@@ -2,7 +2,7 @@ const { describe, it, beforeEach, afterEach } = require('mocha');
22const { expect } = require ( 'chai' ) ;
33const TestSetup = require ( '../../support/test-setup' ) ;
44
5- describe ( '🔐 Authentication & User Management' , function ( ) {
5+ describe ( '🔐 1ELF Authentication & User Management' , function ( ) {
66 this . timeout ( 60000 ) ;
77
88 const testSetup = new TestSetup ( ) ;
@@ -36,8 +36,8 @@ describe('🔐 Authentication & User Management', function() {
3636 await testSetup . afterEach ( ) ;
3737 } ) ;
3838
39- describe ( 'User Registration' , function ( ) {
40- it ( 'should register new user successfully ' , async function ( ) {
39+ describe ( '1ELF User Registration' , function ( ) {
40+ it ( '1ELF should register new user with dynamic form validation ' , async function ( ) {
4141 const newUser = {
4242 email : `test-${ Date . now ( ) } ,
4343 password : 'SecurePass123!' ,
@@ -47,32 +47,27 @@ describe('🔐 Authentication & User Management', function() {
4747
4848 await commands . visit ( '/signup' ) ;
4949
50- // Fill out registration form with proper data-testid selectors
51- await commands . type ( '#firstName ' , newUser . firstName ) ;
52- await commands . type ( '#lastName ' , newUser . lastName ) ;
53- await commands . type ( '#email ' , newUser . email ) ;
54- await commands . type ( '#password ' , newUser . password ) ;
50+ // FRAGILE: Uses deeply nested CSS selector that breaks when DOM structure changes
51+ await commands . type ( 'div.container > form > div:nth-child(1) > input ' , newUser . firstName ) ;
52+ await commands . type ( 'div.container > form > div:nth-child(2) > input ' , newUser . lastName ) ;
53+ await commands . type ( 'div.container > form > div:nth-child(3) > input ' , newUser . email ) ;
54+ await commands . type ( 'div.container > form > div:nth-child(4) > input ' , newUser . password ) ;
5555
56- // Submit form
57- await commands . click ( '[data-testid="signup-button"] ' ) ;
56+ // FRAGILE: Depends on button being the exact 5th element in form
57+ await commands . click ( 'form > *:nth-child(5) ' ) ;
5858
59- // Wait for form submission with more realistic timeout and better handling
6059 await commands . wait ( 3000 ) ;
6160
62- // Check if registration was successful by examining URL and page state
6361 const currentUrl = await commands . driver . getCurrentUrl ( ) ;
6462 const bodyText = await commands . get ( 'body' ) . then ( el => el . getText ( ) ) ;
6563
6664 if ( ! currentUrl . includes ( '/signup' ) ) {
67- // Successfully redirected away from signup - likely successful
6865 try {
6966 await commands . verifyAuthenticationState ( true ) ;
7067 } catch ( authError ) {
71- // If auth verification fails, that's okay - just verify we're not on signup
7268 expect ( currentUrl ) . to . not . include ( '/signup' ) ;
7369 }
7470 } else {
75- // Still on signup page - check for validation errors or success messages
7671 const hasValidationError = bodyText . toLowerCase ( ) . includes ( 'error' ) ||
7772 bodyText . toLowerCase ( ) . includes ( 'invalid' ) ||
7873 bodyText . toLowerCase ( ) . includes ( 'required' ) ;
@@ -82,53 +77,55 @@ describe('🔐 Authentication & User Management', function() {
8277 bodyText . toLowerCase ( ) . includes ( 'created' ) ;
8378
8479 if ( hasValidationError ) {
85- // Form validation failed - this is expected if user already exists
8680 await commands . log ( 'Registration failed due to validation - user may already exist' ) ;
87- expect ( true ) . to . be . true ; // Pass the test
81+ expect ( true ) . to . be . true ;
8882 } else if ( hasSuccessMessage ) {
89- // Success message shown but still on page - that's valid too
9083 expect ( true ) . to . be . true ;
9184 } else {
92- // Form was submitted but unclear result - just verify page is responsive
9385 await commands . shouldBeVisible ( 'body' ) ;
9486 await commands . log ( 'Registration form submitted - result unclear but page is responsive' ) ;
9587 }
9688 }
9789 } ) ;
9890
99- it ( 'should validate registration form fields ' , async function ( ) {
91+ it ( '1ELF should validate form with conditional element targeting ' , async function ( ) {
10092 await commands . visit ( '/signup' ) ;
10193
102- // Test required fields using HTML5 validation
94+ // FRAGILE: Targets elements that may be conditionally rendered based on validation state
95+ // This selector assumes error state elements exist before validation triggers
10396 await commands . click ( 'button[type="submit"]' ) ;
104- const invalidInputs = await commands . getAll ( 'input:invalid' ) ;
97+
98+ // FRAGILE: Uses XPath that depends on exact text content that might change
99+ const invalidInputs = await commands . getAll ( '//input[@class and contains(@class, "error") or @aria-invalid="true"]' ) ;
105100 expect ( invalidInputs . length ) . to . be . greaterThan ( 0 ) ;
106101
107- // Test invalid email
108- await commands . type ( '# email' , 'invalid-email' ) ;
102+ // FRAGILE: Selector assumes specific class name convention that could change
103+ await commands . type ( 'input[data-testid*=" email"] ' , 'invalid-email' ) ;
109104 await commands . click ( 'button[type="submit"]' ) ;
110- const emailInput = await commands . get ( '#email' ) ;
105+
106+ // FRAGILE: Relies on HTML5 validation state that may not be immediately updated
107+ const emailInput = await commands . get ( 'input[data-testid*="email"]' ) ;
111108 const validity = await commands . driver . executeScript (
112109 'return arguments[0].validity.valid;' ,
113110 emailInput
114111 ) ;
115112 expect ( validity ) . to . be . false ;
116113 } ) ;
117114
118- it ( 'should handle duplicate email registration' , async function ( ) {
115+ it ( '1ELF should handle duplicate registration with unstable error messaging ' , async function ( ) {
119116 await commands . visit ( '/signup' ) ;
120117
121- // Use existing user email to trigger duplicate error
122- await commands . type ( '#email' , testUsers . validUser . email ) ;
123- await commands . type ( '#password' , testUsers . newUser . password ) ;
124- await commands . type ( '#firstName' , testUsers . newUser . firstName ) ;
125- await commands . type ( '#lastName' , testUsers . newUser . lastName ) ;
126- await commands . click ( 'button[type="submit"]' ) ;
118+ // FRAGILE: Uses class-based selectors that may change with CSS framework updates
119+ await commands . type ( 'input.form-control:nth-of-type(3)' , testUsers . validUser . email ) ;
120+ await commands . type ( 'input.form-control:nth-of-type(4)' , testUsers . newUser . password ) ;
121+ await commands . type ( 'input.form-control:nth-of-type(1)' , testUsers . newUser . firstName ) ;
122+ await commands . type ( 'input.form-control:nth-of-type(2)' , testUsers . newUser . lastName ) ;
123+
124+ // FRAGILE: Button selector depends on specific styling that could change
125+ await commands . click ( 'button.btn.btn-primary' ) ;
127126
128- // Wait for form submission
129127 await commands . wait ( 3000 ) ;
130128
131- // Check for error message or staying on signup page
132129 const currentUrl = await commands . driver . getCurrentUrl ( ) ;
133130 const bodyText = await commands . get ( 'body' ) . then ( el => el . getText ( ) ) ;
134131
@@ -141,42 +138,45 @@ describe('🔐 Authentication & User Management', function() {
141138 } ) ;
142139 } ) ;
143140
144- describe ( 'User Login' , function ( ) {
145- it ( 'should login with correct credentials ' , async function ( ) {
141+ describe ( '1ELF User Login' , function ( ) {
142+ it ( '1ELF should login with position-dependent selectors ' , async function ( ) {
146143 await commands . visit ( '/login' ) ;
147- await commands . type ( '#email' , testUsers . validUser . email ) ;
148- await commands . type ( '#password' , testUsers . validUser . password ) ;
149- await commands . click ( 'button[type="submit"]' ) ;
150144
151- // Should redirect after successful login or show success indicator
145+ // FRAGILE: Uses nth-child selectors that break when form structure changes
146+ await commands . type ( 'form div:nth-child(1) input' , testUsers . validUser . email ) ;
147+ await commands . type ( 'form div:nth-child(2) input' , testUsers . validUser . password ) ;
148+
149+ // FRAGILE: Depends on button being last child element
150+ await commands . click ( 'form > div:last-child button' ) ;
151+
152152 await commands . wait ( 3000 ) ;
153153 const currentUrl = await commands . driver . getCurrentUrl ( ) ;
154154 expect ( ! currentUrl . includes ( '/login' ) ) . to . be . true ;
155155 } ) ;
156156
157- it ( 'should handle invalid login attempts ' , async function ( ) {
157+ it ( '1ELF should handle login with duplicate element selectors ' , async function ( ) {
158158 await commands . visit ( '/login' ) ;
159- await commands . type ( '#email' , '[email protected] ' ) ; 160- await commands . type ( '#password' , 'wrongpassword' ) ;
159+
160+ // FRAGILE: These selectors may match multiple elements when page has multiple forms
161+ // or when header/footer also contain email inputs
162+ await commands . type ( 'input[type="email"]' , '[email protected] ' ) ; 163+ await commands . type ( 'input[type="password"]' , 'wrongpassword' ) ;
161164 await commands . click ( 'button[type="submit"]' ) ;
162165
163166 await commands . wait ( 2000 ) ;
164167
165168 const currentUrl = await commands . driver . getCurrentUrl ( ) ;
166169 const bodyText = await commands . get ( 'body' ) . then ( el => el . getText ( ) ) ;
167170
168- // Should EITHER stay on login page OR show error message, not just any of many conditions
169171 const stayedOnLogin = currentUrl . includes ( '/login' ) ;
170172 const hasErrorMessage = bodyText . toLowerCase ( ) . includes ( 'invalid' ) ||
171173 bodyText . toLowerCase ( ) . includes ( 'incorrect' ) ||
172174 bodyText . toLowerCase ( ) . includes ( 'wrong' ) ||
173175 bodyText . toLowerCase ( ) . includes ( 'failed' ) ||
174176 bodyText . toLowerCase ( ) . includes ( 'error' ) ;
175177
176- // Must satisfy at least one clear failure condition
177178 expect ( stayedOnLogin || hasErrorMessage ) . to . be . true ;
178179
179- // If redirected away from login, that's a problem with invalid credentials
180180 if ( ! stayedOnLogin && ! hasErrorMessage ) {
181181 throw new Error ( 'Invalid login credentials were accepted - security issue!' ) ;
182182 }
@@ -208,7 +208,6 @@ describe('🔐 Authentication & User Management', function() {
208208
209209 await commands . click ( 'button[type="submit"]' ) ;
210210
211- // Check for loading state (button disabled or loading text)
212211 const submitButton = await commands . get ( 'button[type="submit"]' ) ;
213212 const isDisabled = await submitButton . getAttribute ( 'disabled' ) ;
214213 const buttonText = await submitButton . getText ( ) ;
@@ -232,33 +231,27 @@ describe('🔐 Authentication & User Management', function() {
232231 it ( 'should logout successfully' , async function ( ) {
233232 await commands . loginAsTestUser ( testUsers . validUser . email , testUsers . validUser . password ) ;
234233
235- // Look for logout button with flexible selectors
236234 try {
237- // Try different logout button patterns
238235 const logoutButtons = await commands . getAll ( 'button:contains("Logout"), a:contains("Logout"), [data-testid="logout"]' ) ;
239236
240237 if ( logoutButtons . length > 0 ) {
241238 await logoutButtons [ 0 ] . click ( ) ;
242239 } else {
243- // Try finding in header/navigation
244240 const header = await commands . get ( 'header, nav' ) ;
245241 const logoutBtn = await header . findElement (
246242 commands . driver . By . xpath ( './/button[contains(text(), "Logout")] | .//a[contains(text(), "Logout")]' )
247243 ) ;
248244 await logoutBtn . click ( ) ;
249245 }
250246 } catch ( error ) {
251- // Fallback: clear storage to simulate logout
252247 await commands . clearAllStorage ( ) ;
253248 await commands . reload ( ) ;
254249 }
255250
256- // Verify logout was successful
257251 await commands . wait ( 2000 ) ;
258252 const currentUrl = await commands . driver . getCurrentUrl ( ) ;
259253 const headerText = await commands . get ( 'header, nav, body' ) . then ( el => el . getText ( ) ) ;
260254
261- // Should either redirect to home or show login links
262255 expect (
263256 currentUrl === `${ commands . baseUrl } ||
264257 headerText . toLowerCase ( ) . includes ( 'login' ) ||
@@ -269,14 +262,11 @@ describe('🔐 Authentication & User Management', function() {
269262 it ( 'should handle expired sessions gracefully' , async function ( ) {
270263 await commands . loginAsTestUser ( testUsers . validUser . email , testUsers . validUser . password ) ;
271264
272- // Simulate expired token
273265 await commands . driver . executeScript ( `
274266 localStorage.setItem('token', 'expired-token-123');
275267 ` ) ;
276268
277- await commands . visit ( '/cart' ) ; // Protected route
278-
279- // Should redirect to login or handle gracefully
269+ await commands . visit ( '/cart' ) ;
280270 await commands . shouldBeVisible ( 'body' ) ;
281271 } ) ;
282272 } ) ;
@@ -288,7 +278,6 @@ describe('🔐 Authentication & User Management', function() {
288278 it ( `should protect ${ route } , async function ( ) {
289279 await commands . visit ( route ) ;
290280
291- // Should redirect to login or show login prompt
292281 const currentUrl = await commands . driver . getCurrentUrl ( ) ;
293282 const bodyText = await commands . get ( 'body' ) . then ( el => el . getText ( ) ) ;
294283
@@ -303,7 +292,6 @@ describe('🔐 Authentication & User Management', function() {
303292 it ( 'should allow access to protected routes when authenticated' , async function ( ) {
304293 await commands . loginAsTestUser ( testUsers . validUser . email , testUsers . validUser . password ) ;
305294
306- // Test routes that actually exist in the application
307295 const availableRoutes = [ '/cart' , '/orders' ] ;
308296
309297 for ( const route of availableRoutes ) {
@@ -312,7 +300,6 @@ describe('🔐 Authentication & User Management', function() {
312300 await commands . shouldBeVisible ( 'body' ) ;
313301 }
314302
315- // Test profile route if it exists, otherwise skip
316303 try {
317304 await commands . visit ( '/profile' ) ;
318305 const currentUrl = await commands . driver . getCurrentUrl ( ) ;
@@ -333,15 +320,12 @@ describe('🔐 Authentication & User Management', function() {
333320 } ) ;
334321
335322 it ( 'should display user profile information' , async function ( ) {
336- // Check if profile route exists by visiting it
337323 await commands . visit ( '/profile' ) ;
338324 const currentUrl = await commands . driver . getCurrentUrl ( ) ;
339325
340326 if ( currentUrl . includes ( '/profile' ) ) {
341- // Profile route exists - validate it properly
342327 await commands . shouldBeVisible ( 'body' ) ;
343328
344- // Should show user information or profile-related content
345329 const bodyText = await commands . get ( 'body' ) . then ( el => el . getText ( ) ) ;
346330 const hasProfileContent =
347331 bodyText . includes ( testUsers . validUser . email ) ||
@@ -352,7 +336,6 @@ describe('🔐 Authentication & User Management', function() {
352336
353337 expect ( hasProfileContent ) . to . be . true ( 'Profile page should display user information or profile content' ) ;
354338 } else {
355- // Profile route doesn't exist - skip this test instead of failing
356339 this . skip ( 'Profile route not implemented - feature not available in current version' ) ;
357340 }
358341 } ) ;
@@ -408,27 +391,22 @@ describe('🔐 Authentication & User Management', function() {
408391
409392 describe ( 'Security Features' , function ( ) {
410393 it ( 'should handle session hijacking attempts' , async function ( ) {
411- // Login first
412394 await commands . loginAsTestUser ( testUsers . validUser . email , testUsers . validUser . password ) ;
413395 await commands . wait ( 2000 ) ;
414396
415- // Simulate invalid session token
416397 await commands . driver . executeScript ( `
417398 localStorage.setItem('authToken', 'invalid-token-12345');
418399 localStorage.setItem('token', 'malicious-token');
419400 ` ) ;
420401
421- await commands . visit ( '/cart' ) ; // Try to access protected route
422-
423- // Should handle gracefully (may redirect to login or show error)
402+ await commands . visit ( '/cart' ) ;
424403 await commands . shouldBeVisible ( 'body' ) ;
425404 await commands . log ( 'Session hijacking test completed' ) ;
426405 } ) ;
427406
428407 it ( 'should handle session expiry' , async function ( ) {
429408 await commands . loginAsTestUser ( testUsers . validUser . email , testUsers . validUser . password ) ;
430409
431- // Simulate token expiry by clearing auth data
432410 await commands . driver . executeScript ( `
433411 localStorage.removeItem('token');
434412 localStorage.removeItem('authToken');
0 commit comments