Add assertions to tests to ensure previous request finished.

Author: simi

test/application_system_test_case.rb

@@ -14,4 +14,20 @@ class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
   else
     driven_by :selenium, using: :headless_chrome, screen_size: [1400, 1400]
   end
+
+  def sign_in
+    visit sign_in_path
+    fill_in "Email or Username", with: @user.reload.email
+    fill_in "Password", with: @user.password
+    click_button "Sign in"
+
+    assert page.has_content?("Dashboard")
+  end
+
+  def sign_out
+    reset_session!
+    visit "/"
+
+    assert page.has_content?("Sign in".upcase)
+  end
 end

test/integration/email_confirmation_test.rb

@@ -14,6 +14,8 @@ def request_confirmation_mail(email)
     click_link "Didn't receive confirmation mail?"
     fill_in "Email address", with: email
     click_button "Resend Confirmation"
+
+    assert page.has_content? "We will email you confirmation link to activate your account if one exists."
   end
 
   test "requesting confirmation mail does not tell if a user exists" do

test/integration/password_reset_test.rb

@@ -18,7 +18,11 @@ def forgot_password_with(email)
 
     click_link "Forgot password?"
     fill_in "Email address", with: email
-    perform_enqueued_jobs { click_button "Reset password" }
+    perform_enqueued_jobs do
+      click_button "Reset password"
+
+      assert page.has_content? "You will receive an email within the next few minutes."
+    end
   end
 
   test "reset password form does not tell if a user exists" do

test/system/api_keys_test.rb

@@ -9,6 +9,8 @@ class ApiKeysTest < ApplicationSystemTestCase
     fill_in "Email or Username", with: @user.email
     fill_in "Password", with: @user.password
     click_button "Sign in"
+
+    assert page.has_content?("Dashboard")
   end
 
   test "creating new api key" do
@@ -41,6 +43,8 @@ class ApiKeysTest < ApplicationSystemTestCase
     visit_profile_api_keys_path
     click_button "New API key"
 
+    assert page.has_content?("New API key")
+
     assert_empty URI.parse(page.current_url).query
 
     fill_in "api_key[name]", with: "test"
@@ -194,6 +198,7 @@ class ApiKeysTest < ApplicationSystemTestCase
     refute page.has_content? "Enable MFA"
     click_button "Update API Key"
 
+    assert page.has_content?("Successfully updated API key")
     assert_predicate api_key.reload, :can_add_owner?
   end
 
@@ -208,6 +213,7 @@ class ApiKeysTest < ApplicationSystemTestCase
     page.select "All Gems"
     click_button "Update API Key"
 
+    assert page.has_content?("Successfully updated API key")
     assert_equal "All Gems", page.find('.owners__cell[data-title="Gem"]').text
     assert_nil api_key.reload.rubygem
   end
@@ -225,6 +231,7 @@ class ApiKeysTest < ApplicationSystemTestCase
     assert page.has_select? "api_key_rubygem_id", selected: "All Gems", disabled: true
     click_button "Update API Key"
 
+    assert page.has_content?("Successfully updated API key")
     assert_nil api_key.reload.rubygem
   end
 
@@ -243,6 +250,7 @@ class ApiKeysTest < ApplicationSystemTestCase
     page.select @ownership.rubygem.name
     click_button "Update API Key"
 
+    assert page.has_content?("Successfully updated API key")
     assert_equal api_key.reload.rubygem, @ownership.rubygem
   end
 
@@ -278,6 +286,7 @@ class ApiKeysTest < ApplicationSystemTestCase
     check "mfa"
     click_button "Update API Key"
 
+    assert page.has_content?("Successfully updated API key")
     assert_predicate api_key.reload, :can_add_owner?
     assert_predicate @user.api_keys.last, :mfa_enabled?
   end
@@ -296,6 +305,7 @@ class ApiKeysTest < ApplicationSystemTestCase
     refute page.has_content? "Enable MFA"
     click_button "Update API Key"
 
+    assert page.has_content?("Successfully updated API key")
     assert_predicate api_key.reload, :can_add_owner?
     assert_predicate @user.api_keys.last, :mfa_enabled?
   end

test/system/multifactor_auths_test.rb

@@ -69,7 +69,11 @@ class MultifactorAuthsTest < ApplicationSystemTestCase
       end
 
       should "user with mfa disabled gets redirected back to new api keys pages after setting up mfa" do
-        redirect_test_mfa_disabled(new_profile_api_key_path) { verify_password }
+        redirect_test_mfa_disabled(new_profile_api_key_path) do
+          verify_password
+
+          assert page.has_content?("New API key")
+        end
       end
 
       should "user with mfa disabled gets redirected back to notifier pages after setting up mfa" do
@@ -78,7 +82,11 @@ class MultifactorAuthsTest < ApplicationSystemTestCase
 
       should "user with mfa disabled gets redirected back to profile api keys pages after setting up mfa" do
         create(:api_key, scopes: %i[push_rubygem], owner: @user, ownership: @ownership)
-        redirect_test_mfa_disabled(profile_api_keys_path) { verify_password }
+        redirect_test_mfa_disabled(profile_api_keys_path) do
+          verify_password
+
+          assert page.has_content?("API keys")
+        end
       end
 
       should "user with mfa disabled gets redirected back to verify session pages after setting up mfa" do
@@ -100,7 +108,11 @@ class MultifactorAuthsTest < ApplicationSystemTestCase
       end
 
       should "user gets redirected back to new api keys pages after setting up mfa" do
-        redirect_test_mfa_weak_level(new_profile_api_key_path) { verify_password }
+        redirect_test_mfa_weak_level(new_profile_api_key_path) do
+          verify_password
+
+          assert page.has_content?("New API key")
+        end
       end
 
       should "user gets redirected back to notifier pages after setting up mfa" do
@@ -109,7 +121,11 @@ class MultifactorAuthsTest < ApplicationSystemTestCase
 
       should "user gets redirected back to profile api keys pages after setting up mfa" do
         create(:api_key, scopes: %i[push_rubygem], owner: @user, ownership: @ownership)
-        redirect_test_mfa_weak_level(profile_api_keys_path) { verify_password }
+        redirect_test_mfa_weak_level(profile_api_keys_path) do
+          verify_password
+
+          assert page.has_content?("API keys")
+        end
       end
 
       should "user gets redirected back to verify session pages after setting up mfa" do
@@ -157,7 +173,7 @@ class MultifactorAuthsTest < ApplicationSystemTestCase
   end
 
   def redirect_test_mfa_disabled(path)
-    sign_in
+    sign_in(wait_for: "For protection of your account and your gems, you are required to set up multi-factor authentication.")
     visit path
 
     assert(page.has_content?("you are required to set up multi-factor authentication"))
@@ -175,7 +191,7 @@ def redirect_test_mfa_disabled(path)
   end
 
   def redirect_test_mfa_weak_level(path)
-    sign_in
+    sign_in(wait_for: "For protection of your account and your gems, you are required to set up multi-factor authentication.")
     @user.enable_totp!(@seed, :ui_only)
     visit path
 
@@ -186,16 +202,20 @@ def redirect_test_mfa_weak_level(path)
 
     click_button "Authenticate"
 
+    assert page.has_content?("You have successfully updated your multi-factor authentication level.")
+
     yield if block_given?
 
     assert_equal path, current_path, "was not redirected back to original destination: #{path}"
   end
 
-  def sign_in
+  def sign_in(wait_for: "Dashboard")
     visit sign_in_path
     fill_in "Email or Username", with: @user.reload.email
     fill_in "Password", with: @user.password
     click_button "Sign in"
+
+    assert page.has_content?(wait_for)
   end
 
   def otp_key

test/system/oidc_test.rb

@@ -8,16 +8,6 @@ class OIDCTest < ApplicationSystemTestCase
     @id_token = create(:oidc_id_token, user: @user, api_key_role: @api_key_role)
   end
 
-  def sign_in # rubocop:disable Minitest/TestMethodName
-    visit sign_in_path
-    fill_in "Email or Username", with: @user.reload.email
-    fill_in "Password", with: @user.password
-    click_button "Sign in"
-
-    # Wait for the reload and confirm the sign in worked
-    page.assert_selector "h1", text: "Dashboard"
-  end
-
   def verify_session # rubocop:disable Minitest/TestMethodName
     page.assert_title(/^Confirm Password/)
     fill_in "Password", with: @user.password

test/system/profile_test.rb

@@ -8,18 +8,6 @@ class ProfileTest < ApplicationSystemTestCase
     @user = create(:user, email: "[email protected]", password: PasswordHelpers::SECURE_TEST_PASSWORD, handle: "nick1", mail_fails: 1)
   end
 
-  def sign_in
-    visit sign_in_path
-    fill_in "Email or Username", with: @user.reload.email
-    fill_in "Password", with: @user.password
-    click_button "Sign in"
-  end
-
-  def sign_out
-    reset_session!
-    visit "/"
-  end
-
   test "changing handle" do
     sign_in
 
@@ -181,6 +169,8 @@ def sign_out
       click_button "Confirm"
     end
 
+    assert page.has_content?("Your account deletion request has been enqueued.")
+
     sign_in
     visit delete_profile_path
 

test/system/settings_test.rb

@@ -5,13 +5,6 @@ class SettingsTest < ApplicationSystemTestCase
     @user = create(:user, email: "[email protected]", password: PasswordHelpers::SECURE_TEST_PASSWORD, handle: "nick1", mail_fails: 1)
   end
 
-  def sign_in
-    visit sign_in_path
-    fill_in "Email or Username", with: @user.reload.email
-    fill_in "Password", with: @user.password
-    click_button "Sign in"
-  end
-
   def enable_otp
     key = ROTP::Base32.random_base32
     @user.enable_totp!(key, :ui_only)

test/system/webauthn_credentials_test.rb

@@ -7,13 +7,6 @@ class WebauthnCredentialsTest < ApplicationSystemTestCase
     @user = create(:user)
   end
 
-  def sign_in
-    visit sign_in_path
-    fill_in "Email or Username", with: @user.reload.email
-    fill_in "Password", with: @user.password
-    click_button "Sign in"
-  end
-
   should "have security device form" do
     sign_in
     visit edit_settings_path

test/system/webauthn_verification_test.rb

@@ -12,8 +12,8 @@ class WebAuthnVerificationTest < ApplicationSystemTestCase
   test "when verifying webauthn credential" do
     visit webauthn_verification_path(webauthn_token: @verification.path_token, params: { port: @port })
 
-    assert_match "Authenticate with Security Device", page.html
-    assert_match "Authenticating as #{@user.handle}", page.html
+    assert page.has_content?("Authenticate with Security Device")
+    assert page.has_content?("Authenticating as #{@user.handle}".upcase)
 
     click_on "Authenticate"
 
@@ -28,8 +28,8 @@ class WebAuthnVerificationTest < ApplicationSystemTestCase
     assert_poll_status("pending")
     visit webauthn_verification_path(webauthn_token: @verification.path_token, params: { port: @port })
 
-    assert_match "Authenticate with Security Device", page.html
-    assert_match "Authenticating as #{@user.handle}", page.html
+    assert page.has_content?("Authenticate with Security Device")
+    assert page.has_content?("Authenticating as #{@user.handle}".upcase)
 
     click_on "Authenticate"
 
@@ -46,8 +46,8 @@ class WebAuthnVerificationTest < ApplicationSystemTestCase
   test "when client closes connection during verification" do
     visit webauthn_verification_path(webauthn_token: @verification.path_token, params: { port: @port })
 
-    assert_match "Authenticate with Security Device", page.html
-    assert_match "Authenticating as #{@user.handle}", page.html
+    assert page.has_content?("Authenticate with Security Device")
+    assert page.has_content?("Authenticating as #{@user.handle}".upcase)
 
     @mock_client.kill_server
     click_on "Authenticate"
@@ -64,8 +64,8 @@ class WebAuthnVerificationTest < ApplicationSystemTestCase
     wrong_port = 1111
     visit webauthn_verification_path(webauthn_token: @verification.path_token, params: { port: wrong_port })
 
-    assert_match "Authenticate with Security Device", page.html
-    assert_match "Authenticating as #{@user.handle}", page.html
+    assert page.has_content?("Authenticate with Security Device")
+    assert page.has_content?("Authenticating as #{@user.handle}".upcase)
 
     click_on "Authenticate"
 
@@ -81,8 +81,8 @@ class WebAuthnVerificationTest < ApplicationSystemTestCase
     @mock_client.response = @mock_client.bad_request_response
     visit webauthn_verification_path(webauthn_token: @verification.path_token, params: { port: @port })
 
-    assert_match "Authenticate with Security Device", page.html
-    assert_match "Authenticating as #{@user.handle}", page.html
+    assert page.has_content?("Authenticate with Security Device")
+    assert page.has_content?("Authenticating as #{@user.handle}".upcase)
 
     click_on "Authenticate"
 
@@ -97,8 +97,8 @@ class WebAuthnVerificationTest < ApplicationSystemTestCase
     visit webauthn_verification_path(webauthn_token: @verification.path_token, params: { port: @port })
 
     travel 3.minutes do
-      assert_match "Authenticate with Security Device", page.html
-      assert_match "Authenticating as #{@user.handle}", page.html
+      assert page.has_content?("Authenticate with Security Device")
+      assert page.has_content?("Authenticating as #{@user.handle}".upcase)
 
       click_on "Authenticate"