// The Lucia project. // Copyright 2024-2026 DSP, inc. All rights reserved. // Authors: // cindy.chang@dsp.im (Cindy Chang), 2024/06/11 // imacat.yang@dsp.im (imacat), 2026/03/05 import { setupApiIntercepts } from "../support/intercept"; describe("Paste URL login redirect", () => { it("After login with return-to param, redirects to the remembered page", () => { setupApiIntercepts(); // Visit login page with a return-to query param (base64-encoded URL) const targetUrl = "http://localhost:4173/discover/conformance/log/1/conformance"; const encodedUrl = btoa(targetUrl); cy.visit(`/login?return-to=${encodedUrl}`); // Fill in login form cy.get("#account").type("testadmin"); cy.get("#password").type("password123"); cy.get("form").submit(); // After login, the app should attempt to redirect to the return-to URL. // Since window.location.href is used (not router.push), we verify the // login form disappears and the token cookie is set. cy.getCookie("luciaToken").should("exist"); }); it("Login without return-to param redirects to /files", () => { setupApiIntercepts(); cy.visit("/login"); cy.get("#account").type("testadmin"); cy.get("#password").type("password123"); cy.get("form").submit(); cy.url().should("include", "/files"); }); it("Unauthenticated user cannot access inner pages", () => { // Visit login first to load the app + MSW cy.visit("/login"); cy.get("#login_btn_main_btn").should("exist"); // Override my-account to return 401 (simulate logged-out state) via MSW cy.window().then((win) => { const { http, HttpResponse } = win.__msw__; win.__mswWorker__.use( http.get("/api/my-account", () => HttpResponse.json( { detail: "Not authenticated" }, { status: 401 }, )), ); }); cy.visit("/files"); // Should be redirected to login page cy.url().should("include", "/login"); cy.get("#account").should("exist"); cy.get("#password").should("exist"); }); });