vikunja/frontend/tests/e2e/user
kolaente a9355fc247 fix(auth): keep OAuth authorize destination in a copyable login hash (#2654)
A native client (desktop/mobile/etc.) opens /oauth/authorize in the OS
browser. When the user is unauthenticated, the router previously saved the
destination to localStorage and redirected to a bare /login, stripping the
authorize URL from the address bar. localStorage is per-browser, so a user
who is signed in (or wants to sign in) in a different browser could not copy
the URL over and complete the flow.

Now, when an unauthenticated user hits oauth.authorize, redirect to /login
with the authorize path+query encoded in a #redirect= hash. The hash keeps
the URL copyable across browsers while keeping the embedded OAuth params out
of server/proxy access logs (a query param would be logged).

On arrival at the auth route, the hash is decoded and folded back into the
existing localStorage redirect mechanism (saveLastVisited), so redirectIfSaved()
completes the journey after any auth method - including the external OIDC
round-trip, where localStorage is the only bridge that survives leaving the SPA
(populated before the user leaves to the IdP). Scoped strictly to
oauth.authorize for all client_ids; every other route keeps its existing
localStorage redirect behavior.

Fixes #2654
2026-06-19 16:55:56 +02:00
..
settings test(e2e): await DELETE in caldav token revoke test to avoid race 2026-04-21 10:50:09 +00:00
api-tokens.spec.ts feat(api-tokens): support title and scopes query parameters (#2143) 2026-01-24 18:08:23 +00:00
email-confirmation.spec.ts test(e2e): assert wrong password blocks email change 2026-04-21 10:50:09 +00:00
login.spec.ts feat(a11y): fix heading hierarchy across pages 2026-04-21 11:44:36 +00:00
logout.spec.ts chore: remove redundant truncate calls now that all tables are wiped before each test 2026-04-05 09:48:09 +00:00
oauth-authorize.spec.ts fix(auth): keep OAuth authorize destination in a copyable login hash (#2654) 2026-06-19 16:55:56 +02:00
openid-login.spec.ts feat(a11y): fix heading hierarchy across pages 2026-04-21 11:44:36 +00:00
password-reset.spec.ts chore: remove redundant truncate calls now that all tables are wiped before each test 2026-04-05 09:48:09 +00:00
registration.spec.ts feat(a11y): fix heading hierarchy across pages 2026-04-21 11:44:36 +00:00
session-refresh.spec.ts feat(a11y): fix heading hierarchy across pages 2026-04-21 11:44:36 +00:00
settings.spec.ts test(user): add tests for updating week start day and verifying date picker behavior 2026-04-24 11:24:34 +02:00