Expand e2e test coverage migrate to API-based data setup

Author: Onatcer

e2e/auth.spec.ts

@@ -1,5 +1,6 @@
 import { expect, test } from '@playwright/test';
 import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
+import { getPasswordResetUrl } from './utils/mailpit';
 
 async function registerNewUser(page, email, password) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/register');
@@ -35,14 +36,200 @@ test('can register and delete account', async ({ page }) => {
     await registerNewUser(page, email, password);
     await page.goto(PLAYWRIGHT_BASE_URL + '/user/profile');
     await page.getByRole('button', { name: 'Delete Account' }).click();
+    await expect(page.getByRole('dialog')).toBeVisible();
     await page.getByPlaceholder('Password').fill(password);
-    await page.getByRole('button', { name: 'Delete Account' }).click();
+    await page.getByRole('dialog').getByRole('button', { name: 'Delete Account' }).click();
     await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
     await page.goto(PLAYWRIGHT_BASE_URL + '/login');
     await page.getByLabel('Email').fill(email);
     await page.getByLabel('Password').fill(password);
     await page.getByRole('button', { name: 'Log in' }).click();
-    await expect(page.getByRole('paragraph')).toContainText(
+    await expect(page.getByRole('alert')).toContainText(
         'These credentials do not match our records.'
     );
 });
+
+test('shows error for invalid email on forgot password', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+
+    // Request password reset with non-existent email
+    await page.getByLabel('Email').fill('nonexistent@example.com');
+    await page.getByRole('button', { name: 'Email Password Reset Link' }).click();
+
+    // Should show error message
+    await expect(page.getByText("We can't find a user with that email address.")).toBeVisible();
+});
+
+test('shows browser validation for invalid email format on forgot password', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+
+    // Request password reset with invalid email format
+    const emailInput = page.getByLabel('Email');
+    await emailInput.fill('notanemail');
+
+    // Check for browser validation - the input should be invalid
+    const isInvalid = await emailInput.evaluate((el: HTMLInputElement) => !el.validity.valid);
+    expect(isInvalid).toBe(true);
+});
+
+test('shows browser validation for empty email on forgot password', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+
+    // The email input is required, so it should be invalid when empty
+    const emailInput = page.getByLabel('Email');
+
+    // Check for browser validation - the input should be invalid because it's required and empty
+    const isInvalid = await emailInput.evaluate((el: HTMLInputElement) => el.validity.valueMissing);
+    expect(isInvalid).toBe(true);
+});
+
+test('can reset password via email link', async ({ page, request }) => {
+    // First register a new user
+    const email = `john+${Math.round(Math.random() * 10000)}@doe.com`;
+    const originalPassword = 'suchagreatpassword123';
+    const newPassword = 'mynewsecurepassword456';
+    await registerNewUser(page, email, originalPassword);
+
+    // Log out
+    await page.getByTestId('current_user_button').click();
+    await page.getByText('Log Out').click();
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Request password reset
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+    await page.getByLabel('Email').fill(email);
+    await page.getByRole('button', { name: 'Email Password Reset Link' }).click();
+    await expect(page.getByText('We have emailed your password reset link.')).toBeVisible();
+
+    // Get password reset URL from email
+    const resetUrl = await getPasswordResetUrl(request, email);
+
+    // Navigate to reset page
+    await page.goto(resetUrl);
+
+    // Fill in new password
+    await page.getByLabel('Password', { exact: true }).fill(newPassword);
+    await page.getByLabel('Confirm Password').fill(newPassword);
+    await page.getByRole('button', { name: 'Reset Password' }).click();
+
+    // Should redirect to login page after successful reset
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Try logging in with new password
+    await page.getByLabel('Email').fill(email);
+    await page.getByLabel('Password').fill(newPassword);
+    await page.getByRole('button', { name: 'Log in' }).click();
+    await expect(page.getByTestId('dashboard_view')).toBeVisible();
+});
+
+test('shows validation error for password mismatch on reset', async ({ page, request }) => {
+    // First register a new user
+    const email = `john+${Math.round(Math.random() * 10000)}@doe.com`;
+    const originalPassword = 'suchagreatpassword123';
+    await registerNewUser(page, email, originalPassword);
+
+    // Log out
+    await page.getByTestId('current_user_button').click();
+    await page.getByText('Log Out').click();
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Request password reset
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+    await page.getByLabel('Email').fill(email);
+    await page.getByRole('button', { name: 'Email Password Reset Link' }).click();
+    await expect(page.getByText('We have emailed your password reset link.')).toBeVisible();
+
+    // Get password reset URL from email
+    const resetUrl = await getPasswordResetUrl(request, email);
+
+    // Navigate to reset page
+    await page.goto(resetUrl);
+
+    // Fill in mismatched passwords
+    await page.getByLabel('Password', { exact: true }).fill('newpassword123');
+    await page.getByLabel('Confirm Password').fill('differentpassword456');
+    await page.getByRole('button', { name: 'Reset Password' }).click();
+
+    // Should show validation error
+    await expect(page.getByText('The password field confirmation does not match.')).toBeVisible();
+});
+
+test('shows validation error for short password on reset', async ({ page, request }) => {
+    // First register a new user
+    const email = `john+${Math.round(Math.random() * 10000)}@doe.com`;
+    const originalPassword = 'suchagreatpassword123';
+    await registerNewUser(page, email, originalPassword);
+
+    // Log out
+    await page.getByTestId('current_user_button').click();
+    await page.getByText('Log Out').click();
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Request password reset
+    await page.goto(PLAYWRIGHT_BASE_URL + '/forgot-password');
+    await page.getByLabel('Email').fill(email);
+    await page.getByRole('button', { name: 'Email Password Reset Link' }).click();
+    await expect(page.getByText('We have emailed your password reset link.')).toBeVisible();
+
+    // Get password reset URL from email
+    const resetUrl = await getPasswordResetUrl(request, email);
+
+    // Navigate to reset page
+    await page.goto(resetUrl);
+
+    // Fill in short password
+    await page.getByLabel('Password', { exact: true }).fill('short');
+    await page.getByLabel('Confirm Password').fill('short');
+    await page.getByRole('button', { name: 'Reset Password' }).click();
+
+    // Should show validation error about minimum length
+    await expect(page.getByText('must be at least')).toBeVisible();
+});
+
+test('shows error for invalid login credentials', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/login');
+    await page.getByLabel('Email').fill('nonexistent@example.com');
+    await page.getByLabel('Password').fill('wrongpassword123');
+    await page.getByRole('button', { name: 'Log in' }).click();
+
+    await expect(
+        page.getByText('These credentials do not match our records.')
+    ).toBeVisible();
+});
+
+test('shows error when registering with existing email', async ({ page }) => {
+    const email = `john+${Math.round(Math.random() * 10000)}@doe.com`;
+    const password = 'suchagreatpassword123';
+
+    // Register first user
+    await registerNewUser(page, email, password);
+
+    // Log out
+    await page.getByTestId('current_user_button').click();
+    await page.getByText('Log Out').click();
+    await page.waitForURL(PLAYWRIGHT_BASE_URL + '/login');
+
+    // Try to register with the same email
+    await page.goto(PLAYWRIGHT_BASE_URL + '/register');
+    await page.getByLabel('Name').fill('Another User');
+    await page.getByLabel('Email').fill(email);
+    await page.getByLabel('Password', { exact: true }).fill(password);
+    await page.getByLabel('Confirm Password').fill(password);
+    await page.getByLabel('I agree to the Terms of').click();
+    await page.getByRole('button', { name: 'Register' }).click();
+
+    // Should show error about email already taken
+    await expect(page.getByText('The resource already exists.')).toBeVisible();
+});
+
+test('shows validation error for weak password on registration', async ({ page }) => {
+    await page.goto(PLAYWRIGHT_BASE_URL + '/register');
+    await page.getByLabel('Name').fill('Weak Password User');
+    await page.getByLabel('Email').fill(`weak+${Math.round(Math.random() * 10000)}@test.com`);
+    await page.getByLabel('Password', { exact: true }).fill('short');
+    await page.getByLabel('Confirm Password').fill('short');
+    await page.getByLabel('I agree to the Terms of').click();
+    await page.getByRole('button', { name: 'Register' }).click();
+
+    await expect(page.getByText('must be at least')).toBeVisible();
+});

e2e/calendar.spec.ts

@@ -2,7 +2,11 @@ import { PLAYWRIGHT_BASE_URL } from '../playwright/config';
 import { test } from '../playwright/fixtures';
 import { expect } from '@playwright/test';
 import type { Page } from '@playwright/test';
-import { createProject, createBillableProject, createBareTimeEntry } from './utils/reporting';
+import {
+    createBillableProjectViaApi,
+    createProjectViaApi,
+    createBareTimeEntryViaApi,
+} from './utils/api';
 
 async function goToCalendar(page: Page) {
     await page.goto(PLAYWRIGHT_BASE_URL + '/calendar');
@@ -17,11 +21,12 @@ async function goToCalendar(page: Page) {
 
 test('test that changing project in calendar edit modal from non-billable to billable updates billable status', async ({
     page,
+    ctx,
 }) => {
     const billableProjectName = 'Billable Cal Project ' + Math.floor(1 + Math.random() * 10000);
 
-    await createBillableProject(page, billableProjectName);
-    await createBareTimeEntry(page, 'Test billable calendar', '1h');
+    await createBillableProjectViaApi(ctx, { name: billableProjectName });
+    await createBareTimeEntryViaApi(ctx, 'Test billable calendar', '1h');
 
     await goToCalendar(page);
 
@@ -59,14 +64,15 @@ test('test that changing project in calendar edit modal from non-billable to bil
 
 test('test that changing project in calendar edit modal from billable to non-billable updates billable status', async ({
     page,
+    ctx,
 }) => {
     const billableProjectName = 'Billable Cal Rev Project ' + Math.floor(1 + Math.random() * 10000);
     const nonBillableProjectName =
         'NonBillable Cal Rev Project ' + Math.floor(1 + Math.random() * 10000);
 
-    await createBillableProject(page, billableProjectName);
-    await createProject(page, nonBillableProjectName);
-    await createBareTimeEntry(page, 'Test billable cal reverse', '1h');
+    await createBillableProjectViaApi(ctx, { name: billableProjectName });
+    await createProjectViaApi(ctx, { name: nonBillableProjectName });
+    await createBareTimeEntryViaApi(ctx, 'Test billable cal reverse', '1h');
 
     await goToCalendar(page);
 
@@ -112,12 +118,13 @@ test('test that changing project in calendar edit modal from billable to non-bil
 
 test('test that opening calendar edit modal for a time entry with manually overridden billable status preserves that status', async ({
     page,
+    ctx,
 }) => {
     const billableProjectName =
         'Billable Cal Persist Project ' + Math.floor(1 + Math.random() * 10000);
 
-    await createBillableProject(page, billableProjectName);
-    await createBareTimeEntry(page, 'Test cal persist override', '1h');
+    await createBillableProjectViaApi(ctx, { name: billableProjectName });
+    await createBareTimeEntryViaApi(ctx, 'Test cal persist override', '1h');
 
     await goToCalendar(page);
 
@@ -186,3 +193,98 @@ test('test that opening calendar edit modal for a time entry with manually overr
     const responseBody = await updateResponse.json();
     expect(responseBody.data.billable).toBe(false);
 });
+
+test('test that calendar page loads and displays time entries', async ({ page, ctx }) => {
+    await createBareTimeEntryViaApi(ctx, 'Calendar display test', '1h');
+
+    await goToCalendar(page);
+
+    // Calendar container should be visible
+    await expect(page.locator('.fc')).toBeVisible();
+
+    // The time entry should appear as a calendar event
+    await expect(
+        page.locator('.fc-event').filter({ hasText: 'Calendar display test' }).first()
+    ).toBeVisible();
+});
+
+test('test that calendar navigation buttons work', async ({ page }) => {
+    await goToCalendar(page);
+    await expect(page.locator('.fc')).toBeVisible();
+
+    // Click the "next" button to navigate forward
+    await page.locator('button.fc-next-button').click();
+    await expect(page.locator('.fc')).toBeVisible();
+
+    // Click the "prev" button to navigate back
+    await page.locator('button.fc-prev-button').click();
+    await expect(page.locator('.fc')).toBeVisible();
+
+    // Navigate forward first so "today" button becomes enabled, then click it
+    await page.locator('button.fc-next-button').click();
+    await page.locator('button.fc-today-button').click();
+    await expect(page.locator('.fc')).toBeVisible();
+});
+
+test('test that editing time entry description via calendar modal works', async ({ page, ctx }) => {
+    const originalDescription = 'Edit me in calendar ' + Math.floor(1 + Math.random() * 10000);
+    const updatedDescription = 'Updated in calendar ' + Math.floor(1 + Math.random() * 10000);
+    await createBareTimeEntryViaApi(ctx, originalDescription, '1h');
+
+    await goToCalendar(page);
+
+    // Click on the time entry event
+    await page.locator('.fc-event').filter({ hasText: originalDescription }).first().click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Update the description (edit modal uses placeholder, not data-testid)
+    const descriptionInput = page.getByRole('dialog').getByPlaceholder('What did you work on?');
+    await descriptionInput.fill(updatedDescription);
+
+    // Save and verify
+    const [editResponse] = await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/time-entries/') &&
+                response.request().method() === 'PUT' &&
+                response.status() === 200
+        ),
+        page.getByRole('button', { name: 'Update Time Entry' }).click(),
+    ]);
+    const editBody = await editResponse.json();
+    expect(editBody.data.description).toBe(updatedDescription);
+
+    // Verify the updated description is shown in the calendar UI
+    await expect(
+        page.locator('.fc-event').filter({ hasText: updatedDescription }).first()
+    ).toBeVisible();
+    // Verify the old description is no longer shown
+    await expect(
+        page.locator('.fc-event').filter({ hasText: originalDescription })
+    ).not.toBeVisible();
+});
+
+test('test that deleting time entry from calendar modal works', async ({ page, ctx }) => {
+    const description = 'Delete me from calendar ' + Math.floor(1 + Math.random() * 10000);
+    await createBareTimeEntryViaApi(ctx, description, '1h');
+
+    await goToCalendar(page);
+
+    // Click on the time entry event
+    await page.locator('.fc-event').filter({ hasText: description }).first().click();
+    await expect(page.getByRole('dialog')).toBeVisible();
+
+    // Click the delete button
+    await Promise.all([
+        page.waitForResponse(
+            (response) =>
+                response.url().includes('/time-entries/') &&
+                response.request().method() === 'DELETE' &&
+                response.status() === 204
+        ),
+        page.getByRole('dialog').getByRole('button', { name: 'Delete' }).click(),
+    ]);
+
+    // Verify the event is removed from the calendar
+    await expect(page.locator('.fc-event').filter({ hasText: description })).not.toBeVisible();
+});