73597cb8b4
Source changes (0 errors, 175 warnings after): - api_post__crud_obj_v3: add backward-compat migration aliases (for_obj_type/id, obj_type/id) to nested CRUD funcs - ae_events__event_device/presenter/session: make event_id/presentation_id optional; fall back to store value - element_ae_obj_field_editor_v3: import type Snippet properly; mark current_value as $bindable() - ae_comp__badge_obj_view: fix $derived(() => false) → $derived(false) for show_receipt/show_tickets - badge templates: pass explicit event_id param to delete/update calls - launcher/+page: capture URL params as stable consts; pass event_id to update_ae_obj__event_device - ae_comp__event_device_obj_li: wrap setInterval in $effect; onDestroy cleanup always registered - ae_comp__event_device_obj_li_wrapper: move console.log to $effect; fix self-closing tag - presenter form/menu/view/list: add missing event_presentation_id to all update/delete calls - reports/locations/presenter/+page: move store assignments into $effect + untrack; ae_acct → $derived - session/+page: add Comp_event_presenter_form_agree import; cast for type compat - session_view: wrap <img onclick> in <button> for accessibility/validity - ae_comp__event_presentation_obj_li: remove unneeded event_id/session_id from create_ae_obj__event_presenter - ae_comp__event_session_obj_li: make lq prop optional; add plain-array fallback prop - location/+page: refactor to $derived ae_acct, $effect+untrack for stores, simplified session/file sections - location_page_menu: add optional data prop; export interface Tests: - Rename ae_events__event_badge.spec.ts → ae_events__event_badge.test.ts (extended coverage) - All test files: 'warn' → 'warning' (Playwright API), addInitScript array-destructure pattern, import type fixes - ae_defaults: remove duplicate hide_app_cfg key; meaningful sponsorship cfg_id placeholder - create_event_badge.spec: fix import path to use $lib alias - event_presenter.test: fix test URL to use /presenter/:id route NOTE: location/+page.svelte — Element_manage_event_file_li_wrap no longer receives allow_basic/allow_moderator (now default false); file list shows but management actions may be restricted. Follow-up needed to restore auth__kv-based access.
75 lines
2.8 KiB
TypeScript
75 lines
2.8 KiB
TypeScript
import { test, expect } from '@playwright/test';
|
|
import { ae_app_local_data_defaults } from './_helpers/ae_defaults';
|
|
|
|
test.describe('V3 API Header Integrity (modernized)', () => {
|
|
test.setTimeout(10000);
|
|
|
|
test.beforeEach(async ({ page }) => {
|
|
page.on('pageerror', (err) => console.error(`BROWSER ERROR: ${err.message}`));
|
|
page.on('console', (msg) => {
|
|
if (msg.type() === 'error' || msg.type() === 'warning') {
|
|
console.error(`BROWSER [${msg.type().toUpperCase()}]: ${msg.text()}`);
|
|
}
|
|
});
|
|
|
|
// Mock local /v3/ endpoints used by the app to make the test deterministic.
|
|
await page.route('**/v3/**', async (route) => {
|
|
const req = route.request();
|
|
const url = req.url();
|
|
|
|
if (url.includes('site_domain/search')) {
|
|
return route.fulfill({
|
|
status: 200,
|
|
contentType: 'application/json',
|
|
body: JSON.stringify({ data: [{ id: 'test-site', account_id: 'test-account-id', site_id: 'test-site-id', cfg_json: {} }] })
|
|
});
|
|
}
|
|
|
|
if (url.includes('/v3/lookup/country/list')) {
|
|
return route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ data: [] }) });
|
|
}
|
|
|
|
if (url.includes('/v3/crud/user/search')) {
|
|
return route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ data: [] }) });
|
|
}
|
|
|
|
return route.fulfill({ status: 200, contentType: 'application/json', body: JSON.stringify({ data: [] }) });
|
|
});
|
|
});
|
|
|
|
test('Verify lookup requests include the unauthenticated bypass header', async ({ page }) => {
|
|
await page.addInitScript((defaults) => {
|
|
const testData = { ...defaults, account_id: 'test-account-id', manager_access: true };
|
|
window.localStorage.setItem('ae_loc', JSON.stringify(testData));
|
|
}, ae_app_local_data_defaults);
|
|
|
|
const requestPromise = page.waitForRequest((request) => request.url().includes('/v3/lookup/country/list'));
|
|
|
|
await page.goto('/core/lookups');
|
|
|
|
const request = await requestPromise;
|
|
const headers = request.headers();
|
|
|
|
expect(headers['x-no-account-id']).toBe('Nothing to See Here');
|
|
expect(headers['x-aether-api-key']).toBeDefined();
|
|
});
|
|
|
|
test('Verify Account ID Scavenging from localStorage on CRUD requests', async ({ page }) => {
|
|
const test_account_id = '_XY7DXtc9MY'; // Per README test data
|
|
|
|
await page.addInitScript(({ defaults, id }) => {
|
|
const testData = { ...defaults, account_id: id, manager_access: true };
|
|
window.localStorage.setItem('ae_loc', JSON.stringify(testData));
|
|
}, { defaults: ae_app_local_data_defaults, id: test_account_id });
|
|
|
|
const requestPromise = page.waitForRequest((request) => request.url().includes('/v3/crud/user/search'));
|
|
|
|
await page.goto('/core/users');
|
|
|
|
const request = await requestPromise;
|
|
const headers = request.headers();
|
|
|
|
expect(headers['x-account-id']).toBe(test_account_id);
|
|
});
|
|
});
|