RocketChat · kodiakhq · Dec 11, 2025 · Dec 10, 2025 · Dec 11, 2025 · Dec 11, 2025
@@ -17,7 +17,7 @@ const AccountSidebar = () => {
 	// TODO: uplift this provider
 	return (
 		<SettingsProvider>
-			<Sidebar>
+			<Sidebar aria-label={t('Account')}>
 				<Sidebar.Header onClose={sidebar.close} title={t('Account')} />
 				<Sidebar.Content>
 					<Sidebar.ItemsAssembler items={items} currentPath={currentPath} />

@@ -68,31 +68,6 @@ test.describe.serial('settings-account-profile', () => {
 		});
 	});
 
-	test.describe('Security', () => {
-		test.beforeEach(async ({ page }) => {
-			await page.goto('account/security');
-			await page.waitForSelector('#main-content');
-		});
-
-		test('should not have any accessibility violations', async ({ page, makeAxeBuilder }) => {
-			await page.goto('/account/security');
-
-			const results = await makeAxeBuilder().analyze();
-			expect(results.violations).toEqual([]);
-		});
-
-		test('should disable and enable email 2FA', async () => {
-			await poAccountProfile.security2FASection.click();
-			await expect(poAccountProfile.email2FASwitch).toBeVisible();
-			await poAccountProfile.email2FASwitch.click();
-			await poHomeChannel.toastMessage.waitForDisplay();
-			await poHomeChannel.toastMessage.dismissToast();
-
-			await poAccountProfile.email2FASwitch.click();
-			await poHomeChannel.toastMessage.waitForDisplay();
-		});
-	});
-
 	test('Personal Access Tokens', async ({ page }) => {
 		const response = page.waitForResponse('**/api/v1/users.getPersonalAccessTokens');
 		await page.goto('/account/tokens');

@@ -0,0 +1,108 @@
+import { faker } from '@faker-js/faker';
+
+import { ADMIN_CREDENTIALS } from './config/constants';
+import { Users } from './fixtures/userStates';
+import { AccountSecurity } from './page-objects';
+import { setSettingValueById, updateOwnUserPassword } from './utils';
+import { test, expect } from './utils/test';
+
+test.use({ storageState: Users.admin.state });
+
+const RANDOM_PASSWORD = faker.string.alphanumeric(10);
+
+test.describe.serial('account-security', () => {
+	let poAccountSecurity: AccountSecurity;
+
+	test.beforeEach(async ({ page }) => {
+		poAccountSecurity = new AccountSecurity(page);
+		await page.goto('/account/security');
+		await page.waitForSelector('#main-content');
+	});
+
+	test.afterAll(async ({ api }) =>
+		Promise.all([
+			setSettingValueById(api, 'Accounts_AllowPasswordChange', true),
+			setSettingValueById(api, 'Accounts_TwoFactorAuthentication_Enabled', true),
+			setSettingValueById(api, 'E2E_Enable', false),
+		]),
+	);
+
+	test('should disable and enable email 2FA', async () => {
+		await poAccountSecurity.security2FASection.click();
+		await expect(poAccountSecurity.email2FASwitch).toBeVisible();
+		await poAccountSecurity.email2FASwitch.click();
+		await poAccountSecurity.toastMessage.waitForDisplay();
+		await poAccountSecurity.toastMessage.dismissToast();
+
+		await poAccountSecurity.email2FASwitch.click();
+		await poAccountSecurity.toastMessage.waitForDisplay();
+	});
+
+	// FIXME: This test should pass as soon as we provide the fix
+	test.skip('should be able to change password', async ({ api }) => {
+		await test.step('change password', async () => {
+			await poAccountSecurity.changePassword(RANDOM_PASSWORD, RANDOM_PASSWORD, ADMIN_CREDENTIALS.password);
+			await expect(poAccountSecurity.inputNewPassword).toHaveValue('');
+		});
+
+		await test.step('change back to the original password', async () => {
+			expect(
+				(await updateOwnUserPassword(api, { newPassword: ADMIN_CREDENTIALS.password, currentPassword: RANDOM_PASSWORD })).status(),
+			).toBe(200);
+		});
+	});
+
+	test.describe('settings disabled', () => {
+		test.beforeAll(async ({ api }) => {
+			await Promise.all([
+				setSettingValueById(api, 'Accounts_AllowPasswordChange', false),
+				setSettingValueById(api, 'Accounts_TwoFactorAuthentication_Enabled', false),
+				setSettingValueById(api, 'E2E_Enable', false),
+			]);
+		});
+
+		test('security tab is invisible when password change, 2FA and E2E are disabled', async ({ page }) => {
+			const securityTab = poAccountSecurity.sidebar.linkSecurity;
+			await expect(securityTab).not.toBeVisible();
+			const mainContent = page.locator('#main-content').getByText('You are not authorized to view this page.').first();
+			await expect(mainContent).toBeVisible();
+		});
+	});
+
+	test.describe('account security sections', () => {
+		test.beforeAll(async ({ api }) => {
+			await Promise.all([
+				setSettingValueById(api, 'Accounts_AllowPasswordChange', true),
+				setSettingValueById(api, 'Accounts_TwoFactorAuthentication_Enabled', false),
+				setSettingValueById(api, 'E2E_Enable', false),
+			]);
+		});
+
+		test.beforeEach(async () => {
+			await poAccountSecurity.securityHeader.waitFor({ state: 'visible' });
+		});
+
+		test('should display security tab and section when password change is enabled but 2FA and E2E are disabled', async () => {
+			await expect(poAccountSecurity.sidebar.linkSecurity).toBeVisible();
+			await expect(poAccountSecurity.securityPasswordSection).toBeVisible();
+		});
+
+		test('can access 2FA setting when enabled but password change and E2E are disabled', async ({ api }) => {
+			await Promise.all([
+				setSettingValueById(api, 'Accounts_AllowPasswordChange', false),
+				setSettingValueById(api, 'Accounts_TwoFactorAuthentication_Enabled', true),
+				setSettingValueById(api, 'E2E_Enable', false),
+			]);
+			await expect(poAccountSecurity.security2FASection).toBeVisible();
+		});
+
+		test('can access E2E setting when enabled but password change and 2FA are disabled', async ({ api }) => {
+			await Promise.all([
+				setSettingValueById(api, 'Accounts_AllowPasswordChange', false),
+				setSettingValueById(api, 'Accounts_TwoFactorAuthentication_Enabled', false),
+				setSettingValueById(api, 'E2E_Enable', true),
+			]);
+			await expect(poAccountSecurity.securityE2EEncryptionSection).toBeVisible();
+		});
+	});
+});
@@ -3,7 +3,7 @@ import type { Page } from '@playwright/test';
 import { createAuxContext } from '../fixtures/createAuxContext';
 import injectInitialData from '../fixtures/inject-initial-data';
 import { Users } from '../fixtures/userStates';
-import { AccountProfile } from '../page-objects';
+import { AccountSecurity } from '../page-objects';
 import { preserveSettings } from '../utils/preserveSettings';
 import { test, expect } from '../utils/test';
 
@@ -40,12 +40,12 @@ test.describe('E2EE Key Reset', () => {
 	});
 
 	test('expect force logout on e2e keys reset', async ({ page }) => {
-		const poAccountProfile = new AccountProfile(page);
+		const poAccountSecurity = new AccountSecurity(page);
 
 		await page.goto('/account/security');
 
-		await poAccountProfile.securityE2EEncryptionSection.click();
-		await poAccountProfile.securityE2EEncryptionResetKeyButton.click();
+		await poAccountSecurity.securityE2EEncryptionSection.click();
+		await poAccountSecurity.securityE2EEncryptionResetKeyButton.click();
 
 		await expect(page.locator('role=button[name="Login"]')).toBeVisible();
 		await expect(anotherClientPage.locator('role=button[name="Login"]')).toBeVisible();

@@ -2,9 +2,8 @@ import { faker } from '@faker-js/faker';
 
 import injectInitialData from '../fixtures/inject-initial-data';
 import { Users, storeState, restoreState } from '../fixtures/userStates';
-import { AccountProfile, HomeChannel } from '../page-objects';
+import { AccountSecurity, HomeChannel } from '../page-objects';
 import { setupE2EEPassword } from './setupE2EEPassword';
-import { AccountSecurityPage } from '../page-objects/account-security';
 import { HomeSidenav } from '../page-objects/fragments';
 import {
 	E2EEKeyDecodeFailureBanner,
@@ -79,7 +78,7 @@ test.describe('E2EE Passphrase Management - Initial Setup', () => {
 		});
 
 		test('expect to manually reset the password', async ({ page }) => {
-			const accountSecurityPage = new AccountSecurityPage(page);
+			const accountSecurityPage = new AccountSecurity(page);
 			const loginPage = new LoginPage(page);
 
 			// Reset the E2EE key to start the flow from the beginning
@@ -114,7 +113,7 @@ test.describe('E2EE Passphrase Management - Initial Setup', () => {
 		});
 
 		test('expect to manually set a new password', async ({ page }) => {
-			const accountSecurityPage = new AccountSecurityPage(page);
+			const accountSecurityPage = new AccountSecurity(page);
 			const loginPage = new LoginPage(page);
 			const enterE2EEPasswordBanner = new EnterE2EEPasswordBanner(page);
 			const enterE2EEPasswordModal = new EnterE2EEPasswordModal(page);
@@ -183,14 +182,14 @@ test.use({ storageState: Users.admin.state });
 const roomSetupSettingsList = ['E2E_Enable', 'E2E_Allow_Unencrypted_Messages'];
 
 test.describe.serial('E2EE Passphrase Management - Room Setup States', () => {
-	let poAccountProfile: AccountProfile;
+	let poAccountSecurity: AccountSecurity;
 	let poHomeChannel: HomeChannel;
 	let e2eePassword: string;
 
 	preserveSettings(roomSetupSettingsList);
 
 	test.beforeEach(async ({ page }) => {
-		poAccountProfile = new AccountProfile(page);
+		poAccountSecurity = new AccountSecurity(page);
 		poHomeChannel = new HomeChannel(page);
 	});
 
@@ -205,8 +204,8 @@ test.describe.serial('E2EE Passphrase Management - Room Setup States', () => {
 
 	test('expect save password state on encrypted room', async ({ page }) => {
 		await page.goto('/account/security');
-		await poAccountProfile.securityE2EEncryptionSection.click();
-		await poAccountProfile.securityE2EEncryptionResetKeyButton.click();
+		await poAccountSecurity.securityE2EEncryptionSection.click();
+		await poAccountSecurity.securityE2EEncryptionResetKeyButton.click();
 
 		await page.locator('role=button[name="Login"]').waitFor();
 
@@ -320,8 +319,8 @@ test.describe.serial('E2EE Passphrase Management - Room Setup States', () => {
 
 		await page.locator('role=navigation >> a:has-text("Security")').click();
 
-		await poAccountProfile.securityE2EEncryptionSection.click();
-		await poAccountProfile.securityE2EEncryptionResetKeyButton.click();
+		await poAccountSecurity.securityE2EEncryptionSection.click();
+		await poAccountSecurity.securityE2EEncryptionResetKeyButton.click();
 
 		await page.locator('role=button[name="Login"]').waitFor();