From 9507b241ef2a1a819b30787a69e64b082e605449 Mon Sep 17 00:00:00 2001
From: JP - Joao Pinto <a19836@gmail.com>
Date: Fri, 5 Jun 2026 15:28:15 +0100
Subject: [PATCH 1/3] create tests to login and logout successfully with audit

---
 .../tests/aop/audit_log/login-audit.spec.ts   | 58 +++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 openaev-front/tests_e2e/tests/aop/audit_log/login-audit.spec.ts

diff --git a/openaev-front/tests_e2e/tests/aop/audit_log/login-audit.spec.ts b/openaev-front/tests_e2e/tests/aop/audit_log/login-audit.spec.ts
new file mode 100644
index 00000000000..8ca8974f90f
--- /dev/null
+++ b/openaev-front/tests_e2e/tests/aop/audit_log/login-audit.spec.ts
@@ -0,0 +1,58 @@
+import { expect } from '@playwright/test';
+
+import { test } from '../../../fixtures/baseFixtures';
+import LoginPage from '../../../model/login.page';
+import appUrl, { tenantUrl } from '../../../utils/url';
+
+test.describe('Authentication flow', () => {
+  test.use({
+    storageState: {
+      cookies: [],
+      origins: [],
+    },
+  });
+
+  test('should login and logout successfully', async ({ page }) => {
+    // -- ARRANGE --
+    const loginPage = new LoginPage(page);
+    const username = process.env.E2E_USERNAME ?? 'admin@openaev.io';
+    const password = process.env.E2E_PASSWORD ?? 'admin';
+
+    await page.goto(appUrl());
+    await expect(loginPage.getLoginPage()).toBeVisible();
+
+    // -- ACT --
+    await loginPage.getLoginInput().fill(username);
+    await loginPage.getPasswordInput().fill(password);
+    await loginPage.getSignInButton().click();
+
+    // Ensure we are on an admin page where the top bar account menu is rendered.
+    await page.goto(tenantUrl('/admin'));
+    await expect(page).toHaveURL(/\/admin(?!\/login)/);
+
+    // Trigger CsrfFilter once to ensure XSRF-TOKEN cookie exists, then logout with matching header.
+    await page.evaluate(async () => {
+      await fetch('/api/scenarios/search', {
+        method: 'POST',
+        credentials: 'include',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({}),
+      }).catch(() => {});
+
+      const tokenCookie = document.cookie
+        .split('; ')
+        .find(cookie => cookie.startsWith('XSRF-TOKEN='));
+      const token = tokenCookie ? decodeURIComponent(tokenCookie.split('=')[1]) : '';
+
+      await fetch('/logout', {
+        method: 'POST',
+        credentials: 'include',
+        headers: token ? { 'X-XSRF-TOKEN': token } : {},
+      });
+    });
+    await page.goto(appUrl());
+
+    // -- ASSERT --
+    await expect(loginPage.getSignInButton()).toBeVisible();
+  });
+});

From 47416a68a621a434763de85001e7bb723356a7da Mon Sep 17 00:00:00 2001
From: JP - Joao Pinto <a19836@gmail.com>
Date: Mon, 8 Jun 2026 14:18:44 +0100
Subject: [PATCH 2/3] execute copilot suggestions

---
 .../tests_e2e/tests/aop/audit_log/login-audit.spec.ts      | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/openaev-front/tests_e2e/tests/aop/audit_log/login-audit.spec.ts b/openaev-front/tests_e2e/tests/aop/audit_log/login-audit.spec.ts
index 8ca8974f90f..0ecbdbe32e4 100644
--- a/openaev-front/tests_e2e/tests/aop/audit_log/login-audit.spec.ts
+++ b/openaev-front/tests_e2e/tests/aop/audit_log/login-audit.spec.ts
@@ -13,6 +13,11 @@ test.describe('Authentication flow', () => {
   });
 
   test('should login and logout successfully', async ({ page }) => {
+    test.info().annotations.push({
+      type: 'manual',
+      description: 'Verify backend-api console contains audit log entries for login and logout (console transport enabled).',
+    });
+
     // -- ARRANGE --
     const loginPage = new LoginPage(page);
     const username = process.env.E2E_USERNAME ?? 'admin@openaev.io';
@@ -26,7 +31,7 @@ test.describe('Authentication flow', () => {
     await loginPage.getPasswordInput().fill(password);
     await loginPage.getSignInButton().click();
 
-    // Ensure we are on an admin page where the top bar account menu is rendered.
+    // Ensure we are on an admin page (the URL assertion below prevents /admin/login redirects)
     await page.goto(tenantUrl('/admin'));
     await expect(page).toHaveURL(/\/admin(?!\/login)/);
 

From ce3c36baa62f2882e8d0c5b89187b856f0c6f7a2 Mon Sep 17 00:00:00 2001
From: JP - Joao Pinto <a19836@gmail.com>
Date: Mon, 8 Jun 2026 14:31:25 +0100
Subject: [PATCH 3/3] run CI tools again

---
 openaev-front/tests_e2e/tests/aop/audit_log/login-audit.spec.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/openaev-front/tests_e2e/tests/aop/audit_log/login-audit.spec.ts b/openaev-front/tests_e2e/tests/aop/audit_log/login-audit.spec.ts
index 0ecbdbe32e4..3006368b173 100644
--- a/openaev-front/tests_e2e/tests/aop/audit_log/login-audit.spec.ts
+++ b/openaev-front/tests_e2e/tests/aop/audit_log/login-audit.spec.ts
@@ -15,7 +15,7 @@ test.describe('Authentication flow', () => {
   test('should login and logout successfully', async ({ page }) => {
     test.info().annotations.push({
       type: 'manual',
-      description: 'Verify backend-api console contains audit log entries for login and logout (console transport enabled).',
+      description: 'Please verify if backend-api console contains audit log entries for login and logout (console transport enabled).',
     });
 
     // -- ARRANGE --