Merge branch 'main' into feature/gro-306-playwright-e2e-suite
This commit is contained in:
groombook-engineer[bot]
@@ -2,7 +2,6 @@ import { test, expect } from "./fixtures.js";
|
||||
|
||||
/**
|
||||
* E2E tests for customer portal impersonation flow.
|
||||
* Tests ImpersonationBanner display, actions, and session management.
|
||||
*/
|
||||
|
||||
const MOCK_SESSION = {
|
||||
@@ -19,6 +18,7 @@ const MOCK_SESSION = {
|
||||
|
||||
test.describe("ImpersonationBanner", () => {
|
||||
test.beforeEach(async ({ page }) => {
|
||||
// Only mock impersonation endpoints - portal/me is NOT called in impersonation flow
|
||||
await page.route("**/api/impersonation/sessions/session-1", (route) =>
|
||||
route.fulfill({ json: MOCK_SESSION })
|
||||
);
|
||||
@@ -31,6 +31,8 @@ test.describe("ImpersonationBanner", () => {
|
||||
await page.route("**/api/impersonation/sessions/session-1/audit-log", (route) =>
|
||||
route.fulfill({ json: { logs: [] } })
|
||||
);
|
||||
// NOTE: NOT mocking portal/me - this endpoint is only called in the CLIENT
|
||||
// dev user flow (devUser.type === "client"), NOT in the impersonation flow
|
||||
});
|
||||
|
||||
test("banner displays when session is active", async ({ page }) => {
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import { useState, useCallback, useEffect, useRef } from "react";
|
||||
import { useSearchParams } from "react-router-dom";
|
||||
import { useSearchParams, Navigate } from "react-router-dom";
|
||||
import {
|
||||
Home, Calendar, PawPrint, FileText, CreditCard, MessageSquare,
|
||||
Settings, LogOut, Shield,
|
||||
@@ -38,6 +38,10 @@ export function CustomerPortal() {
|
||||
const [session, setSession] = useState<ImpersonationSession | null>(null);
|
||||
const [sessionExtended, setSessionExtended] = useState(false);
|
||||
const [clientName, setClientName] = useState<string>("");
|
||||
const [initComplete, setInitComplete] = useState(false);
|
||||
// Track whether an impersonation session fetch from URL param is in-flight
|
||||
// Dashboard will not redirect while this is true, allowing the session to load
|
||||
const [isImpersonating, setIsImpersonating] = useState(false);
|
||||
const { branding } = useBranding();
|
||||
const [searchParams, setSearchParams] = useSearchParams();
|
||||
|
||||
@@ -50,6 +54,7 @@ export function CustomerPortal() {
|
||||
const sessionId = searchParams.get("sessionId");
|
||||
|
||||
if (sessionId) {
|
||||
setIsImpersonating(true);
|
||||
// Real impersonation session from URL param
|
||||
fetch(`/api/impersonation/sessions/${sessionId}`)
|
||||
.then((r) => {
|
||||
@@ -68,7 +73,8 @@ export function CustomerPortal() {
|
||||
})
|
||||
.catch(() => {
|
||||
setSearchParams({}, { replace: true });
|
||||
});
|
||||
})
|
||||
.finally(() => { setInitComplete(true); setIsImpersonating(false); });
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -90,7 +96,10 @@ export function CustomerPortal() {
|
||||
setClientName(devUser.name);
|
||||
}
|
||||
})
|
||||
.catch(() => {});
|
||||
.finally(() => setInitComplete(true));
|
||||
} else {
|
||||
// No valid session: staff dev users and unauthenticated users fall through here
|
||||
setInitComplete(true);
|
||||
}
|
||||
}, []);
|
||||
|
||||
@@ -150,7 +159,7 @@ export function CustomerPortal() {
|
||||
const sessionId = session?.id ?? null;
|
||||
switch (activeSection) {
|
||||
case "dashboard":
|
||||
return <Dashboard onNavigate={handleNavClick} readOnly={!!isReadOnly} sessionId={sessionId} clientName={clientName} onReschedule={handleReschedule} />;
|
||||
return <Dashboard onNavigate={handleNavClick} readOnly={!!isReadOnly} sessionId={sessionId} clientName={clientName} onReschedule={handleReschedule} isImpersonating={isImpersonating} />;
|
||||
case "appointments":
|
||||
return <AppointmentsSection readOnly={!!isReadOnly} sessionId={sessionId} />;
|
||||
case "pets":
|
||||
@@ -168,6 +177,24 @@ export function CustomerPortal() {
|
||||
|
||||
const avatarInitials = (clientName.split(" ")[0] || "G").charAt(0).toUpperCase();
|
||||
|
||||
// After init completes, redirect unauthenticated users to /login and staff to /admin.
|
||||
// The portal chrome must NEVER be visible to users without a valid client session.
|
||||
// For client dev users, we stay on the portal even if session is null — the dev-session
|
||||
// response may not have id set immediately, or there may be timing issues with the
|
||||
// session state. Dev users are verified via localStorage and the dev-session flow.
|
||||
if (initComplete && !session) {
|
||||
const devUser = getDevUser();
|
||||
if (devUser && devUser.type === "staff") {
|
||||
return <Navigate to="/admin" replace />;
|
||||
}
|
||||
if (devUser && devUser.type === "client") {
|
||||
// Don't redirect — dev session creation may have failed or session.id may be null
|
||||
// The portal should still render for client dev users
|
||||
} else {
|
||||
return <Navigate to="/login" replace />;
|
||||
}
|
||||
}
|
||||
|
||||
return (
|
||||
<div
|
||||
className="min-h-screen bg-[#faf8f5] font-sans"
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
import { useState, useEffect } from "react";
|
||||
import { Navigate } from "react-router-dom";
|
||||
import { Calendar, Clock, PawPrint, CreditCard, Star, ChevronRight, AlertTriangle } from "lucide-react";
|
||||
import { getDevUser } from "../../pages/DevLoginSelector";
|
||||
|
||||
interface DashboardProps {
|
||||
sessionId: string | null;
|
||||
@@ -7,6 +9,8 @@ interface DashboardProps {
|
||||
onNavigate: (section: "appointments" | "pets" | "billing" | "reports") => void;
|
||||
readOnly: boolean;
|
||||
onReschedule: (appointmentId: string) => void;
|
||||
/** True when a sessionId param was in the URL and the session is still loading */
|
||||
isImpersonating?: boolean;
|
||||
}
|
||||
|
||||
interface Appointment {
|
||||
@@ -72,6 +76,7 @@ export function Dashboard({
|
||||
onNavigate,
|
||||
readOnly,
|
||||
onReschedule,
|
||||
isImpersonating,
|
||||
}: DashboardProps) {
|
||||
const [appointments, setAppointments] = useState<Appointment[]>([]);
|
||||
const [pets, setPets] = useState<Pet[]>([]);
|
||||
@@ -182,14 +187,12 @@ export function Dashboard({
|
||||
);
|
||||
}
|
||||
|
||||
if (!sessionId) {
|
||||
return (
|
||||
<div className="space-y-6">
|
||||
<div className="bg-stone-100 rounded-2xl p-5 text-center">
|
||||
<p className="text-stone-600">Please sign in to view your dashboard.</p>
|
||||
</div>
|
||||
</div>
|
||||
);
|
||||
// Don't redirect to /login if we have a dev user — dev sessions may not have
|
||||
// sessionId set immediately after creation (session?.id may be null due to
|
||||
// timing or API response issues). Dev users are stored in localStorage and
|
||||
// verified via the dev-session flow, so they should see the portal.
|
||||
if (!sessionId && !isImpersonating && !getDevUser()) {
|
||||
return <Navigate to="/login" replace />;
|
||||
}
|
||||
|
||||
const upcomingAppointments = getUpcomingAppointments();
|
||||
|
||||
Reference in New Issue
Block a user