bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dba5250691a0a8e9c450830bad3e0cc46ccb9809
crewli/apps/app/tests/playwright-e2e/utils/auth.ts
bert.hausmans 2dfb1e8bae test(e2e): real-backend 409 conflict contract test (TEST-CONTRACT-001) 
B4 of TEST-INFRA-001 (RFC-WS-FRONTEND-PRIMEVUE Amendment A-1).

- Add api/database/seeders/E2EBaselineSeeder.php — deterministic seed
  for Playwright e2e: e2e@test.local user (org_admin) on a fresh org +
  event + stage + StageDay + artist + engagement + performance
  (version=0). Writes seeded IDs to api/storage/app/e2e-fixtures.json
  so the Playwright fixture can construct API URLs without API
  discovery calls.
- Add apps/app/tests/playwright-e2e/global-setup.ts — runs
  `php artisan migrate:fresh --force --seed` against crewli_test (the
  existing PHPUnit MySQL test DB) before the test suite starts.
  Uses --env=testing to satisfy the dangerous-bash hook's migrate:fresh
  guard.
- Add apps/app/tests/playwright-e2e/utils/fixtures.ts — typed reader
  for e2e-fixtures.json. Cached after first read.
- Add apps/app/tests/playwright-e2e/utils/auth.ts — login helper that
  POSTs /api/v1/auth/login and returns user/org IDs. Uses Bearer-via-
  cookie flow (per api/.../SetAuthCookie.php), not stateful Sanctum.
- Add apps/app/tests/playwright-e2e/timetable/409-conflict.spec.ts —
  the contract test: first move with version=0 returns 200, second
  move with same stale version returns 409 with shape
  `errors.conflict: 'version_mismatch'`. Catches the schema-drift
  bug class that timetable-stabilization B5 surfaced.
- Update apps/app/playwright.config.ts — wire globalSetup, webServer
  for `php artisan serve --port=8001`, baseURL `http://localhost:8001`
  (NOT 127.0.0.1 — auth cookie's domain=localhost requires hostname
  match).
- Update .gitignore — runtime e2e-fixtures.json never committed.

DoD-19 met locally: `pnpm test:e2e` passes against a real Laravel
test server. CI integration deferred to TEST-INFRA-002 (per A-1
amendment).

Constraint: e2e tests share the crewli_test DB with PHPUnit. Running
both concurrently would collide. Documented in ARCH-TESTING.md (B5).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-10 15:24:33 +02:00

61 lines
1.7 KiB
TypeScript
Raw Blame History

import type { APIRequestContext, BrowserContext } from '@playwright/test'
import { readFixtures } from './fixtures'
// Login helper for Playwright e2e tests.
//
// Uses the SPA-style Bearer-via-cookie flow (see
// api/.../Traits/SetAuthCookie.php): POST /api/v1/auth/login returns a
// `crewli_app_token` httpOnly cookie. Subsequent /api/v1/* requests in
// the same browser context carry it automatically because Playwright's
// request fixture inherits cookies from the BrowserContext.
//
// NOT sanctum-stateful (CSRF-cookie + X-XSRF-TOKEN). The custom
// CookieBearerToken middleware (api/bootstrap/app.php) reads the
// auth cookie directly.
export interface LoginResult {
request: APIRequestContext
userId: string
organisationId: string
}
/**
* Authenticates the e2e baseline user against a freshly-seeded
* Laravel test server. Returns the request context (auth cookie set)
* and the user/org IDs from the response.
*/
export async function loginAsBaselineUser(context: BrowserContext): Promise<LoginResult> {
const fixtures = readFixtures()
const response = await context.request.post('/api/v1/auth/login', {
data: {
email: fixtures.user_email,
password: fixtures.user_password,
},
headers: { 'Content-Type': 'application/json' },
})
if (!response.ok()) {
throw new Error(
`Login failed: ${response.status()}${await response.text()}`,
)
}
const body = await response.json() as {
success: boolean
data: {
user: {
id: string
organisations: Array<{ id: string; role: string }>
}
}
}
return {
request: context.request,
userId: body.data.user.id,
organisationId: body.data.user.organisations[0].id,
}
}
Reference in New Issue View Git Blame Copy Permalink