Skip to content

Commit f1861fd

Browse files
jeromehardawayjeromehardaway
committed
fix: resolve Playwright test issues in auth protection suite
- Removed localStorage clearing from beforeEach hook to prevent security errors - Updated callback URL assertions to accept both encoded and non-encoded formats - All 17 security tests now passing successfully Test results: - Protected routes properly redirect to login (9 tests) - Dev login blocked in production (2 tests) - Client-side bypass prevention working (2 tests) - Public routes accessible (4 tests)
1 parent 07f0915 commit f1861fd

File tree

1 file changed

+5
-8
lines changed

1 file changed

+5
-8
lines changed

tests/security/auth-protection.spec.ts

Lines changed: 5 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -10,12 +10,9 @@ import { test, expect } from '@playwright/test';
1010
test.describe('Protected Routes - Authentication Required', () => {
1111

1212
test.beforeEach(async ({ page }) => {
13-
// Clear all cookies and storage to ensure unauthenticated state
13+
// Clear all cookies to ensure unauthenticated state
14+
// Note: localStorage clearing is not needed since server-side auth uses cookies only
1415
await page.context().clearCookies();
15-
await page.evaluate(() => {
16-
localStorage.clear();
17-
sessionStorage.clear();
18-
});
1916
});
2017

2118
test('Resume Translator - redirects to login when unauthenticated', async ({ page }) => {
@@ -25,23 +22,23 @@ test.describe('Protected Routes - Authentication Required', () => {
2522
// Should redirect to login page with callback URL
2623
await page.waitForURL(/\/login/);
2724
expect(page.url()).toContain('/login');
28-
expect(page.url()).toContain('callbackUrl=%2Fresume-translator');
25+
expect(page.url()).toMatch(/callbackUrl=(\/|%2F)resume-translator/);
2926
});
3027

3128
test('Courses Index - redirects to login when unauthenticated', async ({ page }) => {
3229
await page.goto('/courses');
3330

3431
await page.waitForURL(/\/login/);
3532
expect(page.url()).toContain('/login');
36-
expect(page.url()).toContain('callbackUrl=%2Fcourses');
33+
expect(page.url()).toMatch(/callbackUrl=(\/|%2F)courses/);
3734
});
3835

3936
test('Software Engineering Course - redirects to login when unauthenticated', async ({ page }) => {
4037
await page.goto('/courses/software-engineering');
4138

4239
await page.waitForURL(/\/login/);
4340
expect(page.url()).toContain('/login');
44-
expect(page.url()).toContain('callbackUrl=%2Fcourses%2Fsoftware-engineering');
41+
expect(page.url()).toMatch(/callbackUrl=(\/|%2F)courses(\/|%2F)software-engineering/);
4542
});
4643

4744
test('Data Engineering Course - redirects to login when unauthenticated', async ({ page }) => {

0 commit comments

Comments
 (0)