import { test, expect } from '@playwright/test' test.describe('Auth API Integration', () => { test('should handle successful login API call', async ({ page }) => { await page.route('**/api/auth/login', async route => { await route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ user: { id: '1', email: 'test@example.com', roleType: 'user' }, session: { accessToken: 'mock-token', refreshToken: 'mock-refresh-token', expiresAt: Math.floor(Date.now() / 1000) + 3600 } }) }) }) await page.goto('/login') await page.fill('input[name="email"]', 'test@example.com') await page.fill('input[name="password"]', 'password123') await page.click('button[type="submit"]') await expect(page).toHaveURL(/.*dashboard/) }) test('should handle failed login API call', async ({ page }) => { await page.route('**/api/auth/login', async route => { await route.fulfill({ status: 401, contentType: 'application/json', body: JSON.stringify({ error: { code: 'invalid_credentials', message: 'Invalid email or password' } }) }) }) await page.goto('/login') await page.fill('input[name="email"]', 'test@example.com') await page.fill('input[name="password"]', 'wrongpassword') await page.click('button[type="submit"]') await expect(page.locator('.text-red-600')).toContainText('Invalid email or password') }) test('should handle session refresh', async ({ page }) => { let refreshCalled = false await page.route('**/api/auth/refresh', async route => { refreshCalled = true await route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ session: { accessToken: 'new-mock-token', refreshToken: 'new-mock-refresh-token', expiresAt: Math.floor(Date.now() / 1000) + 3600 } }) }) }) await page.goto('/login') await page.fill('input[name="email"]', 'test@example.com') await page.fill('input[name="password"]', 'password123') await page.click('button[type="submit"]') await page.evaluate(() => { const session = { accessToken: 'expiring-token', refreshToken: 'mock-refresh-token', expiresAt: Math.floor(Date.now() / 1000) + 60, user: { id: '1', email: 'test@example.com' } } localStorage.setItem('bct_auth_session', JSON.stringify(session)) }) await page.reload() await page.waitForTimeout(1000) expect(refreshCalled).toBe(true) }) test('should handle logout API call', async ({ page }) => { await page.route('**/api/auth/logout', async route => { await route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ success: true }) }) }) await page.goto('/login') await page.fill('input[name="email"]', 'test@example.com') await page.fill('input[name="password"]', 'password123') await page.click('button[type="submit"]') await page.click('[data-testid="user-menu-button"]') await page.click('button:has-text("Sign Out")') await expect(page).toHaveURL(/.*login/) }) test('should handle password reset API call', async ({ page }) => { await page.route('**/api/auth/reset-password', async route => { await route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ message: 'Reset email sent' }) }) }) await page.goto('/reset-password') await page.fill('input[name="email"]', 'test@example.com') await page.click('button[type="submit"]') await expect(page.locator('.text-green-600')).toContainText('Reset email sent') }) test('should handle signup API call', async ({ page }) => { await page.route('**/api/auth/signup', async route => { await route.fulfill({ status: 201, contentType: 'application/json', body: JSON.stringify({ user: { id: '2', email: 'newuser@example.com', roleType: 'user' }, message: 'Account created successfully' }) }) }) await page.goto('/signup') await page.fill('input[name="email"]', 'newuser@example.com') await page.fill('input[name="password"]', 'password123') await page.fill('input[name="confirmPassword"]', 'password123') await page.click('button[type="submit"]') await expect(page.locator('.text-green-600')).toContainText('Account created successfully') }) }) test.describe('Protected API Routes', () => { test('should include auth headers in API requests', async ({ page }) => { let authHeaderReceived = false await page.route('**/api/dashboard/stats', async route => { const headers = route.request().headers() if (headers.authorization?.startsWith('Bearer ')) { authHeaderReceived = true } await route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ stats: { events: 5, revenue: 1000 } }) }) }) await page.goto('/login') await page.fill('input[name="email"]', 'test@example.com') await page.fill('input[name="password"]', 'password123') await page.click('button[type="submit"]') await page.goto('/dashboard') await page.waitForTimeout(1000) expect(authHeaderReceived).toBe(true) }) test('should handle 401 responses by refreshing token', async ({ page }) => { let refreshCalled = false let retrySuccessful = false await page.route('**/api/dashboard/stats', async route => { const headers = route.request().headers() if (headers.authorization === 'Bearer expiring-token') { await route.fulfill({ status: 401, contentType: 'application/json', body: JSON.stringify({ error: 'Token expired' }) }) } else if (headers.authorization === 'Bearer new-mock-token') { retrySuccessful = true await route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ stats: { events: 5, revenue: 1000 } }) }) } }) await page.route('**/api/auth/refresh', async route => { refreshCalled = true await route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ session: { accessToken: 'new-mock-token', refreshToken: 'new-mock-refresh-token', expiresAt: Math.floor(Date.now() / 1000) + 3600 } }) }) }) await page.evaluate(() => { const session = { accessToken: 'expiring-token', refreshToken: 'mock-refresh-token', expiresAt: Math.floor(Date.now() / 1000) + 3600, user: { id: '1', email: 'test@example.com' } } localStorage.setItem('bct_auth_session', JSON.stringify(session)) }) await page.goto('/dashboard') await page.waitForTimeout(2000) expect(refreshCalled).toBe(true) expect(retrySuccessful).toBe(true) }) })