diff --git a/src/porchlight/app.py b/src/porchlight/app.py index d399923..91bb490 100644 --- a/src/porchlight/app.py +++ b/src/porchlight/app.py @@ -128,7 +128,6 @@ def create_app(settings: Settings | None = None) -> FastAPI: ) # Rate limiting - limiter.enabled = settings.rate_limit_enabled app.state.limiter = limiter @app.exception_handler(RateLimitExceeded) diff --git a/src/porchlight/config.py b/src/porchlight/config.py index 38fb597..90e036e 100644 --- a/src/porchlight/config.py +++ b/src/porchlight/config.py @@ -52,9 +52,6 @@ class Settings(BaseSettings): # Magic links invite_ttl: int = 86400 # seconds - # Rate limiting (disable for e2e/load tests that authenticate repeatedly) - rate_limit_enabled: bool = True - # Signing keys signing_key_path: str = "data/keys" diff --git a/src/porchlight/templates/manage/credentials.html b/src/porchlight/templates/manage/credentials.html index a37221e..6d4c269 100644 --- a/src/porchlight/templates/manage/credentials.html +++ b/src/porchlight/templates/manage/credentials.html @@ -38,8 +38,7 @@ {% else %}

No password set.

{% endif %} -
-
+ {% if has_password %}
diff --git a/tests/e2e/credentials.spec.js b/tests/e2e/credentials.spec.js index bc5fd3f..0270822 100644 --- a/tests/e2e/credentials.spec.js +++ b/tests/e2e/credentials.spec.js @@ -42,7 +42,6 @@ test.describe('Credentials page', () => { test.describe('Password validation', () => { test('shows mismatch error', async ({ page }) => { - await page.fill('#current_password', fixtures.cred_password); await page.fill('#password', 'newpassword1'); await page.fill('#confirm', 'newpassword2'); await page.click('#password-section button[type="submit"]'); @@ -52,23 +51,6 @@ test.describe('Credentials page', () => { await expect(alert).toContainText('do not match'); }); - test('keeps the password form visible after a validation error', async ({ page }) => { - await page.fill('#current_password', fixtures.cred_password); - await page.fill('#password', 'newpassword1'); - await page.fill('#confirm', 'newpassword2'); - await page.click('#password-section button[type="submit"]'); - - const alert = page.locator('#password-section [role="alert"]'); - await expect(alert).toBeVisible({ timeout: 5000 }); - - // Regression: the form and its inputs must NOT disappear on error. - await expect(page.locator('#password')).toBeVisible(); - await expect(page.locator('#confirm')).toBeVisible(); - await expect( - page.locator('#password-section button[type="submit"]'), - ).toBeVisible(); - }); - test('password input has minlength="8"', async ({ page }) => { await expect(page.locator('#password')).toHaveAttribute('minlength', '8'); }); @@ -80,9 +62,8 @@ test.describe('Credentials page', () => { test.describe('Password change', () => { test('succeeds with matching passwords', async ({ page }) => { - await page.fill('#current_password', fixtures.cred_password); - await page.fill('#password', 'purple-tiger-mountain-42'); - await page.fill('#confirm', 'purple-tiger-mountain-42'); + await page.fill('#password', 'newpassword123'); + await page.fill('#confirm', 'newpassword123'); await page.click('#password-section button[type="submit"]'); const status = page.locator('#password-section [role="status"]'); diff --git a/tests/e2e/full-flow.spec.js b/tests/e2e/full-flow.spec.js index be797d2..5d472f6 100644 --- a/tests/e2e/full-flow.spec.js +++ b/tests/e2e/full-flow.spec.js @@ -30,8 +30,8 @@ test.describe('Full user journey', () => { await expect(passwordInput).toBeVisible(); await expect(confirmInput).toBeVisible(); - await passwordInput.fill('purple-tiger-mountain-42'); - await confirmInput.fill('purple-tiger-mountain-42'); + await passwordInput.fill('mypassword123'); + await confirmInput.fill('mypassword123'); await page.click('#password-section button[type="submit"]'); // Wait for success message @@ -51,7 +51,7 @@ test.describe('Full user journey', () => { // ---- Step 4: Login with the password we just set ---- await page.fill('#username', fixtures.register_username); - await page.fill('#password', 'purple-tiger-mountain-42'); + await page.fill('#password', 'mypassword123'); await page.click('form[hx-post="/login/password"] button[type="submit"]'); // Wait for redirect to credentials page diff --git a/tests/e2e/run.sh b/tests/e2e/run.sh index 7b6156e..7a9f9b4 100755 --- a/tests/e2e/run.sh +++ b/tests/e2e/run.sh @@ -28,7 +28,6 @@ echo "Starting Porchlight on port ${PORT}..." echo " DB: ${OIDC_OP_SQLITE_PATH}" OIDC_OP_ISSUER="${TARGET_URL}" \ OIDC_OP_DEBUG=true \ -OIDC_OP_RATE_LIMIT_ENABLED=false \ uv run --directory "$PROJECT_ROOT" \ uvicorn porchlight.app:create_app \ --factory --host 127.0.0.1 --port "$PORT" \