test: full test suite (Vitest + pgTAP + Playwright) + TDD plan restructure
Add a 4-layer test stack covering RLS, triggers, and UI flows for Fases 0–2a, then restructure every plan file so future fases start with tests and end with a verification gate. Test suite - packages/test-utils: Vitest integration tests signing HS256 JWTs via jose so each test acts as a specific seed user (createClientAs + createAdminClient) - supabase/tests: pgTAP for accept_invitation(), item_frequency trigger, and promote-on-admin-leave; each file self-installs pgtap extension - apps/web/tests: Playwright E2E with live Keycloak login per test (storageState caching doesn't rehydrate Supabase's session state reliably) - just test-all chains the three suites; test-db forwards POSTGRES_PASSWORD as PGPASSWORD with ON_ERROR_STOP=1 so failures abort the chain Supabase auth gotcha - PostgREST queries inside onAuthStateChange deadlock on GoTrue's navigator.locks auth lock (getAccessToken → getSession → initializePromise waits on the same lock that's held during event dispatch). Fix is two defenses: a pass-through lock in $lib/supabase, and a setTimeout(0) defer in root +layout.svelte to push loadUserCollectives out of the callback's microtask chain. Either alone is insufficient; both together unblock the Playwright suite. Env key rotation - apps/web/.env.development had a stale demo anon key signed with a different secret than root .env; Vite inlined that into the browser bundle so Kong (which uses the root .env value) rejected every request with 401. Aligned the two files and added a memory entry to flag this for the next rotation. Plan restructure (TDD) - Every fase now opens with X.0 Tests primero and closes with X.Z Verificación final. Completed fases (0, 1, 2a) show the pattern retroactively with the tests that currently cover them; pending fases (2b, 3, 4) list the tests to write before implementation. Docs - CLAUDE.md status line reports 54 + 12 + 15 = 81 green tests, adds gotchas #11 (auth-lock deadlock) and #12 (no storageState caching) - README.md adds a TDD methodology section and the test-all command - .gitignore excludes Playwright's generated reports and auth state 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
29
apps/web/tests/fixtures/global-setup.ts
vendored
Normal file
29
apps/web/tests/fixtures/global-setup.ts
vendored
Normal file
@@ -0,0 +1,29 @@
|
||||
/**
|
||||
* Playwright global setup — health check for Keycloak + SvelteKit dev server.
|
||||
*
|
||||
* Auth state is NOT cached across tests: each test calls `loginAs(page, user)`
|
||||
* to perform the full Keycloak login. This is slower but deterministic. Previous
|
||||
* iterations used `browser.newContext({ storageState })`, but Supabase JS v2's
|
||||
* async `_recoverAndRefresh` doesn't reliably re-fire INITIAL_SESSION on restore.
|
||||
*/
|
||||
import type { FullConfig } from '@playwright/test';
|
||||
|
||||
const KEYCLOAK_URL = process.env.PUBLIC_KEYCLOAK_URL ?? 'http://localhost:8080';
|
||||
const KEYCLOAK_REALM = process.env.PUBLIC_KEYCLOAK_REALM ?? 'colectivo';
|
||||
|
||||
export default async function globalSetup(_config: FullConfig) {
|
||||
// Minimal health check: Keycloak realm discovery endpoint is reachable.
|
||||
try {
|
||||
const res = await fetch(
|
||||
`${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/.well-known/openid-configuration`,
|
||||
{ signal: AbortSignal.timeout(5_000) }
|
||||
);
|
||||
if (!res.ok) {
|
||||
throw new Error(`Keycloak realm discovery returned ${res.status}`);
|
||||
}
|
||||
} catch (err) {
|
||||
throw new Error(
|
||||
`Keycloak not reachable at ${KEYCLOAK_URL} — is \`just dev\` running? ${err}`
|
||||
);
|
||||
}
|
||||
}
|
||||
37
apps/web/tests/fixtures/login.ts
vendored
Normal file
37
apps/web/tests/fixtures/login.ts
vendored
Normal file
@@ -0,0 +1,37 @@
|
||||
/**
|
||||
* Live login helper — runs the real Keycloak OAuth flow in the current context.
|
||||
*
|
||||
* We use this instead of `storageState` because Supabase JS v2's async
|
||||
* `_recoverAndRefresh` doesn't reliably re-fire `onAuthStateChange`/INITIAL_SESSION
|
||||
* when the browser context is built from a saved localStorage snapshot. Doing the
|
||||
* full login for each test adds ~2–3 seconds but produces deterministic state.
|
||||
*/
|
||||
import type { Page } from '@playwright/test';
|
||||
import type { USERS } from './users.js';
|
||||
|
||||
export async function loginAs(page: Page, user: (typeof USERS)[keyof typeof USERS]): Promise<void> {
|
||||
await page.goto('/');
|
||||
await page.waitForURL(/\/realms\/colectivo\/protocol\/openid-connect\/auth/, {
|
||||
timeout: 15_000
|
||||
});
|
||||
await page.fill('#username', user.email);
|
||||
await page.fill('#password', user.password);
|
||||
await page.click('#kc-login');
|
||||
|
||||
// Wait until we're redirected OFF the callback page. The root layout's
|
||||
// post-login routing sends the user to /lists (or /onboarding) only after
|
||||
// the deferred loadUserCollectives call resolves, so we can't call the
|
||||
// login done until we've left /auth/callback.
|
||||
await page.waitForURL(
|
||||
(url) => url.origin === 'http://localhost:5173' && !url.pathname.startsWith('/auth/callback'),
|
||||
{ timeout: 20_000 }
|
||||
);
|
||||
await page.waitForFunction(
|
||||
() =>
|
||||
Object.keys(window.localStorage).some(
|
||||
(k) => k.startsWith('sb-') && k.endsWith('-auth-token')
|
||||
),
|
||||
null,
|
||||
{ timeout: 15_000 }
|
||||
);
|
||||
}
|
||||
42
apps/web/tests/fixtures/users.ts
vendored
Normal file
42
apps/web/tests/fixtures/users.ts
vendored
Normal file
@@ -0,0 +1,42 @@
|
||||
// Seed user constants for E2E tests.
|
||||
// Matches supabase/seed.sql and keycloak/realm-export.json.
|
||||
|
||||
export const USERS = {
|
||||
ana: {
|
||||
id: '11111111-1111-1111-1111-111111111111',
|
||||
email: 'ana@dev.local',
|
||||
password: 'test1234',
|
||||
displayName: 'Ana García',
|
||||
role: 'admin' as const,
|
||||
storageState: 'tests/.auth/ana.json'
|
||||
},
|
||||
borja: {
|
||||
id: '22222222-2222-2222-2222-222222222222',
|
||||
email: 'borja@dev.local',
|
||||
password: 'test1234',
|
||||
displayName: 'Borja López',
|
||||
role: 'member' as const,
|
||||
storageState: 'tests/.auth/borja.json'
|
||||
},
|
||||
david: {
|
||||
id: '44444444-4444-4444-4444-444444444444',
|
||||
email: 'david@dev.local',
|
||||
password: 'test1234',
|
||||
displayName: 'David Fernández',
|
||||
role: 'guest' as const,
|
||||
storageState: 'tests/.auth/david.json'
|
||||
},
|
||||
eva: {
|
||||
id: '55555555-5555-5555-5555-555555555555',
|
||||
email: 'eva@dev.local',
|
||||
password: 'test1234',
|
||||
displayName: 'Eva Ruiz',
|
||||
role: 'none' as const, // no collective
|
||||
storageState: 'tests/.auth/eva.json'
|
||||
}
|
||||
} as const;
|
||||
|
||||
export type UserKey = keyof typeof USERS;
|
||||
export const COLLECTIVE_NAME = 'Casa García-López';
|
||||
export const KEYCLOAK_URL = process.env.PUBLIC_KEYCLOAK_URL ?? 'http://localhost:8080';
|
||||
export const KEYCLOAK_REALM = process.env.PUBLIC_KEYCLOAK_REALM ?? 'colectivo';
|
||||
Reference in New Issue
Block a user