Issue #66: E2E: Admin login timeouts after user logout in GDPR tests
- State:
OPEN
- Milestone:
Jalon 1: Sécurité & GDPR 🔒
- Labels:
None
- Assignees:
Unassigned
- Created:
2025-10-30
- Updated:
2025-11-13
- URL:
Description
## Description
3 out of 5 GDPR E2E tests are failing due to admin login timeouts that occur after a test user logs out. The tests have been temporarily skipped with `test.describe.skip` to unblock Phase 12 completion.
## Affected Tests
Located in `frontend/tests/e2e/Gdpr.spec.ts`:
1. **Mixed Scenario: User Creates Data, Admin Exports** (line 180)
- User registers, logs in, creates activity, logs out
- Admin tries to log in → **TIMEOUT** waiting for navigation
2. **Audit Logs Verification** (line 251)
- User exports data, logs out
- Admin logs in and checks audit logs → **ERR_ABORTED on /login**
3. **Cross-Organization Access** (line 305)
- Create 2 test users
- Admin logs in to verify cross-org access → **TIMEOUT** on navigation
## Root Cause (Hypothesis)
Browser state (localStorage/cookies) is not being properly cleared between user logout and admin login within the same test. This might cause:
- Stale auth tokens interfering with new login
- Race condition in `authStore.init()`
- Session cookie conflicts
## Working Tests (for comparison)
These 2 tests pass successfully:
1. **Complete User Journey** ✅
- User registers, logs in via UI, exports, erases account
- No admin login involved
2. **Admin Operations** ✅
- User registers via API (never logs in via UI)
- Admin logs in fresh without prior user session
- Successfully exports and erases user data
## Error Examples
### Timeout Error
```
Error: page.waitForURL: Timeout 10000ms exceeded.
=========================== logs ===========================
waiting for navigation to "/admin" to be finished
============================================================
```
### ERR_ABORTED
```
GET http://localhost:3000/login net::ERR_ABORTED
```
## Investigation Steps
1. Add explicit `page.context().clearCookies()` after user logout
2. Add `localStorage.clear()` via `page.evaluate()`
3. Check if `authStore.logout()` properly clears all state
4. Consider using separate browser contexts for user vs admin sessions
5. Add debug logging to track token state transitions
## Test Status
- ✅ 2/5 passing (40%)
- ⏭️ 3/5 skipped (timeout issues)
## Related Files
- `frontend/tests/e2e/Gdpr.spec.ts` (test file)
- `frontend/src/stores/auth.ts` (authStore implementation)
- `frontend/src/components/admin/AdminGdprPanel.svelte`
- `frontend/src/components/GdprDataPanel.svelte`
## Priority
Medium - Tests are temporarily skipped, but should be fixed before production deployment.