tests: add e2e test for one time access tokens

backend/internal/service/test_service.go

@@ -57,6 +57,29 @@ func (s *TestService) SeedDatabase() error {
 			}
 		}
 
+		oneTimeAccessTokens := []model.OneTimeAccessToken{{
+			Base: model.Base{
+				ID: "bf877753-4ea4-4c9c-bbbd-e198bb201cb8",
+			},
+			Token:     "HPe6k6uiDRRVuAQV",
+			ExpiresAt: datatype.DateTime(time.Now().Add(1 * time.Hour)),
+			UserID:    users[0].ID,
+		},
+			{
+				Base: model.Base{
+					ID: "d3afae24-fe2d-4a98-abec-cf0b8525096a",
+				},
+				Token:     "YCGDtftvsvYWiXd0",
+				ExpiresAt: datatype.DateTime(time.Now().Add(-1 * time.Second)), // expired
+				UserID:    users[0].ID,
+			},
+		}
+		for _, token := range oneTimeAccessTokens {
+			if err := tx.Create(&token).Error; err != nil {
+				return err
+			}
+		}
+
 		userGroups := []model.UserGroup{
 			{
 				Base: model.Base{

frontend/tests/data.ts

@@ -55,3 +55,8 @@ export const userGroups = {
 		name: 'human_resources'
 	}
 };
+
+export const oneTimeAccessTokens = [
+	{ token: 'HPe6k6uiDRRVuAQV', expired: false },
+	{ token: 'YCGDtftvsvYWiXd0', expired: true }
+];

frontend/tests/one-time-access-token.spec.ts

@@ -0,0 +1,21 @@
+import test, { expect } from '@playwright/test';
+import { oneTimeAccessTokens } from './data';
+
+// Disable authentication for these tests
+test.use({ storageState: { cookies: [], origins: [] } });
+
+test('Sign in with one time access token', async ({ page }) => {
+	const token = oneTimeAccessTokens.filter((t) => !t.expired)[0];
+	await page.goto(`/login/${token.token}`);
+
+	await page.getByRole('button', { name: 'Continue' }).click();
+	await page.waitForURL('/settings/account');
+});
+
+test('Sign in with expired one time access token fails', async ({ page }) => {
+	const token = oneTimeAccessTokens.filter((t) => t.expired)[0];
+	await page.goto(`/login/${token.token}`);
+
+	await page.getByRole('button', { name: 'Continue' }).click();
+	await expect(page.getByRole('status')).toHaveText('Token is invalid or expired');
+});