SpringUserFrameworkDemoApp/playwright/tests/auth/login.spec.ts at 6f2709af293bc264d36cbdaf7ab7c226ff33bf01 · devondragon/SpringUserFrameworkDemoApp · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
import { test, expect, generateTestUser } from '../../src/fixtures';

test.describe('Login', () => {
  test.describe('Valid Login', () => {
    test('should login with valid credentials', async ({
      page,
      loginPage,
      testApiClient,
      cleanupEmails,
    }) => {
      // Create a verified test user
      const user = generateTestUser('login');
      cleanupEmails.push(user.email);

      await testApiClient.createUser({
        email: user.email,
        password: user.password,
        firstName: user.firstName,
        lastName: user.lastName,
        enabled: true,
      });

      // Login
      await loginPage.loginAndWait(user.email, user.password);

      // Verify redirect to success page
      expect(page.url()).toContain('messageKey=message.login.success');

      // Verify user is logged in
      expect(await loginPage.isLoggedIn()).toBe(true);
    });

    test('should redirect to originally requested page after login', async ({
      page,
      loginPage,
      protectedPage,
      testApiClient,
      cleanupEmails,
    }) => {
      // Create a verified test user
      const user = generateTestUser('login-redirect');
      cleanupEmails.push(user.email);

      await testApiClient.createUser({
        email: user.email,
        password: user.password,
        firstName: user.firstName,
        lastName: user.lastName,
        enabled: true,
      });

      // Try to access protected page
      await protectedPage.goto();

      // Should be redirected to login
      await page.waitForURL('**/login**');

      // Login
      await loginPage.fillCredentials(user.email, user.password);
      await loginPage.submit();

      // Should be redirected to originally requested page or success page
      await page.waitForLoadState('domcontentloaded');
    });
  });

  test.describe('Invalid Login', () => {
    test('should show error for invalid email', async ({ loginPage, page }) => {
      await loginPage.goto();
      await loginPage.fillCredentials('nonexistent@example.com', 'wrongpassword');
      await loginPage.submit();

      // Wait for redirect back to login page with error parameter
      await page.waitForURL('**/login**?error**', { timeout: 10000 });

      // Should remain on login page with error
      expect(await loginPage.hasError()).toBe(true);
    });

    test('should show error for invalid password', async ({
      page,
      loginPage,
      testApiClient,
      cleanupEmails,
    }) => {
      // Create a verified test user
      const user = generateTestUser('login-invalid-pass');
      cleanupEmails.push(user.email);

      await testApiClient.createUser({
        email: user.email,
        password: user.password,
        firstName: user.firstName,
        lastName: user.lastName,
        enabled: true,
      });

      // Try to login with wrong password
      await loginPage.goto();
      await loginPage.fillCredentials(user.email, 'wrongpassword123');
      await loginPage.submit();

      // Wait for redirect back to login page with error parameter
      await page.waitForURL('**/login**?error**', { timeout: 10000 });

      // Should show error
      expect(await loginPage.hasError()).toBe(true);
    });

    test('should show error for empty fields', async ({ loginPage }) => {
      await loginPage.goto();

      // Try to submit with empty fields (HTML5 validation should prevent this)
      // Just verify the form elements exist
      await expect(loginPage.emailInput).toBeVisible();
      await expect(loginPage.passwordInput).toBeVisible();
      await expect(loginPage.submitButton).toBeVisible();
    });
  });

  test.describe('Account Lockout', () => {
    test('should lock account after multiple failed attempts', async ({
      page,
      loginPage,
      testApiClient,
      cleanupEmails,
    }) => {
      // Create a verified test user
      const user = generateTestUser('login-lockout');
      cleanupEmails.push(user.email);

      await testApiClient.createUser({
        email: user.email,
        password: user.password,
        firstName: user.firstName,
        lastName: user.lastName,
        enabled: true,
      });

      // Attempt multiple failed logins (default is 10 attempts before lockout in main config)
      // Test profile has it set to 3
      for (let i = 0; i < 3; i++) {
        await loginPage.goto();
        await loginPage.fillCredentials(user.email, 'wrongpassword');
        await loginPage.submit();
        // Wait for redirect back to login page with error parameter
        await page.waitForURL('**/login**?error**', { timeout: 10000 });
      }

      // Check if account is locked via API
      const details = await testApiClient.getUserDetails(user.email);
      // Note: Lockout may or may not be immediate depending on configuration
      // This test verifies the failed login attempts are tracked
      expect(details.failedLoginAttempts).toBeGreaterThanOrEqual(3);
    });
  });

  test.describe('Unverified User', () => {
    test('should not allow login for unverified user', async ({
      page,
      loginPage,
      testApiClient,
      cleanupEmails,
    }) => {
      // Create an unverified test user
      const user = generateTestUser('login-unverified');
      cleanupEmails.push(user.email);

      await testApiClient.createUser({
        email: user.email,
        password: user.password,
        firstName: user.firstName,
        lastName: user.lastName,
        enabled: false, // Not verified
      });

      // Try to login
      await loginPage.goto();
      await loginPage.fillCredentials(user.email, user.password);
      await loginPage.submit();

      // Should show error or redirect to verification page
      await page.waitForLoadState('domcontentloaded');
      const url = page.url();
      const hasError = await loginPage.hasError();

      // Either shows error or redirects to verification request page
      expect(hasError || url.includes('verification')).toBe(true);
    });
  });

  test.describe('Navigation', () => {
    test('should navigate to registration page', async ({ loginPage, page }) => {
      await loginPage.goto();
      await loginPage.goToRegister();

      expect(page.url()).toContain('register');
    });

    test('should navigate to forgot password page', async ({ loginPage, page }) => {
      await loginPage.goto();
      await loginPage.goToForgotPassword();

      expect(page.url()).toContain('forgot-password');
    });
  });
});