From 75ada812bc9265db397da4fd43af654c7b56d0f8 Mon Sep 17 00:00:00 2001 From: Yisroel Baum Date: Wed, 6 May 2026 23:24:50 +0300 Subject: [PATCH 1/9] add cypress signup spec --- .../blog_portal/cypress/e2e/signup_page.cy.ts | 67 +++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 frontend/blog_portal/cypress/e2e/signup_page.cy.ts diff --git a/frontend/blog_portal/cypress/e2e/signup_page.cy.ts b/frontend/blog_portal/cypress/e2e/signup_page.cy.ts new file mode 100644 index 0000000..0752e66 --- /dev/null +++ b/frontend/blog_portal/cypress/e2e/signup_page.cy.ts @@ -0,0 +1,67 @@ +describe("signup page", function () { + beforeEach(function () { + cy.resetDb(); + cy.clearMail(); + }); + + it("creates an unconfirmed user and redirects to check-email", function () { + cy.visit("/signup"); + cy.get('input[type="email"]').type("alice@example.com"); + cy.get('input[autocomplete="username"]').type("alice"); + cy.contains("button", "Continue").click(); + + cy.location("pathname").should("eq", "/check-email"); + cy.contains("h1", "Check your email").should("be.visible"); + + cy.getMail().then(function (inbox) { + expect(inbox.messages).to.have.length(1); + expect(inbox.messages[0].To[0].Address).to.equal( + "alice@example.com", + ); + }); + }); + + it("surfaces a 409 when the email is already registered", function () { + cy.seedConfirmedUser({ + email: "alice@example.com", + displayName: "alice", + password: "longenoughpassword", + }); + cy.clearMail(); + + cy.visit("/signup"); + cy.get('input[type="email"]').type("alice@example.com"); + cy.get('input[autocomplete="username"]').type("alice2"); + cy.contains("button", "Continue").click(); + + cy.location("pathname").should("eq", "/signup"); + cy.contains(".error", "email already registered").should("be.visible"); + }); + + it("surfaces a 409 when the display name is taken", function () { + cy.seedConfirmedUser({ + email: "alice@example.com", + displayName: "alice", + password: "longenoughpassword", + }); + cy.clearMail(); + + cy.visit("/signup"); + cy.get('input[type="email"]').type("other@example.com"); + cy.get('input[autocomplete="username"]').type("alice"); + cy.contains("button", "Continue").click(); + + cy.location("pathname").should("eq", "/signup"); + cy.contains(".error", "displayName already taken").should("be.visible"); + }); + + it("blocks invalid display name characters client-side", function () { + cy.visit("/signup"); + cy.get('input[type="email"]').type("alice@example.com"); + cy.get('input[autocomplete="username"]').type("Has Spaces"); + cy.contains("button", "Continue").click(); + + cy.location("pathname").should("eq", "/signup"); + cy.get('input[autocomplete="username"]:invalid').should("exist"); + }); +}); From 9db7920f80ab056d5036a6878f3233362f5886f6 Mon Sep 17 00:00:00 2001 From: Yisroel Baum Date: Wed, 6 May 2026 23:25:01 +0300 Subject: [PATCH 2/9] add cypress login spec --- .../blog_portal/cypress/e2e/login_page.cy.ts | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 frontend/blog_portal/cypress/e2e/login_page.cy.ts diff --git a/frontend/blog_portal/cypress/e2e/login_page.cy.ts b/frontend/blog_portal/cypress/e2e/login_page.cy.ts new file mode 100644 index 0000000..56b7370 --- /dev/null +++ b/frontend/blog_portal/cypress/e2e/login_page.cy.ts @@ -0,0 +1,41 @@ +describe("login page", function () { + beforeEach(function () { + cy.resetDb(); + cy.clearMail(); + cy.seedConfirmedUser({ + email: "alice@example.com", + displayName: "alice", + password: "longenoughpassword", + }); + }); + + it("logs in with valid credentials and shows the user in the header", function () { + cy.visit("/login"); + cy.get('input[type="email"]').type("alice@example.com"); + cy.get('input[type="password"]').type("longenoughpassword"); + cy.contains("button", "Log in").click(); + + cy.location("pathname").should("eq", "/"); + cy.get(".app-header").contains("alice").should("be.visible"); + }); + + it("shows an error on wrong password", function () { + cy.visit("/login"); + cy.get('input[type="email"]').type("alice@example.com"); + cy.get('input[type="password"]').type("wrongpassword"); + cy.contains("button", "Log in").click(); + + cy.location("pathname").should("eq", "/login"); + cy.contains(".error", "invalid credentials").should("be.visible"); + }); + + it("redirects authenticated users away from /login", function () { + cy.loginViaApi({ + email: "alice@example.com", + password: "longenoughpassword", + }); + + cy.visit("/login"); + cy.location("pathname").should("eq", "/"); + }); +}); From 910bc98197a01d5ebbc07baa5a4436f8101f3674 Mon Sep 17 00:00:00 2001 From: Yisroel Baum Date: Wed, 6 May 2026 23:25:14 +0300 Subject: [PATCH 3/9] add cypress confirm-email spec --- .../cypress/e2e/confirm_email_page.cy.ts | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 frontend/blog_portal/cypress/e2e/confirm_email_page.cy.ts diff --git a/frontend/blog_portal/cypress/e2e/confirm_email_page.cy.ts b/frontend/blog_portal/cypress/e2e/confirm_email_page.cy.ts new file mode 100644 index 0000000..09415f5 --- /dev/null +++ b/frontend/blog_portal/cypress/e2e/confirm_email_page.cy.ts @@ -0,0 +1,48 @@ +describe("confirm email page", function () { + beforeEach(function () { + cy.resetDb(); + cy.clearMail(); + }); + + it("redirects to /login when no token is present", function () { + cy.visit("/confirm-email"); + cy.location("pathname").should("eq", "/login"); + }); + + it("sets the password and redirects to /login on success", function () { + cy.signupViaApi({ + email: "alice@example.com", + displayName: "alice", + }); + cy.fetchLatestConfirmToken("alice@example.com").then(function (token) { + cy.visit(`/confirm-email?token=${token}`); + cy.get('input[type="password"]').type("longenoughpassword"); + cy.contains("button", "Confirm").click(); + + cy.location("pathname").should("eq", "/login"); + + cy.loginViaApi({ + email: "alice@example.com", + password: "longenoughpassword", + }); + }); + }); + + it("shows the backend error when password is too short", function () { + cy.signupViaApi({ + email: "alice@example.com", + displayName: "alice", + }); + cy.fetchLatestConfirmToken("alice@example.com").then(function (token) { + cy.visit(`/confirm-email?token=${token}`); + cy.get('input[type="password"]') + .invoke("removeAttr", "minlength") + .type("short"); + cy.contains("button", "Confirm").click(); + + cy.contains(".error", "password must be at least 8").should( + "be.visible", + ); + }); + }); +}); From 07f9746316e7f494baeb324acf7247e91b4a9f5e Mon Sep 17 00:00:00 2001 From: Yisroel Baum Date: Wed, 6 May 2026 23:25:26 +0300 Subject: [PATCH 4/9] add cypress guest-routes spec --- .../cypress/e2e/guest_routes.cy.ts | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 frontend/blog_portal/cypress/e2e/guest_routes.cy.ts diff --git a/frontend/blog_portal/cypress/e2e/guest_routes.cy.ts b/frontend/blog_portal/cypress/e2e/guest_routes.cy.ts new file mode 100644 index 0000000..2f06222 --- /dev/null +++ b/frontend/blog_portal/cypress/e2e/guest_routes.cy.ts @@ -0,0 +1,41 @@ +describe("guest route guards", function () { + beforeEach(function () { + cy.resetDb(); + cy.clearMail(); + }); + + it("redirects anonymous visitors away from /users/:displayName/posts/new", function () { + cy.visit("/users/alice/posts/new"); + cy.location("pathname").should("eq", "/login"); + }); + + it("redirects authenticated visitors away from /login", function () { + cy.seedConfirmedUser({ + email: "alice@example.com", + displayName: "alice", + password: "longenoughpassword", + }); + cy.loginViaApi({ + email: "alice@example.com", + password: "longenoughpassword", + }); + + cy.visit("/login"); + cy.location("pathname").should("eq", "/"); + }); + + it("redirects authenticated visitors away from /signup", function () { + cy.seedConfirmedUser({ + email: "alice@example.com", + displayName: "alice", + password: "longenoughpassword", + }); + cy.loginViaApi({ + email: "alice@example.com", + password: "longenoughpassword", + }); + + cy.visit("/signup"); + cy.location("pathname").should("eq", "/"); + }); +}); From 84ee24c2ee800dd0005e6d0e9b187746c85b30f8 Mon Sep 17 00:00:00 2001 From: Yisroel Baum Date: Wed, 6 May 2026 23:25:44 +0300 Subject: [PATCH 5/9] add cypress home page spec --- .../blog_portal/cypress/e2e/home_page.cy.ts | 101 ++++++++++++++++++ 1 file changed, 101 insertions(+) create mode 100644 frontend/blog_portal/cypress/e2e/home_page.cy.ts diff --git a/frontend/blog_portal/cypress/e2e/home_page.cy.ts b/frontend/blog_portal/cypress/e2e/home_page.cy.ts new file mode 100644 index 0000000..17667c9 --- /dev/null +++ b/frontend/blog_portal/cypress/e2e/home_page.cy.ts @@ -0,0 +1,101 @@ +describe("home page", function () { + beforeEach(function () { + cy.resetDb(); + cy.clearMail(); + cy.seedConfirmedUser({ + email: "alice@example.com", + displayName: "alice", + password: "longenoughpassword", + }); + cy.seedConfirmedUser({ + email: "bob@example.com", + displayName: "bob", + password: "longenoughpassword", + }); + cy.seedPostAs({ + email: "alice@example.com", + password: "longenoughpassword", + title: "Alice first", + body: "Alice's first post.", + }); + cy.seedPostAs({ + email: "bob@example.com", + password: "longenoughpassword", + title: "Bob says hi", + body: "Bob's only post.", + }); + cy.seedPostAs({ + email: "alice@example.com", + password: "longenoughpassword", + title: "Alice second", + body: "Alice's second post.", + }); + }); + + it("renders recent posts in newest-first order with author links", function () { + cy.visit("/"); + cy.contains("h2", "Recent posts").should("be.visible"); + cy.get(".recent .post-card").should("have.length", 3); + cy.get(".recent .post-card").first().within(function () { + cy.contains("Alice second"); + cy.contains("a", "alice"); + }); + }); + + it("hides the featured section when no posts are featured", function () { + cy.visit("/"); + cy.contains("h2", "Featured").should("not.exist"); + }); + + it("shows featured posts in slot order once an admin features them", function () { + cy.seedAdmin({ + email: "admin@example.com", + displayName: "rootadmin", + password: "longenoughpassword", + }); + cy.request("/api/posts").then(function (response) { + const posts = response.body.posts as Array<{ + id: number; + title: string; + }>; + const aliceSecond = posts.find(function (entry) { + return entry.title === "Alice second"; + })!; + const bobPost = posts.find(function (entry) { + return entry.title === "Bob says hi"; + })!; + cy.seedFeaturedPost({ + adminEmail: "admin@example.com", + adminPassword: "longenoughpassword", + postId: bobPost.id, + slot: 2, + }); + cy.seedFeaturedPost({ + adminEmail: "admin@example.com", + adminPassword: "longenoughpassword", + postId: aliceSecond.id, + slot: 1, + }); + }); + + cy.visit("/"); + cy.contains("h2", "Featured").should("be.visible"); + cy.get(".featured .post-card").should("have.length", 2); + cy.get(".featured .post-card").eq(0).contains("Alice second"); + cy.get(".featured .post-card").eq(1).contains("Bob says hi"); + }); + + it("searches users by display name and email prefix", function () { + cy.visit("/"); + cy.get('input[type="search"]').type("al"); + cy.get(".results li").should("have.length", 1); + cy.get(".results li").contains("alice"); + + cy.get('input[type="search"]').clear().type("b"); + cy.get(".results li").should("have.length", 1); + cy.get(".results li").contains("bob"); + + cy.get('input[type="search"]').clear().type("zzz"); + cy.get(".results li").should("have.length", 0); + }); +}); From 66ad7b1a0fec8f5ac780f6921de9371b158b022b Mon Sep 17 00:00:00 2001 From: Yisroel Baum Date: Wed, 6 May 2026 23:26:00 +0300 Subject: [PATCH 6/9] add cypress profile page spec --- .../cypress/e2e/profile_page.cy.ts | 86 +++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 frontend/blog_portal/cypress/e2e/profile_page.cy.ts diff --git a/frontend/blog_portal/cypress/e2e/profile_page.cy.ts b/frontend/blog_portal/cypress/e2e/profile_page.cy.ts new file mode 100644 index 0000000..375e3c9 --- /dev/null +++ b/frontend/blog_portal/cypress/e2e/profile_page.cy.ts @@ -0,0 +1,86 @@ +describe("profile page", function () { + beforeEach(function () { + cy.resetDb(); + cy.clearMail(); + cy.seedConfirmedUser({ + email: "alice@example.com", + displayName: "alice", + password: "longenoughpassword", + }); + cy.seedConfirmedUser({ + email: "bob@example.com", + displayName: "bob", + password: "longenoughpassword", + }); + cy.seedPostAs({ + email: "alice@example.com", + password: "longenoughpassword", + title: "Alice's only post", + body: "Hello.", + }); + }); + + it("shows posts to anonymous visitors without owner controls", function () { + cy.visit("/users/alice"); + cy.contains("h1", "alice").should("be.visible"); + cy.contains(".post-card", "Alice's only post").should("be.visible"); + cy.contains("button", "New post").should("not.exist"); + cy.contains("button", "Promote to admin").should("not.exist"); + }); + + it("shows the New post button when viewing your own profile", function () { + cy.loginViaApi({ + email: "alice@example.com", + password: "longenoughpassword", + }); + + cy.visit("/users/alice"); + cy.contains("button", "New post").should("be.visible"); + cy.contains("button", "Promote to admin").should("not.exist"); + }); + + it("hides the Promote button from non-admin viewers", function () { + cy.loginViaApi({ + email: "bob@example.com", + password: "longenoughpassword", + }); + + cy.visit("/users/alice"); + cy.contains("button", "Promote to admin").should("not.exist"); + }); + + it("shows the Promote button to an admin viewing someone else", function () { + cy.seedAdmin({ + email: "admin@example.com", + displayName: "rootadmin", + password: "longenoughpassword", + }); + cy.loginViaApi({ + email: "admin@example.com", + password: "longenoughpassword", + }); + + cy.visit("/users/alice"); + cy.contains("button", "Promote to admin").should("be.visible"); + }); + + it("hides the Promote button when an admin views their own profile", function () { + cy.seedAdmin({ + email: "admin@example.com", + displayName: "rootadmin", + password: "longenoughpassword", + }); + cy.loginViaApi({ + email: "admin@example.com", + password: "longenoughpassword", + }); + + cy.visit("/users/rootadmin"); + cy.contains("button", "Promote to admin").should("not.exist"); + }); + + it("renders a not-found panel for unknown display names", function () { + cy.visit("/users/nobody"); + cy.contains("h1", "User not found").should("be.visible"); + }); +}); From 6f160ddd4e778dbabf1c87b7a89c4ddbb14eee83 Mon Sep 17 00:00:00 2001 From: Yisroel Baum Date: Wed, 6 May 2026 23:26:14 +0300 Subject: [PATCH 7/9] add cypress new-post spec --- .../cypress/e2e/new_post_page.cy.ts | 63 +++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 frontend/blog_portal/cypress/e2e/new_post_page.cy.ts diff --git a/frontend/blog_portal/cypress/e2e/new_post_page.cy.ts b/frontend/blog_portal/cypress/e2e/new_post_page.cy.ts new file mode 100644 index 0000000..db9673b --- /dev/null +++ b/frontend/blog_portal/cypress/e2e/new_post_page.cy.ts @@ -0,0 +1,63 @@ +describe("new post page", function () { + beforeEach(function () { + cy.resetDb(); + cy.clearMail(); + cy.seedConfirmedUser({ + email: "alice@example.com", + displayName: "alice", + password: "longenoughpassword", + }); + cy.seedConfirmedUser({ + email: "bob@example.com", + displayName: "bob", + password: "longenoughpassword", + }); + }); + + it("redirects anonymous visitors to /login", function () { + cy.visit("/users/alice/posts/new"); + cy.location("pathname").should("eq", "/login"); + }); + + it("redirects users away from another user's new-post page", function () { + cy.loginViaApi({ + email: "alice@example.com", + password: "longenoughpassword", + }); + + cy.visit("/users/bob/posts/new"); + cy.location("pathname").should("eq", "/"); + }); + + it("publishes a post and redirects to the new post page", function () { + cy.loginViaApi({ + email: "alice@example.com", + password: "longenoughpassword", + }); + + cy.visit("/users/alice/posts/new"); + cy.get('input[type="text"]').type("Hello world"); + cy.get("textarea").type("This is the body of my first post."); + cy.contains("button", "Publish").click(); + + cy.location("pathname").should("match", /^\/posts\/\d+$/); + cy.contains("h1", "Hello world").should("be.visible"); + cy.contains(".body", "This is the body of my first post.").should( + "be.visible", + ); + }); + + it("blocks submission when the title is empty (HTML5 validation)", function () { + cy.loginViaApi({ + email: "alice@example.com", + password: "longenoughpassword", + }); + + cy.visit("/users/alice/posts/new"); + cy.get("textarea").type("body only"); + cy.contains("button", "Publish").click(); + + cy.location("pathname").should("eq", "/users/alice/posts/new"); + cy.get('input[type="text"]:invalid').should("exist"); + }); +}); From db910c9431e427c88415ac093e3372eb25bb08bb Mon Sep 17 00:00:00 2001 From: Yisroel Baum Date: Wed, 6 May 2026 23:26:37 +0300 Subject: [PATCH 8/9] add cypress post page spec --- .../blog_portal/cypress/e2e/post_page.cy.ts | 136 ++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 frontend/blog_portal/cypress/e2e/post_page.cy.ts diff --git a/frontend/blog_portal/cypress/e2e/post_page.cy.ts b/frontend/blog_portal/cypress/e2e/post_page.cy.ts new file mode 100644 index 0000000..4bf4a8c --- /dev/null +++ b/frontend/blog_portal/cypress/e2e/post_page.cy.ts @@ -0,0 +1,136 @@ +describe("post page", function () { + beforeEach(function () { + cy.resetDb(); + cy.clearMail(); + cy.seedConfirmedUser({ + email: "alice@example.com", + displayName: "alice", + password: "longenoughpassword", + }); + cy.seedConfirmedUser({ + email: "bob@example.com", + displayName: "bob", + password: "longenoughpassword", + }); + cy.seedPostAs({ + email: "alice@example.com", + password: "longenoughpassword", + title: "Alice post", + body: "Body of alice's post.", + }).as("alicePost"); + }); + + it("renders the post for anonymous visitors with a login CTA", function () { + cy.get<{ id: number }>("@alicePost").then(function (post) { + cy.visit(`/posts/${post.id}`); + cy.contains("h1", "Alice post").should("be.visible"); + cy.contains("a", "alice").should("be.visible"); + cy.contains("Comments (0)").should("be.visible"); + cy.contains("Log in").should("be.visible"); + cy.get(".comment-form").should("not.exist"); + }); + }); + + it("lets a signed-in user add a comment", function () { + cy.loginViaApi({ + email: "bob@example.com", + password: "longenoughpassword", + }); + + cy.get<{ id: number }>("@alicePost").then(function (post) { + cy.visit(`/posts/${post.id}`); + cy.get(".comment-form textarea").type("nice post"); + cy.contains(".comment-form button", "Comment").click(); + + cy.contains(".comment-list li", "nice post").should("be.visible"); + cy.contains(".comment-list li", "bob").should("be.visible"); + cy.contains("Comments (1)").should("be.visible"); + }); + }); + + it("only shows the Delete control on comments you can delete", function () { + cy.loginViaApi({ + email: "bob@example.com", + password: "longenoughpassword", + }); + + cy.get<{ id: number }>("@alicePost").then(function (post) { + cy.request("POST", `/api/posts/${post.id}/comments`, { + body: "bob's comment", + }); + cy.logoutViaApi(); + cy.loginViaApi({ + email: "alice@example.com", + password: "longenoughpassword", + }); + cy.request("POST", `/api/posts/${post.id}/comments`, { + body: "alice's comment", + }); + + cy.visit(`/posts/${post.id}`); + cy.contains(".comment-list li", "alice's comment") + .find("button.delete") + .should("exist"); + cy.contains(".comment-list li", "bob's comment") + .find("button.delete") + .should("not.exist"); + }); + }); + + it("hides the Delete post control for non-author non-admin users", function () { + cy.loginViaApi({ + email: "bob@example.com", + password: "longenoughpassword", + }); + + cy.get<{ id: number }>("@alicePost").then(function (post) { + cy.visit(`/posts/${post.id}`); + cy.contains("button", "Delete post").should("not.exist"); + cy.contains("button", "Feature in slot 1").should("not.exist"); + }); + }); + + it("lets the author delete their post", function () { + cy.loginViaApi({ + email: "alice@example.com", + password: "longenoughpassword", + }); + + cy.get<{ id: number }>("@alicePost").then(function (post) { + cy.visit(`/posts/${post.id}`); + cy.contains("button", "Delete post").click(); + cy.location("pathname").should("eq", "/"); + }); + }); + + it("shows admin controls (delete, feature, unfeature) to admins", function () { + cy.seedAdmin({ + email: "admin@example.com", + displayName: "rootadmin", + password: "longenoughpassword", + }); + cy.loginViaApi({ + email: "admin@example.com", + password: "longenoughpassword", + }); + + cy.get<{ id: number }>("@alicePost").then(function (post) { + cy.visit(`/posts/${post.id}`); + cy.contains("button", "Delete post").should("be.visible"); + cy.contains("button", "Feature in slot 1").should("be.visible"); + cy.contains("button", "Feature in slot 2").should("be.visible"); + + cy.contains("button", "Feature in slot 1").click(); + cy.contains(".badge", "Featured (slot 1)").should("be.visible"); + cy.contains("button", "Unfeature").should("be.visible"); + + cy.contains("button", "Unfeature").click(); + cy.contains(".badge", "Featured").should("not.exist"); + }); + }); + + it("shows a not-found panel for unknown post ids", function () { + cy.visit("/posts/9999"); + cy.contains("h1", "Post not found").should("be.visible"); + }); +}); From d40efeec706a3a7a97d47d9dc07678659f768268 Mon Sep 17 00:00:00 2001 From: Yisroel Baum Date: Wed, 6 May 2026 23:26:55 +0300 Subject: [PATCH 9/9] add cypress admin actions spec --- .../cypress/e2e/admin_actions.cy.ts | 99 +++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 frontend/blog_portal/cypress/e2e/admin_actions.cy.ts diff --git a/frontend/blog_portal/cypress/e2e/admin_actions.cy.ts b/frontend/blog_portal/cypress/e2e/admin_actions.cy.ts new file mode 100644 index 0000000..7412b2e --- /dev/null +++ b/frontend/blog_portal/cypress/e2e/admin_actions.cy.ts @@ -0,0 +1,99 @@ +describe("admin actions", function () { + beforeEach(function () { + cy.resetDb(); + cy.clearMail(); + cy.seedAdmin({ + email: "admin@example.com", + displayName: "rootadmin", + password: "longenoughpassword", + }); + cy.seedConfirmedUser({ + email: "alice@example.com", + displayName: "alice", + password: "longenoughpassword", + }); + cy.seedConfirmedUser({ + email: "bob@example.com", + displayName: "bob", + password: "longenoughpassword", + }); + cy.seedPostAs({ + email: "alice@example.com", + password: "longenoughpassword", + title: "Alice post", + body: "Body.", + }).as("alicePost"); + }); + + it("admin promotes another user via the profile page", function () { + cy.loginViaApi({ + email: "admin@example.com", + password: "longenoughpassword", + }); + + cy.visit("/users/alice"); + cy.contains("button", "Promote to admin").click(); + + cy.logoutViaApi(); + cy.loginViaApi({ + email: "alice@example.com", + password: "longenoughpassword", + }); + cy.get<{ id: number }>("@alicePost").then(function (post) { + cy.visit(`/posts/${post.id}`); + cy.contains("button", "Feature in slot 1").should("be.visible"); + }); + }); + + it("admin features a post and it shows up on the home page", function () { + cy.loginViaApi({ + email: "admin@example.com", + password: "longenoughpassword", + }); + + cy.get<{ id: number }>("@alicePost").then(function (post) { + cy.visit(`/posts/${post.id}`); + cy.contains("button", "Feature in slot 1").click(); + cy.contains(".badge", "Featured (slot 1)").should("be.visible"); + }); + + cy.logoutViaApi(); + cy.visit("/"); + cy.contains("h2", "Featured").should("be.visible"); + cy.get(".featured .post-card").should("have.length", 1); + cy.contains(".featured .post-card", "Alice post").should("be.visible"); + }); + + it("admin unfeaturing a post removes it from the home page", function () { + cy.loginViaApi({ + email: "admin@example.com", + password: "longenoughpassword", + }); + + cy.get<{ id: number }>("@alicePost").then(function (post) { + cy.visit(`/posts/${post.id}`); + cy.contains("button", "Feature in slot 1").click(); + cy.contains(".badge", "Featured (slot 1)").should("be.visible"); + cy.contains("button", "Unfeature").click(); + cy.contains(".badge", "Featured").should("not.exist"); + }); + + cy.logoutViaApi(); + cy.visit("/"); + cy.contains("h2", "Featured").should("not.exist"); + }); + + it("a newly promoted admin can also feature posts", function () { + cy.promoteAdmin("bob@example.com"); + cy.loginViaApi({ + email: "bob@example.com", + password: "longenoughpassword", + }); + + cy.get<{ id: number }>("@alicePost").then(function (post) { + cy.visit(`/posts/${post.id}`); + cy.contains("button", "Feature in slot 2").click(); + cy.contains(".badge", "Featured (slot 2)").should("be.visible"); + }); + }); +});