From e1e533bfb59bc7f46277f944858344ff50ca19e0 Mon Sep 17 00:00:00 2001
From: Vault Automation <github-team-secure-vault-core@hashicorp.com>
Date: Tue, 24 Feb 2026 16:21:44 -0700
Subject: [PATCH] UI: Add playwright test for Userpass Auth Method (#12470)
 (#12517)

* adding workflow test for userpass auth method

* adding conditionals for intro pages, fix assertion

Co-authored-by: Dan Rivera <dan.rivera@hashicorp.com>
---
 ui/e2e/init.setup.ts                    |  7 +++-
 ui/e2e/tests/superuser/tools.spec.ts    |  1 -
 ui/e2e/tests/superuser/userpass.spec.ts | 47 +++++++++++++++++++++++++
 3 files changed, 53 insertions(+), 2 deletions(-)
 create mode 100644 ui/e2e/tests/superuser/userpass.spec.ts

diff --git a/ui/e2e/init.setup.ts b/ui/e2e/init.setup.ts
index c56e0d5a16..f80dd12f28 100644
--- a/ui/e2e/init.setup.ts
+++ b/ui/e2e/init.setup.ts
@@ -42,7 +42,12 @@ setup('initialize vault and setup user for testing', async ({ page, userType })
   // create a policy for a specific user persona
   // defaults to superuser but should be passed in via the project config in playwright.config.ts
   await page.getByRole('link', { name: 'Access control', exact: true }).click();
-  await page.getByRole('link', { name: 'Create ACL policy' }).click();
+  // if the intro page is shown, click the create policy link there, otherwise click the create policy link in the toolbar on main page
+  if (await page.getByRole('link', { name: 'Create a policy' }).isVisible()) {
+    await page.getByRole('link', { name: 'Create a policy' }).click();
+  } else {
+    await page.getByRole('link', { name: 'Create ACL policy' }).click();
+  }
   await page.getByRole('textbox', { name: 'Policy name' }).fill(userType);
   await page.getByRole('radio', { name: 'Code editor' }).check();
   await page.getByRole('textbox', { name: 'Policy editor' }).fill(USER_POLICY_MAP[userType]);
diff --git a/ui/e2e/tests/superuser/tools.spec.ts b/ui/e2e/tests/superuser/tools.spec.ts
index 3a5f1e0d9d..781a57b7c6 100644
--- a/ui/e2e/tests/superuser/tools.spec.ts
+++ b/ui/e2e/tests/superuser/tools.spec.ts
@@ -65,5 +65,4 @@ test('tools workflow', async ({ page }) => {
   await expect(page.locator('#operations-0-tokenLookUpAccessor')).toContainText(
     '/auth/token/lookup-accessor'
   );
-  await expect(page.locator('#operations-0-tokenLookUpAccessor')).toContainText('tokenLookUpAccessor');
 });
diff --git a/ui/e2e/tests/superuser/userpass.spec.ts b/ui/e2e/tests/superuser/userpass.spec.ts
new file mode 100644
index 0000000000..a954a4d2ff
--- /dev/null
+++ b/ui/e2e/tests/superuser/userpass.spec.ts
@@ -0,0 +1,47 @@
+/**
+ * Copyright IBM Corp. 2016, 2025
+ * SPDX-License-Identifier: BUSL-1.1
+ */
+
+import { test, expect } from '@playwright/test';
+
+test('userpass workflow', async ({ page }) => {
+  // nav to access control and enable userpass auth method
+  await page.goto('dashboard');
+  await page.getByRole('link', { name: 'Access control' }).click();
+  await page.getByRole('link', { name: 'Authentication methods' }).click();
+
+  // if intro page is visible, click enable method there otherwise click enable method in toolbar
+  if (await page.getByRole('link', { name: 'Enable a new method' }).isVisible()) {
+    await page.getByRole('link', { name: 'Enable a new method' }).click();
+  } else {
+    await page.getByRole('link', { name: 'Enable new method' }).click();
+  }
+
+  // enable userpass auth method
+  await page.getByLabel('Userpass - enabled engine type').click();
+  await page.getByRole('button', { name: 'Enable method' }).click();
+  await page.getByRole('button', { name: 'Update options' }).click();
+  await expect(page.getByRole('link', { name: 'Type of auth mount userpass/' })).toBeVisible();
+
+  // create a test user
+  await page.getByRole('link', { name: 'Type of auth mount userpass/' }).click();
+  await page.getByLabel('toolbar actions').getByRole('link', { name: 'Create user' }).click();
+  await page.getByRole('textbox', { name: 'Username' }).fill('testUser');
+  await page.getByRole('textbox', { name: 'password', exact: true }).fill('test');
+  await page.getByRole('button', { name: 'Save' }).click();
+  await expect(page.getByRole('link', { name: 'testuser', exact: true })).toBeVisible();
+
+  // log out and log in with the new user
+  await page.getByRole('button', { name: 'User menu' }).click();
+  await page.getByRole('link', { name: 'Log out' }).click();
+  await page.getByLabel('Method').selectOption('userpass');
+  await page.getByRole('textbox', { name: 'Username' }).fill('testUser');
+  await page.getByRole('textbox', { name: 'Password' }).fill('test');
+  await page.getByRole('button', { name: 'Sign in' }).click();
+
+  // verify login was successful by verifying the user menu is visible and contains the username
+  await expect(page.getByRole('button', { name: 'User menu' })).toBeVisible();
+  await page.getByRole('button', { name: 'User menu' }).click();
+  await expect(page.getByText('Testuser')).toBeVisible();
+});