SurfSense/surfsense_web/tests/auth.setup.ts

import path from "node:path";
import { expect, test as setup } from "@playwright/test";
import { announcements } from "../lib/announcements/announcements-data";
import { acquireTestToken } from "./helpers/api/auth";

/**
 * One-time authentication setup. Acquires a bearer token for the seeded
 * e2e user (rate-limit-free /__e2e__/auth/token first, /auth/jwt/login
 * fallback) and persists it via localStorage so every test in the
 * chromium project starts already authenticated.
 *
 * Also pre-seeds the localStorage flags that gate the two new-user UI
 * overlays so they never intercept clicks in journeys:
 *   - `surfsense_announcements_state` — the blocking AnnouncementSpotlight
 *     dialog (e.g. "Introducing AI Automations") plus its toasts.
 *   - `surfsense-tour-<userId>` — the OnboardingTour spotlight for new users.
 */

const authFile = path.join(__dirname, "..", "playwright", ".auth", "user.json");

const STORAGE_KEY = "surfsense_bearer_token";
const ANNOUNCEMENTS_KEY = "surfsense_announcements_state";

/** Decode the user id (`sub`) from a JWT without verifying the signature. */
function decodeUserId(token: string): string | null {
	try {
		const payload = token.split(".")[1];
		if (!payload) return null;
		const json = Buffer.from(payload, "base64").toString("utf8");
		const obj = JSON.parse(json) as { sub?: string };
		return obj.sub ?? null;
	} catch {
		return null;
	}
}

setup("authenticate", async ({ page, request }) => {
	const access_token = await acquireTestToken(request);
	expect(access_token, "Failed to acquire e2e bearer token").toBeTruthy();

	const userId = decodeUserId(access_token);
	// Mark every known announcement read + toasted so spotlight/toast
	// announcements never overlay the dashboard during journeys. Sourced
	// from the real data file so future announcements are covered too.
	const announcementIds = announcements.map((a) => a.id);
	const announcementState = { readIds: announcementIds, toastedIds: announcementIds };

	await page.addInitScript(
		({ key, token, announcementsKey, state, uid }) => {
			localStorage.setItem(key, token);
			localStorage.setItem(announcementsKey, JSON.stringify(state));
			if (uid) {
				localStorage.setItem(`surfsense-tour-${uid}`, "true");
			}
		},
		{
			key: STORAGE_KEY,
			token: access_token,
			announcementsKey: ANNOUNCEMENTS_KEY,
			state: announcementState,
			uid: userId,
		}
	);

	// Use a public page so the init script can write localStorage without
	// racing the dashboard auth redirect.
	await page.goto("/login", { waitUntil: "domcontentloaded" });

	await page.context().storageState({ path: authFile });
});
test(web): add Playwright config and dashboard smoke test 2026-05-04 17:50:06 +05:30			`import path from "node:path";`
			`import { expect, test as setup } from "@playwright/test";`
test(e2e): dismiss new-user UI overlays in auth setup The active "AI Automations" announcement (2026-05-31 -> 2026-07-15) renders a blocking AnnouncementSpotlight dialog whose full-screen overlay intercepts all clicks for the freshly-registered e2e user, breaking every UI-driven journey (e.g. the file-upload upload button). Pre-seed the localStorage flags that gate the new-user overlays before saving storageState: - surfsense_announcements_state: mark all announcements read + toasted (sourced from announcements-data so future entries are covered). - surfsense-tour-<userId>: suppress the OnboardingTour spotlight. Restores the Journey suite (file-upload markdown + PDF round-trips now green). 2026-06-04 17:03:26 +02:00			`import { announcements } from "../lib/announcements/announcements-data";`
chore: implement test-only token mint endpoint and update E2E test authentication flow 2026-05-11 19:48:18 +05:30			`import { acquireTestToken } from "./helpers/api/auth";`
test(web): add Playwright config and dashboard smoke test 2026-05-04 17:50:06 +05:30
			`/**`
chore: implement test-only token mint endpoint and update E2E test authentication flow 2026-05-11 19:48:18 +05:30			`* One-time authentication setup. Acquires a bearer token for the seeded`
			`* e2e user (rate-limit-free /__e2e__/auth/token first, /auth/jwt/login`
			`* fallback) and persists it via localStorage so every test in the`
			`* chromium project starts already authenticated.`
test(e2e): dismiss new-user UI overlays in auth setup The active "AI Automations" announcement (2026-05-31 -> 2026-07-15) renders a blocking AnnouncementSpotlight dialog whose full-screen overlay intercepts all clicks for the freshly-registered e2e user, breaking every UI-driven journey (e.g. the file-upload upload button). Pre-seed the localStorage flags that gate the new-user overlays before saving storageState: - surfsense_announcements_state: mark all announcements read + toasted (sourced from announcements-data so future entries are covered). - surfsense-tour-<userId>: suppress the OnboardingTour spotlight. Restores the Journey suite (file-upload markdown + PDF round-trips now green). 2026-06-04 17:03:26 +02:00			`*`
			`* Also pre-seeds the localStorage flags that gate the two new-user UI`
			`* overlays so they never intercept clicks in journeys:`
			* - `surfsense_announcements_state` — the blocking AnnouncementSpotlight
			`* dialog (e.g. "Introducing AI Automations") plus its toasts.`
			* - `surfsense-tour-<userId>` — the OnboardingTour spotlight for new users.
test(web): add Playwright config and dashboard smoke test 2026-05-04 17:50:06 +05:30			`*/`

			`const authFile = path.join(__dirname, "..", "playwright", ".auth", "user.json");`

			`const STORAGE_KEY = "surfsense_bearer_token";`
test(e2e): dismiss new-user UI overlays in auth setup The active "AI Automations" announcement (2026-05-31 -> 2026-07-15) renders a blocking AnnouncementSpotlight dialog whose full-screen overlay intercepts all clicks for the freshly-registered e2e user, breaking every UI-driven journey (e.g. the file-upload upload button). Pre-seed the localStorage flags that gate the new-user overlays before saving storageState: - surfsense_announcements_state: mark all announcements read + toasted (sourced from announcements-data so future entries are covered). - surfsense-tour-<userId>: suppress the OnboardingTour spotlight. Restores the Journey suite (file-upload markdown + PDF round-trips now green). 2026-06-04 17:03:26 +02:00			`const ANNOUNCEMENTS_KEY = "surfsense_announcements_state";`

			/** Decode the user id (`sub`) from a JWT without verifying the signature. */
			`function decodeUserId(token: string): string \| null {`
			`try {`
			`const payload = token.split(".")[1];`
			`if (!payload) return null;`
			`const json = Buffer.from(payload, "base64").toString("utf8");`
			`const obj = JSON.parse(json) as { sub?: string };`
			`return obj.sub ?? null;`
			`} catch {`
			`return null;`
			`}`
			`}`
test(web): add Playwright config and dashboard smoke test 2026-05-04 17:50:06 +05:30
			`setup("authenticate", async ({ page, request }) => {`
chore: implement test-only token mint endpoint and update E2E test authentication flow 2026-05-11 19:48:18 +05:30			`const access_token = await acquireTestToken(request);`
			`expect(access_token, "Failed to acquire e2e bearer token").toBeTruthy();`
test(web): add Playwright config and dashboard smoke test 2026-05-04 17:50:06 +05:30
test(e2e): dismiss new-user UI overlays in auth setup The active "AI Automations" announcement (2026-05-31 -> 2026-07-15) renders a blocking AnnouncementSpotlight dialog whose full-screen overlay intercepts all clicks for the freshly-registered e2e user, breaking every UI-driven journey (e.g. the file-upload upload button). Pre-seed the localStorage flags that gate the new-user overlays before saving storageState: - surfsense_announcements_state: mark all announcements read + toasted (sourced from announcements-data so future entries are covered). - surfsense-tour-<userId>: suppress the OnboardingTour spotlight. Restores the Journey suite (file-upload markdown + PDF round-trips now green). 2026-06-04 17:03:26 +02:00			`const userId = decodeUserId(access_token);`
			`// Mark every known announcement read + toasted so spotlight/toast`
			`// announcements never overlay the dashboard during journeys. Sourced`
			`// from the real data file so future announcements are covered too.`
			`const announcementIds = announcements.map((a) => a.id);`
			`const announcementState = { readIds: announcementIds, toastedIds: announcementIds };`

test(web): add Playwright config and dashboard smoke test 2026-05-04 17:50:06 +05:30			`await page.addInitScript(`
test(e2e): dismiss new-user UI overlays in auth setup The active "AI Automations" announcement (2026-05-31 -> 2026-07-15) renders a blocking AnnouncementSpotlight dialog whose full-screen overlay intercepts all clicks for the freshly-registered e2e user, breaking every UI-driven journey (e.g. the file-upload upload button). Pre-seed the localStorage flags that gate the new-user overlays before saving storageState: - surfsense_announcements_state: mark all announcements read + toasted (sourced from announcements-data so future entries are covered). - surfsense-tour-<userId>: suppress the OnboardingTour spotlight. Restores the Journey suite (file-upload markdown + PDF round-trips now green). 2026-06-04 17:03:26 +02:00			`({ key, token, announcementsKey, state, uid }) => {`
test(web): add Playwright config and dashboard smoke test 2026-05-04 17:50:06 +05:30			`localStorage.setItem(key, token);`
test(e2e): dismiss new-user UI overlays in auth setup The active "AI Automations" announcement (2026-05-31 -> 2026-07-15) renders a blocking AnnouncementSpotlight dialog whose full-screen overlay intercepts all clicks for the freshly-registered e2e user, breaking every UI-driven journey (e.g. the file-upload upload button). Pre-seed the localStorage flags that gate the new-user overlays before saving storageState: - surfsense_announcements_state: mark all announcements read + toasted (sourced from announcements-data so future entries are covered). - surfsense-tour-<userId>: suppress the OnboardingTour spotlight. Restores the Journey suite (file-upload markdown + PDF round-trips now green). 2026-06-04 17:03:26 +02:00			`localStorage.setItem(announcementsKey, JSON.stringify(state));`
			`if (uid) {`
			localStorage.setItem(`surfsense-tour-${uid}`, "true");
			`}`
test(web): add Playwright config and dashboard smoke test 2026-05-04 17:50:06 +05:30			`},`
test(e2e): dismiss new-user UI overlays in auth setup The active "AI Automations" announcement (2026-05-31 -> 2026-07-15) renders a blocking AnnouncementSpotlight dialog whose full-screen overlay intercepts all clicks for the freshly-registered e2e user, breaking every UI-driven journey (e.g. the file-upload upload button). Pre-seed the localStorage flags that gate the new-user overlays before saving storageState: - surfsense_announcements_state: mark all announcements read + toasted (sourced from announcements-data so future entries are covered). - surfsense-tour-<userId>: suppress the OnboardingTour spotlight. Restores the Journey suite (file-upload markdown + PDF round-trips now green). 2026-06-04 17:03:26 +02:00			`{`
			`key: STORAGE_KEY,`
			`token: access_token,`
			`announcementsKey: ANNOUNCEMENTS_KEY,`
			`state: announcementState,`
			`uid: userId,`
			`}`
test(web): add Playwright config and dashboard smoke test 2026-05-04 17:50:06 +05:30			`);`

fix: update Playwright test email domain in E2E tests 2026-05-04 19:35:27 +05:30			`// Use a public page so the init script can write localStorage without`
			`// racing the dashboard auth redirect.`
			`await page.goto("/login", { waitUntil: "domcontentloaded" });`
test(web): add Playwright config and dashboard smoke test 2026-05-04 17:50:06 +05:30
			`await page.context().storageState({ path: authFile });`
			`});`