Merge branch 'release/0.4.0'

Author: workcontrolgit

config/environments.json

@@ -3,7 +3,7 @@
     "angularUrl": "http://localhost:4200",
     "apiUrl": "https://localhost:44378",
     "apiBaseUrl": "https://localhost:44378/api/v1",
-    "identityServerUrl": "https://sts.skoruba.local",
+    "identityServerUrl": "https://localhost:44310",
     "timeout": 30000,
     "description": "Local development environment"
   },

config/test-config.ts

@@ -11,7 +11,7 @@
 export const APP_URLS = {
   angular: 'http://localhost:4200',
   api: 'https://localhost:44378/api/v1',
-  identityServer: 'https://sts.skoruba.local',
+  identityServer: 'https://localhost:44310',
 } as const;
 
 /**

diagnostic-screenshot.png

@@ -1,5 +1,6 @@
 import { Page, APIRequestContext } from '@playwright/test';
 import testUsers from '../config/test-users.json';
+import { APP_URLS } from '../config/test-config';
 
 /**
  * Authentication Fixtures
@@ -31,30 +32,75 @@ export async function loginAs(
   await page.goto('/');
   await page.waitForLoadState('networkidle');
 
+  // If we're already authenticated for some reason, log out first
+  if (await isAuthenticated(page)) {
+    // the logout helper already waits for navigation etc.
+    await logout(page);
+    await page.goto('/');
+    await page.waitForLoadState('networkidle');
+  }
+
   // Clear any existing auth tokens to ensure clean state
   await clearAuthTokens(page);
 
   // Reload page after clearing tokens to ensure Guest state
   await page.reload();
   await page.waitForLoadState('networkidle');
 
-  // Wait for page to fully render
+  // Pause briefly to allow Angular to render guest UI
   await page.waitForTimeout(1000);
 
-  // Click user icon in upper right corner
-  const userIcon = page.locator('button[aria-label="User menu"], button mat-icon:has-text("account_circle"), header button:has(mat-icon)').last();
-  await userIcon.click();
+  // Click user icon in upper right corner to open menu
+  const userIcon = page.locator(
+    'button[aria-label="User menu"], button mat-icon:has-text("account_circle"), header button:has(mat-icon)'
+  ).last();
+  await userIcon.waitFor({ state: 'visible', timeout: 10000 });
+
+  // perform click; in some browsers the click may hang, so retry with force if needed
+  try {
+    await userIcon.click({ timeout: 5000 });
+  } catch (err) {
+    console.warn('userIcon.click() failed, retrying with force:', err);
+    await userIcon.click({ force: true });
+  }
+
   await page.waitForTimeout(500);
 
   // Click "Login" option from dropdown menu
-  const loginOption = page.locator('button:has-text("Login"), a:has-text("Login"), [role="menuitem"]:has-text("Login")').first();
+  const loginOption = page.locator(
+    'button:has-text("Login"), a:has-text("Login"), [role="menuitem"]:has-text("Login")'
+  ).first();
+
+  // Make sure the login option actually exists; otherwise abort early
+  const optionCount = await loginOption.count();
+  if (optionCount === 0) {
+    const currentUrl = page.url();
+    throw new Error(
+      `Unable to find Login option in user menu. Current url: ${currentUrl}`
+    );
+  }
 
-  // Wait for login option to be visible before clicking
+  // Ensure it's clickable and visible before firing the click
+  await loginOption.scrollIntoViewIfNeeded();
   await loginOption.waitFor({ state: 'visible', timeout: 5000 });
-  await loginOption.click();
+  await loginOption.click({ timeout: 5000 });
 
-  // Wait for redirect to IdentityServer login page
-  await page.waitForURL(/sts\.skoruba\.local.*/, { timeout: 10000 });
+  // After clicking we expect to leave the Angular app. The redirect may go to
+  // the configured identity server or an in-app login page; wait for either.
+  const idHost = new URL(APP_URLS.identityServer).host.replace(/\./g, '\\.');
+  const idRegex = new RegExp(`${idHost}.*`);
+  try {
+    await Promise.race([
+      page.waitForURL(idRegex, { timeout: 30000 }),
+      page.waitForSelector('input[name="Username"]', { timeout: 30000 })
+    ]);
+  } catch (err) {
+    const currentUrl = page.url();
+    throw new Error(
+      `Timed out waiting for login redirect after clicking login (30s). ` +
+        `Current url: ${currentUrl}`
+    );
+  }
 
   // Fill in login credentials
   await page.fill('input[name="Username"]', username);
@@ -64,10 +110,13 @@ export async function loginAs(
   await page.click('button:has-text("Login")');
 
   // Wait for OAuth callback redirect back to Angular app
-  await page.waitForURL(/localhost:4200.*/, { timeout: 15000 });
+  await page.waitForURL(/localhost:4200.*/, { timeout: 30000 });
 
   // Wait for dashboard to load (indicating successful authentication)
-  await page.waitForSelector('h1:has-text("Dashboard"), h2:has-text("Dashboard"), .matero-page-title', { timeout: 10000 });
+  await page.waitForSelector(
+    'h1:has-text("Dashboard"), h2:has-text("Dashboard"), .matero-page-title',
+    { timeout: 10000 }
+  );
 }
 
 /**
@@ -110,7 +159,7 @@ export async function getApiToken(
   username: string,
   password: string
 ): Promise<string> {
-  const tokenEndpoint = 'https://sts.skoruba.local/connect/token';
+  const tokenEndpoint = `${APP_URLS.identityServer}/connect/token`;
 
   const response = await request.post(tokenEndpoint, {
     form: {
@@ -172,10 +221,18 @@ export async function logout(page: Page): Promise<void> {
   const logoutOption = page.locator('button:has-text("Logout"), a:has-text("Logout"), [role="menuitem"]:has-text("Logout")').first();
   await logoutOption.click();
 
-  // Wait for redirect to IdentityServer logout screen
-  await page.waitForURL(/sts\.skoruba\.local.*/, { timeout: 10000 });
+  // Wait for redirect to logout page. Depending on environment this may go to
+  // the configured identity server host or local /Account/Logout.
+  const idHost = new URL(APP_URLS.identityServer).host.replace(/\./g, '\\.');
+  const logoutRegex = new RegExp(`(${idHost}.*|localhost\/Account\/Logout.*)`);
+  try {
+    await page.waitForURL(logoutRegex, { timeout: 15000 });
+  } catch (err) {
+    const currentUrl = page.url();
+    console.warn(`logout(): expected external logout page but still at ${currentUrl}`);
+  }
 
-  // Wait a moment for STS logout screen to load
+  // Wait a moment for logout screen to render
   await page.waitForTimeout(1000);
 
   // Look for the "click here" link to return to Angular

fixtures/auth.fixtures.ts

@@ -1,5 +1,6 @@
 import { test, expect } from '@playwright/test';
-import { getApiToken, getTokenForRole, loginAsRole, getTokenFromProfile, logout } from '../../fixtures/auth.fixtures';
+import { getApiToken, getTokenForRole, loginAsRole, getTokenFromProfile, logout, clearAuthTokens } from '../../fixtures/auth.fixtures';
+import { APP_URLS } from '../../config/test-config';
 
 /**
  * Authentication API Tests
@@ -19,8 +20,8 @@ import { getApiToken, getTokenForRole, loginAsRole, getTokenFromProfile, logout
 let authFailed = false;
 
 test.describe('Authentication API', () => {
-  const identityServerUrl = 'https://sts.skoruba.local';
-  const baseURL = 'https://localhost:44378/api/v1';
+  const identityServerUrl = APP_URLS.identityServer;
+  const baseURL = APP_URLS.api;
 
   test.beforeEach(async ({ page }) => {
     // Try to detect if IdentityServer is available
@@ -118,19 +119,33 @@ test.describe('Authentication API', () => {
   test('should reject request with invalid credentials', async ({ page }) => {
     if (authFailed) test.skip();
 
-    // Try to login with invalid credentials
+    // ensure clean state
+    await page.goto('/');
+    await clearAuthTokens(page);
+    await logout(page).catch(() => {});
     await page.goto('/');
-    await page.waitForLoadState('networkidle');
 
-    const userIcon = page.locator('button mat-icon:has-text("account_circle")').last();
+    // open user menu safely
+    const userIcon = page.locator(
+      'button[aria-label="User menu"], button mat-icon:has-text("account_circle"), header button:has(mat-icon)'
+    ).last();
+    await userIcon.waitFor({ state: 'visible', timeout: 10000 });
     await userIcon.click();
     await page.waitForTimeout(500);
 
-    const loginOption = page.locator('[role="menuitem"]:has-text("Login")').first();
+    const loginOption = page.locator(
+      'button:has-text("Login"), a:has-text("Login"), [role="menuitem"]:has-text("Login")'
+    ).first();
+    const optCount = await loginOption.count();
+    expect(optCount).toBeGreaterThan(0);
+    await loginOption.waitFor({ state: 'visible', timeout: 5000 });
     await loginOption.click();
 
-    // Should redirect to IdentityServer
-    await page.waitForURL(/sts\.skoruba\.local.*/, { timeout: 10000 });
+    // Wait for some indication that we're on the login page (STS or form)
+    await Promise.race([
+      page.waitForURL(/sts\.skoruba\.local.*/, { timeout: 15000 }),
+      page.waitForSelector('input[name="Username"]', { timeout: 15000 })
+    ]);
 
     // Dismiss cookie consent if it appears
     const cookieButton = page.locator('button:has-text("Got it")');
@@ -139,23 +154,27 @@ test.describe('Authentication API', () => {
       await cookieButton.click();
     }
 
-    // Enter invalid credentials
+    // Enter invalid credentials and submit
     await page.locator('input[name="Username"]').fill('invaliduser');
     await page.locator('input[name="Password"]').fill('wrongpassword');
-
-    // Click Login button (not submit, as it's a regular button)
     await page.locator('button:has-text("Login")').click();
 
-    // Wait for response
+    // Wait shortly for potential navigation
     await page.waitForTimeout(3000);
 
-    // Should still be on login page (not redirected back to app)
-    // This proves authentication failed
+    // Should still be on some form page (not navigated back to Angular)
     const currentUrl = page.url();
-    expect(currentUrl).toContain('sts.skoruba.local');
-
-    // Should NOT be on the dashboard (successful login redirects to dashboard)
+    // Allow either the STS host or the local account login page
+    const idHost = new URL(APP_URLS.identityServer).host;
+    const validPrefixes = [idHost, '/Account/Login'];
+    expect(validPrefixes.some(prefix => currentUrl.includes(prefix))).toBe(true);
     expect(currentUrl).not.toContain('dashboard');
+
+    // Optionally verify error message appears
+    const errorBanner = page.locator('text=/invalid|error|failed/i').first();
+    if (await errorBanner.count() > 0) {
+      await expect(errorBanner).toBeVisible();
+    }
   });
 
   test('should include proper claims in token', async ({ page }) => {
@@ -361,7 +380,7 @@ test.describe('Authentication API', () => {
 
     // Check for issuer claim (should be IdentityServer URL)
     expect(payload.iss).toBeDefined();
-    expect(payload.iss).toContain('sts.skoruba.local');
+    expect(payload.iss).toContain(new URL(APP_URLS.identityServer).host);
   });
 });
 

tests/api/auth-api.spec.ts

@@ -1,5 +1,5 @@
 import { test, expect } from '@playwright/test';
-import { loginAs, loginAsRole, isAuthenticated, getStoredToken } from '../../fixtures/auth.fixtures';
+import { loginAs, loginAsRole, isAuthenticated, getStoredToken, clearAuthTokens, logout } from '../../fixtures/auth.fixtures';
 
 /**
  * Authentication Tests - Login Flow
@@ -13,7 +13,12 @@ import { loginAs, loginAsRole, isAuthenticated, getStoredToken } from '../../fix
 
 test.describe('Login Flow', () => {
   test.beforeEach(async ({ page }) => {
-    // Start from the Angular app
+    // ensure we start in a clean, anonymous state
+    await page.goto('/');
+    // clear any tokens that might persist between tests
+    await clearAuthTokens(page);
+    // if somehow still authenticated, log out (ignore errors)
+    await logout(page).catch(() => {});
     await page.goto('/');
   });
 
@@ -22,18 +27,30 @@ test.describe('Login Flow', () => {
     await page.goto('/');
     await page.waitForLoadState('networkidle');
 
-    // Click user menu and then Login
-    const userIcon = page.locator('button[aria-label="User menu"], button mat-icon:has-text("account_circle"), header button:has(mat-icon)').last();
+    // open user menu (reuse same selector logic as helper)
+    const userIcon = page.locator(
+      'button[aria-label="User menu"], button mat-icon:has-text("account_circle"), header button:has(mat-icon)'
+    ).last();
+    await userIcon.waitFor({ state: 'visible', timeout: 10000 });
     await userIcon.click();
     await page.waitForTimeout(500);
 
-    const loginOption = page.locator('button:has-text("Login"), a:has-text("Login"), [role="menuitem"]:has-text("Login")').first();
+    // ensure login option is present before clicking
+    const loginOption = page.locator(
+      'button:has-text("Login"), a:has-text("Login"), [role="menuitem"]:has-text("Login")'
+    ).first();
+    const count = await loginOption.count();
+    expect(count).toBeGreaterThan(0);
+    await loginOption.waitFor({ state: 'visible', timeout: 5000 });
     await loginOption.click();
 
-    // Should redirect to IdentityServer
-    await page.waitForURL(/sts\.skoruba\.local.*/, { timeout: 10000 });
+    // Should redirect to IdentityServer or show login form
+    await Promise.race([
+      page.waitForURL(/sts\.skoruba\.local.*/, { timeout: 15000 }),
+      page.waitForSelector('input[name="Username"]', { timeout: 15000 })
+    ]);
 
-    // Verify IdentityServer login page elements
+    // Verify IdentityServer login page elements (or equivalent form)
     await expect(page.locator('input[name="Username"]')).toBeVisible();
     await expect(page.locator('input[name="Password"]')).toBeVisible();
     await expect(page.locator('button:has-text("Login")')).toBeVisible();
@@ -126,33 +143,45 @@ test.describe('Login Flow', () => {
   });
 
   test('should show error message with invalid credentials', async ({ page }) => {
+    // ensure a clean guest session
+    await page.goto('/');
+    await clearAuthTokens(page);
+    await logout(page).catch(() => {});
     await page.goto('/');
-    await page.waitForLoadState('networkidle');
 
-    // Click user menu and then Login
+    // Click user menu and then Login (robust selectors)
     const userIcon = page.locator('button[aria-label="User menu"], button mat-icon:has-text("account_circle"), header button:has(mat-icon)').last();
+    await userIcon.waitFor({ state: 'visible', timeout: 10000 });
     await userIcon.click();
     await page.waitForTimeout(500);
 
     const loginOption = page.locator('button:has-text("Login"), a:has-text("Login"), [role="menuitem"]:has-text("Login")').first();
+    const count = await loginOption.count();
+    expect(count).toBeGreaterThan(0);
     await loginOption.click();
 
-    // Wait for IdentityServer login page
-    await page.waitForURL(/sts\.skoruba\.local.*/);
+    // Wait for login form to appear (either STS host or local login page)
+    await Promise.race([
+      page.waitForURL(/sts\.skoruba\.local.*/, { timeout: 15000 }),
+      page.waitForURL(/localhost\/Account\/Login.*/, { timeout: 15000 }),
+      page.waitForSelector('input[name="Username"]', { timeout: 15000 })
+    ]);
 
     // Try to login with invalid credentials
     await page.fill('input[name="Username"]', 'invalid_user');
     await page.fill('input[name="Password"]', 'wrong_password');
     await page.click('button:has-text("Login")');
 
-    // Wait a moment for error to appear
+    // Wait a moment for error or navigation
     await page.waitForTimeout(2000);
 
-    // Should still be on IdentityServer page (didn't redirect back)
-    expect(page.url()).toContain('sts.skoruba.local');
+    // Should still be on a login page (not redirected back to app)
+    const currentUrl = page.url();
+    expect(currentUrl).toMatch(/sts\.skoruba\.local|\/Account\/Login/);
+    expect(currentUrl).not.toContain('dashboard');
 
-    // Error message might be displayed (implementation varies)
+    // Error message should be visible when credentials are invalid
     const errorMessage = page.locator('text=/invalid.*username.*password|Invalid credentials/i');
-    await errorMessage.isVisible({ timeout: 3000 }).catch(() => false);
+    await expect(errorMessage.first()).toBeVisible({ timeout: 5000 });
   });
 });

tests/auth/login.spec.ts

@@ -1,4 +1,5 @@
 import { test, expect } from '@playwright/test';
+import { APP_URLS } from '../config/test-config';
 
 test('Diagnostic: Check Angular app behavior', async ({ page }) => {
   console.log('\n=== DIAGNOSTIC TEST ===');
@@ -11,7 +12,8 @@ test('Diagnostic: Check Angular app behavior', async ({ page }) => {
   console.log('Current URL:', currentUrl);
 
   // Check if we're on IdentityServer or Angular
-  if (currentUrl.includes('sts.skoruba.local')) {
+  const idHost = new URL(APP_URLS.identityServer).host;
+  if (currentUrl.includes(idHost)) {
     console.log('✅ Redirected to IdentityServer (AUTH ENABLED)');
   } else if (currentUrl.includes('localhost:4200')) {
     console.log('❌ Stayed on Angular app (AUTH DISABLED)');