The CSRF middleware added to main after the admin-pages branch was
created caused all admin test POSTs/DELETEs to be rejected. Add
get_csrf_token() calls and X-CSRF-Token headers to login helpers and
all mutation requests, matching the pattern used by other tests.
Add /manage/profile page where authenticated users can view and edit
their OIDC profile fields (given_name, family_name, preferred_username,
email, phone_number, picture, locale).
- Create manage/base.html with tab-style nav for Profile/Credentials
- Update credentials.html to extend manage/base.html
- Add GET/POST routes with server-side validation
- Add input styling for tel and url input types
- Add profile test user with pre-filled data in setup_db.py
- Add 19 E2E tests covering structure, navigation, updates, validation
- All 76 E2E tests and 172 Python tests pass
- Use localhost instead of 127.0.0.1 as TARGET_URL so the WebAuthn RP ID
is a valid domain (the spec forbids IP addresses)
- Replace request.post('/logout') with page.context().clearCookies() since
Playwright's request fixture has a separate cookie jar from the page
- Add registerPasskey() helper that waits for 'load' event to reliably
detect the page reload after successful registration
- Track credential count with getCredentialCount() since credentials
accumulate across serial tests sharing the same database
- Fix login.spec.js selector from #webauthn-login-form to #webauthn-login-btn
to match the actual template
All 57 E2E tests now pass (50 migrated + 7 WebAuthn).
Replace direct playwright dependency with @playwright/test and add
playwright.config.js for centralized test configuration. Update run.sh
to invoke 'npx playwright test' instead of running test files with node.
Extract shared test runner (helpers.js), add file-based SQLite with
setup_db.py for fixture seeding, and add tests for auth guard, credentials
management, full registration flow, health endpoint, password auth, and
magic link registration errors. 66 checks across 7 test files.
Set up tests/e2e/ with a login page test covering branding, accessibility,
form structure, theme colors, and static asset serving. Includes run.sh
that manages the app lifecycle (start, test, stop) automatically.
Rebrand from FastAPI OIDC OP to Porchlight with warm amber/gold identity:
- Add doorway-with-light SVG logo and 32x32 PNG favicon
- Rewrite style.css with full design system (color tokens, spacing scale,
typography scale, section cards, button variants, dark mode)
- Update base template with site header, logo, and favicon
- Update all page titles and FastAPI app title to Porchlight
