@live-change/user-frontend 0.9.196 → 0.9.198

package/e2e/connectEmailCode.test.ts

@@ -0,0 +1,65 @@
+import test from 'node:test'
+import assert from 'node:assert'
+import App from '@live-change/framework'
+import randomProfile from 'random-profile-generator'
+import { withBrowser } from './withBrowser.js'
+import { useSecretCode, sleep } from './steps.js'
+
+const app = App.app()
+const email = randomProfile.profile().firstName.toLowerCase() + '@test.com'
+const email2 = randomProfile.profile().firstName.toLowerCase() + '2@test.com'
+const happyPath = false
+
+test('connect email with code', async () => {
+  await withBrowser(async (page, env) => {
+    const user = app.generateUid()
+
+    const User = env.haveModel('user', 'User')
+    const Email = env.haveModel('email', 'Email')
+    const AuthenticatedUser = env.haveModel('user', 'AuthenticatedUser')
+
+    await User.create({ id: user, roles: [] })
+    await Email.create({ id: email, email, user })
+    await page.goto(env.url + '/', { waitUntil: 'networkidle' })
+    const session = await page.evaluate(
+      () => (window as unknown as { api: { client: { value: { session: string } } } }).api.client.value.session
+    )
+    await AuthenticatedUser.create({ id: session, user, session })
+
+    // Reload so client gets user from server; otherwise router redirects to sign-in when opening /user/settings/connected
+    await page.reload({ waitUntil: 'networkidle' })
+    await page.goto(env.url + '/user/settings/connected', { waitUntil: 'networkidle' })
+    await page.getByText(email).waitFor({ state: 'visible', timeout: 15000 })
+    assert.strictEqual(await page.getByText(email2).isVisible(), false, 'email2 should not be visible')
+
+    await page.click('button#connect')
+    assert.ok(page.url().includes('/connect'))
+
+    if (!happyPath) {
+      await page.fill('input#email', email)
+      await page.click('button[type=submit]')
+      assert.ok(page.url().includes('/connect'))
+    }
+
+    await page.fill('input#email', email2)
+    await page.click('button[type=submit]')
+    await page.waitForURL('**/sent/*', { timeout: 10000 })
+    assert.ok(page.url().includes('/sent/'))
+
+    const url = page.url()
+    const authentication = url.split('/').pop()!
+
+    const authenticationData = await env.grabObject('messageAuthentication', 'Authentication', authentication)
+    assert.ok(authenticationData, 'authentication created')
+    assert.strictEqual((authenticationData as { messageData?: { user: string } })?.messageData?.user, user, 'authentication contains user')
+
+    await useSecretCode(page, env, authentication, happyPath)
+    await page.waitForURL('**/connect-finished', { timeout: 10000 })
+    assert.ok(page.url().includes('/connect-finished'))
+
+    if (!happyPath) {
+      await page.goto(url, { waitUntil: 'networkidle' })
+      assert.ok(page.url().includes('/connect-finished'))
+    }
+  })
+})

package/e2e/connectEmailLink.test.ts

@@ -0,0 +1,62 @@
+import test from 'node:test'
+import assert from 'node:assert'
+import App from '@live-change/framework'
+import randomProfile from 'random-profile-generator'
+import { withBrowser } from './withBrowser.js'
+import { useSecretLink } from './steps.js'
+
+const app = App.app()
+const email = randomProfile.profile().firstName.toLowerCase() + '@test.com'
+const email2 = randomProfile.profile().firstName.toLowerCase() + '2@test.com'
+const happyPath = false
+
+test('connect email with link', async () => {
+  await withBrowser(async (page, env) => {
+    const user = app.generateUid()
+
+    const User = env.haveModel('user', 'User')
+    const Email = env.haveModel('email', 'Email')
+    const AuthenticatedUser = env.haveModel('user', 'AuthenticatedUser')
+
+    await User.create({ id: user, roles: [] })
+    await Email.create({ id: email, email, user })
+    await page.goto(env.url + '/', { waitUntil: 'networkidle' })
+    const session = await page.evaluate(
+      () => (window as unknown as { api: { client: { value: { session: string } } } }).api.client.value.session
+    )
+    await AuthenticatedUser.create({ id: session, user, session })
+
+    await page.reload({ waitUntil: 'networkidle' })
+    await page.goto(env.url + '/user/settings/connected', { waitUntil: 'networkidle' })
+    await page.getByText(email).waitFor({ state: 'visible', timeout: 15000 })
+    assert.strictEqual(await page.getByText(email2).isVisible(), false, 'email2 should not be visible')
+
+    await page.click('button#connect')
+    assert.ok(page.url().includes('/connect'))
+
+    if (!happyPath) {
+      await page.fill('input#email', email)
+      await page.click('button[type=submit]')
+    }
+
+    await page.fill('input#email', email2)
+    await page.click('button[type=submit]')
+    assert.ok(page.url().includes('/sent/'))
+
+    const url = page.url()
+    const authentication = url.split('/').pop()!
+
+    const authenticationData = await env.grabObject('messageAuthentication', 'Authentication', authentication)
+    assert.ok(authenticationData, 'authentication created')
+    assert.strictEqual((authenticationData as { messageData?: { user: string } })?.messageData?.user, user, 'authentication contains user')
+
+    const linkData = await useSecretLink(page, env, authentication, happyPath)
+    await page.waitForURL('**/connect-finished', { timeout: 10000 })
+    assert.ok(page.url().includes('/connect-finished'))
+
+    if (!happyPath) {
+      await page.goto(env.url + '/user/link/' + linkData.secretCode, { waitUntil: 'networkidle' })
+      await page.getByText('Link used').waitFor({ state: 'visible' })
+    }
+  })
+})

package/e2e/delete.test.ts

@@ -0,0 +1,52 @@
+import test from 'node:test'
+import assert from 'node:assert'
+import App from '@live-change/framework'
+import randomProfile from 'random-profile-generator'
+import { withBrowser } from './withBrowser.js'
+
+const app = App.app()
+const name = randomProfile.profile().firstName.toLowerCase()
+const email = name + '@test.com'
+
+test('delete account', async () => {
+  await withBrowser(async (page, env) => {
+    const user = app.generateUid()
+
+    const User = env.haveModel('user', 'User')
+    const Email = env.haveModel('email', 'Email')
+    const AuthenticatedUser = env.haveModel('user', 'AuthenticatedUser')
+
+    await User.create({ id: user, roles: [] })
+    await Email.create({ id: email, email, user })
+    await page.goto(env.url + '/', { waitUntil: 'networkidle' })
+    const session = await page.evaluate(
+      () => (window as unknown as { api: { client: { value: { session: string } } } }).api.client.value.session
+    )
+    await AuthenticatedUser.create({ id: session, user, session })
+
+    await page.reload({ waitUntil: 'networkidle' })
+    const clientUser = await page.evaluate(
+      () => (window as unknown as { api: { client: { value: { user: string } } } }).api.client.value.user
+    )
+    assert.strictEqual(user, clientUser, 'client logged in')
+
+    await page.goto(env.url + '/user/settings/delete', { waitUntil: 'networkidle' })
+    await page.click('.p-checkbox-box')
+    await page.click('button#delete')
+    await page.waitForURL('**/delete-finished', { timeout: 10000 })
+
+    assert.ok(page.url().includes('/delete-finished'))
+
+    await new Promise((r) => setTimeout(r, 300))
+    const clientUserAfterDelete = await page.evaluate(
+      () => (window as unknown as { api: { client: { value: { user: unknown } } } }).api.client.value.user
+    )
+    assert.strictEqual(!!clientUserAfterDelete, false, 'user logged out')
+
+    const deletedUser = await User.get(user)
+    assert.strictEqual(!!deletedUser, false, 'user deleted')
+
+    const deletedEmail = await Email.get(email)
+    assert.strictEqual(!!deletedEmail, false, 'email deleted')
+  })
+})

package/e2e/disconnectEmail.test.ts

@@ -0,0 +1,43 @@
+import test from 'node:test'
+import assert from 'node:assert'
+import App from '@live-change/framework'
+import randomProfile from 'random-profile-generator'
+import { withBrowser } from './withBrowser.js'
+
+const app = App.app()
+const name = randomProfile.profile().firstName.toLowerCase()
+const email = name + '@test.com'
+const email2 = name + '2@test.com'
+const happyPath = false
+
+test('disconnect email', async () => {
+  await withBrowser(async (page, env) => {
+    const user = app.generateUid()
+
+    const User = env.haveModel('user', 'User')
+    const Email = env.haveModel('email', 'Email')
+    const AuthenticatedUser = env.haveModel('user', 'AuthenticatedUser')
+
+    await User.create({ id: user, roles: [] })
+    await Email.create({ id: email, email, user })
+    await Email.create({ id: email2, email: email2, user })
+    await page.goto(env.url + '/', { waitUntil: 'networkidle' })
+    const session = await page.evaluate(
+      () => (window as unknown as { api: { client: { value: { session: string } } } }).api.client.value.session
+    )
+    await AuthenticatedUser.create({ id: session, user, session })
+
+    await page.reload({ waitUntil: 'networkidle' })
+    await page.goto(env.url + '/user/settings/connected', { waitUntil: 'networkidle' })
+    await page.getByText(email).waitFor({ state: 'visible' })
+    await page.getByText(email2).waitFor({ state: 'visible' })
+
+    await page.click('span.pi-times')
+    await page.click('text=Yes')
+    assert.strictEqual(await page.getByText(email2).isVisible(), false, 'email2 should not be visible')
+
+    if (!happyPath) {
+      await page.locator('span.pi-times').waitFor({ state: 'hidden' })
+    }
+  })
+})

package/e2e/env.ts

@@ -0,0 +1,130 @@
+import path from 'path'
+import { fileURLToPath } from 'url'
+import { TestServer } from '@live-change/server'
+import appConfig from '../server/app.config.js'
+import * as services from '../server/services.list.js'
+
+const READY_TIMEOUT_MS = 60000
+const READY_POLL_MS = 2000
+
+async function waitForServerReady(url: string): Promise<void> {
+  const deadline = Date.now() + READY_TIMEOUT_MS
+  while (Date.now() < deadline) {
+    try {
+      const res = await fetch(url)
+      if (res.ok) return
+    } catch {
+      // not ready yet
+    }
+    await new Promise((r) => setTimeout(r, READY_POLL_MS))
+  }
+  throw new Error(`Server at ${url} did not become ready within ${READY_TIMEOUT_MS}ms`)
+}
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url))
+const serverDir = path.join(__dirname, '..', 'server')
+const frontDir = path.join(__dirname, '..', 'front')
+
+for (const serviceConfig of appConfig.services) {
+  const name = (serviceConfig as { name: string }).name
+  ;(serviceConfig as { module?: unknown }).module = (services as Record<string, unknown>)[name]
+}
+;(appConfig as { init?: (s: unknown) => Promise<void> }).init = (services as { init: (s: unknown) => Promise<void> }).init
+
+export type TestEnv = {
+  server: InstanceType<typeof TestServer>
+  url: string
+  haveService: (name: string) => { name: string; models: Record<string, { get: (id: string) => Promise<unknown> }>; views: Record<string, unknown>; actions: Record<string, unknown>; triggers: Record<string, unknown> }
+  haveModel: (serviceName: string, modelName: string) => { get: (id: string) => Promise<unknown>; create: (data: unknown) => Promise<unknown>; update: (id: string, data: unknown) => Promise<unknown>; delete: (id: string) => Promise<unknown>; indexObjectGet: (index: string, key: unknown, opts?: unknown) => Promise<unknown>; indexRangeGet: (index: string, key: unknown) => Promise<unknown[]>; definition: { properties: Record<string, { preFilter: (v: unknown) => unknown }> } }
+  haveView: (serviceName: string, viewName: string) => unknown
+  haveAction: (serviceName: string, actionName: string) => unknown
+  haveTrigger: (serviceName: string, triggerName: string) => unknown
+  grabObject: (serviceName: string, modelName: string, id: string) => Promise<unknown>
+}
+
+let envPromise: Promise<TestEnv> | null = null
+
+function haveService(server: InstanceType<typeof TestServer>, name: string) {
+  const service = server.apiServer.services.services.find((s: { name: string }) => s.name === name)
+  if (!service) throw new Error('service ' + name + ' not found')
+  return service
+}
+
+function haveModel(server: InstanceType<typeof TestServer>, serviceName: string, modelName: string) {
+  const service = haveService(server, serviceName)
+  const model = service.models[modelName]
+  if (!model) throw new Error('model ' + modelName + ' not found')
+  return model
+}
+
+export async function getTestEnv(): Promise<TestEnv> {
+  if (envPromise) return envPromise
+  envPromise = (async () => {
+    const server = new TestServer({
+      dev: true,
+      enableSessions: true,
+      port: 0,
+      ssrRoot: frontDir,
+      initScript: path.join(serverDir, 'init.js'),
+      services: appConfig
+    })
+    console.log('starting test server')
+    try {
+      await server.start()
+    } catch (error) {
+      console.error((error as Error).stack)
+      process.exit(1)
+    }
+    console.log('Test server started at', server.url)
+    console.log('waiting for front to be ready...')
+    await waitForServerReady(server.url!)
+    console.log('front ready')
+
+    process.on('beforeExit', () => {
+      server.dispose()
+    })
+
+    // When running under node:test, register a global teardown that disposes the server
+    // and forces process exit so the test run finishes cleanly.
+    try {
+      const { after } = await import('node:test')
+      after(async () => {
+        await server.dispose()
+        process.exit(0)
+      })
+    } catch {
+      // not running under node:test, ignore
+    }
+
+    const url = server.url!
+    return {
+      server,
+      url,
+      haveService: (name: string) => haveService(server, name),
+      haveModel: (serviceName: string, modelName: string) => haveModel(server, serviceName, modelName),
+      haveView: (serviceName: string, viewName: string) => {
+        const service = haveService(server, serviceName)
+        const view = service.views[viewName]
+        if (!view) throw new Error('view ' + viewName + ' not found')
+        return view
+      },
+      haveAction: (serviceName: string, actionName: string) => {
+        const service = haveService(server, serviceName)
+        const action = service.actions[actionName]
+        if (!action) throw new Error('action ' + actionName + ' not found')
+        return action
+      },
+      haveTrigger: (serviceName: string, triggerName: string) => {
+        const service = haveService(server, serviceName)
+        const trigger = service.triggers[triggerName]
+        if (!trigger) throw new Error('trigger ' + triggerName + ' not found')
+        return trigger
+      },
+      grabObject: async (serviceName: string, modelName: string, id: string) => {
+        const model = haveModel(server, serviceName, modelName)
+        return await model.get(id)
+      }
+    }
+  })()
+  return envPromise
+}

package/e2e/resetPasswordWithEmailCode.test.ts

@@ -0,0 +1,60 @@
+import test from 'node:test'
+import assert from 'node:assert'
+import App from '@live-change/framework'
+import randomProfile from 'random-profile-generator'
+import passwordGenerator from 'generate-password'
+import { withBrowser } from './withBrowser.js'
+import { useSecretCode } from './steps.js'
+
+const app = App.app()
+const email = randomProfile.profile().firstName.toLowerCase() + '@test.com'
+
+test('reset password with email code', async () => {
+  await withBrowser(async (page, env) => {
+    const user = app.generateUid()
+
+    const User = env.haveModel('user', 'User')
+    const Email = env.haveModel('email', 'Email')
+
+    await User.create({ id: user, roles: [] })
+    await Email.create({ id: email, email, user })
+    await page.goto(env.url + '/', { waitUntil: 'networkidle' })
+
+    await page.goto(env.url + '/user/reset-password', { waitUntil: 'networkidle' })
+    await page.fill('input#email', email)
+    await page.click('button[type=submit]')
+    await page.waitForURL('**/sent/*', { timeout: 10000 })
+
+    assert.ok(page.url().includes('/sent'))
+    let url = page.url()
+    const authentication = url.split('/').pop()!
+
+    const authenticationData = await env.grabObject('messageAuthentication', 'Authentication', authentication)
+    assert.ok(authenticationData, 'authentication created')
+    assert.strictEqual((authenticationData as { messageData?: { user: string } })?.messageData?.user, user, 'authentication message data contains user')
+    assert.strictEqual((authenticationData as { actionProperties?: { user: string } })?.actionProperties?.user, user, 'authentication action properties contains user')
+
+    await useSecretCode(page, env, authentication, false)
+    await page.waitForURL('**/set-new-password/*', { timeout: 10000 })
+
+    assert.ok(page.url().includes('/set-new-password/'))
+    url = page.url()
+    const resetPasswordAuthentication = url.split('/').pop()!
+    await new Promise((r) => setTimeout(r, 100))
+    const ResetPasswordAuthentication = env.haveModel('passwordAuthentication', 'ResetPasswordAuthentication') as {
+      indexObjectGet: (index: string, key: string) => Promise<unknown>
+    }
+    const resetPasswordAuthenticationData = await ResetPasswordAuthentication.indexObjectGet('byKey', resetPasswordAuthentication)
+    assert.ok(resetPasswordAuthenticationData, 'reset password authentication created')
+
+    await page.getByText('Reset password').waitFor({ state: 'visible' })
+
+    const password =
+      passwordGenerator.generate({ length: 10, numbers: true }) + (Math.random() * 10).toFixed()
+    await page.locator('input[type="password"]').nth(0).fill(password)
+    await page.locator('input[type="password"]').nth(1).fill(password)
+    await page.click('button[type=submit]')
+    await page.waitForURL('**/reset-password-finished', { timeout: 10000 })
+    assert.ok(page.url().includes('/reset-password-finished'))
+  })
+})

package/e2e/resetPasswordWithEmailLink.test.ts

@@ -0,0 +1,60 @@
+import test from 'node:test'
+import assert from 'node:assert'
+import App from '@live-change/framework'
+import randomProfile from 'random-profile-generator'
+import passwordGenerator from 'generate-password'
+import { withBrowser } from './withBrowser.js'
+import { useSecretLink } from './steps.js'
+
+const app = App.app()
+const email = randomProfile.profile().firstName.toLowerCase() + '@test.com'
+
+test('reset password with email link', async () => {
+  await withBrowser(async (page, env) => {
+    const user = app.generateUid()
+
+    const User = env.haveModel('user', 'User')
+    const Email = env.haveModel('email', 'Email')
+
+    await User.create({ id: user, roles: [] })
+    await Email.create({ id: email, email, user })
+    await page.goto(env.url + '/', { waitUntil: 'networkidle' })
+
+    await page.goto(env.url + '/user/reset-password', { waitUntil: 'networkidle' })
+    await page.fill('input#email', email)
+    await page.click('button[type=submit]')
+    await page.waitForURL('**/sent/*', { timeout: 10000 })
+
+    assert.ok(page.url().includes('/sent'))
+    let url = page.url()
+    const authentication = url.split('/').pop()!
+
+    const authenticationData = await env.grabObject('messageAuthentication', 'Authentication', authentication)
+    assert.ok(authenticationData, 'authentication created')
+    assert.strictEqual((authenticationData as { messageData?: { user: string } })?.messageData?.user, user, 'authentication message data contains user')
+    assert.strictEqual((authenticationData as { actionProperties?: { user: string } })?.actionProperties?.user, user, 'authentication action properties contains user')
+
+    await useSecretLink(page, env, authentication, false)
+    await page.waitForURL('**/set-new-password/*', { timeout: 10000 })
+
+    assert.ok(page.url().includes('/set-new-password/'))
+    url = page.url()
+    const resetPasswordAuthentication = url.split('/').pop()!
+    await new Promise((r) => setTimeout(r, 100))
+    const ResetPasswordAuthentication = env.haveModel('passwordAuthentication', 'ResetPasswordAuthentication') as {
+      indexObjectGet: (index: string, key: string) => Promise<unknown>
+    }
+    const resetPasswordAuthenticationData = await ResetPasswordAuthentication.indexObjectGet('byKey', resetPasswordAuthentication)
+    assert.ok(resetPasswordAuthenticationData, 'reset password authentication created')
+
+    await page.getByText('Reset password').waitFor({ state: 'visible' })
+
+    const password =
+      passwordGenerator.generate({ length: 10, numbers: true }) + (Math.random() * 10).toFixed()
+    await page.locator('input[type="password"]').nth(0).fill(password)
+    await page.locator('input[type="password"]').nth(1).fill(password)
+    await page.click('button[type=submit]')
+    await page.waitForURL('**/reset-password-finished', { timeout: 10000 })
+    assert.ok(page.url().includes('/reset-password-finished'))
+  })
+})

package/e2e/setPassword.test.ts

@@ -0,0 +1,70 @@
+import test from 'node:test'
+import assert from 'node:assert'
+import App from '@live-change/framework'
+import randomProfile from 'random-profile-generator'
+import passwordGenerator from 'generate-password'
+import { withBrowser } from './withBrowser.js'
+
+const app = App.app()
+const name = randomProfile.profile().firstName.toLowerCase()
+const email = name + '@test.com'
+
+test('set password', async () => {
+  await withBrowser(async (page, env) => {
+    const user = app.generateUid()
+    const User = env.haveModel('user', 'User')
+    const Email = env.haveModel('email', 'Email')
+    const AuthenticatedUser = env.haveModel('user', 'AuthenticatedUser')
+    const PasswordAuthentication = env.haveModel('passwordAuthentication', 'PasswordAuthentication')
+
+    await User.create({ id: user, roles: [] })
+    await Email.create({ id: email, email, user })
+    await page.goto(env.url + '/', { waitUntil: 'networkidle' })
+    const session = await page.evaluate(
+      () => (window as unknown as { api: { client: { value: { session: string } } } }).api.client.value.session
+    )
+    await AuthenticatedUser.create({ id: session, user, session })
+
+    await page.reload({ waitUntil: 'networkidle' })
+    const clientUser = await page.evaluate(
+      () => (window as unknown as { api: { client: { value: { user: string } } } }).api.client.value.user
+    )
+    assert.strictEqual(user, clientUser, 'client logged in')
+
+    const emptyPasswordAuthenticationData = await PasswordAuthentication.get(user)
+    assert.strictEqual(emptyPasswordAuthenticationData, null, 'password not set')
+
+    await page.goto(env.url + '/user/settings/change-password', { waitUntil: 'networkidle' })
+    await page.getByText('Set password').waitFor({ state: 'visible' })
+
+    const firstPassword =
+      passwordGenerator.generate({ length: 10, numbers: true }) + (Math.random() * 10).toFixed()
+    await page.locator('input[type="password"]').nth(0).fill(firstPassword)
+    await page.locator('input[type="password"]').nth(1).fill(firstPassword)
+    await page.click('button[type=submit]')
+    assert.ok(page.url().includes('/user/settings/change-password-finished'))
+
+    await new Promise((r) => setTimeout(r, 200))
+    const firstPasswordAuthenticationData = await PasswordAuthentication.get(user)
+    assert.ok(firstPasswordAuthenticationData, 'password set')
+
+    await page.goto(env.url + '/user/settings/change-password', { waitUntil: 'networkidle' })
+    await page.getByText('Change password').waitFor({ state: 'visible' })
+
+    const secondPassword =
+      passwordGenerator.generate({ length: 10, numbers: true }) + (Math.random() * 10).toFixed()
+    await page.locator('input[type="password"]').nth(0).fill(firstPassword)
+    await page.locator('input[type="password"]').nth(1).fill(secondPassword)
+    await page.locator('input[type="password"]').nth(2).fill(secondPassword)
+    await page.click('button[type=submit]')
+
+    await new Promise((r) => setTimeout(r, 200))
+    const secondPasswordAuthenticationData = await PasswordAuthentication.get(user)
+    assert.ok(secondPasswordAuthenticationData, 'password set')
+    assert.notStrictEqual(
+      (secondPasswordAuthenticationData as { passwordHash: string }).passwordHash,
+      (firstPasswordAuthenticationData as { passwordHash: string }).passwordHash,
+      'password changed'
+    )
+  })
+})

package/e2e/signInEmailCode.test.ts

@@ -0,0 +1,58 @@
+import test from 'node:test'
+import assert from 'node:assert'
+import App from '@live-change/framework'
+import randomProfile from 'random-profile-generator'
+import { withBrowser } from './withBrowser.js'
+import { useSecretCode } from './steps.js'
+
+const app = App.app()
+const randomUserData = randomProfile.profile()
+;(randomUserData as { email?: string }).email =
+  (randomUserData as { firstName: string }).firstName.toLowerCase() + '@test.com'
+const happyPath = false
+
+test('sign in with email code', async () => {
+  await withBrowser(async (page, env) => {
+    const user = app.generateUid()
+    const email = (randomUserData as { email: string }).email
+
+    const User = env.haveModel('user', 'User')
+    const Email = env.haveModel('email', 'Email')
+
+    await User.create({ id: user, roles: [] })
+    await Email.create({ id: email, email, user })
+
+    await page.goto(env.url + '/user/sign-in-email', { waitUntil: 'networkidle' })
+    await page.fill('input#email', email)
+    await page.click('button[type=submit]')
+    await page.waitForURL('**/sent/*', { timeout: 10000 })
+
+    assert.ok(page.url().includes('/sent/'))
+    const url = page.url()
+    const authentication = url.split('/').pop()!
+
+    const authenticationData = await env.grabObject('messageAuthentication', 'Authentication', authentication)
+    assert.ok(authenticationData, 'authentication created')
+    assert.strictEqual((authenticationData as { messageData?: { user: string } })?.messageData?.user, user, 'authentication contains user')
+
+    await useSecretCode(page, env, authentication, happyPath)
+    await page.waitForURL('**/sign-in-finished', { timeout: 10000 })
+
+    assert.ok(page.url().includes('/user/sign-in-finished'))
+    const clientSession = await page.evaluate(
+      () => (window as unknown as { api: { client: { value: { session: string } } } }).api.client.value.session
+    )
+    const AuthenticatedUser = env.haveModel('user', 'AuthenticatedUser')
+    const authenticatedUserData = await AuthenticatedUser.get(clientSession)
+    assert.ok(authenticatedUserData, 'user authenticated server-side')
+    const clientUser = await page.evaluate(
+      () => (window as unknown as { api: { client: { value: { user: string } } } }).api.client.value.user
+    )
+    assert.strictEqual(clientUser, (authenticatedUserData as { user: string }).user, 'user authenticated')
+
+    if (!happyPath) {
+      await page.goto(url, { waitUntil: 'networkidle' })
+      assert.ok(page.url().includes('/user/sign-in-finished'))
+    }
+  })
+})

package/e2e/signInEmailLink.test.ts

@@ -0,0 +1,58 @@
+import test from 'node:test'
+import assert from 'node:assert'
+import App from '@live-change/framework'
+import randomProfile from 'random-profile-generator'
+import { withBrowser } from './withBrowser.js'
+import { useSecretLink } from './steps.js'
+
+const app = App.app()
+const randomUserData = randomProfile.profile()
+;(randomUserData as { email?: string }).email =
+  (randomUserData as { firstName: string }).firstName.toLowerCase() + '@test.com'
+const happyPath = false
+
+test('sign in with email link', async () => {
+  await withBrowser(async (page, env) => {
+    const user = app.generateUid()
+    const email = (randomUserData as { email: string }).email
+
+    const User = env.haveModel('user', 'User')
+    const Email = env.haveModel('email', 'Email')
+
+    await User.create({ id: user, roles: [] })
+    await Email.create({ id: email, email, user })
+
+    await page.goto(env.url + '/user/sign-in-email', { waitUntil: 'networkidle' })
+    await page.fill('input#email', email)
+    await page.click('button[type=submit]')
+    await page.waitForURL('**/sent/*', { timeout: 10000 })
+
+    assert.ok(page.url().includes('/sent/'))
+    const url = page.url()
+    const authentication = url.split('/').pop()!
+
+    const authenticationData = await env.grabObject('messageAuthentication', 'Authentication', authentication)
+    assert.ok(authenticationData, 'authentication created')
+    assert.strictEqual((authenticationData as { messageData?: { user: string } })?.messageData?.user, user, 'authentication contains user')
+
+    const linkData = await useSecretLink(page, env, authentication, happyPath)
+    await page.waitForURL('**/sign-in-finished', { timeout: 10000 })
+
+    assert.ok(page.url().includes('/user/sign-in-finished'))
+    const clientSession = await page.evaluate(
+      () => (window as unknown as { api: { client: { value: { session: string } } } }).api.client.value.session
+    )
+    const AuthenticatedUser = env.haveModel('user', 'AuthenticatedUser')
+    const authenticatedUserData = await AuthenticatedUser.get(clientSession)
+    assert.ok(authenticatedUserData, 'user authenticated server-side')
+    const clientUser = await page.evaluate(
+      () => (window as unknown as { api: { client: { value: { user: string } } } }).api.client.value.user
+    )
+    assert.strictEqual(clientUser, (authenticatedUserData as { user: string }).user, 'user authenticated')
+
+    if (!happyPath) {
+      await page.goto(env.url + '/user/link/' + linkData.secretCode, { waitUntil: 'networkidle' })
+      await page.getByText('Link used').waitFor({ state: 'visible' })
+    }
+  })
+})