Add tests for status code handling

backend/LexBoxApi/Controllers/AuthTestingController.cs

@@ -1,5 +1,6 @@
 using LexBoxApi.Auth;
 using LexCore.Auth;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 
 namespace LexBoxApi.Controllers;
@@ -27,4 +28,11 @@ public OkResult RequiresForgotPasswordAudience()
     {
         return Ok();
     }
+
+    [HttpGet("403")]
+    [AllowAnonymous]
+    public ForbidResult Forbidden()
+    {
+        return Forbid();
+    }
 }

backend/Testing/Browser/Base/PageTest.cs

@@ -66,6 +66,13 @@ await Context.Tracing.StartAsync(new()
             {
                 DeferredExceptions.Add(new UnexpectedResponseException(response));
             }
+            else if (response.Request.IsNavigationRequest && response.Status >= (int)HttpStatusCode.BadRequest)
+            {
+                // 400s are client errors that our tests shouldn't trigger under normal circumstances.
+                // And if they're navigation requests SvelteKit/our UI might never see them (e.g. /api/*)
+                // i.e. they won't be handled well i.e. we don't like them.
+                DeferredExceptions.Add(new UnexpectedResponseException(response));
+            }
         };
     }
 
@@ -102,18 +109,22 @@ public async Task LoginAs(string user, string password)
             .ShouldContainKey("Set-Cookie");
         var cookies = responseMessage.Headers.GetValues("Set-Cookie").ToArray();
         cookies.ShouldNotBeEmpty();
+        await SetCookies(cookies);
+    }
+
+    protected async Task SetCookies(string[] cookies)
+    {
         var cookieContainer = new CookieContainer();
         foreach (var cookie in cookies)
         {
             cookieContainer.SetCookies(new($"{TestingEnvironmentVariables.ServerBaseUrl}"), cookie);
         }
-
         await Context.AddCookiesAsync(cookieContainer.GetAllCookies()
             .Select(cookie => new Microsoft.Playwright.Cookie
             {
                 Value = cookie.Value,
                 Domain = cookie.Domain,
-                Expires = (float)cookie.Expires.Subtract(DateTime.UnixEpoch).TotalSeconds,
+                Expires = cookie.Expires == new DateTime() ? null : (float)cookie.Expires.Subtract(DateTime.UnixEpoch).TotalSeconds,
                 Name = cookie.Name,
                 Path = cookie.Path,
                 Secure = cookie.Secure,

backend/Testing/Browser/Page/AdminDashboardPage.cs

@@ -11,8 +11,13 @@ public AdminDashboardPage(IPage page)
 
     public async Task<ProjectPage> OpenProject(string projectName, string projectCode)
     {
-        var projectTable = Page.Locator("table").Nth(0);
-        await projectTable.GetByRole(AriaRole.Link, new() { Name = projectName, Exact = true}).ClickAsync();
+        await ClickProject(projectName);
         return await new ProjectPage(Page, projectName, projectCode).WaitFor();
     }
+
+    public async Task ClickProject(string projectName)
+    {
+        var projectTable = Page.Locator("table").Nth(0);
+        await projectTable.GetByRole(AriaRole.Link, new() { Name = projectName, Exact = true }).ClickAsync();
+    }
 }

backend/Testing/Browser/Page/AuthenticatedBasePage.cs

@@ -12,9 +12,8 @@ public AuthenticatedBasePage(IPage page, string url, ILocator testLocator)
         EmailVerificationAlert = new EmailVerificationAlert(Page);
     }
 
-    public async Task<UserDashboardPage> GoHome()
+    public async Task GoHome()
     {
         await Page.Locator(".breadcrumbs").GetByRole(AriaRole.Link, new() { Name = "Home" }).ClickAsync();
-        return await new UserDashboardPage(Page).WaitFor();
     }
 }

backend/Testing/Browser/Page/BasePage.cs

@@ -4,6 +4,8 @@
 
 namespace Testing.Browser.Page;
 
+public record GotoOptions(bool? ExpectRedirect = false);
+
 public abstract class BasePage<T> where T : BasePage<T>
 {
     public IPage Page { get; private set; }
@@ -22,7 +24,7 @@ public BasePage(IPage page, string? url, ILocator[] testLocators)
         TestLocators = testLocators;
     }
 
-    public virtual async Task<T> Goto()
+    public virtual async Task<T> Goto(GotoOptions? options = null)
     {
         if (Url is null)
         {
@@ -31,7 +33,14 @@ public virtual async Task<T> Goto()
 
         var response = await Page.GotoAsync(Url);
         response?.Ok.ShouldBeTrue(); // is null if same URL, but different hash
-        return await WaitFor();
+
+
+        if (options?.ExpectRedirect != true)
+        {
+            await WaitFor();
+        }
+
+        return (T)this;
     }
 
     public async Task<T> WaitFor()

backend/Testing/Browser/Page/External/MailDevPages.cs

@@ -14,9 +14,9 @@ protected override MailEmailPage GetEmailPage()
         return new MailDevEmailPage(Page);
     }
 
-    public override async Task<MailInboxPage> Goto()
+    public override async Task<MailInboxPage> Goto(GotoOptions? options = null)
     {
-        await base.Goto();
+        await base.Goto(options);
         await Page.Locator("input.search-input").FillAsync(MailboxId);
         return this;
     }

backend/Testing/Browser/Page/External/MailPages.cs

@@ -41,6 +41,8 @@ public abstract class MailEmailPage : BasePage<MailEmailPage>
 {
     protected readonly ILocator bodyLocator;
 
+    public ILocator ResetPasswordButton => bodyLocator.GetByRole(AriaRole.Link, new() { Name = "Reset password" });
+
     public MailEmailPage(IPage page, string? url, ILocator bodyLocator) : base(page, url, bodyLocator)
     {
         this.bodyLocator = bodyLocator;
@@ -53,6 +55,6 @@ public Task ClickVerifyEmail()
 
     public Task ClickResetPassword()
     {
-        return bodyLocator.GetByRole(AriaRole.Link, new() { Name = "Reset password" }).ClickAsync();
+        return ResetPasswordButton.ClickAsync();
     }
 }

backend/Testing/Browser/Page/External/MailinatorPages.cs

@@ -15,10 +15,10 @@ protected override MailEmailPage GetEmailPage()
         return new MailinatorEmailPage(Page);
     }
 
-    public override async Task<MailInboxPage> Goto()
+    public override async Task<MailInboxPage> Goto(GotoOptions? options = null)
     {
         Url = $"https://www.mailinator.com/v4/public/inboxes.jsp?to={MailboxId}";
-        return await base.Goto();
+        return await base.Goto(options);
     }
 }
 

backend/Testing/Browser/Page/SandboxPage.cs

@@ -4,7 +4,7 @@ namespace Testing.Browser.Page;
 
 public class SandboxPage : BasePage<SandboxPage>
 {
-    public SandboxPage(IPage page) : base(page, "/sandbox", page.Locator(":text('Sandbox')"))
+    public SandboxPage(IPage page) : base(page, "/sandbox", page.GetByRole(AriaRole.Heading, new() { Name = "Sandbox" }))
     {
     }
 }

backend/Testing/Browser/Page/TempUserDashboardPage.cs

@@ -1,5 +1,6 @@
 using Microsoft.Playwright;
 using Testing.Browser.Util;
+using Testing.Services;
 
 namespace Testing.Browser.Page;
 
@@ -14,6 +15,8 @@ public TempUserDashboardPage(IPage page, TempUser user) : base(page)
 
     public async ValueTask DisposeAsync()
     {
-        await Page.DeleteUser(User.Id);
+        var context = await Page.Context.Browser.NewContextAsync();
+        await context.APIRequest.LoginAs("admin", TestingEnvironmentVariables.DefaultPassword);
+        await context.APIRequest.DeleteUser(User.Id);
     }
 }