Add support for OTPs and enhance sensitive apis with OTP verification (#191)
One-Time Password (OTP) package added with comprehensive token management, including OTP verification for team account deletion and ownership transfer.
This commit is contained in:
Giancarlo Buomprisco
committed by
GitHub
GitHub
parent
20f7fd2c22
commit
d31f3eb993
@@ -1,14 +1,17 @@
|
||||
import { Page, expect } from '@playwright/test';
|
||||
|
||||
import { AuthPageObject } from '../authentication/auth.po';
|
||||
import { OtpPo } from '../utils/otp.po';
|
||||
|
||||
export class AccountPageObject {
|
||||
private readonly page: Page;
|
||||
public auth: AuthPageObject;
|
||||
private otp: OtpPo;
|
||||
|
||||
constructor(page: Page) {
|
||||
this.page = page;
|
||||
this.auth = new AuthPageObject(page);
|
||||
this.otp = new OtpPo(page);
|
||||
}
|
||||
|
||||
async setup() {
|
||||
@@ -58,32 +61,16 @@ export class AccountPageObject {
|
||||
await this.page.click('[data-test="account-password-form"] button');
|
||||
}
|
||||
|
||||
async deleteAccount() {
|
||||
await expect(async () => {
|
||||
await this.page.click('[data-test="delete-account-button"]');
|
||||
async deleteAccount(email: string) {
|
||||
// Click the delete account button to open the modal
|
||||
await this.page.click('[data-test="delete-account-button"]');
|
||||
|
||||
await this.page.fill(
|
||||
'[data-test="delete-account-input-field"]',
|
||||
'DELETE',
|
||||
);
|
||||
// Complete the OTP verification process
|
||||
await this.otp.completeOtpVerification(email);
|
||||
|
||||
const click = this.page.click(
|
||||
'[data-test="confirm-delete-account-button"]',
|
||||
);
|
||||
await this.page.waitForTimeout(500);
|
||||
|
||||
const response = await this.page
|
||||
.waitForResponse((resp) => {
|
||||
return (
|
||||
resp.url().includes('home/settings') &&
|
||||
resp.request().method() === 'POST'
|
||||
);
|
||||
})
|
||||
.then((response) => {
|
||||
expect(response.status()).toBe(303);
|
||||
});
|
||||
|
||||
await Promise.all([click, response]);
|
||||
}).toPass();
|
||||
await this.page.click('[data-test="confirm-delete-account-button"]');
|
||||
}
|
||||
|
||||
getProfileName() {
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
import { Page, expect, test } from '@playwright/test';
|
||||
|
||||
import { AccountPageObject } from './account.po';
|
||||
import {AuthPageObject} from "../authentication/auth.po";
|
||||
|
||||
test.describe('Account Settings', () => {
|
||||
let page: Page;
|
||||
@@ -51,22 +52,22 @@ test.describe('Account Settings', () => {
|
||||
test.describe('Account Deletion', () => {
|
||||
test('user can delete their own account', async ({ page }) => {
|
||||
const account = new AccountPageObject(page);
|
||||
const auth = new AuthPageObject(page);
|
||||
|
||||
await account.setup();
|
||||
const { email } = await account.setup();
|
||||
|
||||
const request = account.deleteAccount();
|
||||
await account.deleteAccount(email);
|
||||
|
||||
const response = page
|
||||
.waitForResponse((resp) => {
|
||||
return (
|
||||
resp.url().includes('home/settings') &&
|
||||
resp.request().method() === 'POST'
|
||||
);
|
||||
})
|
||||
.then((response) => {
|
||||
expect(response.status()).toBe(303);
|
||||
});
|
||||
await page.waitForURL('/');
|
||||
|
||||
await Promise.all([request, response]);
|
||||
await page.goto('/auth/sign-in');
|
||||
|
||||
// sign in will now fail
|
||||
await auth.signIn({
|
||||
email,
|
||||
password: 'testingpassword',
|
||||
});
|
||||
|
||||
await expect(page.locator('[data-test="auth-error-message"]')).toBeVisible();
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user