From f2e344e2ad2971d93920c5431b8e7ef0ceea6a9d Mon Sep 17 00:00:00 2001
From: Vaggelis Yfantis <vaggelisyfantis@gmail.com>
Date: Tue, 2 Dec 2025 17:50:08 +0200
Subject: [PATCH 1/4] test(e2e): Update tests to handle untrusted password on
 sign-in

---
 .../tests/session-tasks-sign-in-reset-password.test.ts | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/integration/tests/session-tasks-sign-in-reset-password.test.ts b/integration/tests/session-tasks-sign-in-reset-password.test.ts
index 581e53a683d..a6bbccd9da8 100644
--- a/integration/tests/session-tasks-sign-in-reset-password.test.ts
+++ b/integration/tests/session-tasks-sign-in-reset-password.test.ts
@@ -1,4 +1,4 @@
-import { test } from '@playwright/test';
+import { expect, test } from '@playwright/test';
 
 import { hash } from '../models/helpers';
 import { appConfigs } from '../presets';
@@ -31,6 +31,10 @@ testAgainstRunningApps({ withEnv: [appConfigs.envs.withSessionTasksResetPassword
       await u.page.getByRole('textbox', { name: 'code' }).click();
       await u.page.keyboard.type('424242', { delay: 100 });
 
+      await expect(u.page.getByText(/password compromised/i)).toBeVisible();
+
+      await u.po.signIn.getAltMethodsEmailCodeButton().click();
+
       // Redirects back to tasks when accessing protected route by `auth.protect`
       await u.page.goToRelative('/page-protected');
 
@@ -75,6 +79,10 @@ testAgainstRunningApps({ withEnv: [appConfigs.envs.withSessionTasksResetPassword
 
       await u.page.getByRole('textbox', { name: 'code' }).fill('424242');
 
+      await expect(u.page.getByText(/password compromised/i)).toBeVisible();
+      await u.po.signIn.getAltMethodsEmailCodeButton().click();
+      await u.page.getByRole('textbox', { name: 'code' }).fill('424242');
+
       await u.po.expect.toBeSignedIn();
 
       // Redirects back to tasks when accessing protected route by `auth.protect`

From 6b2ffb531f9a4cd333609aecb4e974eb50d69522 Mon Sep 17 00:00:00 2001
From: Vaggelis Yfantis <me@octoper.me>
Date: Tue, 2 Dec 2025 19:47:45 +0200
Subject: [PATCH 2/4] Add empty changeset

---
 .changeset/funny-crabs-crash.md | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changeset/funny-crabs-crash.md

diff --git a/.changeset/funny-crabs-crash.md b/.changeset/funny-crabs-crash.md
new file mode 100644
index 00000000000..853d812bb36
--- /dev/null
+++ b/.changeset/funny-crabs-crash.md
@@ -0,0 +1,3 @@
+---
+
+---

From ccce693ed0409ba1effd12546aa4c4996825a531 Mon Sep 17 00:00:00 2001
From: Vaggelis Yfantis <vaggelisyfantis@gmail.com>
Date: Tue, 2 Dec 2025 20:36:48 +0200
Subject: [PATCH 3/4] Enhance tests to handle untrusted password error

---
 ...ssion-tasks-sign-in-reset-password.test.ts | 20 ++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/integration/tests/session-tasks-sign-in-reset-password.test.ts b/integration/tests/session-tasks-sign-in-reset-password.test.ts
index a6bbccd9da8..f48e8578fec 100644
--- a/integration/tests/session-tasks-sign-in-reset-password.test.ts
+++ b/integration/tests/session-tasks-sign-in-reset-password.test.ts
@@ -28,13 +28,13 @@ testAgainstRunningApps({ withEnv: [appConfigs.envs.withSessionTasksResetPassword
       await u.po.signIn.setPassword(user.password);
       await u.po.signIn.continue();
 
+      await expect(u.page.getByTestId('form-feedback-error')).toBeVisible();
+      await u.po.signIn.getUseAnotherMethodLink().click();
+      await u.po.signIn.getAltMethodsEmailCodeButton().click();
+
       await u.page.getByRole('textbox', { name: 'code' }).click();
       await u.page.keyboard.type('424242', { delay: 100 });
 
-      await expect(u.page.getByText(/password compromised/i)).toBeVisible();
-
-      await u.po.signIn.getAltMethodsEmailCodeButton().click();
-
       // Redirects back to tasks when accessing protected route by `auth.protect`
       await u.page.goToRelative('/page-protected');
 
@@ -66,7 +66,8 @@ testAgainstRunningApps({ withEnv: [appConfigs.envs.withSessionTasksResetPassword
       await u.services.users.passwordUntrusted(createdUser.id);
       const fakeOrganization = u.services.organizations.createFakeOrganization();
       await u.services.organizations.createBapiOrganization({
-        ...fakeOrganization,
+        name: fakeOrganization.name,
+        slug: fakeOrganization.slug + Date.now().toString(),
         createdBy: createdUser.id,
       });
 
@@ -77,13 +78,14 @@ testAgainstRunningApps({ withEnv: [appConfigs.envs.withSessionTasksResetPassword
       await u.po.signIn.setPassword(user.password);
       await u.po.signIn.continue();
 
-      await u.page.getByRole('textbox', { name: 'code' }).fill('424242');
+      await expect(u.page.getByTestId('form-feedback-error')).toBeVisible();
+
+      await u.po.signIn.getUseAnotherMethodLink().click();
 
-      await expect(u.page.getByText(/password compromised/i)).toBeVisible();
       await u.po.signIn.getAltMethodsEmailCodeButton().click();
-      await u.page.getByRole('textbox', { name: 'code' }).fill('424242');
 
-      await u.po.expect.toBeSignedIn();
+      await u.page.getByRole('textbox', { name: 'code' }).click();
+      await u.page.keyboard.type('424242', { delay: 100 });
 
       // Redirects back to tasks when accessing protected route by `auth.protect`
       await u.page.goToRelative('/page-protected');

From 387f76277617db38f68eee97c7d9423aabf74378 Mon Sep 17 00:00:00 2001
From: Vaggelis Yfantis <vaggelisyfantis@gmail.com>
Date: Tue, 2 Dec 2025 20:49:58 +0200
Subject: [PATCH 4/4] fix(e2e): Grab the correct error message

---
 .../session-tasks-sign-in-reset-password.test.ts | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/integration/tests/session-tasks-sign-in-reset-password.test.ts b/integration/tests/session-tasks-sign-in-reset-password.test.ts
index f48e8578fec..1b888378c5a 100644
--- a/integration/tests/session-tasks-sign-in-reset-password.test.ts
+++ b/integration/tests/session-tasks-sign-in-reset-password.test.ts
@@ -28,8 +28,11 @@ testAgainstRunningApps({ withEnv: [appConfigs.envs.withSessionTasksResetPassword
       await u.po.signIn.setPassword(user.password);
       await u.po.signIn.continue();
 
-      await expect(u.page.getByTestId('form-feedback-error')).toBeVisible();
-      await u.po.signIn.getUseAnotherMethodLink().click();
+      await expect(
+        u.page.getByText(
+          "Your password appears to have been compromised or it's no longer trusted and cannot be used. Please use another method to continue.",
+        ),
+      ).toBeVisible();
       await u.po.signIn.getAltMethodsEmailCodeButton().click();
 
       await u.page.getByRole('textbox', { name: 'code' }).click();
@@ -78,10 +81,11 @@ testAgainstRunningApps({ withEnv: [appConfigs.envs.withSessionTasksResetPassword
       await u.po.signIn.setPassword(user.password);
       await u.po.signIn.continue();
 
-      await expect(u.page.getByTestId('form-feedback-error')).toBeVisible();
-
-      await u.po.signIn.getUseAnotherMethodLink().click();
-
+      await expect(
+        u.page.getByText(
+          "Your password appears to have been compromised or it's no longer trusted and cannot be used. Please use another method to continue.",
+        ),
+      ).toBeVisible();
       await u.po.signIn.getAltMethodsEmailCodeButton().click();
 
       await u.page.getByRole('textbox', { name: 'code' }).click();