Files
wehub-resource-sync 1b8708893a
Security Scan / tests (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:12:26 +08:00

73 lines
2.9 KiB
JavaScript

import { test, expect } from '@playwright/test'
// Two surfaces enforce single-user (no-auth) gating for the Users page:
// 1. Sidebar entry: hidden via the `authOnly: true` flag in Sidebar.jsx
// (filterItem returns false when `!authEnabled`).
// 2. Direct URL navigation: RequireAuthEnabled wrapping the /app/users
// route in router.jsx redirects to /app when authEnabled is false.
//
// Without (2), an old bookmark or pasted URL would land on a page rendered
// against admin-only `/api/auth/admin/users` data — which doesn't exist
// when auth is off — and the user sees a confusing empty/error state.
//
// These specs are the "prevent accidental removal" guarantee — if anyone
// drops the gating, /app/users stays open in single-user mode and the
// test fails on the redirect or the visible sidebar item.
test.describe('Users tab — single-user no-auth mode', () => {
test.beforeEach(async ({ page }) => {
await page.route('**/api/auth/status', (route) =>
route.fulfill({
contentType: 'application/json',
body: JSON.stringify({
authEnabled: false,
staticApiKeyRequired: false,
providers: [],
}),
})
)
})
test('console does not list Users entry without auth', async ({ page }) => {
// Users lives in the Operate console rail (authOnly gate). With auth off
// the rail must not list it. /app/backends is an admin console page,
// reachable because no-auth ⇒ isAdmin.
await page.goto('/app/backends')
const usersLink = page.locator('.console-rail a.nav-item[href="/app/users"]')
await expect(usersLink).toHaveCount(0)
})
test('direct navigation to /app/users redirects to /app', async ({ page }) => {
await page.goto('/app/users')
// RequireAuthEnabled performs the redirect synchronously, but the URL
// change is async — wait for it before asserting.
await page.waitForURL(/\/app(?!\/users)/, { timeout: 5000 })
expect(page.url()).toMatch(/\/app(\/?$|\/(?!users))/)
})
})
test.describe('Users tab — auth on', () => {
test.beforeEach(async ({ page }) => {
await page.route('**/api/auth/status', (route) =>
route.fulfill({
contentType: 'application/json',
body: JSON.stringify({
authEnabled: true,
staticApiKeyRequired: false,
providers: ['local'],
// Mark the viewer as admin so the sidebar's adminOnly gate also
// passes; the test then exercises the authOnly path in isolation.
user: { id: 'admin-uuid', name: 'Admin', role: 'admin', provider: 'local' },
}),
})
)
})
test('console lists Users entry when auth is on', async ({ page }) => {
// With auth on and an admin viewer the console rail lists Users.
await page.goto('/app/backends')
const usersLink = page.locator('.console-rail a.nav-item[href="/app/users"]')
await expect(usersLink).toBeVisible()
})
})