test(e2e): add @not-implemented scenarios for missing CSS injection surfaces

aspiers · aspiers · commit e0ebae2105b2 · 2026-04-13T13:11:28.000Z
PR #9 injects trusted-client CSS into the auth-service login page and the pds-core /oauth/authorize consent page, but four other auth-service HTML pages are not yet covered: - Auth-service consent page (HYPER-296) - Choose-handle page (HYPER-297) - Recovery page (HYPER-298) - Account settings page (HYPER-299) Add @not-implemented scenarios in features/client-branding.feature for each. These document the expected behaviour and will be activated when the corresponding injection code is written.
diff --git a/features/client-branding.feature b/features/client-branding.feature
@@ -39,6 +39,31 @@ Feature: Client branding — CSS injection and custom email templates
     Then the consent page HTML contains the trusted client's custom CSS
     And the Content-Security-Policy style-src directive includes the CSS SHA-256 hash
 
+  # --- CSS injection on other auth-service pages ---
+  # These pages are rendered by the auth-service (not the stock oauth-provider)
+  # and should also receive trusted-client CSS injection. The injection code
+  # for these pages has not been written yet — tracked in Linear.
+
+  @not-implemented
+  Scenario: Trusted client's CSS is applied to the auth-service consent page
+    Given an existing user reaches the auth-service consent screen via the trusted demo client
+    Then the consent page includes the trusted client's custom CSS
+
+  @not-implemented
+  Scenario: Trusted client's CSS is applied to the choose-handle page
+    Given a new user reaches the handle selection page via the trusted demo client
+    Then the choose-handle page includes the trusted client's custom CSS
+
+  @not-implemented
+  Scenario: Trusted client's CSS is applied to the recovery page
+    Given a user navigates to the account recovery page via the trusted demo client
+    Then the recovery page includes the trusted client's custom CSS
+
+  @not-implemented
+  Scenario: Trusted client's CSS is applied to the account settings page
+    Given a user is logged into the account settings page
+    Then the account settings page includes the trusted client's custom CSS
+
   # --- Custom email templates ---
 
   @email @not-implemented
