test(e2e): cover caldav token deletion

frontend/tests/e2e/user/settings/caldav.spec.ts

@@ -1,5 +1,6 @@
 import {test, expect} from '../../../support/fixtures'
 import {gotoUserSettings} from '../../../support/userSettings'
+import {TokenFactory} from '../../../factories/token'
 
 test.describe('CalDAV', () => {
 	test('generates a token that authenticates against the caldav endpoint', async ({
@@ -29,4 +30,24 @@ test.describe('CalDAV', () => {
 		})
 		expect(resp.status()).toBeLessThan(300)
 	})
+
+	test('deleting a token revokes caldav access', async ({
+		authenticatedPage: page, currentUser,
+	}) => {
+		const tokenValue = 'fixed-caldav-token-123456789012345678901234567890'
+		// kind=4 is TokenCaldavAuth (see pkg/user/token.go)
+		await TokenFactory.create(1, {user_id: currentUser.id, kind: 4, token: tokenValue}, false)
+
+		await gotoUserSettings(page, 'caldav')
+		// Filter to data rows (rows containing a <td>) to exclude the <th>-only header row.
+		const dataRows = page.locator('table.table tr').filter({has: page.locator('td')})
+		await expect(dataRows).toHaveCount(1)
+
+		await dataRows.getByRole('button', {name: 'Delete'}).click()
+		await expect(dataRows).toHaveCount(0)
+
+		// NOTE: the factory seeds the plaintext token as-is, but caldav tokens are
+		// stored bcrypt-hashed. We assert the row is gone in the UI rather than
+		// probing caldav with the seeded value.
+	})
 })