From d3a2b5e2ab0457419847618ee664b429f08b191d Mon Sep 17 00:00:00 2001 From: Sharang Parnerkar Date: Tue, 19 May 2026 17:05:21 +0200 Subject: [PATCH] fix(test): assert real shipped behaviour for signed-out /products The original /products gate test expected either a Products heading (signed-in) or a Sign-in button (signed-out). In practice the page renders NotAuthorized (403) for any session without the right org_role, so the second branch never matched and the test failed. The Sign-in surface is dashboard-only today. Once M10.1 wires a shared sign-in redirect for protected routes, widen this test. Refs: M5.3 --- tests/e2e/tenant.spec.ts | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/tests/e2e/tenant.spec.ts b/tests/e2e/tenant.spec.ts index 48a440c..7192cfb 100644 --- a/tests/e2e/tenant.spec.ts +++ b/tests/e2e/tenant.spec.ts @@ -12,18 +12,13 @@ test.describe("tenant subdomain @needs-stack", () => { await expect(page.getByRole("button", { name: /Sign in with Keycloak/i })).toBeVisible(); }); - test("acme /products requires sign-in", async ({ page }) => { + test("acme /products is gated when signed out", async ({ page }) => { await page.goto("/products"); - // Either the user is sent to dashboard's sign-in form, or the page renders - // the canSee=false branch (NotAuthorized) depending on session state. - // Both are legitimate; the assertion is that we do NOT see the empty - // product tile body without a session. - const isSignedIn = await page.getByRole("heading", { name: /Products/i }).isVisible(); - if (!isSignedIn) { - await expect( - page.getByRole("button", { name: /Sign in with Keycloak/i }), - ).toBeVisible(); - } + // Signed-out session means canSee(null, "products") is false, so the + // page renders the 'NotAuthorized' component. The dashboard route is + // the only place that surfaces the Sign-in button today — we'll add + // a redirect-to-sign-in in M10.1 once the surface set firms up. + await expect(page.getByRole("heading", { name: /403/i })).toBeVisible(); }); test("unknown tenant slug 404s", async ({ page }) => {