Co-authored-by: Pablo F.G <pablo.fernandez@prowler.com> Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
5.5 KiB
E2E Tests: Authentication System
Suite ID: AUTH-E2E
Feature: Authentication middleware, session management, and token refresh.
Test Case: AUTH-MW-E2E-001 - Allow access to public routes without session
Priority: normal
Tags:
- type: @e2e
- feature: @auth, @middleware
Description/Objective: Verify public routes are accessible without authentication.
Preconditions:
- Application is running.
- No active session (cookies cleared).
Flow Steps:
- Clear all cookies.
- Navigate to /sign-in.
- Verify page loads.
- Navigate to /sign-up.
- Verify page loads.
Expected Result:
- Public routes are accessible without authentication.
Test Case: AUTH-MW-E2E-002 - Maintain protection after session error
Priority: normal
Tags:
- type: @e2e
- feature: @auth, @middleware
Description/Objective: Verify protected routes remain protected after session invalidation.
Preconditions:
- Application is running.
Flow Steps:
- Log in with valid credentials.
- Navigate to a protected route.
- Invalidate session (replace cookie with invalid token).
- Navigate to another protected route.
- Verify redirect to sign-in.
Expected Result:
- Invalid session results in redirect to sign-in.
Test Case: AUTH-SESSION-E2E-001 - Show RefreshAccessTokenError message
Priority: normal
Tags:
- type: @e2e
- feature: @auth, @session
Description/Objective: Verify that RefreshAccessTokenError displays appropriate toast message.
Preconditions:
- Application is running.
Flow Steps:
- Navigate to /sign-in with error=RefreshAccessTokenError query parameter.
- Check for toast notification.
- Verify form elements are still visible.
Expected Result:
- Toast shows "Session Expired" message with "Please sign in again".
- Sign-in form is displayed and functional.
Test Case: AUTH-SESSION-E2E-002 - Show MissingRefreshToken error message
Priority: normal
Tags:
- type: @e2e
- feature: @auth, @session
Description/Objective: Verify that MissingRefreshToken error displays appropriate toast message.
Preconditions:
- Application is running.
Flow Steps:
- Navigate to /sign-in with error=MissingRefreshToken query parameter.
- Check for toast notification.
- Verify email input is visible.
Expected Result:
- Toast shows "Session Error" message.
- Sign-in form is displayed.
Test Case: AUTH-SESSION-E2E-003 - Show generic error for unknown error types
Priority: normal
Tags:
- type: @e2e
- feature: @auth, @session
Description/Objective: Verify that unknown error types display a generic authentication error message.
Preconditions:
- Application is running.
Flow Steps:
- Navigate to /sign-in with error=UnknownError query parameter.
- Check for toast notification.
Expected Result:
- Toast shows "Authentication Error" message with "Please sign in again".
Test Case: AUTH-SESSION-E2E-004 - Include callbackUrl in redirect
Priority: normal
Tags:
- type: @e2e
- feature: @auth, @session
Description/Objective: Verify that callbackUrl is preserved when redirecting to sign-in after session expiry.
Preconditions:
- Application is running.
- Valid test user credentials.
Flow Steps:
- Log in with valid credentials.
- Navigate to a protected route (/scans).
- Navigate to a safe public page (/sign-in).
- Clear cookies to simulate session expiry.
- Navigate to another protected route (/providers) using fresh navigation.
- Verify redirect to sign-in includes callbackUrl parameter.
Expected Result:
- URL contains callbackUrl=/providers parameter.
- User can sign in and be redirected back to the original destination.
Test Case: AUTH-TOKEN-E2E-001 - Refresh access token when expired
Priority: normal
Tags:
- type: @e2e
- feature: @auth, @token
Description/Objective: Verify that session is maintained after page reload (token refresh).
Preconditions:
- Application is running.
- Valid test user credentials.
Flow Steps:
- Log in with valid credentials.
- Verify home page is loaded.
- Capture initial session data.
- Reload the page.
- Verify session is still valid with same user data.
Expected Result:
- Session persists after reload.
- User email, userId, and tenantId remain the same.
Test Case: AUTH-TOKEN-E2E-002 - Preserve user permissions after token refresh
Priority: normal
Tags:
- type: @e2e
- feature: @auth, @token
Description/Objective: Verify that user permissions are preserved after token refresh.
Preconditions:
- Application is running.
- Valid test user credentials.
Flow Steps:
- Log in with valid credentials.
- Capture initial session with permissions.
- Reload the page.
- Verify permissions match initial session.
Expected Result:
- User permissions are identical before and after refresh.
- User profile data (email, name, companyName) is preserved.
Test Case: AUTH-TOKEN-E2E-003 - Clear session when cookies are removed
Priority: normal
Tags:
- type: @e2e
- feature: @auth, @token
Description/Objective: Verify that session is cleared when cookies are removed.
Preconditions:
- Application is running.
- Valid test user credentials.
Flow Steps:
- Log in with valid credentials.
- Verify session is valid.
- Clear all cookies.
- Check session status.
Expected Result:
- Session returns null after cookies are cleared.
- User is effectively logged out.