test: implement Cypress E2E framework suite for user authentication and resume enhancement pipeline

[anjalikumari45]

User description

Description

This Pull Request introduces a comprehensive End-to-End (E2E) testing pipeline using Cypress to validate the application's primary resume enhancement user journey. Since the application handles critical user paths like Firebase authentication and automated document enhancements, this test suite ensures that regressions are caught early without executing real, metered API credits.

Key implementations:

• Cypress Suite Architecture: Created a foundational structure including cypress.config.js and support files configured to process local configurations seamlessly.
• Firebase Session Mocking: Configured a custom cy.mockFirebaseAuth() support token command utility to cleanly establish dummy local storage sessions, bypassing manual sign-in forms deterministically.
• Deterministic Pipeline Interception: Utilized cy.intercept() to step-stub network requests directed to /api/upload (multipart parser response handling) and /api/enhance/:id engines. This asserts that frontend score tracking elements (like the progress/score rings) and dynamic text blocks render correctly upon asynchronous route resolution.

Type of Change

• Testing tasks
• Bug fix
• New feature
• Documentation update

Related Issue

Fixes #33

Testing

• Tested Locally

Screenshots (MANDATORY for UI/UX changes)

N/A (This PR implements foundational headless testing framework specifications; no visual component stylesheets or functional UI views were redesigned).

Checklist

• Code follows project style guidelines
• Self-reviewed my code
• Added comments where necessary
• Updated documentation
• No new warnings generated

---

CodeAnt-AI Description

Add Cypress end-to-end coverage for the resume enhancement flow

What Changed

• Added a Cypress test that signs in with a mocked Firebase session, uploads a resume, and checks the enhancement page
• The test now waits for the upload and enhancement responses, then verifies the score ring and enhanced resume text are shown
• Added Cypress support files and config so the test suite can run against the local app consistently

Impact

✅ Fewer breakages in the resume upload flow
✅ Catch login and enhancement regressions before release
✅ Faster checks for the main resume review journey

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

Summary by CodeRabbit

• Tests
  • Added end-to-end test suite for the resume enhancement workflow, including authentication state simulation and API endpoint mocking.

[vercel]

@anjalikumari45 is attempting to deploy a commit to the Anurag Mishra's projects Team on Vercel.

A member of the Team first needs to authorize it.

[codeant-ai]

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a complete Cypress E2E test infrastructure for the frontend: a cypress.config.js with base URL and viewport settings, a mockFirebaseAuth custom command that seeds localStorage with a mock Firebase user, a support entry file wiring commands, and a resume-flow.cy.js spec that stubs auth and backend API calls to test the full resume upload and enhancement user journey.

Changes

Cypress E2E Infrastructure and Resume Flow Test

Layer / File(s)	Summary
Cypress config and support setup frontend/cypress.config.js, frontend/cypress/support/e2e.js, frontend/cypress/support/commands.js	Defines Cypress E2E config (baseUrl http://localhost:5173, 1280×720 viewport, supportFile path), imports the commands module in the support entry point, and registers a mockFirebaseAuth command that writes a deterministic Firebase user object to window.localStorage.
Resume enhancement E2E spec frontend/cypress/e2e/resume-flow.cy.js	Adds a beforeEach block intercepting Identity Toolkit auth, /api/upload, and /api/enhance/:id with stubbed responses and aliases; the test drives dashboard navigation, PDF dropzone interaction, aliased request waits, route assertion, and UI assertions for score-ring, confidence-meter, and enhanced summary text.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 Hop hop, the tests are here at last,
With mocked Firebase and an upload cast,
A PDF dropped, the AI rings true,
Score rings and summaries come into view,
No real server needed — just stubs and a dream,
The rabbit approves this E2E scheme! 🌟

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and clearly summarizes the main changes: implementing a Cypress E2E test framework for authentication and resume enhancement pipeline, matching the core focus of the changeset.
Linked Issues check	✅ Passed	All objectives from issue #33 are met: user account mocking via mockFirebaseAuth command, Firebase authentication handling, resume PDF upload testing with cy.intercept, and AI enhancement verification through intercepted endpoints.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with the E2E testing framework objectives; no unrelated modifications to UI components, styles, or out-of-scope functionality are present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (3)

frontend/cypress.config.js (1)

5-5: 💤 Low value

Consider parameterizing baseUrl for environment flexibility.

The baseUrl is hardcoded to http://localhost:5173. In CI/CD pipelines or different environments, you may need to override this. Consider reading from an environment variable as a fallback.

♻️ Proposed enhancement

-    baseUrl: "http://localhost:5173",
+    baseUrl: process.env.CYPRESS_BASE_URL || "http://localhost:5173",

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@frontend/cypress.config.js` at line 5, The baseUrl property in the Cypress
configuration is hardcoded to http://localhost:5173, which prevents flexibility
across different environments. Modify the baseUrl assignment to read from an
environment variable (such as CYPRESS_BASE_URL or VITE_DEV_SERVER_URL) while
maintaining the hardcoded value as a fallback default when the environment
variable is not set. This allows CI/CD pipelines and different development
environments to override the base URL as needed without modifying the
configuration file.

frontend/cypress/e2e/resume-flow.cy.js (2)

47-48: ⚡ Quick win

Multi-selector may produce ambiguous results.

The selector .confidence-meter, .score-ring, [data-testid="score-ring"] uses comma-separated selectors, which matches if ANY of these elements exist. This may not accurately test the intended UI components. Consider using a more specific selector or verifying each element individually.

♻️ Proposed refinement

-    cy.get('.confidence-meter, .score-ring, [data-testid="score-ring"]')
-      .should('exist');
+    // Verify score ring element exists
+    cy.get('[data-testid="score-ring"]')
+      .should('exist')
+      .and('be.visible');

Or verify each component separately if all should be present:

-    cy.get('.confidence-meter, .score-ring, [data-testid="score-ring"]')
-      .should('exist');
+    cy.get('[data-testid="score-ring"]').should('exist');
+    cy.get('.confidence-meter').should('exist');

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@frontend/cypress/e2e/resume-flow.cy.js` around lines 47 - 48, The cy.get()
call in the resume-flow test uses comma-separated selectors (.confidence-meter,
.score-ring, [data-testid="score-ring"]) which matches if ANY of these elements
exist, making the test ambiguous. Instead, replace this multi-selector approach
with a more specific selector that targets the intended component, or
alternatively separate the assertion into individual cy.get() calls for each
element that should be verified, ensuring the test accurately validates the
expected UI components are all present.

---

28-28: 💤 Low value

Redundant page visit in test.

The beforeEach hook visits the home page at line 28, but the test immediately visits /dashboard at line 33. The initial visit to / may be unnecessary if all tests navigate directly to /dashboard.

♻️ Possible optimization

Either remove the visit from beforeEach if all tests navigate directly to their target pages, or remove the redundant visit from the test if the home page visit serves authentication purposes.

     cy.mockFirebaseAuth();
-    cy.visit('/');
   });
 
   it('should authenticate user, step through dropzone upload, and view AI dashboard score ring', () => {
-    // 1. Verify user lands securely on protected dashboard space
     cy.visit('/dashboard');

Also applies to: 33-34

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@frontend/cypress/e2e/resume-flow.cy.js` at line 28, The beforeEach hook
contains a cy.visit('/') call that is immediately followed by another
cy.visit('/dashboard') in the test itself, creating a redundant page navigation.
Remove the cy.visit('/') from the beforeEach hook if all tests in this suite
navigate directly to their specific target pages without needing the home page
visit for authentication or setup purposes. Alternatively, if the home page
visit is necessary for authentication or state initialization, remove the
redundant cy.visit('/dashboard') from the individual test and adjust the test
logic to work with the home page context.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@frontend/cypress/e2e/resume-flow.cy.js`:
- Line 39: The selectFile method call in the resume-flow.cy.js test references a
fixture file at cypress/fixtures/test-resume.pdf that does not exist. Create the
missing cypress/fixtures/ directory structure under the frontend directory and
add a valid test-resume.pdf file to this directory. This file will be used by
the selectFile method with the drag-drop action when the test executes.
- Around line 14-24: The cy.intercept() call in the resume-flow.cy.js test is
intercepting an incorrect API route. The actual frontend API call uses POST
/api/enhance without any resume ID in the URL path, but the intercept is
configured to match POST /api/enhance/mock-resume-uuid-456. Update the
cy.intercept() call to change the intercepted endpoint from POST
/api/enhance/mock-resume-uuid-456 to POST /api/enhance so it correctly matches
the actual API route being called by the frontend with resumeText and
preferences in the request body.

In `@frontend/cypress/support/commands.js`:
- Around line 3-11: Update the localStorage key in the command to match
Firebase's documented format by including the API key and [DEFAULT] suffix.
Replace the static key 'firebase:authUser:' with a dynamic key that uses the
format 'firebase:authUser:{apiKey}:[DEFAULT]' where the apiKey is retrieved from
Cypress.env('VITE_FIREBASE_API_KEY') or a fallback test key. Additionally,
enhance the mock auth object in the JSON.stringify call to include the missing
Firebase fields: add a refreshToken property with a mock value, and add an
expiresIn property set to '3600' to make the mock auth object more complete and
aligned with Firebase's actual auth token structure.

---

Nitpick comments:
In `@frontend/cypress.config.js`:
- Line 5: The baseUrl property in the Cypress configuration is hardcoded to
http://localhost:5173, which prevents flexibility across different environments.
Modify the baseUrl assignment to read from an environment variable (such as
CYPRESS_BASE_URL or VITE_DEV_SERVER_URL) while maintaining the hardcoded value
as a fallback default when the environment variable is not set. This allows
CI/CD pipelines and different development environments to override the base URL
as needed without modifying the configuration file.

In `@frontend/cypress/e2e/resume-flow.cy.js`:
- Around line 47-48: The cy.get() call in the resume-flow test uses
comma-separated selectors (.confidence-meter, .score-ring,
[data-testid="score-ring"]) which matches if ANY of these elements exist, making
the test ambiguous. Instead, replace this multi-selector approach with a more
specific selector that targets the intended component, or alternatively separate
the assertion into individual cy.get() calls for each element that should be
verified, ensuring the test accurately validates the expected UI components are
all present.
- Line 28: The beforeEach hook contains a cy.visit('/') call that is immediately
followed by another cy.visit('/dashboard') in the test itself, creating a
redundant page navigation. Remove the cy.visit('/') from the beforeEach hook if
all tests in this suite navigate directly to their specific target pages without
needing the home page visit for authentication or setup purposes. Alternatively,
if the home page visit is necessary for authentication or state initialization,
remove the redundant cy.visit('/dashboard') from the individual test and adjust
the test logic to work with the home page context.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: cfd3a7f7-ffbe-4a85-b5ed-177385162e80

📥 Commits

Reviewing files that changed from the base of the PR and between 1d9c7ef and 1ae8e34.

⛔ Files ignored due to path filters (1)

• frontend/frontend/package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (4)

• frontend/cypress.config.js
• frontend/cypress/e2e/resume-flow.cy.js
• frontend/cypress/support/commands.js
• frontend/cypress/support/e2e.js

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify the enhancement API route pattern used in frontend and backend

# Check frontend API calls to enhance endpoint
rg -n "fetch.*enhance|axios.*enhance" --type=js --type=jsx -C3

# Check backend route definitions for enhance
rg -n "router\.(post|get|put).*enhance|app\.use.*enhance" --type=js -C3

Repository: anurag3407/career-pilot

Length of output: 1065

---

🏁 Script executed:

# Check frontend source for enhancement API calls and route patterns
find . -type f \( -name "*.js" -o -name "*.jsx" -o -name "*.ts" -o -name "*.tsx" \) ! -path "./node_modules/*" ! -path "./backend/*" | head -20

# Search for enhance API calls in frontend
rg "enhance" --type=js -A 5 -B 2 | grep -E "(fetch|axios|POST|/api)" -A 5 -B 2 | head -50

Repository: anurag3407/career-pilot

Length of output: 3876

---

🏁 Script executed:

# Check the actual backend implementation to see if resumeId is in URL or body
cat backend/src/routes/enhance.js | head -150

Repository: anurag3407/career-pilot

Length of output: 5978

---

🏁 Script executed:

# Find the test file to understand its full context
cat frontend/cypress/e2e/resume-flow.cy.js

Repository: anurag3407/career-pilot

Length of output: 1975

---

The mocked enhance endpoint has an incorrect route that won't match the actual frontend API call.

The test intercepts POST /api/enhance/mock-resume-uuid-456, but the frontend's enhanceApi.enhance() calls POST /api/enhance with resumeText and preferences in the request body (no ID in the URL path). The resume ID from the upload response isn't used in the enhance endpoint call—it's only used for frontend routing.

Update the intercept to match the actual API route:

Proposed fix

-    cy.intercept('POST', '/api/enhance/mock-resume-uuid-456', {
+    cy.intercept('POST', '/api/enhance', {
       statusCode: 200,
       body: {
         success: true,

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	cy.intercept('POST', '/api/enhance/mock-resume-uuid-456', {
	statusCode: 200,
	body: {
	success: true,
	score: 85,
	enhancedSections: {
	summary: 'Highly capable engineer specialized in cybersecurity and automation frameworks.',
	experience: 'Refactored systemic application architecture using room-based WebSockets.'
	}
	}
	}).as('enhanceResume');
	cy.intercept('POST', '/api/enhance', {
	statusCode: 200,
	body: {
	success: true,
	score: 85,
	enhancedSections: {
	summary: 'Highly capable engineer specialized in cybersecurity and automation frameworks.',
	experience: 'Refactored systemic application architecture using room-based WebSockets.'
	}
	}
	}).as('enhanceResume');

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@frontend/cypress/e2e/resume-flow.cy.js` around lines 14 - 24, The
cy.intercept() call in the resume-flow.cy.js test is intercepting an incorrect
API route. The actual frontend API call uses POST /api/enhance without any
resume ID in the URL path, but the intercept is configured to match POST
/api/enhance/mock-resume-uuid-456. Update the cy.intercept() call to change the
intercepted endpoint from POST /api/enhance/mock-resume-uuid-456 to POST
/api/enhance so it correctly matches the actual API route being called by the
frontend with resumeText and preferences in the request body.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify the test fixture file exists

# Check if the fixture file exists
fd -t f "test-resume.pdf" cypress/fixtures/

# List all fixture files to see what's available
echo "Available fixture files:"
fd -t f . cypress/fixtures/ 2>/dev/null || echo "cypress/fixtures/ directory not found"

Repository: anurag3407/career-pilot

Length of output: 253

---

🏁 Script executed:

#!/bin/bash
# Check for cypress directory and structure
echo "=== Checking for cypress directory ==="
fd -t d "cypress" . 2>/dev/null | head -20

echo "=== Checking for test-resume.pdf anywhere ==="
fd -t f "test-resume.pdf" . 2>/dev/null

echo "=== Looking for fixture files anywhere ==="
fd -t f "fixtures" . 2>/dev/null | head -20

echo "=== Repository structure at root ==="
ls -la | head -30

echo "=== Checking frontend directory ==="
ls -la frontend/ 2>/dev/null | head -30

Repository: anurag3407/career-pilot

Length of output: 4148

---

🏁 Script executed:

#!/bin/bash
# Check the contents of the cypress directory
echo "=== Contents of frontend/cypress directory ==="
ls -la frontend/cypress/

echo "=== Check for fixtures subdirectory ==="
ls -la frontend/cypress/fixtures/ 2>/dev/null || echo "fixtures directory does not exist"

echo "=== List all files in frontend/cypress recursively ==="
find frontend/cypress -type f -o -type d | sort

Repository: anurag3407/career-pilot

Length of output: 631

---

Create the missing test fixture file and fixtures directory.

The test references cypress/fixtures/test-resume.pdf but the fixtures directory does not exist in the repository, and the file is missing. This will cause the test to fail when executed. Create the frontend/cypress/fixtures/ directory and add the required test-resume.pdf file.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@frontend/cypress/e2e/resume-flow.cy.js` at line 39, The selectFile method
call in the resume-flow.cy.js test references a fixture file at
cypress/fixtures/test-resume.pdf that does not exist. Create the missing
cypress/fixtures/ directory structure under the frontend directory and add a
valid test-resume.pdf file to this directory. This file will be used by the
selectFile method with the drag-drop action when the test executes.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Check Firebase configuration and localStorage key format

# Find Firebase config to identify the API key pattern
rg -n "apiKey|firebaseConfig" --type=js -C3

# Search for localStorage usage in Firebase auth context
rg -n "firebase:authUser|localStorage.*auth" --type=js -C3

# Check for any existing auth state handling
ast-grep --pattern 'localStorage.getItem($$$)'

Repository: anurag3407/career-pilot

Length of output: 34919

---

🏁 Script executed:

# Find Firebase Auth usage in the application
rg -n "getAuth|signIn|localStorage.*auth|firebase:authUser" --type=js -B 2 -A 2

# Check if there's any auth state restoration from localStorage
rg -n "onAuthStateChanged|setPersistence|signInWithCustomToken" --type=js -B 2 -A 2

# Look at the Firebase config more carefully
cat frontend/src/config/firebase.js

Repository: anurag3407/career-pilot

Length of output: 50379

---

🏁 Script executed:

# Check if there are other Cypress tests that interact with Firebase auth
find frontend/cypress -name "*.js" -type f | head -20

# Look at the mockFirebaseAuth command more closely
cat frontend/cypress/support/commands.js

# Search for any auth restoration or initialization in tests
rg -n "mockFirebaseAuth\|firebase:authUser\|localStorage.*auth" frontend/cypress -B 2 -A 2

Repository: anurag3407/career-pilot

Length of output: 547

---

🏁 Script executed:

# Check how Firebase Auth is used in the application - look for onAuthStateChanged or persistence setup
rg -n "onAuthStateChanged|setPersistence|signIn|signOut|initializeAuth" frontend/src --type=js -B 2 -A 2

# Look for any test setup or auth initialization patterns
rg -n "initAuth|signInWithCustomToken|signInWithEmailAndPassword" frontend --type=js -B 2 -A 2

# Check if there are other test files using auth
find frontend/cypress -name "*.cy.js" -exec grep -l "auth\|Auth" {} \;

Repository: anurag3407/career-pilot

Length of output: 5533

---

🏁 Script executed:

# Check the Firebase config and how auth is initialized
cat frontend/src/config/firebase.js

# Look for any Firebase SDK persistence configuration
rg -n "setPersistence|LOCAL|SESSION" frontend/src --type=js -B 2 -A 2

# Check what the test actually does with the mock - look at the test file
cat frontend/cypress/e2e/resume-flow.cy.js

Repository: anurag3407/career-pilot

Length of output: 4264

---

🏁 Script executed:

# Search for how the mockFirebaseAuth is actually used in tests
rg -n "mockFirebaseAuth" frontend/cypress -B 5 -A 10

# Look for any Firebase persistence or custom token handling
rg -n "LOCAL_STORAGE\|Persistence\|firebase:authUser" frontend/src --type=js -i

# Check the AuthProvider to see how it handles auth state
cat -n frontend/src/context/AuthProvider.jsx | head -60

Repository: anurag3407/career-pilot

Length of output: 4492

---

🏁 Script executed:

# Check if there's any explicit persistence configuration or Firebase localStorage usage in the app
rg -n "Persistence\|persistence\|firebase:authUser" frontend/src -i --type=js

# Look at the Firebase SDK documentation - check if there's any code that directly reads this localStorage key
rg -n "localStorage.getItem.*firebase\|localStorage.getItem.*auth" frontend --type=js

# Check how the test validates if the user is authenticated
cat frontend/cypress/e2e/resume-flow.cy.js | grep -A 20 "should authenticate user"

Repository: anurag3407/career-pilot

Length of output: 956

---

🏁 Script executed:

# Look for Firebase persistence setup or any code that reads the firebase:authUser key
rg -n "firebase:authUser|getItem.*firebase|setPersistence" frontend/src --type=js

# Check if there's any validation in the test that the user is actually authenticated
cat frontend/cypress/e2e/resume-flow.cy.js

# Look for any setup files or index in cypress
cat frontend/cypress/support/e2e.js

Repository: anurag3407/career-pilot

Length of output: 1996

---

🏁 Script executed:

# Check Firebase documentation about how onAuthStateChanged works and if it uses this specific localStorage key
web_search Firebase Auth onAuthStateChanged localStorage persistence mechanism

Repository: anurag3407/career-pilot

Length of output: 118

---

🌐 Web query:

Firebase Auth onAuthStateChanged localStorage key format persistence

💡 Result:

Firebase Authentication uses browser storage (localStorage by default in web environments) to persist user authentication state across page reloads [1][2]. Storage Key Format When using the default LOCAL persistence, the Firebase Authentication SDK stores the user's session data in localStorage using a specific key format [3][4]: firebase:authUser:{apiKey}:[DEFAULT] In this pattern: - {apiKey} is the Firebase project API key [5]. - [DEFAULT] refers to the Firebase app name (the default app instance is named "[DEFAULT]") [5][4]. Accessing Stored Data While you can manually retrieve this data using window.localStorage.getItem, it is considered an implementation detail of the Firebase SDK [4]. The Firebase team advises against relying on manual manipulation of these storage keys, as the internal structure or management of this data may change [4]. Instead, you should manage authentication state using the official Firebase Auth SDK methods, specifically onAuthStateChanged, which is designed to handle state retrieval, persistence, and updates automatically [2]. Persistence Options You can control how Firebase persists this state using the setPersistence method [1][6]: - browserLocalPersistence (default): Persists state even after the browser window is closed [1][6]. - browserSessionPersistence: Persists state only for the duration of the current session/tab [1][6]. - browserCookiePersistence: Available for hybrid rendering and middleware scenarios [6]. - none: Keeps authentication state only in memory, clearing it upon page refresh [1][7]. If you need to change the persistence type, you should call setPersistence before performing sign-in operations [1][2].

Citations:

• 1: https://firebase.google.com/docs/auth/web/auth-state-persistence
• 2: https://stackoverflow.com/questions/71377031/firebase-how-to-persist-auth-state
• 3: https://deepwiki.com/firebase/firebase-js-sdk/4.1-token-management
• 4: When used firebase.auth().signOut() with a promise leaves the "firebase:host:project-xxxxxxxxxxxxxx.firebaseio.com" key undeleted in localstorage FirebaseExtended/angularfire#903
• 5: https://stackoverflow.com/questions/37867083/firebase-returns-object-to-local-storage-on-sign-in-but-how-do-i-access-it
• 6: https://firebase.google.com/docs/reference/js/auth
• 7: https://firebase.google.cn/docs/reference/js/auth.persistence

---

The localStorage key format is incorrect according to Firebase documentation. Update the key to include the API key.

Firebase Auth localStorage persistence uses the format 'firebase:authUser:{apiKey}:[DEFAULT]'. The current key 'firebase:authUser:' is missing the API key portion, which does not match Firebase's documented format.

Additionally, the mock auth object is incomplete. Real Firebase auth tokens include fields like refreshToken, expiresIn, stsTokenManager, and provider metadata that the simplified mock omits.

While the test may still function due to network mocking (cy.intercept for identitytoolkit/**), relying on direct localStorage manipulation is fragile. Update the command to use the correct key format:

Cypress.Commands.add('mockFirebaseAuth', () => {
  const apiKey = Cypress.env('VITE_FIREBASE_API_KEY') || 'AIzaSy_test_key';
  window.localStorage.setItem(
    `firebase:authUser:${apiKey}:[DEFAULT]`,
    JSON.stringify({
      uid: 'gssoc-test-user-123',
      email: 'testuser@gssoc.org',
      displayName: 'Test Contributor',
      token: 'mock-session-jwt-token',
      refreshToken: 'mock-refresh-token',
      expiresIn: '3600'
    })
  );
});

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@frontend/cypress/support/commands.js` around lines 3 - 11, Update the
localStorage key in the command to match Firebase's documented format by
including the API key and [DEFAULT] suffix. Replace the static key
'firebase:authUser:' with a dynamic key that uses the format
'firebase:authUser:{apiKey}:[DEFAULT]' where the apiKey is retrieved from
Cypress.env('VITE_FIREBASE_API_KEY') or a fallback test key. Additionally,
enhance the mock auth object in the JSON.stringify call to include the missing
Firebase fields: add a refreshToken property with a mock value, and add an
expiresIn property set to '3600' to make the mock auth object more complete and
aligned with Firebase's actual auth token structure.

[codeant-ai]

Suggestion: The /api/upload mock response shape is incompatible with the upload page logic, which reads response.data.extractedText; returning only { success, id } causes downstream extractedText access to break and abort navigation. Mock the same schema the UI consumes. [api mismatch]

Severity Level: Critical 🚨

- ❌ Upload-to-resume creation flow crashes in Cypress runs.
- ❌ Enhance page is never navigated to in the test.
- ⚠️ Backend `/api/resumes` and enhance logic remain untested.

Steps of Reproduction ✅

1. The upload page logic in `frontend/src/pages/Upload.jsx:26-52` handles file selection;
it calls `const response = await uploadApi.uploadPdf(selectedFile, ...)` and then reads
`const extractedText = response.data.extractedText`.

2. `uploadApi.uploadPdf` in `frontend/src/services/api.js:160-181` performs a
`fetch(`${API_BASE}/upload`, { method: 'POST', ... })` and passes the HTTP response into
`handleResponse`, which returns the parsed JSON body (no additional wrapping).

3. The real backend upload route `backend/src/routes/upload.js:12-35` responds with `{
success: true, data: { resumeId, extractedText, ... } }`, so in production `response.data`
is an object containing `extractedText`.

4. In the Cypress test setup at `resume-flow.cy.js:9-12`, `cy.intercept('POST',
'/api/upload', { statusCode: 200, body: { success: true, id: 'mock-resume-uuid-456' } })`
returns a JSON shape without a `data` field; when the app under test runs
`Upload.jsx:34-35`, `response.data` is `undefined`, so `response.data.extractedText`
throws a `TypeError`, the catch block at lines 55-63 triggers a toast error, and
navigation to `/enhance/...` (lines 50-53) never occurs, causing the E2E test to fail
before the enhance page is reached.

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** frontend/cypress/e2e/resume-flow.cy.js
**Line:** 9:12
**Comment:**
	*Api Mismatch: The `/api/upload` mock response shape is incompatible with the upload page logic, which reads `response.data.extractedText`; returning only `{ success, id }` causes downstream `extractedText` access to break and abort navigation. Mock the same schema the UI consumes.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

👍 | 👎

[codeant-ai]

Suggestion: This test waits for /api/enhance/mock-resume-uuid-456, but the app's enhance page uses different endpoints (e.g. /api/enhance/ats-analysis, /api/enhance/comprehensive-analysis, /api/enhance/stream), so the alias is never triggered and cy.wait('@enhanceResume') will time out. Intercept the real enhance endpoints the page actually calls. [api mismatch]

Severity Level: Critical 🚨

- ❌ Enhance-stage wait always times out in Cypress.
- ⚠️ Score ring and text assertions are never reached.

Steps of Reproduction ✅

1. After upload and resume creation, `Upload.jsx:50-53` redirects the user to
`/enhance/${resumeResponse.data.id}`, so the app renders
`frontend/src/pages/Enhance.jsx:98-245` for the enhance dashboard.

2. The enhance page issues multiple enhance-related API calls through `enhanceApi` in
`frontend/src/services/api.js:234-107`, including `POST /api/enhance/ats-analysis`, `POST
/api/enhance/comprehensive-analysis`, `POST /api/enhance/resume-score`, and a streaming
`POST /api/enhance/stream` (see `Enhance.jsx:150-198` and `Enhance.jsx:236-275`).

3. None of the frontend code calls `POST /api/enhance/:id`; instead, endpoints are fixed
subpaths like `/ats-analysis`, `/comprehensive-analysis`, `/resume-score`,
`/before-after`, `/verb-lists`, etc.

4. In the Cypress test, the only enhance-related intercept is `cy.intercept('POST',
'/api/enhance/mock-resume-uuid-456', ...)` at `resume-flow.cy.js:14-24`, aliased as
`@enhanceResume`, and the test later runs `cy.wait('@enhanceResume')` at line 46; because
the app never issues a request matching `/api/enhance/mock-resume-uuid-456`, this alias is
never hit and `cy.wait('@enhanceResume')` will eventually time out, failing the test even
if the enhance page loads correctly.

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** frontend/cypress/e2e/resume-flow.cy.js
**Line:** 14:24
**Comment:**
	*Api Mismatch: This test waits for `/api/enhance/mock-resume-uuid-456`, but the app's enhance page uses different endpoints (e.g. `/api/enhance/ats-analysis`, `/api/enhance/comprehensive-analysis`, `/api/enhance/stream`), so the alias is never triggered and `cy.wait('@enhanceResume')` will time out. Intercept the real enhance endpoints the page actually calls.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

👍 | 👎

[codeant-ai]

Suggestion: The test targets a dropzone element by data-testid="dropzone", but the upload UI does not expose that attribute, so this selector will fail and stop the flow. Use a selector that exists in the rendered DropZone markup or add a stable test id in the component. [api mismatch]

Severity Level: Major ⚠️

- ❌ Resume E2E test fails before simulating file upload.
- ⚠️ Resume upload flow is never exercised in Cypress runs.

Steps of Reproduction ✅

1. Run the Cypress E2E suite so that `frontend/cypress/e2e/resume-flow.cy.js:1-51`
executes the `"End-to-End Resume Enhancement User Journey"` spec.

2. In `beforeEach` (lines 2-29), the test boots the app via `cy.visit('/')`, then in the
test body navigates to `/dashboard` with `cy.visit('/dashboard')` at line 33.

3. The tested upload UI is implemented by `DropZone` in
`frontend/src/components/DropZone.jsx:84-142`; this component's root `<div>` (lines 87-99)
is built from `getRootProps()` but has no `data-testid="dropzone"` attribute anywhere in
the file.

4. When `cy.get('[data-testid="dropzone"]')` at `resume-flow.cy.js:37` runs, Cypress
queries the DOM for an element that does not exist, causing the command (and thus the
test) to time out and fail before any file selection or network assertions execute.

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** frontend/cypress/e2e/resume-flow.cy.js
**Line:** 37:38
**Comment:**
	*Api Mismatch: The test targets a dropzone element by `data-testid="dropzone"`, but the upload UI does not expose that attribute, so this selector will fail and stop the flow. Use a selector that exists in the rendered `DropZone` markup or add a stable test id in the component.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

👍 | 👎

[codeant-ai]

Suggestion: The referenced fixture file path does not exist in the Cypress fixtures directory in this PR, so file selection will fail before upload assertions run. Add the fixture file (or use an existing one) and ensure the path is valid. [possible bug]

Severity Level: Major ⚠️

- ❌ File upload cannot be simulated in E2E tests.
- ⚠️ Upload UI and routing assertions never execute.

Steps of Reproduction ✅

1. Run the Cypress E2E suite so that `frontend/cypress/e2e/resume-flow.cy.js:31-50`
executes the resume flow test.

2. After locating the (non-existent) dropzone, the test attempts to select a fixture via
`.selectFile('cypress/fixtures/test-resume.pdf', { action: 'drag-drop' })` at line 39.

3. The frontend Cypress project structure under `frontend/cypress` contains only `e2e/`
and `support/` directories (see `frontend/cypress` listing); there is no
`frontend/cypress/fixtures` directory and no `test-resume.pdf` anywhere in the repo.

4. Once the selector issue at line 37 is fixed, Cypress will attempt to read
`cypress/fixtures/test-resume.pdf` and fail with a "file not found" error, preventing the
drag-drop simulation and aborting the test before `/api/upload` is hit.

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** frontend/cypress/e2e/resume-flow.cy.js
**Line:** 39:39
**Comment:**
	*Possible Bug: The referenced fixture file path does not exist in the Cypress fixtures directory in this PR, so file selection will fail before upload assertions run. Add the fixture file (or use an existing one) and ensure the path is valid.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

👍 | 👎

[codeant-ai]

Suggestion: This writes to window.localStorage from the spec context, not the app-under-test window, so the app often won't see the mocked session. Set storage through the AUT window (for example via a cy.visit(..., { onBeforeLoad }) or cy.window() flow) so authentication state is applied to the actual app context. [api mismatch]

Severity Level: Major ⚠️

- ⚠️ Firebase auth mocking may not affect the AUT window.
- ⚠️ Auth-dependent API calls can fail in non-DEV E2E runs.

Steps of Reproduction ✅

1. The custom command `mockFirebaseAuth` is defined in
`frontend/cypress/support/commands.js:1-12` and wired into Cypress via
`frontend/cypress/support/e2e.js:1` (which imports `./commands`).

2. Each E2E test in `frontend/cypress/e2e/resume-flow.cy.js:2-29` calls
`cy.mockFirebaseAuth()` before `cy.visit('/')`, relying on it to seed a logged-in Firebase
session.

3. Inside the command, `window.localStorage.setItem(...)` at line 3 writes into the
spec-runner window's storage, not the app-under-test (AUT) window that hosts
`http://localhost:5173` where `auth` from `frontend/src/config/firebase.js:20-41` is
initialized.

4. In environments where `isFirebaseConfigValid` is true and `import.meta.env.DEV` is
false (so `getAuthHeaders` in `frontend/src/services/api.js:8-27` requires a real
`auth.currentUser`), the AUT's Firebase auth instance will not see the spec window's
localStorage, leaving `auth.currentUser` null and causing `getAuthHeaders` and
`uploadApi.uploadPdf` to throw `Not authenticated` errors despite `cy.mockFirebaseAuth()`
having been called.

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** frontend/cypress/support/commands.js
**Line:** 3:3
**Comment:**
	*Api Mismatch: This writes to `window.localStorage` from the spec context, not the app-under-test window, so the app often won't see the mocked session. Set storage through the AUT window (for example via a `cy.visit(..., { onBeforeLoad })` or `cy.window()` flow) so authentication state is applied to the actual app context.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

👍 | 👎

[codeant-ai]

Suggestion: The mocked Firebase persistence key is incomplete (firebase:authUser:), while Firebase auth persistence uses a fully qualified key format tied to app config; this value will not be picked up as a valid logged-in session. Use the same storage key/shape that Firebase actually persists for this app. [api mismatch]

Severity Level: Major ⚠️

- ⚠️ Firebase auth session mock is never picked up by SDK.
- ⚠️ Auth-dependent routes may be inaccessible in E2E tests.

Steps of Reproduction ✅

1. The custom auth-mocking command in `frontend/cypress/support/commands.js:1-12` uses
`window.localStorage.setItem('firebase:authUser:', JSON.stringify({ uid, email, ... }))`
at line 4 to simulate a persisted Firebase session.

2. Firebase initialization in `frontend/src/config/firebase.js:20-41` creates a real
`auth` instance via `getAuth(app)` when a valid config is present, and the Firebase SDK
expects its persisted auth state under keys like `firebase:authUser:<apiKey>:[DEFAULT]`
rather than the bare `'firebase:authUser:'` prefix.

3. Because no code in the repo reads from `'firebase:authUser:'` (the only occurrence is
this mock command), and the Firebase SDK uses its own fully-qualified key format, writing
the mock user under `'firebase:authUser:'` never hydrates `auth.currentUser`.

4. In any Cypress run where `isFirebaseConfigValid` in `config/firebase.js` is true and
`import.meta.env.DEV` is false (so `getAuthHeaders` in `frontend/src/services/api.js:8-27`
and `uploadApi.uploadPdf` in lines 160-181 require an authenticated `auth.currentUser`),
the incorrect key prevents Firebase from restoring a logged-in user, leading to `Not
authenticated` errors even though `cy.mockFirebaseAuth()` has executed.

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** frontend/cypress/support/commands.js
**Line:** 4:4
**Comment:**
	*Api Mismatch: The mocked Firebase persistence key is incomplete (`firebase:authUser:`), while Firebase auth persistence uses a fully qualified key format tied to app config; this value will not be picked up as a valid logged-in session. Use the same storage key/shape that Firebase actually persists for this app.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

👍 | 👎