Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion JENKINS_SETUP.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ Go to your Jenkins URL (same one used for ciyex backend)
- Kind: "Username with password"
- ID: `REGISTRY_CREDENTIALS`
- Username: `dev`
- Password: `ceffDD0qWy2gMHycsolsQBPi`
- Password: `${REGISTRY_DEV_PASSWORD}`
- Description: "Private Docker Registry"

### 5. Run Build
Expand Down
2 changes: 1 addition & 1 deletion ehr-ui-test-scenarios.md
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
### Sign In Flow
1. Navigate to /signin — page loads with Keycloak login form
2. Enter valid username (michael.chen) — field accepts input
3. Enter valid password (Test@123) — password field masks input
3. Enter valid password (use TEST_USER_PASSWORD env var) — password field masks input
4. Click Sign In — redirects to /select-practice or /dashboard
5. Sign in with invalid username — shows error message
6. Sign in with invalid password — shows error message
Expand Down
5 changes: 3 additions & 2 deletions playwright-tests/rbac-test.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ const { chromium } = require('playwright');
const path = require('path');
const fs = require('fs');

const TEST_PASSWORD = process.env.TEST_USER_PASSWORD || TEST_PASSWORD;
const SCREENSHOT_DIR = path.join(__dirname, 'screenshots');
if (!fs.existsSync(SCREENSHOT_DIR)) fs.mkdirSync(SCREENSHOT_DIR, { recursive: true });

Expand Down Expand Up @@ -172,7 +173,7 @@ async function main() {
console.log('PART 1: BILLING USER (billing.davis@sunrisefamilymedicine.com)');
console.log('='.repeat(60));

await login(page, 'billing.davis@sunrisefamilymedicine.com', 'Test@123', 'billing');
await login(page, 'billing.davis@sunrisefamilymedicine.com', TEST_PASSWORD, 'billing');

// Admin-restricted pages - billing should NOT see these
results.push(await testPageAccess(page, '/settings/roles-permissions', 'roles-permissions', 'billing'));
Expand All @@ -192,7 +193,7 @@ async function main() {
console.log('='.repeat(60));

await logout(page, 'billing');
await login(page, 'michael.chen@example.com', 'Test@123', 'admin');
await login(page, 'michael.chen@example.com', TEST_PASSWORD, 'admin');

// Same restricted pages - admin SHOULD see these
results.push(await testPageAccess(page, '/settings/roles-permissions', 'roles-permissions', 'admin'));
Expand Down
3 changes: 2 additions & 1 deletion tests/e2e/batch3-verify.spec.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import { test, expect } from "@playwright/test";

const TEST_PASSWORD = process.env.TEST_USER_PASSWORD || 'Test@123';
const BASE = "https://app-dev.ciyex.org";

async function login(page: any) {
Expand All @@ -14,7 +15,7 @@ async function login(page: any) {
// Step 2: Enter password
const passInput = page.locator('input[name="password"], input[type="password"]').first();
await passInput.waitFor({ state: "visible", timeout: 10000 });
await passInput.fill("Test@123");
await passInput.fill(TEST_PASSWORD);
await page.locator('button[type="submit"], button:has-text("Sign")').first().click();
await page.waitForURL(/(?!.*signin).*/, { timeout: 15000 });
await page.waitForLoadState("networkidle");
Expand Down
5 changes: 3 additions & 2 deletions tests/e2e/permission-guard-debug.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import { test, Page } from "@playwright/test";
import path from "path";

const TEST_PASSWORD = process.env.TEST_USER_PASSWORD || 'Test@123';
const BASE_URL = "https://app-dev.ciyex.org";
const API_URL = "https://api-dev.ciyex.org";
const SCREENSHOTS_DIR = path.join(process.cwd(), "test-results", "screenshots");
Expand All @@ -27,7 +28,7 @@ async function fetchAuthData(email: string, password: string) {
test("Diagnose PermissionGuard - measure when contexts load vs when page renders", async ({ page }) => {
test.setTimeout(120000);

const billingData = await fetchAuthData("billing.davis@sunrisefamilymedicine.com", "Test@123");
const billingData = await fetchAuthData("billing.davis@sunrisefamilymedicine.com", TEST_PASSWORD);

// Capture timing of console messages
const events: Array<{time: number, msg: string}> = [];
Expand Down Expand Up @@ -142,7 +143,7 @@ test("Test with real login form - billing user", async ({ page }) => {

const passwordVisible = await page.locator('input[id="password"]').isVisible().catch(() => false);
if (passwordVisible) {
await page.fill('input[id="password"]', "Test@123");
await page.fill('input[id="password"]', TEST_PASSWORD);
await page.click('button:has-text("Sign in")');
// Wait for redirect to calendar
await page.waitForURL(`${BASE_URL}/calendar`, { timeout: 30000 }).catch(() => {
Expand Down
5 changes: 3 additions & 2 deletions tests/e2e/permission-guard-dev.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
import { test, expect, Page } from "@playwright/test";
import path from "path";

const TEST_PASSWORD = process.env.TEST_USER_PASSWORD || 'Test@123';
const BASE_URL = "https://app-dev.ciyex.org";
const API_URL = "https://api-dev.ciyex.org";

Expand Down Expand Up @@ -70,8 +71,8 @@ test.describe("Permission Guard on Dev Environment (app-dev.ciyex.org)", () => {
let billingData: any;

test.beforeAll(async () => {
adminData = await fetchAuthData("michael.chen@example.com", "Test@123");
billingData = await fetchAuthData("billing.davis@sunrisefamilymedicine.com", "Test@123");
adminData = await fetchAuthData("michael.chen@example.com", TEST_PASSWORD);
billingData = await fetchAuthData("billing.davis@sunrisefamilymedicine.com", TEST_PASSWORD);
console.log(`[setup] Admin groups: ${JSON.stringify(adminData.groups)}`);
console.log(`[setup] Billing groups: ${JSON.stringify(billingData.groups)}`);
});
Expand Down
7 changes: 4 additions & 3 deletions tests/e2e/permission-guard-final.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import { test, Page } from "@playwright/test";
import path from "path";

const TEST_PASSWORD = process.env.TEST_USER_PASSWORD || 'Test@123';
const BASE_URL = "https://app-dev.ciyex.org";
const API_URL = "https://api-dev.ciyex.org";
const SCREENSHOTS_DIR = path.join(process.cwd(), "test-results", "screenshots");
Expand Down Expand Up @@ -32,7 +33,7 @@ test("DEFINITIVE: Billing user blocked from admin-only settings pages", async ({
test.setTimeout(120000);

// Do real login to ensure full context loading
await realLogin(page, "billing.davis@sunrisefamilymedicine.com", "Test@123");
await realLogin(page, "billing.davis@sunrisefamilymedicine.com", TEST_PASSWORD);

if (!page.url().includes("/calendar")) {
console.log("[SKIP] Login failed, skipping test");
Expand Down Expand Up @@ -75,7 +76,7 @@ test("DEFINITIVE: Billing user blocked from admin-only settings pages", async ({
test("DEFINITIVE: Admin user full access", async ({ page }) => {
test.setTimeout(120000);

await realLogin(page, "michael.chen@example.com", "Test@123");
await realLogin(page, "michael.chen@example.com", TEST_PASSWORD);

if (!page.url().includes("/calendar")) {
console.log("[SKIP] Login failed");
Expand Down Expand Up @@ -114,7 +115,7 @@ test("DEFINITIVE: Backend security check - billing user accessing admin APIs", a
const res = await fetch(`${API_URL}/api/auth/login`, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ email: "billing.davis@sunrisefamilymedicine.com", password: "Test@123" }),
body: JSON.stringify({ email: "billing.davis@sunrisefamilymedicine.com", password: TEST_PASSWORD }),
});
const billingData = (await res.json() as any).data;

Expand Down
9 changes: 5 additions & 4 deletions tests/e2e/permission-guard-runtime.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import { test, Page } from "@playwright/test";
import path from "path";

const TEST_PASSWORD = process.env.TEST_USER_PASSWORD || 'Test@123';
const BASE_URL = "https://app-dev.ciyex.org";
const API_URL = "https://api-dev.ciyex.org";
const SCREENSHOTS_DIR = path.join(process.cwd(), "test-results", "screenshots");
Expand All @@ -20,7 +21,7 @@ test("Inspect pagePermissionMap and permissions at runtime for billing user", as
const res = await fetch(`${API_URL}/api/auth/login`, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ email: "billing.davis@sunrisefamilymedicine.com", password: "Test@123" }),
body: JSON.stringify({ email: "billing.davis@sunrisefamilymedicine.com", password: TEST_PASSWORD }),
});
const billingData = (await res.json() as any).data;

Expand All @@ -36,7 +37,7 @@ test("Inspect pagePermissionMap and permissions at runtime for billing user", as

const passwordVisible = await page.locator('input[id="password"]').isVisible().catch(() => false);
if (passwordVisible) {
await page.fill('input[id="password"]', "Test@123");
await page.fill('input[id="password"]', TEST_PASSWORD);
await page.click('button:has-text("Sign in")');
try {
await page.waitForURL(`${BASE_URL}/calendar`, { timeout: 30000 });
Expand Down Expand Up @@ -124,7 +125,7 @@ test("Check PermissionGuard component rendering via page source", async ({ page
const res = await fetch(`${API_URL_LOCAL}/api/auth/login`, {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ email: "billing.davis@sunrisefamilymedicine.com", password: "Test@123" }),
body: JSON.stringify({ email: "billing.davis@sunrisefamilymedicine.com", password: TEST_PASSWORD }),
});
const billingData = (await res.json() as any).data;
console.log("[setup] Billing groups: " + JSON.stringify(billingData.groups));
Expand All @@ -144,7 +145,7 @@ test("Check PermissionGuard component rendering via page source", async ({ page

const passwordVisible = await page.locator('input[id="password"]').isVisible().catch(() => false);
if (passwordVisible) {
await page.fill('input[id="password"]', "Test@123");
await page.fill('input[id="password"]', TEST_PASSWORD);
await page.click('button:has-text("Sign in")');
try { await page.waitForURL(`${BASE_URL}/calendar`, { timeout: 30000 }); } catch {}
await page.waitForTimeout(4000);
Expand Down
7 changes: 4 additions & 3 deletions tests/e2e/permission-guard-test.spec.ts
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import { test, expect, Page } from "@playwright/test";
import path from "path";

const TEST_PASSWORD = process.env.TEST_USER_PASSWORD || 'Test@123';
const BASE_URL = "http://localhost:3002";
const API_URL = "https://api-dev.ciyex.org";

Expand Down Expand Up @@ -59,8 +60,8 @@ test.describe("Role-Based Permission Guard", () => {
let billingData: any;

test.beforeAll(async () => {
adminData = await fetchAuthData("michael.chen@example.com", "Test@123");
billingData = await fetchAuthData("billing.davis@sunrisefamilymedicine.com", "Test@123");
adminData = await fetchAuthData("michael.chen@example.com", TEST_PASSWORD);
billingData = await fetchAuthData("billing.davis@sunrisefamilymedicine.com", TEST_PASSWORD);
console.log(`[setup] Admin groups: ${JSON.stringify(adminData.groups)}`);
console.log(`[setup] Billing groups: ${JSON.stringify(billingData.groups)}`);
});
Expand Down Expand Up @@ -209,7 +210,7 @@ test.describe("Role-Based Permission Guard", () => {
console.log(`[login] Password field visible after email: ${passwordVisible}`);

if (passwordVisible) {
await page.fill('input[id="password"]', "Test@123");
await page.fill('input[id="password"]', TEST_PASSWORD);
await shot(page, "06-password-filled");
await page.click('button:has-text("Sign in")');
await page.waitForTimeout(5000);
Expand Down
5 changes: 3 additions & 2 deletions tests/e2e/rbac-all-roles.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,8 @@ import * as path from "path";

const BASE_URL = "https://app-dev.ciyex.org";
const API_URL = "https://api-dev.ciyex.org";
const PASSWORD = "Test@123";
const TEST_PASSWORD = process.env.TEST_USER_PASSWORD || 'Test@123';
const PASSWORD = TEST_PASSWORD;
const SCREENSHOTS_DIR = path.join(process.cwd(), "test-results", "rbac-screenshots");
const REPORT_PATH = path.join(process.cwd(), "test-results", "rbac-report.html");

Expand All @@ -44,7 +45,7 @@ const USERS: TestUser[] = [
// BILLING — Sunrise Family Medicine (confirmed working)
{ role: "BILLING", email: "billing.davis@sunrisefamilymedicine.com" },
// PATIENT — Sunrise Family Medicine (patients use portal, not EHR — login expected to fail)
{ role: "PATIENT", email: "jennifer.martinez@example.com", password: "Test@123" },
{ role: "PATIENT", email: "jennifer.martinez@example.com", password: TEST_PASSWORD },
];

// ── Routes to test ───────────────────────────────────────────────────────────
Expand Down
3 changes: 2 additions & 1 deletion tests/e2e/rbac-incremental.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ import * as path from "path";

const BASE_URL = "https://app-dev.ciyex.org";
const API_URL = "https://api-dev.ciyex.org";
const PASSWORD = "Test@123";
const TEST_PASSWORD = process.env.TEST_USER_PASSWORD || 'Test@123';
const PASSWORD = TEST_PASSWORD;

const ADMIN_EMAIL = "michael.chen@example.com";
const TEST_EMAIL = "frontdesk.brown@sunrisefamilymedicine.com";
Expand Down
3 changes: 2 additions & 1 deletion tests/e2e/test-3-issues.spec.ts
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import { test, expect, Page } from "@playwright/test";

const TEST_PASSWORD = process.env.TEST_USER_PASSWORD || 'Test@123';
const APP_URL = "https://app-dev.ciyex.org";
const API_URL = "https://api-dev.ciyex.org";

Expand All @@ -13,7 +14,7 @@ async function loginViaUI(page: Page) {

if (await emailInput.count() > 0) {
await emailInput.first().fill("kiran@example.com");
await passwordInput.first().fill("Test@123");
await passwordInput.first().fill(TEST_PASSWORD);
// Submit login
const submitBtn = page.locator('input[type="submit"], button[type="submit"], #kc-login');
await submitBtn.first().click();
Expand Down
3 changes: 2 additions & 1 deletion tests/e2e/test-fixes.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@ import { chromium } from "playwright";

const BASE = "https://app-dev.ciyex.org";
const EMAIL = "rose@example.com";
const PASSWORD = "Test@123";
const TEST_PASSWORD = process.env.TEST_USER_PASSWORD || 'Test@123';
const PASSWORD = TEST_PASSWORD;

async function main() {
const browser = await chromium.launch({ headless: true });
Expand Down
3 changes: 2 additions & 1 deletion tests/e2e/verify-7-fixes.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@ import { test, expect, type Page } from "@playwright/test";
const BASE = "https://app-dev.ciyex.org";
const API = "https://api-dev.ciyex.org";
const EMAIL = "rose@example.com";
const PASSWORD = "Test@123";
const TEST_PASSWORD = process.env.TEST_USER_PASSWORD || 'Test@123';
const PASSWORD = TEST_PASSWORD;

test.describe.configure({ mode: "serial" });

Expand Down
3 changes: 2 additions & 1 deletion tests/e2e/verify-9-fixes.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@ import { test, expect, type Page } from "@playwright/test";

const BASE = "https://app-dev.ciyex.org";
const EMAIL = "rose@example.com";
const PASSWORD = "Test@123";
const TEST_PASSWORD = process.env.TEST_USER_PASSWORD || 'Test@123';
const PASSWORD = TEST_PASSWORD;

test.describe.configure({ mode: "serial" });

Expand Down
3 changes: 2 additions & 1 deletion tests/e2e/verify-all-fixes.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@ import { test, expect } from "@playwright/test";

const BASE = "https://app-dev.ciyex.org";
const EMAIL = "rose@example.com";
const PASSWORD = "Test@123";
const TEST_PASSWORD = process.env.TEST_USER_PASSWORD || 'Test@123';
const PASSWORD = TEST_PASSWORD;

test.describe.configure({ mode: "serial" });

Expand Down
3 changes: 2 additions & 1 deletion tests/e2e/verify-fixes.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import { test, expect, Page } from "@playwright/test";
* Run: npx playwright test tests/e2e/verify-fixes.spec.ts --headed
*/

const TEST_PASSWORD = process.env.TEST_USER_PASSWORD || 'Test@123';
const BASE = "https://app-dev.ciyex.org";
const PATIENT_URL = `${BASE}/patients/6762`;

Expand All @@ -26,7 +27,7 @@ async function login(page: Page) {
// Step 2: Wait for password field to appear
const passwordField = page.locator('input[type="password"]').first();
await passwordField.waitFor({ timeout: 15000 });
await passwordField.fill("Test@123");
await passwordField.fill(TEST_PASSWORD);

// Click Sign In
const signInBtn = page.locator('button:has-text("Sign In"), button:has-text("Login"), button[type="submit"]').first();
Expand Down
Loading