add e2e tests

tests/data.ts

@@ -92,6 +92,11 @@ export const oneTimeAccessTokens = [
 	{ token: 'YCGDtftvsvYWiXd0', expired: true }
 ];
 
+export const emailVerificationTokens = [
+	{ token: '2FZFSoupBdHyqIL65bWTsgCgHIhxlXup', expired: false },
+	{ token: 'EXPIRED1234567890ABCDE', expired: true }
+];
+
 export const apiKeys = [
 	{
 		id: '5f1fa856-c164-4295-961e-175a0d22d725',

tests/resources/export/database.json

@@ -1,6 +1,6 @@
 {
 	"provider": "sqlite",
-	"version": 20260106140900,
+	"version": 20260109090200,
 	"tableOrder": ["users", "user_groups", "oidc_clients", "signup_tokens"],
 	"tables": {
 		"api_keys": [
@@ -316,7 +316,7 @@
 				"disabled": false,
 				"display_name": "Craig Federighi",
 				"email": "craig.federighi@test.com",
-				"email_verified": true,
+				"email_verified": false,
 				"first_name": "Craig",
 				"id": "1cd19686-f9a6-43f4-a41f-14a0bf5b4036",
 				"is_admin": false,
@@ -376,6 +376,22 @@
 				"id": "267f6907-7bc8-4ea1-9d47-c42a172dc1c7",
 				"user_verification": "preferred"
 			}
+		],
+		"email_verification_tokens": [
+			{
+				"created_at": "2025-11-25T12:39:02Z",
+				"expires_at": "2025-11-26T12:39:02Z",
+				"id": "ef9ca469-b178-4857-bd39-26639dca45de",
+				"token": "2FZFSoupBdHyqIL65bWTsgCgHIhxlXup",
+				"user_id": "1cd19686-f9a6-43f4-a41f-14a0bf5b4036"
+			},
+			{
+				"created_at": "2025-11-24T12:39:02Z",
+				"expires_at": "2025-11-25T12:39:02Z",
+				"id": "a3dcb4d2-7f3c-4e8a-9f4d-5b6c7d8e9f00",
+				"token": "EXPIRED1234567890ABCDE",
+				"user_id": "1cd19686-f9a6-43f4-a41f-14a0bf5b4036"
+			}
 		]
 	}
 }

tests/specs/account-settings.spec.ts

@@ -1,5 +1,5 @@
 import test, { expect } from '@playwright/test';
-import { users } from '../data';
+import { emailVerificationTokens, users } from '../data';
 import authUtil from '../utils/auth.util';
 import { cleanupBackend } from '../utils/cleanup.util';
 import passkeyUtil from '../utils/passkey.util';
@@ -128,3 +128,31 @@ test('Generate own one time access token as non admin', async ({ page, context }
 	await page.goto(link!);
 	await page.waitForURL('/settings/account');
 });
+
+test('Email verification succeeds', async ({ page, context }) => {
+	await context.clearCookies();
+
+	const token = emailVerificationTokens.find((t) => !t.expired)!.token;
+	await page.goto(`/verify-email?token=${token}`);
+	await (await passkeyUtil.init(page)).addPasskey('craig');
+
+	await page.getByRole('button', { name: 'Authenticate' }).click();
+	await page.waitForURL('/settings/account?emailVerificationState=success');
+
+	await expect(page.getByText('Email Verified Successfully')).toBeVisible();
+});
+
+test('Email verification fails with expired token', async ({ page, context }) => {
+	await context.clearCookies();
+
+	const token = emailVerificationTokens.find((t) => t.expired)!.token;
+	await page.goto(`/verify-email?token=${token}`);
+	await (await passkeyUtil.init(page)).addPasskey('craig');
+
+	await page.getByRole('button', { name: 'Authenticate' }).click();
+	await page.waitForURL(
+		'/settings/account?emailVerificationState=Invalid+email+verification+token'
+	);
+
+	await expect(page.getByText('Invalid email verification token')).toBeVisible();
+});

tests/specs/oidc.spec.ts

@@ -113,7 +113,7 @@ test('End session without id token hint shows confirmation page', async ({ page
 	await expect(page).toHaveURL('/logout');
 	await page.getByRole('button', { name: 'Sign out' }).click();
 
-	await expect(page).toHaveURL('/login?redirect=%2F"');
+	await expect(page).toHaveURL('/login?redirect=%2F');
 });
 
 test('End session with id token hint redirects to callback URL', async ({ page }) => {