Skip to content

Commit c9f2bbc

Browse files
author
aligneddev
committed
CodeQL security flags were in test code
1 parent 6fc31c2 commit c9f2bbc

4 files changed

Lines changed: 86 additions & 73 deletions

File tree

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,3 +63,4 @@ src/.vs/*
6363
.fake
6464
src/BikeTracking.Frontend/test-results/
6565
src/BikeTracking.Frontend/playwright-report/
66+
src/BikeTracking.Frontend/playwright-report/index.html

global.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"sdk": {
33
"rollForward": "latestFeature",
4-
"version": "10.0.200"
4+
"version": "10.0.500"
55
}
6-
}
6+
}

src/BikeTracking.Frontend/tests/e2e/login-smoke.spec.ts

Lines changed: 81 additions & 70 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
import { test, expect, type Page } from '@playwright/test'
1+
import { test, expect, type Page } from "@playwright/test";
22

33
/**
44
* T014 - E2E Smoke Test: User Login
@@ -15,80 +15,91 @@ import { test, expect, type Page } from '@playwright/test'
1515
* Spec refs: US1 AC1–AC4, US2 AC1–AC2, US3 AC1–AC2
1616
*/
1717

18-
const TEST_PIN = '87654321'
18+
const TEST_PIN = "87654321";
1919

2020
function uniqueUser(prefix: string): string {
21-
return `${prefix}-${Date.now()}-${Math.floor(Math.random() * 100000)}`
21+
const suffix = crypto.getRandomValues(new Uint32Array(1))[0];
22+
return `${prefix}-${Date.now()}-${suffix}`;
2223
}
2324

24-
async function createUserViaSignup(page: Page, userName: string, pin: string): Promise<void> {
25-
await page.goto('/signup')
26-
await page.getByLabel('Name').fill(userName)
27-
await page.getByLabel('PIN').fill(pin)
28-
await page.getByRole('button', { name: 'Create account' }).click()
29-
await expect(page).toHaveURL('/login')
30-
await expect(page.getByLabel('Name')).toHaveValue(userName)
25+
async function createUserViaSignup(
26+
page: Page,
27+
userName: string,
28+
pin: string,
29+
): Promise<void> {
30+
await page.goto("/signup");
31+
await page.getByLabel("Name").fill(userName);
32+
await page.getByLabel("PIN").fill(pin);
33+
await page.getByRole("button", { name: "Create account" }).click();
34+
await expect(page).toHaveURL("/login");
35+
await expect(page.getByLabel("Name")).toHaveValue(userName);
3136
}
3237

33-
test.describe('003-user-login smoke tests', () => {
34-
test('root / redirects to /login', async ({ page }) => {
35-
await page.goto('/')
36-
await expect(page).toHaveURL('/login')
37-
})
38-
39-
test('unauthenticated /miles redirects to /login', async ({ page }) => {
40-
await page.goto('/miles')
41-
await expect(page).toHaveURL('/login')
42-
})
43-
44-
test('wrong PIN shows error and stays on /login', async ({ page }) => {
45-
const userName = uniqueUser('e2e-wrong-pin')
46-
await createUserViaSignup(page, userName, TEST_PIN)
47-
48-
await page.getByLabel('Name').fill(userName)
49-
await page.getByLabel('PIN').fill('00000000')
50-
await page.getByRole('button', { name: 'Log in' }).click()
51-
await expect(page.getByText('Name or PIN is incorrect.')).toBeVisible()
52-
await expect(page).toHaveURL('/login')
53-
})
54-
55-
test('successful login redirects to /miles and shows user name', async ({ page }) => {
56-
const userName = uniqueUser('e2e-login-ok')
57-
await createUserViaSignup(page, userName, TEST_PIN)
58-
59-
await page.getByLabel('Name').fill(userName)
60-
await page.getByLabel('PIN').fill(TEST_PIN)
61-
await page.getByRole('button', { name: 'Log in' }).click()
62-
await expect(page).toHaveURL('/miles')
63-
await expect(page.getByText(`Welcome, ${userName}`)).toBeVisible()
64-
})
65-
66-
test('logout from /miles returns to /login', async ({ page }) => {
67-
const userName = uniqueUser('e2e-logout')
68-
await createUserViaSignup(page, userName, TEST_PIN)
69-
70-
await page.getByLabel('Name').fill(userName)
71-
await page.getByLabel('PIN').fill(TEST_PIN)
72-
await page.getByRole('button', { name: 'Log in' }).click()
73-
await expect(page).toHaveURL('/miles')
38+
test.describe("003-user-login smoke tests", () => {
39+
test("root / redirects to /login", async ({ page }) => {
40+
await page.goto("/");
41+
await expect(page).toHaveURL("/login");
42+
});
43+
44+
test("unauthenticated /miles redirects to /login", async ({ page }) => {
45+
await page.goto("/miles");
46+
await expect(page).toHaveURL("/login");
47+
});
48+
49+
test("wrong PIN shows error and stays on /login", async ({ page }) => {
50+
const userName = uniqueUser("e2e-wrong-pin");
51+
await createUserViaSignup(page, userName, TEST_PIN);
52+
53+
await page.getByLabel("Name").fill(userName);
54+
await page.getByLabel("PIN").fill("00000000");
55+
await page.getByRole("button", { name: "Log in" }).click();
56+
await expect(page.getByText("Name or PIN is incorrect.")).toBeVisible();
57+
await expect(page).toHaveURL("/login");
58+
});
59+
60+
test("successful login redirects to /miles and shows user name", async ({
61+
page,
62+
}) => {
63+
const userName = uniqueUser("e2e-login-ok");
64+
await createUserViaSignup(page, userName, TEST_PIN);
65+
66+
await page.getByLabel("Name").fill(userName);
67+
await page.getByLabel("PIN").fill(TEST_PIN);
68+
await page.getByRole("button", { name: "Log in" }).click();
69+
await expect(page).toHaveURL("/miles");
70+
await expect(page.getByText(`Welcome, ${userName}`)).toBeVisible();
71+
});
72+
73+
test("logout from /miles returns to /login", async ({ page }) => {
74+
const userName = uniqueUser("e2e-logout");
75+
await createUserViaSignup(page, userName, TEST_PIN);
76+
77+
await page.getByLabel("Name").fill(userName);
78+
await page.getByLabel("PIN").fill(TEST_PIN);
79+
await page.getByRole("button", { name: "Log in" }).click();
80+
await expect(page).toHaveURL("/miles");
7481

7582
// Logout
76-
await page.getByRole('button', { name: 'Log out' }).click()
77-
await expect(page).toHaveURL('/login')
78-
})
79-
80-
test('signup page has link to /login', async ({ page }) => {
81-
await page.goto('/signup')
82-
await expect(page.getByRole('link', { name: /log in/i })).toBeVisible()
83-
})
84-
85-
test('login page has link to /signup', async ({ page }) => {
86-
await page.goto('/login')
87-
await expect(page.getByRole('link', { name: /create an account/i })).toBeVisible()
88-
})
89-
90-
test('successful signup navigates to /login and prefills name', async ({ page }) => {
91-
const newUser = uniqueUser('e2e-signup')
92-
await createUserViaSignup(page, newUser, TEST_PIN)
93-
})
94-
})
83+
await page.getByRole("button", { name: "Log out" }).click();
84+
await expect(page).toHaveURL("/login");
85+
});
86+
87+
test("signup page has link to /login", async ({ page }) => {
88+
await page.goto("/signup");
89+
await expect(page.getByRole("link", { name: /log in/i })).toBeVisible();
90+
});
91+
92+
test("login page has link to /signup", async ({ page }) => {
93+
await page.goto("/login");
94+
await expect(
95+
page.getByRole("link", { name: /create an account/i }),
96+
).toBeVisible();
97+
});
98+
99+
test("successful signup navigates to /login and prefills name", async ({
100+
page,
101+
}) => {
102+
const newUser = uniqueUser("e2e-signup");
103+
await createUserViaSignup(page, newUser, TEST_PIN);
104+
});
105+
});

src/BikeTracking.Frontend/tests/e2e/record-ride.spec.ts

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,8 @@ import { expect, test, type Page } from "@playwright/test";
33
const TEST_PIN = "87654321";
44

55
function uniqueUser(prefix: string): string {
6-
return `${prefix}-${Date.now()}-${Math.floor(Math.random() * 100000)}`;
6+
const suffix = crypto.getRandomValues(new Uint32Array(1))[0];
7+
return `${prefix}-${Date.now()}-${suffix}`;
78
}
89

910
function toDateTimeLocalValue(date: Date): string {

0 commit comments

Comments
 (0)