import { expect, type Page, test } from "@playwright/test"; async function stubOidcAuthorization(page: Page) { let authorizationURL = ""; await page.route( "http://localhost:5000/oidc/.well-known/openid-configuration", async (route) => { await route.fulfill({ json: { issuer: "http://localhost:5000/oidc", authorization_endpoint: "http://localhost:5000/oidc/oauth2/auth", token_endpoint: "http://localhost:5000/oidc/oauth2/token", jwks_uri: "http://localhost:5000/oidc/.well-known/jwks.json", userinfo_endpoint: "http://localhost:5000/oidc/userinfo", }, headers: { "Access-Control-Allow-Origin": "*" }, }); }, ); await page.route( "http://localhost:5000/oidc/oauth2/auth**", async (route) => { authorizationURL = route.request().url(); await route.fulfill({ contentType: "text/html", body: "Authorization captured", }); }, ); return { authorizationURL: () => authorizationURL, }; } test("orgfront login waits for explicit auto parameter", async ({ page }) => { const oidc = await stubOidcAuthorization(page); await page.goto("/login"); await page.waitForTimeout(500); expect(oidc.authorizationURL()).toBe(""); }); test("orgfront login auto parameter starts OIDC authorization", async ({ page, baseURL, }) => { const oidc = await stubOidcAuthorization(page); await page.goto("/login?auto=1&returnTo=%2Fpicker"); await expect.poll(oidc.authorizationURL).toContain("/oauth2/auth"); const parsed = new URL(oidc.authorizationURL()); expect(parsed.searchParams.get("client_id")).toBe("orgfront"); const redirectUri = new URL(parsed.searchParams.get("redirect_uri") ?? ""); const appUrl = new URL(baseURL ?? page.url()); expect(["localhost", "127.0.0.1"]).toContain(redirectUri.hostname); expect(redirectUri.port).toBe(appUrl.port); expect(redirectUri.pathname).toBe("/auth/callback"); expect(parsed.searchParams.get("response_type")).toBe("code"); expect((parsed.searchParams.get("scope") ?? "").split(/\s+/)).toEqual( expect.arrayContaining(["openid", "offline_access", "profile", "email"]), ); }); test("orgfront login can opt out of default OIDC authorization", async ({ page, }) => { const oidc = await stubOidcAuthorization(page); await page.goto("/login?auto=0"); await page.waitForTimeout(500); expect(oidc.authorizationURL()).toBe(""); });