test: integration and e2e coverage for auth, assets, send-payment, and onboarding#834
Merged
Mystery-CLI merged 1 commit intoJun 28, 2026
Conversation
…, and onboarding Closes Ethereal-Future#707, Ethereal-Future#708, Ethereal-Future#709, Ethereal-Future#710 - Add integration tests for /auth routes (register, login, refresh, logout) - Add integration tests for /assets routes (listing, trustlines, portfolio) - Add Playwright e2e spec for full send-payment flow with network interception - Add Playwright e2e spec for account creation and onboarding flow Fix pre-existing bugs uncovered during test authoring: - auth.js: missing `await` on `createUser` in /register handler caused 409 conflicts to silently succeed with an empty user object - auth.js: unclosed try block and duplicate `const token` declaration caused a parse error that made the module unloadable in tests - assets.js: specific routes (/trustlines, /portfolio) were declared after the wildcard /:code/:issuer route, making them unreachable; reordered so specific paths match first - Add bcryptjs to backend dependencies (used by auth.js MFA routes but missing from package.json)
|
@Realericky Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Integration tests —
/authroutes (#707)POST /auth/register: valid creation (201), duplicate username (409), missing fields (422), short password (422)POST /auth/login: correct credentials (200 + HttpOnly refresh cookie), wrong password (401), non-existent user (401), locked account (423 + Retry-After header)POST /auth/refresh: valid cookie (200 + new access token), missing cookie (401), revoked session (401)POST /auth/logout: clears cookie (200), requires auth (401), subsequent refresh fails after logout (401)All database and session calls are mocked; JWT signing uses a test-specific secret.
Integration tests —
/assetsroutes (#708)GET /assets: returns asset list, handles empty list, propagates registry errors (500)GET /assets/:code/:issuer: found (200), not found (404), invalid code (422), invalid issuer (422)POST /assets/trustline: success (200), invalid secret (422), unsupported asset (422), bad issuer (422), Horizon failure (400)GET /assets/trustlines/:publicKey: returns trustlines (200), invalid key (422), Horizon unreachable (500)GET /assets/portfolio/:publicKey: returns portfolio (200), zero balances (200), invalid key (422), service error (500)All Stellar SDK and service calls are mocked via
vi.hoisted.E2E — send-payment flow (#709)
e2e/tests/send-payment.spec.jscovers the full journey: login → send form → review screen (fee breakdown, recipient, amount) → confirm → success toast → transaction history entry → balance decrease. A separate test submits to an unfunded address and asserts the error state keeps the user on the confirmation screen. Horizon calls are intercepted for CI reliability; credentials are read fromE2E_TEST_EMAIL/E2E_TEST_PASSWORDenv vars.E2E — onboarding flow (#710)
e2e/tests/onboarding.spec.jscovers registration (unique email per run viatest+{timestamp}@example.com), duplicate-email error, weak-password validation, keypair setup (public key format assertion, optional seed phrase word count), and first dashboard view (public key display, XLM balance, zero console errors). Friendbot calls are intercepted.Bug fixes uncovered during test authoring
These pre-existing issues blocked the tests from running and were fixed as the minimum necessary to make the suite meaningful:
backend/src/routes/auth.jscreateUser(...)called withoutawait— every registration silently succeeded with an emptyuserobject, making 409 responses impossibleawaitbackend/src/routes/auth.jstryblock and duplicateconst tokendeclaration caused a JS parse errorbackend/src/routes/assets.js/trustlines/:publicKeyand/portfolio/:publicKeydeclared after/:code/:issuer, making them unreachable (Express matched the wildcard first)backend/package.jsonbcryptjsimported byauth.jsMFA routes but not declared as a dependencydependenciesTest plan
npx vitest run backend/tests/auth.routes.test.js— 16/16 passnpx vitest run backend/tests/assets.routes.test.js— 19/19 passnpx playwright test e2e/tests/send-payment.spec.js— requires running app + test credentialsnpx playwright test e2e/tests/onboarding.spec.js— requires running app + test credentialsCloses #707
Closes #708
Closes #709
Closes #710