feat: add playwright and a11y audit and example test

2025-09-04 13:54:57 +02:00 · 2025-09-04 13:54:57 +02:00 · c6be9b5104
commit c6be9b5104
parent 96085ea420
19 changed files with 133 additions and 2 deletions
--- a/test/mv_web/controllers/auth_controller_test.exs
+++ b/test/mv_web/controllers/auth_controller_test.exs
@ -1,192 +0,0 @@
-defmodule MvWeb.AuthControllerTest do
-  use MvWeb.ConnCase, async: true
-  import Phoenix.LiveViewTest
-
-  # Basic UI tests
-  test "GET /sign-in shows sign in form", %{conn: conn} do
-    conn = get(conn, ~p"/sign-in")
-    assert html_response(conn, 200) =~ "Sign in"
-  end
-
-  test "GET /sign-out redirects to home", %{conn: conn} do
-    conn = conn_with_oidc_user(conn)
-    conn = get(conn, ~p"/sign-out")
-    assert redirected_to(conn) == ~p"/"
-  end
-
-  # Password authentication (LiveView)
-  test "password user can sign in with valid credentials via LiveView", %{conn: conn} do
-    _user =
-      create_test_user(%{
-        email: "password@example.com",
-        password: "secret123",
-        oidc_id: nil
-      })
-
-    {:ok, view, _html} = live(conn, "/sign-in")
-
-    {:error, {:redirect, %{to: to}}} =
-      view
-      |> form("#user-password-sign-in-with-password",
-        user: %{email: "password@example.com", password: "secret123"}
-      )
-      |> render_submit()
-
-    assert to =~ "/auth/user/password/sign_in_with_token"
-  end
-
-  test "password user with invalid credentials shows error via LiveView", %{conn: conn} do
-    _user =
-      create_test_user(%{
-        email: "test@example.com",
-        password: "correct_password",
-        oidc_id: nil
-      })
-
-    {:ok, view, _html} = live(conn, "/sign-in")
-
-    html =
-      view
-      |> form("#user-password-sign-in-with-password",
-        user: %{email: "test@example.com", password: "wrong_password"}
-      )
-      |> render_submit()
-
-    assert html =~ "Email or password was incorrect"
-  end
-
-  test "password user with non-existent email shows error via LiveView", %{conn: conn} do
-    {:ok, view, _html} = live(conn, "/sign-in")
-
-    html =
-      view
-      |> form("#user-password-sign-in-with-password",
-        user: %{email: "nonexistent@example.com", password: "anypassword"}
-      )
-      |> render_submit()
-
-    assert html =~ "Email or password was incorrect"
-  end
-
-  # Registration (LiveView)
-  test "user can register with valid credentials via LiveView", %{conn: conn} do
-    {:ok, view, _html} = live(conn, "/register")
-
-    {:error, {:redirect, %{to: to}}} =
-      view
-      |> form("#user-password-register-with-password-wrapper form",
-        user: %{email: "newuser@example.com", password: "newpassword123"}
-      )
-      |> render_submit()
-
-    assert to =~ "/auth/user/password/sign_in_with_token"
-  end
-
-  test "registration with existing email shows error via LiveView", %{conn: conn} do
-    _user =
-      create_test_user(%{
-        email: "existing@example.com",
-        password: "secret123",
-        oidc_id: nil
-      })
-
-    {:ok, view, _html} = live(conn, "/register")
-
-    html =
-      view
-      |> form("#user-password-register-with-password-wrapper form",
-        user: %{email: "existing@example.com", password: "anotherpassword"}
-      )
-      |> render_submit()
-
-    assert html =~ "has already been taken"
-  end
-
-  test "registration with weak password shows error via LiveView", %{conn: conn} do
-    {:ok, view, _html} = live(conn, "/register")
-
-    html =
-      view
-      |> form("#user-password-register-with-password-wrapper form",
-        user: %{email: "weakpass@example.com", password: "123"}
-      )
-      |> render_submit()
-
-    assert html =~ "length must be greater than or equal to 8"
-  end
-
-  # Access control
-  test "unauthenticated user accessing protected route gets redirected to sign-in", %{conn: conn} do
-    conn = get(conn, ~p"/members")
-    assert redirected_to(conn) == ~p"/sign-in"
-  end
-
-  test "authenticated user can access protected route", %{conn: conn} do
-    conn = conn_with_oidc_user(conn)
-    conn = get(conn, ~p"/members")
-    assert conn.status == 200
-  end
-
-  test "password authenticated user can access protected route via LiveView", %{conn: conn} do
-    _user =
-      create_test_user(%{
-        email: "auth@example.com",
-        password: "secret123",
-        oidc_id: nil
-      })
-
-    {:ok, view, _html} = live(conn, "/sign-in")
-
-    {:error, {:redirect, %{to: to}}} =
-      view
-      |> form("#user-password-sign-in-with-password",
-        user: %{email: "auth@example.com", password: "secret123"}
-      )
-      |> render_submit()
-
-    assert to =~ "/auth/user/password/sign_in_with_token"
-
-    # After login, user is redirected to /auth/user/password/sign_in_with_token. Session handling for protected routes should be tested in integration or E2E tests.
-  end
-
-  # Edge cases
-  test "user with nil oidc_id can still sign in with password via LiveView", %{conn: conn} do
-    _user =
-      create_test_user(%{
-        email: "nil_oidc@example.com",
-        password: "secret123",
-        oidc_id: nil
-      })
-
-    {:ok, view, _html} = live(conn, "/sign-in")
-
-    {:error, {:redirect, %{to: to}}} =
-      view
-      |> form("#user-password-sign-in-with-password",
-        user: %{email: "nil_oidc@example.com", password: "secret123"}
-      )
-      |> render_submit()
-
-    assert to =~ "/auth/user/password/sign_in_with_token"
-  end
-
-  test "user with empty string oidc_id is handled correctly via LiveView", %{conn: conn} do
-    _user =
-      create_test_user(%{
-        email: "empty_oidc@example.com",
-        password: "secret123",
-        oidc_id: ""
-      })
-
-    {:ok, view, _html} = live(conn, "/sign-in")
-
-    {:error, {:redirect, %{to: to}}} =
-      view
-      |> form("#user-password-sign-in-with-password",
-        user: %{email: "empty_oidc@example.com", password: "secret123"}
-      )
-      |> render_submit()
-
-    assert to =~ "/auth/user/password/sign_in_with_token"
-  end
-end