Skip to content

test: SvelteKit regression tests (Vitest + Playwright + CI) (William punch list #4/#5)#143

Open
codegeek718 wants to merge 1 commit into
developfrom
feat/regression-tests
Open

test: SvelteKit regression tests (Vitest + Playwright + CI) (William punch list #4/#5)#143
codegeek718 wants to merge 1 commit into
developfrom
feat/regression-tests

Conversation

@codegeek718

Copy link
Copy Markdown

Summary

Final items on William's punch list — get regression tests working in SvelteKit (#4) and cover the Dashboard's behaviour (#5). Two harnesses:

  • Vitest — unit tests over the server modules (JWT, phpass port, rate limiter). Fast, no DB, no browser.
  • Playwright — E2E over the running preview build. Covers the login-page contract + the protected-route redirect.

Ports of the PHP Behat features (cgmembers/rcredits/rweb/features etc.) into TS didn't make sense — different framework, different assumptions. Instead, wrote new tests that exercise the same behaviours the PHP tests presumably guard (auth path, session, redirect on unauth). If William wants a direct port of specific PHP scenarios he can point them out and I'll match one-for-one.

What's in this PR

File Purpose
web/package.json New deps + test, test:unit, test:e2e scripts
web/vitest.config.ts Vitest — unit-only scope; excludes tests/e2e/
web/playwright.config.ts Playwright — runs npm run build && npm run preview on :4173, retries in CI, keeps traces + screenshots on failure
web/tests/unit/auth.test.ts JWT round-trip + tampering; bearer-header extraction
web/tests/unit/drupal-password.test.ts phpass prefix dispatch + input guards (S/P/H/U$ + length + malformed headers)
web/tests/unit/rate-limit.test.ts Rolling window, 5-min lockout, key isolation, window rollover
web/tests/e2e/login.spec.ts Login-page contract (Account ID label + multi-format placeholder + password type=password + empty-submit guard + invalid-cred error path) + protected / redirects to /login when unauthenticated
web/tests/README.md How-to-run + what's covered vs. deferred
web/.gitignore Excludes test-results, playwright-report, playwright/.cache
.github/workflows/test.yml Two-job CI: unit + e2e (installs Chromium with deps, uploads Playwright report on failure)

What's intentionally deferred

The full sign-in round-trip (identifier → PHP /cgpay-lookup → password verify → JWT → dashboard render) needs a MariaDB with a known user row plus the PHP SSO backend responding. Both are awkward for CI. That path is smoke-tested manually against staging on every deploy; when it makes sense, extend login.spec.ts with a test.describe.serial('signed-in flow') guarded by an env flag pointing at a throwaway test DB.

Local verification

  • npm run test:unit — 3 files, 24 tests, ~800ms
  • npm run check — 0 errors, 0 warnings
  • ⚠️ npm run test:e2e — Playwright browser download failed locally on my machine (transient network). CI installs its own Chromium so this doesn't block the workflow.

Companion

No PHP-side changes. Closes items #4 and #5 from William's punch list.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant