Merge pull request #298 from fdnd-agency/288-documentation-add-basic-authentication-tests-for-magic-link-login
test(integration): add magic link API integration tests. #288
test(integration): add magic link API integration tests. #288
These tests verify the magic link request logic including
happy path with existing email, unknown email returning
success for security, and failed Directus insert handling.
Refs #288
fix: correct GroupsLink import path in ProfileForm #278
Fixes incorrect import name from GroupsLinkButton
to GroupsLink to match the actual component filename.
feat: make GroupsLink component for ProfileForm #278
Adds a reusable GroupsLink component:
- Focus-visible outline for accessibility
- Replaces inline anchor in ProfileForm with component
test(unit): add session expiration unit tests. #288
These tests verify that a session correctly expires after 1 hour of inactivity, including edge cases like exactly 59 minutes and just over the 1 hour limit.
Refs: #288
test(unit): add token generation unit tests. #288
These tests verify that the magic link token is always a valid, unique, non-empty 64-character string.
Refs #288
feat: add GroupCard component #265
- GroupCardHeader for condition info
- Member avatars list with aria label
- GroupInviteForm for inviting users
- Collapsible UserSectionDropdown showing member count
-adding default avatar photo and dropdown icon
fix(login): improve UX and redirect unauthenticated users to login. #252
- Redirect unauthenticated users to /login from root route
- Add success state after submitting email with "Check your inbox" message
- Show "If {email} is registered" message to prevent user enumeration
- Add loading state on submit button during magic link request
- Add "Try a different email" button to reset the form
Refs: #252
feat(email): configure Resend for transactional magic link emails. #252
- Replace console fallback with Resend email provider
- Set MAIL_FROM to no-reply@fdnd.nl using verified fdnd.nl domain
- Add RESEND_API_KEY to environment variable
- @athor added to the files.
Refs: #252
feat(auth): restrict page and data access based on user role. #254
- Add research/+layout.server.js to block unauthenticated users
- Filter articles in research/+page.server.js by role and workgroup
- Block assessors and admins from unauthorized articles in [article_id]/+page.server.js
Refs: #254
feat(auth): restrict route access based on user role. #254
- Block unauthenticated users from protected routes in hooks.server.ts
- Restrict /admin routes to super_admin and admin roles only
- Pass locals.user to all pages via root +layout.server.js
Refs: #254
refactor(auth): clean up magic login handler by removing console logs. #253
Removed debugging console.log and console.error statements from the
magic login endpoint and kept the authentication and session logic intact.
Refs: #253
fix(auth): resolve magic link token expiration and confirm session handling. #253
- fixed issue where magic link tokens were incorrectly marked as expired
- ensured session cookie is set correctly after successful magic login
- hooks.server.ts now properly reads session cookie and sets locals.user
- session expires after 1 hour of inactivity.
Refs: #253
feat: replace profile dl with accessible form inputs #276
Refactor the profile info section
- Replace dl/dt/dd elements with a labeled readonly input form
- Add proper for/id associations on each label and input for accessibility
- Add focus-visible outline styles for keyboard navigation on inputs and links
- Switch from 2-column dl layout to responsive 1-column (mobile) and 2-column (desktop) grid
- Style inputs with border, background, and padding using design tokens
feat: replace hardcoded content in ProfileHero with dynamic user data #274
Replace hardcoded name and profession with dynamic values from the user detail.
Build avatar src from Directus assets URL using user.photo ID.
Falls back to a placeholder image if no photo is available.
Alt text is also dynamic for better accessibility.
feat: wire server data to ProfileHero and ProfileInfo #274
Pass user as a prop to ProfileHero and ProfileInfo so both components
can render dynamic data instead of hardcoded content.
feat: replace hardcoded values in ProfileInfo with dynamic user data #274
Replace hardcoded Role, Institution, Name, and Email with dynamic
values from the user object (role, institute, profession, email).
Added safe fallbacks with ?? "Unknown" for missing or null fields.
