import { test, expect } from '@playwright/test'; const API = '/api'; const PASSWORD = 'testpass123'; async function login(request: import('@playwright/test').APIRequestContext, username: string) { const res = await request.post(`${API}/auth/login`, { data: { username, password: PASSWORD }, }); const json = await res.json(); expect(json.ok).toBe(true); return json.data.token as string; } test.describe('Android API – app_questionnaires (HTTP smoke)', () => { test('list active questionnaires over HTTP', async ({ request }) => { const token = await login(request, 'testcoach1'); const res = await request.get(`${API}/app_questionnaires`, { headers: { Authorization: `Bearer ${token}` }, }); expect(res.ok()).toBeTruthy(); const json = await res.json(); expect(json.ok).toBe(true); expect(json.data.some((q: { id: string }) => q.id === 'questionnaire_test_demo')).toBe(true); }); test('missing bearer returns 401', async ({ request }) => { const res = await request.get(`${API}/app_questionnaires`); expect(res.status()).toBe(401); }); test('password change flow', async ({ request }) => { const loginRes = await request.post(`${API}/auth/login`, { data: { username: 'testmustchange', password: PASSWORD }, }); const loginJson = await loginRes.json(); expect(loginJson.data.mustChangePassword).toBe(true); const tempToken = loginJson.data.token as string; let fullToken: string | undefined; try { const blocked = await request.get(`${API}/app_questionnaires`, { headers: { Authorization: `Bearer ${tempToken}` }, }); expect(blocked.status()).toBe(403); const changeRes = await request.post(`${API}/auth/change-password`, { headers: { Authorization: `Bearer ${tempToken}` }, data: { username: 'testmustchange', old_password: PASSWORD, new_password: 'newpass123', }, }); const changeJson = await changeRes.json(); expect(changeJson.ok).toBe(true); fullToken = changeJson.data.token as string; const ok = await request.get(`${API}/app_questionnaires`, { headers: { Authorization: `Bearer ${fullToken}` }, }); expect(ok.ok()).toBeTruthy(); } finally { if (fullToken) { await request.post(`${API}/auth/change-password`, { headers: { Authorization: `Bearer ${fullToken}` }, data: { username: 'testmustchange', old_password: 'newpass123', new_password: PASSWORD, }, }); } } }); });