fix(e2e): use dedicated reset user instead of admin in password-reset test

Introduces a separate reset@familyarchive.local / reset123 seed account (e2e profile only) so the password-reset flow test never touches the shared admin credentials. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-05 21:17:00 +02:00
parent f14c8b9eea
commit 39e7ee2c71
2 changed files with 20 additions and 4 deletions
--- a/frontend/e2e/password-reset.spec.ts
+++ b/frontend/e2e/password-reset.spec.ts
@@ -42,8 +42,9 @@ test.describe('Password reset', () => {
 	});

 	test('full password reset flow', async ({ page }) => {
-		const testEmail = process.env.E2E_EMAIL ?? 'admin@familyarchive.local';
-		const originalPassword = process.env.E2E_PASSWORD ?? 'admin123';
+		// Uses a dedicated low-privilege test account so the admin account is never touched.
+		const testEmail = 'reset@familyarchive.local';
+		const originalPassword = 'reset123';
 		const newPassword = 'NewP@ssw0rd_E2E!';

 		// 1. Request reset
@@ -70,7 +71,7 @@ test.describe('Password reset', () => {

 		// 5. Log in with new password
 		await expect(page).toHaveURL(/\/login/);
-		await page.getByLabel('Benutzername').fill(process.env.E2E_USERNAME ?? 'admin');
+		await page.getByLabel('Benutzername').fill(testEmail);
 		await page.getByLabel('Passwort').fill(newPassword);
 		await page.getByRole('button', { name: 'Anmelden' }).click();
 		await expect(page).toHaveURL('/');
@@ -85,7 +86,7 @@ test.describe('Password reset', () => {
 		await expect(page).toHaveURL(/\/login/);

 		// 7. Log back in with original password to confirm restore worked
-		await page.getByLabel('Benutzername').fill(process.env.E2E_USERNAME ?? 'admin');
+		await page.getByLabel('Benutzername').fill(testEmail);
 		await page.getByLabel('Passwort').fill(originalPassword);
 		await page.getByRole('button', { name: 'Anmelden' }).click();
 		await expect(page).toHaveURL('/');