fix: Svelte 5 test event delegation + login auth regression #46

Merged

marcel merged 2 commits from fix/svelte5-test-delegation-and-login-auth into main 2026-03-22 14:56:14 +01:00

Conversation 0 Commits 2 Files Changed 11 +153 -56

marcel commented 2026-03-22 14:53:54 +01:00

Owner

Copy Link

Summary

• Fix Svelte 5 test failures: Playwright locator .click() dispatches events via the CDP bridge which doesn't trigger Svelte 5's $.delegated event handlers. Replaced all affected locator clicks with native element.click() / element.focus() DOM calls. Also added missing cleanup() to afterEach in several spec files, and fixed TagInput.svelte to use untrack() when reading bindable state after an await.
• Fix login regression: handleFetch was short-circuiting with 401 for any API request without an auth_token cookie — which blocked the login action itself, since it explicitly sends Basic auth credentials before a cookie exists. Fix: pass requests that already carry an Authorization header straight through to the backend.

Test plan

• Run npm run test in frontend/ — all 142 tests should pass
• Open the app, log in with valid credentials — should redirect to / instead of staying on /login?/login
• Open the app, log in with invalid credentials — should show the error message on the login page

## Summary - **Fix Svelte 5 test failures**: Playwright locator `.click()` dispatches events via the CDP bridge which doesn't trigger Svelte 5's `$.delegated` event handlers. Replaced all affected locator clicks with native `element.click()` / `element.focus()` DOM calls. Also added missing `cleanup()` to `afterEach` in several spec files, and fixed `TagInput.svelte` to use `untrack()` when reading bindable state after an `await`. - **Fix login regression**: `handleFetch` was short-circuiting with `401` for any API request without an `auth_token` cookie — which blocked the login action itself, since it explicitly sends Basic auth credentials before a cookie exists. Fix: pass requests that already carry an `Authorization` header straight through to the backend. ## Test plan - [ ] Run `npm run test` in `frontend/` — all 142 tests should pass - [ ] Open the app, log in with valid credentials — should redirect to `/` instead of staying on `/login?/login` - [ ] Open the app, log in with invalid credentials — should show the error message on the login page

marcel changed target branch from feat/35-profile-page to main 2026-03-22 14:54:38 +01:00

marcel added 2 commits 2026-03-22 14:54:38 +01:00

fix(tests): fix Svelte 5 event delegation not firing via Playwright locator clicks ... f6634f1d00

Replace Playwright locator .click() calls with native DOM element.click()
for all tests that trigger Svelte 5 delegated onclick handlers ($.delegated).
Playwright's CDP-based synthetic events don't propagate through Svelte 5's
document-level handle_event_propagation delegation mechanism, while native
DOM .click() does.

Also replace locator.click() with element.focus() for onfocus handler tests,
and add cleanup() to afterEach in all spec files missing it to prevent test
pollution between runs. Fix TagInput.svelte to use untrack() when reading
bindable state after an await to avoid track_reactivity_loss errors.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

fix(auth): pass through explicit Authorization header in handleFetch ... 9731afb776

The login action sends Basic auth via an explicit Authorization header.
handleFetch was intercepting this request and returning 401 because no
auth_token cookie exists yet (the user isn't logged in), never forwarding
the credentials to the backend.

Fix: if the outgoing request already has an Authorization header, pass it
through unchanged. Only inject the cookie-based token for requests that
don't provide their own auth.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

marcel merged commit 9731afb776 into main 2026-03-22 14:56:14 +01:00

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

Clear labels

P0-critical

Blocks a core user journey, causes data loss, or is a security/accessibility barrier. Work on this before P1+.

P1-high

Significant friction on a main user journey; workaround exists but is non-obvious. Next up after P0.

P2-medium

Noticeable improvement; doesn't block anything; schedule opportunistically.

P3-later

Cosmetic or parking-lot work; fine to stay open indefinitely.

audit

Read-only audit / assessment work; produces a report rather than changing code

bug

Something isn't working

cleanup

Removal of dead code, vague comments, naming violations, and scratch artifacts

collaboration

We want to extend the family archive to have more collaboration tools

conversation

descoped

We will do that later

devops

documentation

README, ARCHITECTURE, GLOSSARY, CONTRIBUTING, per-domain docs

epic

Marker for epic-level issues that group multiple child issues

feature

file-upload

legibility

Codebase Legibility Refactor — preparing the codebase for human evaluation and bus-factor reduction

notification

person

phase-1: security

Security hygiene — must be done first

phase-2: container-images

Production-ready multi-stage Docker images

phase-3: prod-compose

Production compose overlay + Caddy reverse proxy

phase-4: spring-prod-profile

Spring Boot production configuration profile

phase-5: backups

Database and object storage backup strategy

phase-6: deployment-docs

.env.example, DEPLOYMENT.md, runbook

phase-7: monitoring

Prometheus, Loki, Grafana, Alertmanager

refactor

Code restructuring without behaviour change

security

test

ui

UI/UX and accessibility issues

user

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Jens marcel

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: marcel/familienarchiv#46