@imwz/wp-pattern-sentinel 0.2.2 → 0.2.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@imwz/wp-pattern-sentinel",
-  "version": "0.2.2",
+  "version": "0.2.4",
   "description": "Browser-based WordPress block pattern validator using Playwright",
   "type": "module",
   "engines": {

package/src/login.js

@@ -2,14 +2,36 @@ import { log } from './format.js';
 
 export async function loginToWordPress(page, adminUrl, user, pass) {
   try {
-    await page.goto(`${adminUrl}/wp-login.php`, {
+    // Navigate to the editor — WordPress redirects to wp-login.php if unauthenticated,
+    // with redirect_to preserving the editor URL (important for multisite subsite context).
+    await page.goto(`${adminUrl}/wp-admin/post-new.php?post_type=page`, {
       waitUntil: 'domcontentloaded',
-      timeout: 30000,
+      timeout: 60000,
     });
+
+    // Already logged in — editor loaded directly
+    if (await page.locator('.edit-post-layout, .editor-styles-wrapper').count() > 0) {
+      return true;
+    }
+
+    // Wait for the login form to be ready before filling
+    await page.waitForSelector('#user_login', { state: 'visible', timeout: 30000 });
     await page.fill('#user_login', user);
     await page.fill('#user_pass', pass);
-    await page.click('#wp-submit');
-    await page.waitForURL(/\/wp-admin\//, { timeout: 30000, waitUntil: 'domcontentloaded' });
+
+    // Start listening for navigation BEFORE clicking — avoids missing the redirect
+    await Promise.all([
+      page.waitForNavigation({ waitUntil: 'domcontentloaded', timeout: 60000 }),
+      page.click('#wp-submit'),
+    ]);
+
+    const loggedIn = page.url().includes('/wp-admin/') && !page.url().includes('wp-login.php');
+    if (!loggedIn) {
+      const error = await page.textContent('#login_error').catch(() => null);
+      log(`Login failed: ${error?.trim() ?? 'unexpected URL after submit: ' + page.url()}`, 'red');
+      return false;
+    }
+
     return true;
   } catch (error) {
     log(`Login failed: ${error.message}`, 'red');

package/src/main.js

@@ -30,20 +30,25 @@ export async function main() {
     args: ['--disable-web-security'],
   });
 
-  // One authenticated context per worker — sessions are fully isolated
+  // Login once, then share the session cookies across all worker contexts.
+  // Concurrent logins to WordPress (even with valid credentials) trigger a
+  // reauth=1 redirect loop — serialising login avoids this entirely.
   let contexts;
   try {
-    contexts = await Promise.all(
-      Array.from({ length: options.concurrency }, async () => {
-        const context = await browser.newContext({ viewport: options.viewport });
-        const page    = await context.newPage();
-        page.setDefaultTimeout(60000);
-        const ok = await loginToWordPress(page, options.adminUrl, options.user, options.pass);
-        await page.close();
-        if (!ok) throw new Error('Failed to authenticate with WordPress');
-        return context;
-      })
-    );
+    const firstContext = await browser.newContext({ viewport: options.viewport });
+    const loginPage    = await firstContext.newPage();
+    loginPage.setDefaultTimeout(60000);
+    const ok = await loginToWordPress(loginPage, options.adminUrl, options.user, options.pass);
+    await loginPage.close();
+    if (!ok) throw new Error('Failed to authenticate with WordPress');
+
+    const cookies = await firstContext.cookies();
+    contexts = [firstContext];
+    for (let i = 1; i < options.concurrency; i++) {
+      const ctx = await browser.newContext({ viewport: options.viewport });
+      await ctx.addCookies(cookies);
+      contexts.push(ctx);
+    }
   } catch (error) {
     log(error.message, 'red');
     await browser.close();