fix(e2e): use dedicated reset user instead of admin in password-reset test

Introduces a separate reset@familyarchive.local / reset123 seed account (e2e profile only) so the password-reset flow test never touches the shared admin credentials. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-05 21:17:00 +02:00
parent f14c8b9eea
commit 39e7ee2c71
2 changed files with 20 additions and 4 deletions
--- a/backend/src/main/java/org/raddatz/familienarchiv/user/UserDataInitializer.java
+++ b/backend/src/main/java/org/raddatz/familienarchiv/user/UserDataInitializer.java
@@ -102,6 +102,21 @@ public class UserDataInitializer {
                log.info("E2E seed: 'reader'-Testbenutzer erstellt.");
            }

+            if (userRepository.findByEmail("reset@familyarchive.local").isEmpty()) {
+                log.info("E2E seed: Erstelle 'reset'-Testbenutzer...");
+                UserGroup leserGroup = groupRepository.findByName("Leser").orElseGet(() ->
+                        groupRepository.save(UserGroup.builder()
+                                .name("Leser")
+                                .permissions(Set.of("READ_ALL"))
+                                .build()));
+                userRepository.save(AppUser.builder()
+                        .email("reset@familyarchive.local")
+                        .password(passwordEncoder.encode("reset123"))
+                        .groups(Set.of(leserGroup))
+                        .build());
+                log.info("E2E seed: 'reset'-Testbenutzer erstellt.");
+            }
+
            if (personRepo.count() > 0) {
                log.info("E2E seed: Personendaten bereits vorhanden, überspringe Dokument-Seed.");
                return;
--- a/frontend/e2e/password-reset.spec.ts
+++ b/frontend/e2e/password-reset.spec.ts
@@ -42,8 +42,9 @@ test.describe('Password reset', () => {
 	});

 	test('full password reset flow', async ({ page }) => {
-		const testEmail = process.env.E2E_EMAIL ?? 'admin@familyarchive.local';
-		const originalPassword = process.env.E2E_PASSWORD ?? 'admin123';
+		// Uses a dedicated low-privilege test account so the admin account is never touched.
+		const testEmail = 'reset@familyarchive.local';
+		const originalPassword = 'reset123';
 		const newPassword = 'NewP@ssw0rd_E2E!';

 		// 1. Request reset
@@ -70,7 +71,7 @@ test.describe('Password reset', () => {

 		// 5. Log in with new password
 		await expect(page).toHaveURL(/\/login/);
-		await page.getByLabel('Benutzername').fill(process.env.E2E_USERNAME ?? 'admin');
+		await page.getByLabel('Benutzername').fill(testEmail);
 		await page.getByLabel('Passwort').fill(newPassword);
 		await page.getByRole('button', { name: 'Anmelden' }).click();
 		await expect(page).toHaveURL('/');
@@ -85,7 +86,7 @@ test.describe('Password reset', () => {
 		await expect(page).toHaveURL(/\/login/);

 		// 7. Log back in with original password to confirm restore worked
-		await page.getByLabel('Benutzername').fill(process.env.E2E_USERNAME ?? 'admin');
+		await page.getByLabel('Benutzername').fill(testEmail);
 		await page.getByLabel('Passwort').fill(originalPassword);
 		await page.getByRole('button', { name: 'Anmelden' }).click();
 		await expect(page).toHaveURL('/');