#email", email);
await page.fill("input#password", "password123");
await page.fill("input#confirmPassword", "password123");
await page.click('button[type="submit"]');
await expect(page).toHaveURL("/exchange");
// Check cookies
const cookies = await page.context().cookies();
const authCookie = cookies.find((c) => c.name === "auth_token");
// Check cookies are set after signup
let cookies = await page.context().cookies();
let authCookie = cookies.find((c) => c.name === "auth_token");
expect(authCookie).toBeTruthy();
expect(authCookie!.httpOnly).toBe(true);
});
test("auth cookie is cleared on logout", async ({ page, request }) => {
const email = uniqueEmail();
const inviteCode = await createInvite(request);
await page.goto("/signup");
await page.fill("input#inviteCode", inviteCode);
await page.click('button[type="submit"]');
await expect(page.locator("h1")).toHaveText("Create account");
await page.fill("input#email", email);
await page.fill("input#password", "password123");
await page.fill("input#confirmPassword", "password123");
await page.click('button[type="submit"]');
// Reload page - session should persist
await page.reload();
await expect(page).toHaveURL("/exchange");
await expect(page.getByRole("heading", { name: "Exchange Bitcoin" })).toBeVisible();
// Logout and verify cookie is cleared
await page.click("text=Sign out");
await expect(page).toHaveURL("/login");
const cookies = await page.context().cookies();
const authCookie = cookies.find((c) => c.name === "auth_token");
cookies = await page.context().cookies();
authCookie = cookies.find((c) => c.name === "auth_token");
expect(!authCookie || authCookie.value === "").toBe(true);
});
});

76
frontend/e2e/availability.spec.ts
View file

@ -21,40 +21,25 @@ test.describe("Availability Page - Admin Access", () => {
await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);
});
test("admin can access availability page", async ({ page }) => {
await page.goto("/admin/availability");
test("admin can access availability page and UI elements work", async ({ page }) => {
// Test navigation link
await page.goto("/admin/trades");
const availabilityLink = page.locator('a[href="/admin/availability"]');
await expect(availabilityLink).toBeVisible();
// Test page access and structure
await page.goto("/admin/availability");
await expect(page).toHaveURL("/admin/availability");
await expect(page.getByRole("heading", { name: "Availability" })).toBeVisible();
await expect(page.getByText("Configure your available time slots")).toBeVisible();
});
test("admin sees Availability link in nav", async ({ page }) => {
await page.goto("/admin/trades");
const availabilityLink = page.locator('a[href="/admin/availability"]');
await expect(availabilityLink).toBeVisible();
});
test("availability page shows calendar grid", async ({ page }) => {
await page.goto("/admin/availability");
// Should show tomorrow's date in the calendar
// Test calendar grid
const tomorrowText = getTomorrowDisplay();
await expect(page.getByText(tomorrowText)).toBeVisible();
// Should show "No availability" for days without slots
await expect(page.getByText("No availability").first()).toBeVisible();
});
test("can open edit modal by clicking a day", async ({ page }) => {
await page.goto("/admin/availability");
// Click on the first day card
const tomorrowText = getTomorrowDisplay();
// Test edit modal
await page.getByText(tomorrowText).click();
// Modal should appear
await expect(page.getByRole("heading", { name: /Edit Availability/ })).toBeVisible();
await expect(page.getByRole("button", { name: "Save" })).toBeVisible();
await expect(page.getByRole("button", { name: "Cancel" })).toBeVisible();
@ -205,46 +190,35 @@ test.describe("Availability Page - Admin Access", () => {
});
test.describe("Availability Page - Access Control", () => {
test("regular user cannot access availability page", async ({ page }) => {
test("regular user and unauthenticated user cannot access availability page", async ({
page,
}) => {
// Test unauthenticated access
await clearAuth(page);
await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);
await page.goto("/admin/availability");
await expect(page).toHaveURL("/login");
// Should be redirected (to counter/home for regular users)
await expect(page).not.toHaveURL("/admin/availability");
});
test("regular user does not see Availability link", async ({ page }) => {
await clearAuth(page);
// Test regular user access
await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);
await page.goto("/");
const availabilityLink = page.locator('a[href="/admin/availability"]');
await expect(availabilityLink).toHaveCount(0);
});
test("unauthenticated user redirected to login", async ({ page }) => {
await clearAuth(page);
await page.goto("/admin/availability");
await expect(page).toHaveURL("/login");
await expect(page).not.toHaveURL("/admin/availability");
});
});
test.describe("Availability API", () => {
test("admin can set availability via API", async ({ page, request }) => {
test("admin can set availability via API, regular user cannot", async ({ page, request }) => {
// Test admin API access
await clearAuth(page);
await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);
const cookies = await page.context().cookies();
const authCookie = cookies.find((c) => c.name === "auth_token");
if (authCookie) {
const dateStr = getTomorrowDateStr();
const response = await request.put(`${API_URL}/api/admin/availability`, {
headers: {
Cookie: `auth_token=${authCookie.value}`,
@ -261,27 +235,23 @@ test.describe("Availability API", () => {
expect(data.date).toBe(dateStr);
expect(data.slots).toHaveLength(1);
}
});
test("regular user cannot access availability API", async ({ page, request }) => {
// Test regular user API access
await clearAuth(page);
await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);
const regularCookies = await page.context().cookies();
const regularAuthCookie = regularCookies.find((c) => c.name === "auth_token");
const cookies = await page.context().cookies();
const authCookie = cookies.find((c) => c.name === "auth_token");
if (authCookie) {
if (regularAuthCookie) {
const dateStr = getTomorrowDateStr();
const response = await request.get(
`${API_URL}/api/admin/availability?from=${dateStr}&to=${dateStr}`,
{
headers: {
Cookie: `auth_token=${authCookie.value}`,
Cookie: `auth_token=${regularAuthCookie.value}`,
},
}
);
expect(response.status()).toBe(403);
}
});

219
frontend/e2e/exchange.spec.ts
View file

@ -40,46 +40,32 @@ test.describe("Exchange Page - Regular User Access", () => {
await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);
});
test("regular user can access exchange page", async ({ page }) => {
await page.goto("/exchange");
test("regular user can access exchange page and all UI elements are visible", async ({
page,
}) => {
// Test navigation
await page.goto("/trades");
await expect(page.getByRole("link", { name: "Exchange" })).toBeVisible();
// Test page access
await page.goto("/exchange");
await expect(page).toHaveURL("/exchange");
await expect(page.getByRole("heading", { name: "Exchange Bitcoin" })).toBeVisible();
});
test("regular user sees Exchange link in navigation", async ({ page }) => {
await page.goto("/trades");
await expect(page.getByRole("link", { name: "Exchange" })).toBeVisible();
});
test("exchange page shows price information", async ({ page }) => {
await page.goto("/exchange");
// Should show market and our price
// Test price information
await expect(page.getByText("Market:")).toBeVisible();
await expect(page.getByText("Our price:")).toBeVisible();
});
test("exchange page shows buy/sell toggle", async ({ page }) => {
await page.goto("/exchange");
// Test buy/sell toggle
await expect(page.getByRole("button", { name: "Buy BTC" })).toBeVisible();
await expect(page.getByRole("button", { name: "Sell BTC" })).toBeVisible();
});
test("exchange page shows payment method selector", async ({ page }) => {
await page.goto("/exchange");
// Test payment method selector
await expect(page.getByText("Payment Method")).toBeVisible();
await expect(page.getByRole("button", { name: /Onchain/ })).toBeVisible();
await expect(page.getByRole("button", { name: /Lightning/ })).toBeVisible();
});
test("exchange page shows amount slider", async ({ page }) => {
await page.goto("/exchange");
// Should show amount section
// Test amount slider
await expect(page.getByText("Amount")).toBeVisible();
await expect(page.locator('input[type="range"]')).toBeVisible();
});
@ -127,7 +113,7 @@ test.describe("Exchange Page - With Availability", () => {
await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);
});
test("shows available slots when availability is set", async ({ page }) => {
test("booking flow - shows slots, confirmation form, and trade details", async ({ page }) => {
await page.goto("/exchange");
// Step 1: Click "Continue to Booking" to proceed to step 2
@ -141,59 +127,31 @@ test.describe("Exchange Page - With Availability", () => {
// Wait for "Available Slots" section to appear
await expect(page.getByRole("heading", { name: /Available Slots for/ })).toBeVisible();
// Wait for loading to finish
await expect(page.getByText("Loading slots...")).not.toBeVisible({ timeout: 10000 });
// Should see some slot buttons
const slotButtons = page.locator("button").filter({ hasText: /^\d{1,2}:\d{2}/ });
await expect(slotButtons.first()).toBeVisible({ timeout: 10000 });
});
test("clicking slot shows confirmation form", async ({ page }) => {
await page.goto("/exchange");
// Step 1: Click "Continue to Booking" to proceed to step 2
await page.getByRole("button", { name: "Continue to Booking" }).click();
// Step 2: Use data-testid for reliable date selection
const tomorrowStr = getTomorrowDateStr();
const dateButton = page.getByTestId(`date-${tomorrowStr}`);
await expect(dateButton).toBeEnabled({ timeout: 15000 });
await dateButton.click();
// Wait for any slot to appear
await expect(page.getByText("Loading slots...")).not.toBeVisible({ timeout: 10000 });
const slotButtons = page.locator("button").filter({ hasText: /^\d{1,2}:\d{2}/ });
await expect(slotButtons.first()).toBeVisible({ timeout: 10000 });
// Click first slot
// Click first slot - should show confirmation form
await slotButtons.first().click();
// Should show confirmation form
await expect(page.getByText("Confirm Trade")).toBeVisible();
await expect(page.getByRole("button", { name: /Confirm/ })).toBeVisible();
});
test("confirmation shows trade details", async ({ page }) => {
// Navigate back to exchange and test second slot selection
await page.goto("/exchange");
// Step 1: Click "Continue to Booking" to proceed to step 2
await page.getByRole("button", { name: "Continue to Booking" }).click();
// Step 2: Use data-testid for reliable date selection
const tomorrowStr = getTomorrowDateStr();
const dateButton = page.getByTestId(`date-${tomorrowStr}`);
await expect(dateButton).toBeEnabled({ timeout: 15000 });
await dateButton.click();
// Wait for slots to load
await page.getByTestId(`date-${tomorrowStr}`).click();
await expect(page.getByText("Loading slots...")).not.toBeVisible({ timeout: 10000 });
const slotButtons = page.locator("button").filter({ hasText: /^\d{1,2}:\d{2}/ });
await expect(slotButtons.first()).toBeVisible({ timeout: 10000 });
const slotButtons2 = page.locator("button").filter({ hasText: /^\d{1,2}:\d{2}/ });
await expect(slotButtons2.first()).toBeVisible({ timeout: 10000 });
// Click second slot
await slotButtons.nth(1).click();
// Click second slot if available, otherwise first
if ((await slotButtons2.count()) > 1) {
await slotButtons2.nth(1).click();
} else {
await slotButtons2.first().click();
}
// Should show confirmation with trade details
await expect(page.getByText("Confirm Trade")).toBeVisible();
@ -240,31 +198,19 @@ test.describe("Exchange Page - With Availability", () => {
});
test.describe("Exchange Page - Access Control", () => {
test("admin cannot access exchange page", async ({ page }) => {
test("admin and unauthenticated users cannot access exchange page", async ({ page }) => {
// Test unauthenticated access
await clearAuth(page);
await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);
await page.goto("/exchange");
// Should be redirected away
await expect(page).not.toHaveURL("/exchange");
});
test("admin does not see Exchange link", async ({ page }) => {
await clearAuth(page);
await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);
await page.goto("/admin/trades");
await expect(page.getByRole("link", { name: "Exchange" })).not.toBeVisible();
});
test("unauthenticated user redirected to login", async ({ page }) => {
await clearAuth(page);
await page.goto("/exchange");
await expect(page).toHaveURL("/login");
// Test admin access
await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);
await page.goto("/admin/trades");
await expect(page.getByRole("link", { name: "Exchange" })).not.toBeVisible();
await page.goto("/exchange");
await expect(page).not.toHaveURL("/exchange");
});
});
@ -274,25 +220,17 @@ test.describe("Trades Page", () => {
await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);
});
test("regular user can access trades page", async ({ page }) => {
test("regular user can access trades page and see empty state", async ({ page }) => {
await page.goto("/trades");
await expect(page).toHaveURL("/trades");
await expect(page.getByRole("heading", { name: "My Trades" })).toBeVisible();
});
test("trades page shows empty state when no trades", async ({ page }) => {
await page.goto("/trades");
// Either shows empty state message or trades list
const content = page.locator("body");
await expect(content).toBeVisible();
});
test("trades page shows Start trading link when empty", async ({ page }) => {
await page.goto("/trades");
// Wait for loading to finish - either "Loading trades..." disappears or we see content
// Wait for loading to finish
await expect(page.getByText("Loading trades...")).not.toBeVisible({ timeout: 5000 });
// Check if it shows empty state with link, or trades exist
@ -337,83 +275,62 @@ test.describe("Admin Trades Page", () => {
});
test.describe("Exchange API", () => {
test("regular user can get price via API", async ({ page, request }) => {
test("API access control - regular user can access exchange APIs, admin cannot", async ({
page,
request,
}) => {
// Test regular user can get price
await clearAuth(page);
await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);
const cookies = await page.context().cookies();
const authCookie = cookies.find((c) => c.name === "auth_token");
let cookies = await page.context().cookies();
let authCookie = cookies.find((c) => c.name === "auth_token");
if (authCookie) {
const response = await request.get(`${API_URL}/api/exchange/price`, {
const priceResponse = await request.get(`${API_URL}/api/exchange/price`, {
headers: {
Cookie: `auth_token=${authCookie.value}`,
},
});
expect(priceResponse.status()).toBe(200);
const priceData = await priceResponse.json();
expect(priceData.config).toBeDefined();
expect(priceData.config.eur_min).toBeDefined();
expect(priceData.config.eur_max).toBeDefined();
expect(response.status()).toBe(200);
const data = await response.json();
expect(data.config).toBeDefined();
expect(data.config.eur_min).toBeDefined();
expect(data.config.eur_max).toBeDefined();
// Test regular user can get trades
const tradesResponse = await request.get(`${API_URL}/api/trades`, {
headers: {
Cookie: `auth_token=${authCookie.value}`,
},
});
expect(tradesResponse.status()).toBe(200);
const tradesData = await tradesResponse.json();
expect(Array.isArray(tradesData)).toBe(true);
}
});
test("admin cannot get price via API", async ({ page, request }) => {
// Test admin cannot get price
await clearAuth(page);
await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);
const cookies = await page.context().cookies();
const authCookie = cookies.find((c) => c.name === "auth_token");
cookies = await page.context().cookies();
authCookie = cookies.find((c) => c.name === "auth_token");
if (authCookie) {
const response = await request.get(`${API_URL}/api/exchange/price`, {
const adminPriceResponse = await request.get(`${API_URL}/api/exchange/price`, {
headers: {
Cookie: `auth_token=${authCookie.value}`,
},
});
expect(adminPriceResponse.status()).toBe(403);
expect(response.status()).toBe(403);
}
});
test("regular user can get trades via API", async ({ page, request }) => {
await clearAuth(page);
await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);
const cookies = await page.context().cookies();
const authCookie = cookies.find((c) => c.name === "auth_token");
if (authCookie) {
const response = await request.get(`${API_URL}/api/trades`, {
// Test admin can get upcoming trades
const adminTradesResponse = await request.get(`${API_URL}/api/admin/trades/upcoming`, {
headers: {
Cookie: `auth_token=${authCookie.value}`,
},
});
expect(response.status()).toBe(200);
const data = await response.json();
expect(Array.isArray(data)).toBe(true);
}
});
test("admin can get upcoming trades via API", async ({ page, request }) => {
await clearAuth(page);
await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);
const cookies = await page.context().cookies();
const authCookie = cookies.find((c) => c.name === "auth_token");
if (authCookie) {
const response = await request.get(`${API_URL}/api/admin/trades/upcoming`, {
headers: {
Cookie: `auth_token=${authCookie.value}`,
},
});
expect(response.status()).toBe(200);
const data = await response.json();
expect(Array.isArray(data)).toBe(true);
expect(adminTradesResponse.status()).toBe(200);
const adminTradesData = await adminTradesResponse.json();
expect(Array.isArray(adminTradesData)).toBe(true);
}
});
});

101
frontend/e2e/permissions.spec.ts
View file

@ -64,42 +64,23 @@ test.describe("Regular User Access", () => {
await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);
});
test("redirected from home to exchange page", async ({ page }) => {
test("can access exchange and trades pages with correct navigation", async ({ page }) => {
// Test redirect from home
await page.goto("/");
// Should be redirected to exchange page
await expect(page).toHaveURL("/exchange");
});
test("can access exchange page", async ({ page }) => {
// Test exchange page access
await page.goto("/exchange");
// Should stay on exchange page
await expect(page).toHaveURL("/exchange");
// Should see exchange UI
await expect(page.getByText("Exchange Bitcoin")).toBeVisible();
});
test("can access trades page", async ({ page }) => {
// Test trades page access
await page.goto("/trades");
// Should stay on trades page
await expect(page).toHaveURL("/trades");
// Should see trades UI heading
await expect(page.getByRole("heading", { name: "My Trades" })).toBeVisible();
});
test("navigation shows exchange and trades", async ({ page }) => {
await page.goto("/trades");
// From trades page, we can see the nav links
// "My Trades" is the current page (shown as span, not link)
// "Exchange" should be a link
// Test navigation shows exchange and trades, but not admin links
await expect(page.locator('a[href="/exchange"]').first()).toBeVisible();
// Should NOT see admin links
const adminTradesLinks = page.locator('a[href="/admin/trades"]');
await expect(adminTradesLinks).toHaveCount(0);
});
@ -111,42 +92,26 @@ test.describe("Admin User Access", () => {
await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);
});
test("redirected from home to admin trades", async ({ page }) => {
test("can access admin pages with correct navigation", async ({ page }) => {
// Test redirect from home
await page.goto("/");
// Should be redirected to admin trades page
await expect(page).toHaveURL("/admin/trades");
});
test("can access admin trades page", async ({ page }) => {
// Test admin trades page
await page.goto("/admin/trades");
// Should stay on admin trades page
await expect(page).toHaveURL("/admin/trades");
// Should see trades UI (use heading for specificity)
await expect(page.getByRole("heading", { name: "Trades" })).toBeVisible();
});
test("can access admin availability page", async ({ page }) => {
// Test admin availability page
await page.goto("/admin/availability");
// Should stay on availability page
await expect(page).toHaveURL("/admin/availability");
// Should see availability UI (use heading for specificity)
await expect(page.getByRole("heading", { name: "Availability" })).toBeVisible();
});
test("navigation shows admin links", async ({ page }) => {
// Test navigation shows admin links but not regular user links
await page.goto("/admin/trades");
// Should see admin nav items (use locator for nav links)
await expect(page.locator('a[href="/admin/invites"]')).toBeVisible();
await expect(page.locator('a[href="/admin/availability"]')).toBeVisible();
await expect(page.locator('a[href="/admin/trades"]')).toHaveCount(0); // Current page, shown as text not link
// Should NOT see regular user links
const exchangeLinks = page.locator('a[href="/exchange"]');
await expect(exchangeLinks).toHaveCount(0);
});
@ -157,84 +122,69 @@ test.describe("Unauthenticated Access", () => {
await clearAuth(page);
});
test("home page redirects to login", async ({ page }) => {
test("all protected pages redirect to login", async ({ page }) => {
// Test home page redirect
await page.goto("/");
await expect(page).toHaveURL("/login");
});
test("exchange page redirects to login", async ({ page }) => {
// Test exchange page redirect
await page.goto("/exchange");
await expect(page).toHaveURL("/login");
});
test("admin page redirects to login", async ({ page }) => {
// Test admin page redirect
await page.goto("/admin/trades");
await expect(page).toHaveURL("/login");
});
});
test.describe("Permission Boundary via API", () => {
test("regular user API call to admin trades returns 403", async ({ page, request }) => {
// Login as regular user
test("API calls respect permission boundaries", async ({ page, request }) => {
// Test regular user cannot access admin API
await clearAuth(page);
await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);
// Get cookies
const cookies = await page.context().cookies();
const authCookie = cookies.find((c) => c.name === "auth_token");
let cookies = await page.context().cookies();
let authCookie = cookies.find((c) => c.name === "auth_token");
if (authCookie) {
// Try to call admin trades API directly
const response = await request.get(`${API_URL}/api/admin/trades/upcoming`, {
headers: {
Cookie: `auth_token=${authCookie.value}`,
},
});
expect(response.status()).toBe(403);
}
});
test("admin user API call to exchange price returns 403", async ({ page, request }) => {
// Login as admin
// Test admin cannot access regular user API
await clearAuth(page);
await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);
// Get cookies
const cookies = await page.context().cookies();
const authCookie = cookies.find((c) => c.name === "auth_token");
cookies = await page.context().cookies();
authCookie = cookies.find((c) => c.name === "auth_token");
if (authCookie) {
// Try to call exchange price API directly (requires regular user permission)
const response = await request.get(`${API_URL}/api/exchange/price`, {
headers: {
Cookie: `auth_token=${authCookie.value}`,
},
});
expect(response.status()).toBe(403);
}
});
});
test.describe("Session and Logout", () => {
test("logout clears permissions - cannot access protected pages", async ({ page }) => {
// Login
test("logout clears permissions and tampered cookies are rejected", async ({ page, context }) => {
// Test logout clears permissions
await clearAuth(page);
await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);
await expect(page).toHaveURL("/exchange");
// Logout
await page.click("text=Sign out");
await expect(page).toHaveURL("/login");
// Try to access exchange
await page.goto("/exchange");
await expect(page).toHaveURL("/login");
});
test("cannot access pages with tampered cookie", async ({ page, context }) => {
// Set a fake auth cookie
// Test tampered cookie is rejected
await context.addCookies([
{
name: "auth_token",
@ -244,10 +194,7 @@ test.describe("Session and Logout", () => {
},
]);
// Try to access protected page
await page.goto("/exchange");
// Should be redirected to login
await expect(page).toHaveURL("/login");
});
});

57
frontend/e2e/price-history.spec.ts
View file

@ -2,73 +2,40 @@ import { test, expect } from "@playwright/test";
import { clearAuth, loginUser, REGULAR_USER, ADMIN_USER } from "./helpers/auth";
test.describe("Price History - E2E", () => {
test("admin can view price history page", async ({ page }) => {
test("admin can view and use price history page, regular user cannot access", async ({
page,
}) => {
// Test admin access and navigation
await clearAuth(page);
await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);
await expect(page).toHaveURL("/admin/trades");
await page.goto("/admin/price-history");
// Test navigation link
await expect(page.getByRole("link", { name: "Prices" })).toBeVisible();
await page.getByRole("link", { name: "Prices" }).click();
await expect(page).toHaveURL("/admin/price-history");
// Page title should be visible
// Test page structure
await expect(page.locator("h2")).toContainText("Bitcoin Price History");
// Table should exist
await expect(page.locator("table")).toBeVisible();
// Fetch Now button should exist
await expect(page.getByRole("button", { name: "Fetch Now" })).toBeVisible();
});
test("admin can manually fetch price from Bitfinex", async ({ page }) => {
await clearAuth(page);
await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);
await page.goto("/admin/price-history");
await expect(page).toHaveURL("/admin/price-history");
// Click the Fetch Now button
// Test fetching price
await page.getByRole("button", { name: "Fetch Now" }).click();
// Wait for the button to become enabled again (fetch completed)
await expect(page.getByRole("button", { name: "Fetch Now" })).toBeEnabled({
timeout: 10000,
});
// The table should now contain a record with bitfinex as source
// Verify fetched data
await expect(page.locator("table tbody")).toContainText("bitfinex");
// Should have BTC/EUR pair
await expect(page.locator("table tbody")).toContainText("BTC/EUR");
// Price should be visible and formatted as EUR
// The price cell should contain a € symbol
const priceCell = page.locator("table tbody tr td").nth(2);
await expect(priceCell).toContainText("€");
});
test("regular user cannot access price history page", async ({ page }) => {
// Test regular user cannot access
await clearAuth(page);
await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);
// Try to navigate directly to the admin page
await page.goto("/admin/price-history");
// Should be redirected away (regular users go to /exchange)
await expect(page).toHaveURL("/exchange");
});
test("price history shows in navigation for admin", async ({ page }) => {
await clearAuth(page);
await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);
// Admin should be on admin trades page by default
await expect(page).toHaveURL("/admin/trades");
// Prices nav link should be visible
await expect(page.getByRole("link", { name: "Prices" })).toBeVisible();
// Click on Prices link
await page.getByRole("link", { name: "Prices" }).click();
await expect(page).toHaveURL("/admin/price-history");
});
});

122
frontend/e2e/profile.spec.ts
View file

@ -75,65 +75,39 @@ test.describe("Profile - Regular User Access", () => {
await loginUser(page, REGULAR_USER.email, REGULAR_USER.password);
});
test("can navigate to profile page from exchange", async ({ page }) => {
test("can navigate to profile page and page displays correct elements", async ({ page }) => {
// Test navigation from exchange
await page.goto("/exchange");
// Should see My Profile link
await expect(page.getByText("My Profile")).toBeVisible();
// Click to navigate
await page.click('a[href="/profile"]');
await expect(page).toHaveURL("/profile");
});
test("can navigate to profile page from trades", async ({ page }) => {
// Test navigation from trades
await page.goto("/trades");
// Should see My Profile link
await expect(page.getByText("My Profile")).toBeVisible();
// Click to navigate
await page.click('a[href="/profile"]');
await expect(page).toHaveURL("/profile");
});
test("profile page displays correct elements", async ({ page }) => {
await page.goto("/profile");
// Should see page title
// Test page structure
await expect(page.getByRole("heading", { name: "My Profile" })).toBeVisible();
// Should see login email label with read-only badge
await expect(page.getByText("Login EmailRead only")).toBeVisible();
// Should see contact details section
await expect(page.getByText("Contact Details")).toBeVisible();
await expect(page.getByText(/communication purposes only/i)).toBeVisible();
// Should see all form fields
// Test form fields visibility
await expect(page.getByLabel("Contact Email")).toBeVisible();
await expect(page.getByLabel("Telegram")).toBeVisible();
await expect(page.getByLabel("Signal")).toBeVisible();
await expect(page.getByLabel("Nostr (npub)")).toBeVisible();
});
test("login email is displayed and read-only", async ({ page }) => {
await page.goto("/profile");
// Login email should show the user's email
// Test login email is read-only
const loginEmailInput = page.locator('input[type="email"][disabled]');
await expect(loginEmailInput).toHaveValue(REGULAR_USER.email);
await expect(loginEmailInput).toBeDisabled();
});
test("navigation shows Exchange, My Trades, and My Profile", async ({ page }) => {
await page.goto("/profile");
// Should see all nav items (Exchange and My Trades as links)
// Test navigation links
await expect(page.locator('a[href="/exchange"]')).toBeVisible();
await expect(page.locator('a[href="/trades"]')).toBeVisible();
// My Profile is the page title (h1) since we're on this page
await expect(page.getByRole("heading", { name: "My Profile" })).toBeVisible();
});
});
@ -145,7 +119,7 @@ test.describe("Profile - Form Behavior", () => {
await clearProfileData(page);
});
test("new user has empty profile fields", async ({ page }) => {
test("form state management - empty fields, button states", async ({ page }) => {
await page.goto("/profile");
// All editable fields should be empty
@ -153,28 +127,17 @@ test.describe("Profile - Form Behavior", () => {
await expect(page.getByLabel("Telegram")).toHaveValue("");
await expect(page.getByLabel("Signal")).toHaveValue("");
await expect(page.getByLabel("Nostr (npub)")).toHaveValue("");
});
test("save button is disabled when no changes", async ({ page }) => {
await page.goto("/profile");
// Save button should be disabled
// Save button should be disabled when no changes
const saveButton = page.getByRole("button", { name: /save changes/i });
await expect(saveButton).toBeDisabled();
});
test("save button is enabled after making changes", async ({ page }) => {
await page.goto("/profile");
// Make a change
// Make a change - button should be enabled
await page.fill("#telegram", "@testhandle");
// Save button should be enabled
const saveButton = page.getByRole("button", { name: /save changes/i });
await expect(saveButton).toBeEnabled();
});
test("can save profile and values persist", async ({ page }) => {
test("can save profile, values persist, and can clear fields", async ({ page }) => {
await page.goto("/profile");
// Fill in all fields
@ -185,28 +148,19 @@ test.describe("Profile - Form Behavior", () => {
// Save
await page.click('button:has-text("Save Changes")');
// Should see success message
await expect(page.getByText(/saved successfully/i)).toBeVisible();
// Reload and verify values persist
await page.reload();
await expect(page.getByLabel("Contact Email")).toHaveValue("contact@test.com");
await expect(page.getByLabel("Telegram")).toHaveValue("@testuser");
await expect(page.getByLabel("Signal")).toHaveValue("signal.42");
await expect(page.getByLabel("Nostr (npub)")).toHaveValue(VALID_NPUB);
});
test("can clear a field and save", async ({ page }) => {
await page.goto("/profile");
// First set a value
// Test clearing a field
await page.fill("#telegram", "@initial");
await page.click('button:has-text("Save Changes")');
await expect(page.getByText(/saved successfully/i)).toBeVisible();
// Wait for toast to disappear
await expect(page.getByText(/saved successfully/i)).not.toBeVisible({ timeout: 5000 });
// Clear the field
@ -227,44 +181,23 @@ test.describe("Profile - Validation", () => {
await clearProfileData(page);
});
test("auto-prepends @ for telegram when starting with letter", async ({ page }) => {
test("validation - telegram auto-prepend, errors for invalid inputs", async ({ page }) => {
await page.goto("/profile");
// Type a letter without @ - should auto-prepend @
// Test telegram auto-prepend
await page.fill("#telegram", "testhandle");
// Should show @testhandle in the input
await expect(page.locator("#telegram")).toHaveValue("@testhandle");
});
test("shows error for telegram handle with no characters after @", async ({ page }) => {
await page.goto("/profile");
// Enter telegram with @ but nothing after (needs at least 1 char)
// Test telegram error - no characters after @
await page.fill("#telegram", "@");
// Wait for debounced validation
await page.waitForTimeout(600);
// Should show error about needing at least one character
await expect(page.getByText(/at least one character after @/i)).toBeVisible();
// Save button should be disabled
const saveButton = page.getByRole("button", { name: /save changes/i });
await expect(saveButton).toBeDisabled();
});
test("shows error for invalid npub", async ({ page }) => {
await page.goto("/profile");
// Enter invalid npub
// Test invalid npub
await page.fill("#nostr_npub", "invalidnpub");
// Should show error
await expect(page.getByText(/must start with 'npub1'/i)).toBeVisible();
// Save button should be disabled
const saveButton = page.getByRole("button", { name: /save changes/i });
await expect(saveButton).toBeDisabled();
});
@ -313,35 +246,26 @@ test.describe("Profile - Admin User Access", () => {
await loginUser(page, ADMIN_USER.email, ADMIN_USER.password);
});
test("admin does not see My Profile link", async ({ page }) => {
test("admin cannot access profile page or API", async ({ page, request }) => {
// Admin should not see profile link
await page.goto("/admin/trades");
// Should be on admin trades page
await expect(page).toHaveURL("/admin/trades");
// Should NOT see My Profile link
await expect(page.locator('a[href="/profile"]')).toHaveCount(0);
});
test("admin cannot access profile page - redirected to admin trades", async ({ page }) => {
// Admin should be redirected when accessing profile page
await page.goto("/profile");
// Should be redirected to admin trades
await expect(page).toHaveURL("/admin/trades");
});
test("admin API call to profile returns 403", async ({ page, request }) => {
// Admin API call should return 403
const cookies = await page.context().cookies();
const authCookie = cookies.find((c) => c.name === "auth_token");
if (authCookie) {
// Try to call profile API directly
const response = await request.get(`${API_URL}/api/profile`, {
headers: {
Cookie: `auth_token=${authCookie.value}`,
},
});
expect(response.status()).toBe(403);
}
});
@ -352,12 +276,12 @@ test.describe("Profile - Unauthenticated Access", () => {
await clearAuth(page);
});
test("profile page redirects to login", async ({ page }) => {
test("profile page and API require authentication", async ({ page, request }) => {
// Page redirects to login
await page.goto("/profile");
await expect(page).toHaveURL("/login");
});
test("profile API requires authentication", async ({ page: _page, request }) => {
// API requires authentication
const response = await request.get(`${API_URL}/api/profile`);
expect(response.status()).toBe(401);
});