test: add Playwright tests for passwordless UI and auth methods

devondragon · devondragon · commit c0167180cdc9 · 2026-02-23T22:13:40.000-07:00
- Registration page: toggle visibility, password field hiding, required
  attribute toggling, correct endpoint targeting, active state switching
- Profile page: auth methods card display, password badge, remove
  password button visibility, set password link visibility, passkey
  management section, empty passkeys message
- Change password page: current password field for password users
- Navigation: change password link text verification
diff --git a/playwright/tests/auth/passwordless-registration.spec.ts b/playwright/tests/auth/passwordless-registration.spec.ts
@@ -0,0 +1,195 @@
+import { test, expect, generateTestUser } from '../../src/fixtures';
+
+test.describe('Passwordless Registration', () => {
+  test.describe('Registration Mode Toggle', () => {
+    test('should show passwordless toggle on registration page', async ({
+      registerPage,
+    }) => {
+      await registerPage.goto();
+      await registerPage.page.waitForLoadState('networkidle');
+
+      // The toggle should be visible (WebAuthn is supported in Chromium)
+      const toggle = registerPage.page.locator('#registrationModeToggle');
+      await expect(toggle).toBeVisible();
+
+      // Both mode buttons should be present
+      const passwordBtn = registerPage.page.locator('#modePassword');
+      const passwordlessBtn = registerPage.page.locator('#modePasswordless');
+      await expect(passwordBtn).toBeVisible();
+      await expect(passwordlessBtn).toBeVisible();
+
+      // Password mode should be active by default
+      await expect(passwordBtn).toHaveClass(/active/);
+      await expect(passwordlessBtn).not.toHaveClass(/active/);
+    });
+
+    test('should hide password fields when passwordless mode is selected', async ({
+      registerPage,
+    }) => {
+      await registerPage.goto();
+      await registerPage.page.waitForLoadState('networkidle');
+
+      // Password fields should be visible initially
+      const passwordFields = registerPage.page.locator('#passwordFields');
+      await expect(passwordFields).toBeVisible();
+      await expect(registerPage.passwordInput).toBeVisible();
+      await expect(registerPage.confirmPasswordInput).toBeVisible();
+
+      // Click passwordless mode button
+      await registerPage.page.locator('#modePasswordless').click();
+
+      // Password fields should be hidden
+      await expect(passwordFields).toBeHidden();
+
+      // Passwordless info alert should be visible
+      const passwordlessInfo = registerPage.page.locator('#passwordlessInfo');
+      await expect(passwordlessInfo).toBeVisible();
+    });
+
+    test('should show password fields when switching back to password mode', async ({
+      registerPage,
+    }) => {
+      await registerPage.goto();
+      await registerPage.page.waitForLoadState('networkidle');
+
+      // Switch to passwordless
+      await registerPage.page.locator('#modePasswordless').click();
+      const passwordFields = registerPage.page.locator('#passwordFields');
+      await expect(passwordFields).toBeHidden();
+
+      // Switch back to password mode
+      await registerPage.page.locator('#modePassword').click();
+
+      // Password fields should be visible again
+      await expect(passwordFields).toBeVisible();
+      await expect(registerPage.passwordInput).toBeVisible();
+      await expect(registerPage.confirmPasswordInput).toBeVisible();
+
+      // Passwordless info alert should be hidden
+      const passwordlessInfo = registerPage.page.locator('#passwordlessInfo');
+      await expect(passwordlessInfo).toBeHidden();
+    });
+
+    test('should toggle active state on mode buttons', async ({
+      registerPage,
+    }) => {
+      await registerPage.goto();
+      await registerPage.page.waitForLoadState('networkidle');
+
+      const passwordBtn = registerPage.page.locator('#modePassword');
+      const passwordlessBtn = registerPage.page.locator('#modePasswordless');
+
+      // Switch to passwordless
+      await passwordlessBtn.click();
+      await expect(passwordlessBtn).toHaveClass(/active/);
+      await expect(passwordBtn).not.toHaveClass(/active/);
+
+      // Switch back to password
+      await passwordBtn.click();
+      await expect(passwordBtn).toHaveClass(/active/);
+      await expect(passwordlessBtn).not.toHaveClass(/active/);
+    });
+
+    test('should keep name and email fields visible in passwordless mode', async ({
+      registerPage,
+    }) => {
+      await registerPage.goto();
+      await registerPage.page.waitForLoadState('networkidle');
+
+      // Switch to passwordless
+      await registerPage.page.locator('#modePasswordless').click();
+
+      // Name and email fields should still be visible
+      await expect(registerPage.firstNameInput).toBeVisible();
+      await expect(registerPage.lastNameInput).toBeVisible();
+      await expect(registerPage.emailInput).toBeVisible();
+
+      // Terms checkbox should still be visible
+      await expect(registerPage.termsCheckbox).toBeVisible();
+    });
+
+    test('should remove required attribute from password fields in passwordless mode', async ({
+      registerPage,
+    }) => {
+      await registerPage.goto();
+      await registerPage.page.waitForLoadState('networkidle');
+
+      // Password fields should be required initially
+      await expect(registerPage.passwordInput).toHaveAttribute('required', '');
+      await expect(registerPage.confirmPasswordInput).toHaveAttribute('required', '');
+
+      // Switch to passwordless
+      await registerPage.page.locator('#modePasswordless').click();
+
+      // Password fields should no longer be required
+      await expect(registerPage.passwordInput).not.toHaveAttribute('required', '');
+      await expect(registerPage.confirmPasswordInput).not.toHaveAttribute('required', '');
+
+      // Switch back - should be required again
+      await registerPage.page.locator('#modePassword').click();
+      await expect(registerPage.passwordInput).toHaveAttribute('required', '');
+      await expect(registerPage.confirmPasswordInput).toHaveAttribute('required', '');
+    });
+  });
+
+  test.describe('Passwordless Form Submission', () => {
+    test('should send passwordless registration request to correct endpoint', async ({
+      page,
+      registerPage,
+    }) => {
+      await registerPage.goto();
+      await page.waitForLoadState('networkidle');
+
+      // Switch to passwordless mode
+      await page.locator('#modePasswordless').click();
+
+      // Fill name and email
+      await registerPage.firstNameInput.fill('Test');
+      await registerPage.lastNameInput.fill('User');
+      await registerPage.emailInput.fill('test-pwless-endpoint@example.com');
+      await registerPage.acceptTerms();
+
+      // Intercept the fetch request to verify it goes to the right endpoint
+      const requestPromise = page.waitForRequest(
+        request => request.url().includes('/user/registration/passwordless') && request.method() === 'POST'
+      );
+
+      await registerPage.submit();
+
+      // Verify the request was sent to the passwordless endpoint
+      const request = await requestPromise;
+      expect(request.url()).toContain('/user/registration/passwordless');
+
+      // Verify the payload contains only name and email (no password)
+      const postData = JSON.parse(request.postData() || '{}');
+      expect(postData.firstName).toBe('Test');
+      expect(postData.lastName).toBe('User');
+      expect(postData.email).toBe('test-pwless-endpoint@example.com');
+      expect(postData.password).toBeUndefined();
+      expect(postData.matchingPassword).toBeUndefined();
+    });
+
+    test('should send standard registration request when in password mode', async ({
+      page,
+      registerPage,
+    }) => {
+      await registerPage.goto();
+      await page.waitForLoadState('networkidle');
+
+      // Stay in password mode (default)
+      await registerPage.fillForm('Test', 'User', 'test-standard@example.com', 'Test@Pass123!');
+      await registerPage.acceptTerms();
+
+      // Intercept the fetch request
+      const requestPromise = page.waitForRequest(
+        request => request.url().includes('/user/registration') && request.method() === 'POST'
+      );
+
+      await registerPage.submit();
+
+      // Verify the request goes to the standard endpoint (not passwordless)
+      const request = await requestPromise;
+      expect(request.url()).not.toContain('passwordless');
+    });
+  });
+});
diff --git a/playwright/tests/profile/auth-methods.spec.ts b/playwright/tests/profile/auth-methods.spec.ts
@@ -0,0 +1,197 @@
+import { test, expect, generateTestUser, createAndLoginUser } from '../../src/fixtures';
+
+test.describe('Authentication Methods', () => {
+  test.describe('Profile Page Auth Methods Card', () => {
+    test('should display auth methods section for logged-in user', async ({
+      page,
+      updateUserPage,
+      testApiClient,
+      cleanupEmails,
+    }) => {
+      const user = generateTestUser('auth-methods-display');
+      cleanupEmails.push(user.email);
+
+      await createAndLoginUser(page, testApiClient, user);
+      await updateUserPage.goto();
+      await page.waitForLoadState('networkidle');
+
+      // Auth methods section should become visible after JS loads
+      const authSection = page.locator('#auth-methods-section');
+      await authSection.waitFor({ state: 'visible', timeout: 5000 });
+      await expect(authSection).toBeVisible();
+    });
+
+    test('should show password badge for user with password', async ({
+      page,
+      updateUserPage,
+      testApiClient,
+      cleanupEmails,
+    }) => {
+      const user = generateTestUser('auth-methods-badges');
+      cleanupEmails.push(user.email);
+
+      await createAndLoginUser(page, testApiClient, user);
+      await updateUserPage.goto();
+      await page.waitForLoadState('networkidle');
+
+      // Wait for auth methods to load
+      const badgesContainer = page.locator('#auth-method-badges');
+      await badgesContainer.locator('.badge').first().waitFor({ state: 'visible', timeout: 5000 });
+
+      // Should show a "Password" badge
+      const passwordBadge = badgesContainer.locator('.badge:has-text("Password")');
+      await expect(passwordBadge).toBeVisible();
+    });
+
+    test('should hide remove password button when user has no passkeys', async ({
+      page,
+      updateUserPage,
+      testApiClient,
+      cleanupEmails,
+    }) => {
+      const user = generateTestUser('auth-methods-no-passkey');
+      cleanupEmails.push(user.email);
+
+      await createAndLoginUser(page, testApiClient, user);
+      await updateUserPage.goto();
+      await page.waitForLoadState('networkidle');
+
+      // Wait for auth methods section to load
+      const authSection = page.locator('#auth-methods-section');
+      await authSection.waitFor({ state: 'visible', timeout: 5000 });
+
+      // Remove password button should be hidden (user has no passkeys)
+      const removePasswordContainer = page.locator('#removePasswordContainer');
+      await expect(removePasswordContainer).toBeHidden();
+    });
+
+    test('should hide set password link for user with password', async ({
+      page,
+      updateUserPage,
+      testApiClient,
+      cleanupEmails,
+    }) => {
+      const user = generateTestUser('auth-methods-set-pass');
+      cleanupEmails.push(user.email);
+
+      await createAndLoginUser(page, testApiClient, user);
+      await updateUserPage.goto();
+      await page.waitForLoadState('networkidle');
+
+      // Wait for auth methods section to load
+      const authSection = page.locator('#auth-methods-section');
+      await authSection.waitFor({ state: 'visible', timeout: 5000 });
+
+      // Set password container should be hidden (user already has password)
+      const setPasswordContainer = page.locator('#setPasswordContainer');
+      await expect(setPasswordContainer).toBeHidden();
+    });
+  });
+
+  test.describe('Passkey Management Section', () => {
+    test('should display passkey management section', async ({
+      page,
+      updateUserPage,
+      testApiClient,
+      cleanupEmails,
+    }) => {
+      const user = generateTestUser('passkey-section');
+      cleanupEmails.push(user.email);
+
+      await createAndLoginUser(page, testApiClient, user);
+      await updateUserPage.goto();
+      await page.waitForLoadState('networkidle');
+
+      // Passkey section should be visible
+      const passkeySection = page.locator('#passkey-section');
+      await expect(passkeySection).toBeVisible();
+
+      // Add passkey button should be present
+      const registerBtn = page.locator('#registerPasskeyBtn');
+      await expect(registerBtn).toBeVisible();
+
+      // Label input should be present
+      const labelInput = page.locator('#passkeyLabel');
+      await expect(labelInput).toBeVisible();
+    });
+
+    test('should show empty passkeys message when user has no passkeys', async ({
+      page,
+      updateUserPage,
+      testApiClient,
+      cleanupEmails,
+    }) => {
+      const user = generateTestUser('passkey-empty');
+      cleanupEmails.push(user.email);
+
+      await createAndLoginUser(page, testApiClient, user);
+      await updateUserPage.goto();
+      await page.waitForLoadState('networkidle');
+
+      // Wait for passkeys to load
+      const passkeysList = page.locator('#passkeys-list');
+      await passkeysList.locator('p, .card').first().waitFor({ state: 'visible', timeout: 5000 });
+
+      // Should show "No passkeys registered yet" message
+      const emptyMessage = passkeysList.locator('text=No passkeys registered yet');
+      await expect(emptyMessage).toBeVisible();
+    });
+  });
+
+  test.describe('Change Password Page Adaptation', () => {
+    test('should show current password field for user with password', async ({
+      page,
+      updatePasswordPage,
+      testApiClient,
+      cleanupEmails,
+    }) => {
+      const user = generateTestUser('change-pass-has-pass');
+      cleanupEmails.push(user.email);
+
+      await createAndLoginUser(page, testApiClient, user);
+      await updatePasswordPage.goto();
+      await page.waitForLoadState('networkidle');
+
+      // Current password section should be visible
+      const currentPasswordSection = page.locator('#currentPasswordSection');
+      await expect(currentPasswordSection).toBeVisible();
+
+      // Page title should say "Update" (not "Set")
+      const pageTitle = page.locator('#pageTitle');
+      const titleText = await pageTitle.textContent();
+      expect(titleText).not.toContain('Set a Password');
+
+      // Set password info alert should be hidden
+      const setPasswordInfo = page.locator('#setPasswordInfo');
+      await expect(setPasswordInfo).toBeHidden();
+    });
+  });
+
+  test.describe('Navigation Links', () => {
+    test('should show change password link on profile page', async ({
+      page,
+      updateUserPage,
+      testApiClient,
+      cleanupEmails,
+    }) => {
+      const user = generateTestUser('auth-nav-links');
+      cleanupEmails.push(user.email);
+
+      await createAndLoginUser(page, testApiClient, user);
+      await updateUserPage.goto();
+      await page.waitForLoadState('networkidle');
+
+      // Wait for auth methods to load so link text updates
+      const authSection = page.locator('#auth-methods-section');
+      await authSection.waitFor({ state: 'visible', timeout: 5000 });
+
+      // Change password link should be visible
+      const changePasswordLink = page.locator('#changePasswordLink');
+      await expect(changePasswordLink).toBeVisible();
+
+      // For a user with a password, it should say "Change Password"
+      const linkText = await changePasswordLink.textContent();
+      expect(linkText).toContain('Change Password');
+    });
+  });
+});
