From 4975da19be4531f7fde5632cc17f5e0b1bfa8722 Mon Sep 17 00:00:00 2001
From: Yisroel Baum <yisroel.d.baum@gmail.com>
Date: Fri, 24 Apr 2026 16:08:32 +0300
Subject: [PATCH] test auth flows in cypress

---
 cypress/e2e/auth.cy.js | 87 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)
 create mode 100644 cypress/e2e/auth.cy.js

diff --git a/cypress/e2e/auth.cy.js b/cypress/e2e/auth.cy.js
new file mode 100644
index 0000000..ae22d22
--- /dev/null
+++ b/cypress/e2e/auth.cy.js
@@ -0,0 +1,87 @@
+describe('Authentication flows', () => {
+    beforeEach(() => {
+        cy.exec('npm run db:seed')
+    })
+
+    afterEach(() => {
+        cy.exec('npm run db:wipe')
+    })
+
+    it('unauthenticated home redirects to login', () => {
+        cy.visit('/home')
+        cy.url().should('include', '/login')
+    })
+
+    it('login form submits and redirects to home', () => {
+        cy.visit('/login')
+        cy.get('#email').type('user@example.com')
+        cy.get('#password').type('password1')
+        cy.get('#login-form').submit()
+        cy.url().should('include', '/home')
+        cy.get('h1').should('contain', 'Home')
+    })
+
+    it('login shows error on wrong password', () => {
+        cy.visit('/login')
+        cy.get('#email').type('user@example.com')
+        cy.get('#password').type('wrongpassword')
+        cy.get('#login-form').submit()
+        cy.get('#login-error').should('be.visible')
+        cy.url().should('include', '/login')
+    })
+
+    it('register creates user and redirects to home', () => {
+        cy.visit('/register')
+        cy.get('#email').type('fresh@example.com')
+        cy.get('#password').type('password1')
+        cy.get('#register-form').submit()
+        cy.url().should('include', '/home')
+    })
+
+    it('register shows error on short password', () => {
+        cy.visit('/register')
+        cy.get('#email').type('another@example.com')
+        cy.get('#password').invoke(
+            'removeAttr',
+            'minlength'
+        )
+        cy.get('#password').type('short')
+        cy.get('#register-form').submit()
+        cy.get('#register-error').should('be.visible')
+        cy.url().should('include', '/register')
+    })
+
+    it('register shows error on duplicate email', () => {
+        cy.visit('/register')
+        cy.get('#email').type('user@example.com')
+        cy.get('#password').type('password1')
+        cy.get('#register-form').submit()
+        cy.get('#register-error').should('be.visible')
+        cy.url().should('include', '/register')
+    })
+
+    it('logout clears session and redirects to login', () => {
+        cy.loginAsUser()
+        cy.visit('/home')
+        cy.get('#logout').click()
+        cy.url().should('include', '/login')
+        cy.visit('/home')
+        cy.url().should('include', '/login')
+    })
+
+    it('non-admin user hitting /admin gets 403', () => {
+        cy.loginAsUser()
+        cy.request({
+            url: '/admin',
+            failOnStatusCode: false,
+        }).then((response) => {
+            expect(response.status).to.eq(403)
+        })
+    })
+
+    it('admin user can access /admin', () => {
+        cy.loginAsAdmin()
+        cy.visit('/admin')
+        cy.get('#texts').should('exist')
+    })
+})