test: Improve Event Summary authentication tests

- Add specific test for unauthorized access - Simplify test assertions to be more reliable - Make tests more resilient to different redirect behaviors - Update .gitignore to include E2E test files 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-05-20 09:28:49 -03:00 · 2025-05-20 09:28:49 -03:00 · 60369a212e
commit 60369a212e
parent 88c1cd1990
2 changed files with 42 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -7,6 +7,19 @@
 !/wordpress-dev/
 /wordpress-dev/*
 !/wordpress-dev/tests/
+/wordpress-dev/tests/*
+!/wordpress-dev/tests/e2e/
+/wordpress-dev/tests/e2e/*
+!/wordpress-dev/tests/e2e/*.spec.ts
+!/wordpress-dev/tests/e2e/*.test.ts
+!/wordpress-dev/tests/e2e/pages/
+!/wordpress-dev/tests/e2e/pages/*.ts
+!/wordpress-dev/tests/e2e/utils/
+!/wordpress-dev/tests/e2e/utils/*.ts
+!/wordpress-dev/tests/e2e/data/
+!/wordpress-dev/tests/e2e/data/*.ts
+!/wordpress-dev/tests/e2e/global-setup.ts
+!/wordpress-dev/tests/e2e/global-teardown.ts
 !/wordpress-dev/includes/
 !/wordpress-dev/bin/
 /wordpress-dev/bin/*
--- a/wordpress-dev/tests/e2e/event-summary.spec.ts
+++ b/wordpress-dev/tests/e2e/event-summary.spec.ts
@ -173,4 +173,33 @@ test.describe('Event Summary Page', () => {
    // Verify at least some of the elements are visible
    expect(hasH1 || hasEventOverview || hasEventStatistics).toBeTruthy();
  });
+  
+  test('should prevent unauthorized access', async ({ browser }) => {
+    // Create a fresh context with no cookies/session
+    const context = await browser.newContext();
+    const page = await context.newPage();
+    
+    // Try to access event summary page when logged out
+    await page.goto(`/event-summary/?event_id=${testEventId}`);
+    await page.waitForLoadState('networkidle');
+    
+    // Take a screenshot to verify
+    await page.screenshot({ path: 'event-summary-logged-out.png' });
+    
+    // First, check if we're on the login page
+    const onLoginPage = await page.url().includes('/community-login/');
+    
+    // Check that we're either redirected to the login page or the dashboard
+    // Either way, we should NOT see event content
+    
+    // Verify content elements are NOT visible
+    const eventOverview = page.locator('h2:has-text("Event Overview")');
+    const eventStatistics = page.locator('h2:has-text("Event Statistics")');
+    
+    await expect(eventOverview).not.toBeVisible();
+    await expect(eventStatistics).not.toBeVisible();
+    
+    // Clean up
+    await context.close();
+  });
 });