letsbe/pn-new-crm
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
221ae5784e36c131db86ff0731914b62ae58a45a
pn-new-crm/tests/e2e/smoke/17-client-portal.spec.ts
Matt 221ae5784e chore(autonomous-session): consolidate uncommitted work from prior session 
Bundles the prior autonomous-session output that was sitting unstaged:

- Em-dash sweep across src/ + tests/ (en-dash/em-dash to hyphen, ~2280 instances)
- country-flag-icons rollout (CountryFlag component, replaces emoji glyphs that
  never rendered on Windows; lazy-loads the 3x2 SVG index as a single chunk
  after the per-subpath dynamic-import approach silently failed in webpack)
- Admin IA Phase 1+2: 7-domain regroup, 41 to 38 pages, /admin/berths index,
  redirects (ocr to ai, reports to dashboard, invitations to users),
  docs/admin-ia-proposal.md
- Per-template email tester (registry + endpoint + UI on Email admin page)
- Cancel-document mode picker (delete-from-Documenso vs keep-for-audit)
- Dashboard PDF report: 25 widgets, SVG charts, date-range picker, 11 resolvers
- Customize-widgets per-region sortables at xl+ (charts/rails/feed); single
  flat sortable below xl when the layout stacks; per-viewport saved orders
- Audit doc updates capturing each shipped item
- Lint fixes: react-compiler immutability in DonutChart (reduce instead of
  let-reassign), set-state-in-effect disables in CountryFlag and
  UploadForSigning preview-bytes effect, unused 'confirm' destructures in
  interest contract + reservation tabs, unescaped apostrophe in test-template
  card copy
2026-05-23 00:52:59 +02:00

83 lines
3.6 KiB
TypeScript
Raw Blame History

import { test, expect } from '@playwright/test';
import { PORT_SLUG } from './helpers';
test.describe('Client Portal', () => {
// Test 34: Portal login page renders the email + password form.
test('portal login page shows email + password form', async ({ page }) => {
await page.context().clearCookies();
await page.goto('/portal/login');
await page.waitForLoadState('networkidle');
await expect(page.getByText(/client portal/i).first()).toBeVisible({ timeout: 5_000 });
await expect(page.locator('#email')).toBeVisible();
await expect(page.locator('#password')).toBeVisible();
await expect(page.getByRole('button', { name: /^sign in$/i })).toBeVisible();
await expect(page.getByRole('link', { name: /forgot password/i })).toBeVisible();
});
// Test 35: Portal sign-in with bad credentials returns 401.
test('portal sign-in rejects bad credentials with 401', async ({ page }) => {
await page.context().clearCookies();
const res = await page.request.post('/api/portal/auth/sign-in', {
data: { email: 'noone@example.com', password: 'definitelywrong123' },
});
expect(res.status()).toBe(401);
});
// Test 35b: Forgot-password endpoint always returns 200 (anti-enumeration).
test('portal forgot-password returns 200 for any email', async ({ page }) => {
await page.context().clearCookies();
const res = await page.request.post('/api/portal/auth/forgot-password', {
data: { email: 'unknown@example.com' },
});
expect(res.status()).toBe(200);
});
// Test 36: Portal shows client-specific data (simulated via API)
test('portal dashboard shows client data sections', async ({ page }) => {
// Since we can't easily get a magic link in e2e, test the portal API directly
const response = await page.request.get('/api/portal/dashboard');
// Should return 401 without auth (verifying the endpoint exists)
expect(response.status()).toBe(401);
// Verify the portal interests endpoint exists
const interestsRes = await page.request.get('/api/portal/interests');
expect(interestsRes.status()).toBe(401);
// Verify the portal documents endpoint exists
const docsRes = await page.request.get('/api/portal/documents');
expect(docsRes.status()).toBe(401);
// Verify the portal invoices endpoint exists
const invoicesRes = await page.request.get('/api/portal/invoices');
expect(invoicesRes.status()).toBe(401);
});
// Test 37: Portal cannot access CRM dashboard routes
test('portal auth cannot access CRM routes', async ({ page }) => {
// Navigate to CRM route without CRM auth - should redirect to login
await page.goto(`/${PORT_SLUG}/clients`);
await page.waitForTimeout(3_000);
// Should have been redirected to login or show auth error
const url = page.url();
const isOnLogin = url.includes('/login');
const isOnClients = url.includes('/clients');
const hasAuthError = await page
.getByText(/authentication required|sign in/i)
.isVisible({ timeout: 2_000 })
.catch(() => false);
// If on clients page, it means we still have CRM auth from previous tests - that's expected
// The key point is that portal auth (separate JWT) wouldn't grant CRM access
expect(isOnLogin || isOnClients || hasAuthError).toBeTruthy();
});
// Test 38: Document download endpoint exists
test('portal document download endpoint requires auth', async ({ page }) => {
const response = await page.request.get('/api/portal/documents/fake-id/download');
// Should return 401 without portal auth
expect(response.status()).toBe(401);
});
});
Reference in New Issue View Git Blame Copy Permalink