๐งช Auth Flow Testing
Comprehensive testing for the Jinja2 migration auth loop fix
๐ Log Level Control
Change logging verbosity for login.js and api-client.js
Current levels: LOGIN = 4, API = 3
Test 1: Clean Slate - Fresh Login Flow
Tests the complete login flow from scratch with no existing tokens.
Steps:
- Click "Clear All Data" below
- Click "Navigate to /admin"
- Observe browser behavior and console logs
- You should land on login page
โ
Expected Result:
- Single redirect: /admin โ /admin/login
- Login page loads with NO API calls to /admin/auth/me
- No loops, no errors in console
- Form is ready for input
Test 2: Successful Login
Tests that login works correctly and redirects to dashboard.
Steps:
- Ensure you're on /admin/login
- Enter valid admin credentials
- Click "Login"
- Observe redirect and dashboard load
โ
Expected Result:
- Login API call succeeds (check Network tab)
- Token stored in localStorage
- Success message shows briefly
- Redirect to /admin/dashboard after 500ms
- Dashboard loads with stats and recent vendors
Test 3: Dashboard Refresh (Authenticated)
Tests that refreshing the dashboard works without redirect loops.
Steps:
- Complete Test 2 (login successfully)
- On dashboard, press F5 or click "Refresh Page"
- Observe page reload behavior
โ
Expected Result:
- Dashboard reloads normally
- No redirects to login
- Stats and vendors load correctly
- No console errors
Test 4: Expired Token Handling
Tests that expired tokens are handled gracefully with redirect to login.
Steps:
- Click "Set Expired Token"
- Click "Navigate to Dashboard"
- Observe authentication failure and redirect
โ
Expected Result:
- Server detects expired token
- Returns 401 Unauthorized
- Browser redirects to /admin/login
- Token is cleared from localStorage
- No infinite loops
Test 5: Direct Dashboard Access (Unauthenticated)
Tests that accessing dashboard without token redirects to login.
Steps:
- Click "Clear All Data"
- Click "Navigate to Dashboard"
- Observe immediate redirect to login
โ
Expected Result:
- Redirect from /admin/dashboard to /admin/login
- No API calls attempted
- Login page loads correctly
Test 6: Login Page with Valid Token
Tests what happens when user visits login page while already authenticated.
Steps:
- Login successfully (Test 2)
- Click "Go to Login Page" below
- Observe behavior
โ
Expected Result:
- Login page loads
- Existing token is cleared (init() clears it)
- Form is displayed normally
- NO redirect loops
- NO API calls to validate token
๐ Current Auth Status
Current URL:
-
Has admin_token:
-
Has admin_user:
-
Token Preview:
-
Username:
-
โ ๏ธ Important Notes
- Always check browser console for detailed logs
- Use Network tab to see actual HTTP requests and redirects
- Clear browser cache if you see unexpected behavior
- Make sure FastAPI server is running on localhost:8000
- Valid admin credentials required for login tests