fix: e2e test - wait for session to load next step (calcom#23489)

* wait for session to load before navigating

* use event-types testId to ensure session loaded

* use profile page instead of eventTypes

Author: sean-brydon

apps/web/playwright/booking-pages.e2e.ts

@@ -548,10 +548,11 @@ test.describe("Booking round robin event", () => {
     users,
   }) => {
     const [testUser] = users.get();
-    await testUser.apiLogin();
 
     const team = await testUser.getFirstTeamMembership();
 
+    await testUser.apiLogin(`/team/${team.team.slug}`);
+
     // Click first event type (round robin)
     await page.click('[data-testid="event-type-link"]');
 

apps/web/playwright/fixtures/users.ts

@@ -657,8 +657,8 @@ const createUserFixture = (user: UserWithIncludes, page: Page) => {
     eventTypes: user.eventTypes,
     routingForms: user.routingForms,
     self,
-    apiLogin: async (password?: string) =>
-      apiLogin({ ...(await self()), password: password || user.username }, store.page),
+    apiLogin: async (navigateToUrl?: string, password?: string) =>
+      apiLogin({ ...(await self()), password: password || user.username }, store.page, navigateToUrl),
     /** Don't forget to close context at the end */
     apiLoginOnNewBrowser: async (browser: Browser, password?: string) => {
       const newContext = await browser.newContext();
@@ -969,25 +969,44 @@ export async function login(
 
 export async function apiLogin(
   user: Pick<Prisma.User, "username"> & Partial<Pick<Prisma.User, "email">> & { password: string | null },
-  page: Page
+  page: Page,
+  navigateToUrl?: string
 ) {
+  // Get CSRF token
   const csrfToken = await page
     .context()
     .request.get("/api/auth/csrf")
     .then((response) => response.json())
     .then((json) => json.csrfToken);
-  const data = {
+
+  // Make the login request
+  const loginData = {
     email: user.email ?? `${user.username}@example.com`,
     password: user.password ?? user.username,
     callbackURL: WEBAPP_URL,
     redirect: "false",
     json: "true",
     csrfToken,
   };
+
   const response = await page.context().request.post("/api/auth/callback/credentials", {
-    data,
+    data: loginData,
   });
+
   expect(response.status()).toBe(200);
+
+  /**
+   * Critical: Navigate to a protected page to trigger NextAuth session loading
+   * This forces NextAuth to run the jwt and session callbacks that populate
+   * the session with profile, org, and other important data
+   * We picked /settings/my-account/profile due to it being one of
+   * our lighest protected pages and doesnt do anything other than load the user profile
+   */
+  await page.goto(navigateToUrl || "/settings/my-account/profile");
+
+  // Wait for the session to be fully established
+  await page.waitForLoadState();
+
   return response;
 }