s0wlz (Matthias Puchstein)
08cb668bab
All checks were successful
Release / release (push) Successful in 7m12s
The admin layout guard rendered only a "Redirecting to login..." placeholder for the /admin/login child route, trapping every unauthenticated visitor. Exempt the login route from the auth gate so the form renders correctly. Also wire the new POST /api/auth/refresh endpoint (from the dual-token migration) into both auth.init() and the api request() 401 handler, so sessions survive the 15-minute access-token lifetime without a hard logout. Adds a Playwright regression test asserting the login form is visible in a clean (no-cookie) browser context.
21 lines
910 B
TypeScript
21 lines
910 B
TypeScript
import { test, expect } from '@playwright/test';
|
|
|
|
test.describe('Login page accessibility', () => {
|
|
test.use({ storageState: { cookies: [], origins: [] } });
|
|
|
|
test('renders login form without auth cookies (regression: redirect trap)', async ({ page }) => {
|
|
await page.goto('/admin/login');
|
|
await expect(page.locator('#email')).toBeVisible();
|
|
await expect(page.locator('#password')).toBeVisible();
|
|
await expect(page.locator('button[type="submit"]')).toBeVisible();
|
|
await expect(page.locator('text=Willkommen zurück')).toBeVisible();
|
|
await expect(page.locator('text=Redirecting to login')).not.toBeVisible();
|
|
});
|
|
|
|
test('unauthenticated /admin redirects to login form', async ({ page }) => {
|
|
await page.goto('/admin');
|
|
await page.waitForURL(/\/admin\/login/);
|
|
await expect(page.locator('#email')).toBeVisible();
|
|
});
|
|
});
|