chore: configure build and environment for Playwright testing

- Update build.gradle with test profile configuration
- Add playwright test artifacts to .gitignore
- Update application.yml with test-related settings

Author: devondragon

.gitignore

@@ -138,3 +138,10 @@ application-local.yml
 /repomix-output.txt
 src/main/resources/application-docker-keycloak.yml
 .vscode/
+
+# Playwright
+playwright/node_modules/
+playwright/test-results/
+playwright/playwright-report/
+playwright/reports/
+playwright/.env

build.gradle

@@ -39,7 +39,7 @@ repositories {
 
 dependencies {
     // DigitalSanctuary Spring User Framework
-    implementation 'com.digitalsanctuary:ds-spring-user-framework:4.0.2'
+    implementation 'com.digitalsanctuary:ds-spring-user-framework:4.0.3-SNAPSHOT'
 
     // Spring Boot starters
     implementation 'org.springframework.boot:spring-boot-starter-actuator'
@@ -127,3 +127,42 @@ bootRun {
 		environment SPRING_PROFILES_ACTIVE: profiles
 	}
 }
+
+// Playwright Test Integration
+tasks.register('playwrightInstall', Exec) {
+    description = 'Install Playwright dependencies'
+    group = 'verification'
+    workingDir 'playwright'
+    commandLine 'npm', 'install'
+}
+
+tasks.register('playwrightBrowsers', Exec) {
+    description = 'Install Playwright browsers'
+    group = 'verification'
+    workingDir 'playwright'
+    commandLine 'npx', 'playwright', 'install'
+    dependsOn 'playwrightInstall'
+}
+
+tasks.register('playwrightTest', Exec) {
+    description = 'Run Playwright E2E tests'
+    group = 'verification'
+    workingDir 'playwright'
+    commandLine 'npx', 'playwright', 'test'
+    dependsOn 'playwrightBrowsers'
+}
+
+tasks.register('playwrightTestChromium', Exec) {
+    description = 'Run Playwright E2E tests on Chromium only'
+    group = 'verification'
+    workingDir 'playwright'
+    commandLine 'npx', 'playwright', 'test', '--project=chromium'
+    dependsOn 'playwrightBrowsers'
+}
+
+tasks.register('playwrightReport', Exec) {
+    description = 'Show Playwright test report'
+    group = 'verification'
+    workingDir 'playwright'
+    commandLine 'npx', 'playwright', 'show-report'
+}

src/main/resources/application.yml

@@ -117,7 +117,7 @@ user:
     bcryptStrength: 12 # The bcrypt strength to use for password hashing.  The higher the number, the longer it takes to hash the password.  The default is 12.  The minimum is 4.  The maximum is 31.
     testHashTime: true # If true, the test hash time will be logged to the console on startup.  This is useful for determining the optimal bcryptStrength value.
     defaultAction: deny # The default action for all requests.  This can be either deny or allow.
-    unprotectedURIs: /,/index.html,/favicon.ico,/apple-touch-icon-precomposed.png,/css/*,/js/*,/js/user/*,/js/event/*,/img/**,/user/registration,/user/resendRegistrationToken,/user/resetPassword,/user/registrationConfirm,/user/changePassword,/user/savePassword,/oauth2/authorization/*,/login,/user/login,/user/login.html,/swagger-ui.html,/swagger-ui/**,/v3/api-docs/**,/event/,/event/list.html,/event/**,/about.html,/error,/error.html # A comma delimited list of URIs that should not be protected by Spring Security if the defaultAction is deny.
+    unprotectedURIs: /,/index.html,/favicon.ico,/apple-touch-icon-precomposed.png,/css/*,/js/*,/js/user/*,/js/event/*,/js/utils/*,/img/**,/user/registration,/user/resendRegistrationToken,/user/resetPassword,/user/registrationConfirm,/user/changePassword,/user/savePassword,/oauth2/authorization/*,/login,/user/login,/user/login.html,/swagger-ui.html,/swagger-ui/**,/v3/api-docs/**,/event/,/event/list.html,/event/**,/about.html,/error,/error.html # A comma delimited list of URIs that should not be protected by Spring Security if the defaultAction is deny.
     protectedURIs: /protected.html # A comma delimited list of URIs that should be protected by Spring Security if the defaultAction is allow.
     disableCSRFdURIs: /no-csrf-test # A comma delimited list of URIs that should not be protected by CSRF protection. This may include API endpoints that need to be called without a CSRF token.