test auth flows in cypress

cypress/e2e/auth.cy.js

@@ -0,0 +1,87 @@
+describe('Authentication flows', () => {
+    beforeEach(() => {
+        cy.exec('npm run db:seed')
+    })
+
+    afterEach(() => {
+        cy.exec('npm run db:wipe')
+    })
+
+    it('unauthenticated home redirects to login', () => {
+        cy.visit('/home')
+        cy.url().should('include', '/login')
+    })
+
+    it('login form submits and redirects to home', () => {
+        cy.visit('/login')
+        cy.get('#email').type('user@example.com')
+        cy.get('#password').type('password1')
+        cy.get('#login-form').submit()
+        cy.url().should('include', '/home')
+        cy.get('h1').should('contain', 'Home')
+    })
+
+    it('login shows error on wrong password', () => {
+        cy.visit('/login')
+        cy.get('#email').type('user@example.com')
+        cy.get('#password').type('wrongpassword')
+        cy.get('#login-form').submit()
+        cy.get('#login-error').should('be.visible')
+        cy.url().should('include', '/login')
+    })
+
+    it('register creates user and redirects to home', () => {
+        cy.visit('/register')
+        cy.get('#email').type('fresh@example.com')
+        cy.get('#password').type('password1')
+        cy.get('#register-form').submit()
+        cy.url().should('include', '/home')
+    })
+
+    it('register shows error on short password', () => {
+        cy.visit('/register')
+        cy.get('#email').type('another@example.com')
+        cy.get('#password').invoke(
+            'removeAttr',
+            'minlength'
+        )
+        cy.get('#password').type('short')
+        cy.get('#register-form').submit()
+        cy.get('#register-error').should('be.visible')
+        cy.url().should('include', '/register')
+    })
+
+    it('register shows error on duplicate email', () => {
+        cy.visit('/register')
+        cy.get('#email').type('user@example.com')
+        cy.get('#password').type('password1')
+        cy.get('#register-form').submit()
+        cy.get('#register-error').should('be.visible')
+        cy.url().should('include', '/register')
+    })
+
+    it('logout clears session and redirects to login', () => {
+        cy.loginAsUser()
+        cy.visit('/home')
+        cy.get('#logout').click()
+        cy.url().should('include', '/login')
+        cy.visit('/home')
+        cy.url().should('include', '/login')
+    })
+
+    it('non-admin user hitting /admin gets 403', () => {
+        cy.loginAsUser()
+        cy.request({
+            url: '/admin',
+            failOnStatusCode: false,
+        }).then((response) => {
+            expect(response.status).to.eq(403)
+        })
+    })
+
+    it('admin user can access /admin', () => {
+        cy.loginAsAdmin()
+        cy.visit('/admin')
+        cy.get('#texts').should('exist')
+    })
+})