From 50818f3ac9d81f7fffa114da8c8025bcd3fc0105 Mon Sep 17 00:00:00 2001
From: Mikko Heikkinen <hawk@biomi.org>
Date: Thu, 25 Jul 2024 16:16:50 +0300
Subject: [PATCH] Test giving invalid token

---
 README.md                      | 3 +--
 tests-playwright/test_login.py | 8 ++++++++
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index af18aff..4d88cb0 100644
--- a/README.md
+++ b/README.md
@@ -94,8 +94,7 @@ Note that in order to create MariaDB database on Rahti, PHPMyAdmin data dump doe
 
 - Test:
     - Automated testing with Playwright
-        - Admin editing challenges
-    - Giving malicious login token
+        - Admin editing challenges (requires setting up admin username limited to this system & saving that to Playwright env)
 - For 2025:
     - Handling higher taxa (is uses adds rikkavoikukka, don't add voikukat to taxon_count)
     - Accessibility
diff --git a/tests-playwright/test_login.py b/tests-playwright/test_login.py
index ba07c24..a81127a 100644
--- a/tests-playwright/test_login.py
+++ b/tests-playwright/test_login.py
@@ -210,3 +210,11 @@ def test_teardown(browser):
     os.remove(state_file)
     
 
+# Non-real token
+def test_token(browser):
+    context = browser.new_context()
+    page = context.new_page()
+
+    page.goto("http://web:8081/login?token=nonrealtoken")
+    page.wait_for_selector('body')
+    assert "Kirjautuminen epäonnistui" in page.content()