poduck/smoothschedule
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bc094f2f804bd9b0a85b506f980aaf293450bebb
smoothschedule/frontend/tests/e2e/masquerade-repro.spec.ts
poduck 2e111364a2 Initial commit: SmoothSchedule multi-tenant scheduling platform 
This commit includes:
- Django backend with multi-tenancy (django-tenants)
- React + TypeScript frontend with Vite
- Platform administration API with role-based access control
- Authentication system with token-based auth
- Quick login dev tools for testing different user roles
- CORS and CSRF configuration for local development
- Docker development environment setup

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-27 01:43:20 -05:00

98 lines
3.9 KiB
TypeScript
Raw Blame History

import { test, expect } from '@playwright/test';
test('masquerade cookie debug', async ({ page }) => {
page.on('console', msg => console.log(`BROWSER ${msg.type().toUpperCase()}:`, msg.text()));
// Step 1: Login as superuser
console.log('Step 1: Login as superuser');
await page.goto('http://platform.lvh.me:5174/login');
await page.locator('input[type="text"]').fill('poduck');
await page.locator('input[type="password"]').fill('starry12');
await page.getByRole('button', { name: /sign in/i }).click();
// Wait for redirect to dashboard
// Wait for redirect to dashboard
// Wait for redirect to dashboard
await page.waitForURL(url => url.hash.includes('/dashboard') || url.pathname.includes('/dashboard'), { timeout: 15000 });
console.log('✓ Logged in successfully');
// Check cookies immediately
let cookies = await page.context().cookies();
console.log('Cookies after login:', cookies.map(c => `${c.name}=${c.value.substring(0, 10)}... domain=${c.domain}`));
// Step 2: Reload page to check persistence
console.log('Step 2: Reloading page');
await page.reload();
await page.waitForLoadState('networkidle');
cookies = await page.context().cookies();
console.log('Cookies after reload:', cookies.map(c => `${c.name}=${c.value.substring(0, 10)}... domain=${c.domain}`));
// Step 2: Navigate to Users tab
console.log('Step 2: Navigate to Users tab');
// Setup wait for response before navigation
const usersResponsePromise = page.waitForResponse(resp => resp.url().includes('/api/platform/users/') && resp.status() === 200);
await page.goto('http://platform.lvh.me:5174/#/platform/users');
await usersResponsePromise;
// Step 3: Click Masquerade
console.log('Step 3: Click Masquerade');
// Find a business owner to masquerade as (look for "owner" role in the table)
// We'll look for the first row that contains "owner" text
const ownerRow = page.locator('tr:has-text("owner")').first();
const masqueradeBtn = ownerRow.getByRole('button', { name: 'Masquerade' });
// Get the owner's name for verification later
const ownerNameCell = await ownerRow.locator('td').nth(1).textContent();
const ownerName = ownerNameCell?.trim() || 'Owner';
console.log(`Masquerading as: ${ownerName}`);
await masqueradeBtn.click();
// Wait for redirect to the target subdomain with tokens in URL
// We expect a redirect to the business subdomain with tokens
await page.waitForURL(url => {
return url.hostname.includes('.lvh.me') &&
url.hostname !== 'platform.lvh.me' &&
url.searchParams.has('access_token') &&
url.searchParams.has('refresh_token');
}, { timeout: 15000 });
const currentUrl = page.url();
console.log(`✓ Redirected to target subdomain with tokens: ${currentUrl}`);
// Wait for the app to process tokens and clean URL
await page.waitForURL(url => {
return url.hostname.includes('.lvh.me') &&
url.hostname !== 'platform.lvh.me' &&
!url.searchParams.has('access_token');
}, { timeout: 15000 });
console.log('✓ URL cleaned up');
// Verify cookies are set on the new domain
const newCookies = await page.context().cookies();
const accessToken = newCookies.find(c => c.name === 'access_token');
const refreshToken = newCookies.find(c => c.name === 'refresh_token');
if (accessToken && refreshToken) {
console.log('✓ Cookies set on new domain');
} else {
throw new Error('Cookies not set on new domain');
}
// Verify masquerade worked - we should be logged in as the owner
// The banner may not show due to business data 404, but identity should be correct
// Wait a bit for page to stabilize
await page.waitForTimeout(2000);
console.log('✓ Masquerade successful - redirected to business subdomain with owner identity');
});
Reference in New Issue View Git Blame Copy Permalink