29 lines
1.2 KiB
TypeScript
29 lines
1.2 KiB
TypeScript
import { test, expect } from '@playwright/test';
|
||
import { apiRegister, uiLogin, uniqueEmail, trackRefresh } from './helpers';
|
||
|
||
test('concurrent 401s trigger exactly one refresh (singleton)', async ({ page, request }) => {
|
||
const email = uniqueEmail('single');
|
||
const password = 'Password!123';
|
||
await apiRegister(request, email, password);
|
||
await uiLogin(page, email, password);
|
||
await expect(page).toHaveURL(/dashboard/);
|
||
|
||
const refreshHits = trackRefresh(page);
|
||
|
||
// Trigger two protected fetches in the app at once.
|
||
// E.g., navigate to a page that loads two protected endpoints on mount.
|
||
// If you don’t have such a page, add a tiny dev route that does it for tests,
|
||
// or invoke window.fetch twice via evaluate:
|
||
await page.evaluate(() => {
|
||
// these URLs should be protected in your app (adjust to real endpoints)
|
||
fetch(`${process.env.NEXT_PUBLIC_API_URL!.replace(/\/+$/, '')}/protected/a`, { credentials: 'include' });
|
||
fetch(`${process.env.NEXT_PUBLIC_API_URL!.replace(/\/+$/, '')}/protected/b`, { credentials: 'include' });
|
||
});
|
||
|
||
// Allow a moment for network to settle
|
||
await page.waitForTimeout(1000);
|
||
|
||
// The wrapper ensures only one refresh went out even if both 401'd
|
||
expect(refreshHits.length).toBeLessThanOrEqual(1);
|
||
});
|