Revert: M2M scope poll and @clerk/testing timeout bumps

These three changes — the M2M `expect.poll`, the `userButton.waitForMounted`
30s timeout, and the `resolveResetPasswordTask` 30s waitFor — didn't move
the failing tests, because each one bumped into Playwright's 30s default
test timeout before the new budget could matter.

The underlying failures are real product/backend issues (cl-userButtonTrigger
never paints; reset-password user lands on the wrong task screen; new M2M
tokens stay 401 after a fresh scope grant) that need a code fix outside
this PR. Reverting the test-side bandages keeps this PR focused on what
actually helped.

Kept from earlier commits:
- Strong random fake-user passwords (`fakerPassword()`)
- Defensive optional-chained afterAll in `components.test.ts` and the
  three `registerXxxAuthTests` helpers in `machineAuthHelpers.ts`.

Restored to `main`:
- `userButton.waitForMounted` (no explicit timeout)
- `resolveResetPasswordTask` (no explicit waitFor)
- M2M `authorizes after dynamically granting scope` (no `expect.poll`)
- empty changeset

Author: jacekradko

.changeset/fix-e2e-compromised-password.md

@@ -1,8 +1,2 @@
 ---
-'@clerk/testing': patch
 ---
-
-Increase timeouts in two `unstable_PageObjects` Playwright helpers so they hold up on slower CI runners:
-
-- `userButton.waitForMounted` now waits up to 30s for the `.cl-userButtonTrigger` element to attach (previously inherited the global 10s `actionTimeout`).
-- `sessionTask.resolveResetPasswordTask` now explicitly waits up to 30s for the new-password input to become visible before filling it.

integration/testUtils/machineAuthHelpers.ts

@@ -349,40 +349,21 @@ export const registerM2MAuthTests = (adapter: MachineAuthTestAdapter): void => {
       const u = createTestUtils({ app, page, context });
 
       await u.services.clerk.machines.createScope(network.unscopedSender.id, network.primaryServer.id);
-
-      const url = new URL(adapter.m2m.path, app.serverUrl).toString();
-      const issuedTokenIds: string[] = [];
+      const m2mToken = await u.services.clerk.m2m.createToken({
+        machineSecretKey: network.unscopedSender.secretKey,
+        secondsUntilExpiration: 60 * 30,
+      });
 
       try {
-        // The new scope can take a moment to propagate to token-issuance, so
-        // mint a fresh token on each poll iteration and stop once the issued
-        // token is accepted by the primary server.
-        let body: { subject: string; tokenType: string } | undefined;
-        await expect
-          .poll(
-            async () => {
-              const m2mToken = await u.services.clerk.m2m.createToken({
-                machineSecretKey: network.unscopedSender.secretKey,
-                secondsUntilExpiration: 60 * 30,
-              });
-              issuedTokenIds.push(m2mToken.id);
-              const res = await u.page.request.get(url, {
-                headers: { Authorization: `Bearer ${m2mToken.token}` },
-              });
-              if (res.status() !== 200) return res.status();
-              body = await res.json();
-              return 200;
-            },
-            { timeout: 30_000, intervals: [500, 1000, 2000, 2000, 3000] },
-          )
-          .toBe(200);
-
-        expect(body!.subject).toBe(network.unscopedSender.id);
-        expect(body!.tokenType).toBe(TokenType.M2MToken);
+        const res = await u.page.request.get(new URL(adapter.m2m.path, app.serverUrl).toString(), {
+          headers: { Authorization: `Bearer ${m2mToken.token}` },
+        });
+        expect(res.status()).toBe(200);
+        const body = await res.json();
+        expect(body.subject).toBe(network.unscopedSender.id);
+        expect(body.tokenType).toBe(TokenType.M2MToken);
       } finally {
-        for (const id of issuedTokenIds) {
-          await u.services.clerk.m2m.revokeToken({ m2mTokenId: id }).catch(() => {});
-        }
+        await u.services.clerk.m2m.revokeToken({ m2mTokenId: m2mToken.id });
       }
     });
 

packages/testing/src/playwright/unstable/page-objects/sessionTask.ts

@@ -27,9 +27,7 @@ export const createSessionTaskComponentPageObject = (testArgs: { page: EnhancedP
       newPassword: string;
       confirmPassword: string;
     }) => {
-      const newPasswordInput = page.locator('input[name=newPassword]');
-      await newPasswordInput.waitFor({ state: 'visible', timeout: 30_000 });
-      await newPasswordInput.fill(newPassword);
+      await page.locator('input[name=newPassword]').fill(newPassword);
       await page.locator('input[name=confirmPassword]').fill(confirmPassword);
 
       const resetPasswordButton = page.getByRole('button', { name: /reset password/i });

packages/testing/src/playwright/unstable/page-objects/userButton.ts

@@ -7,7 +7,7 @@ export const createUserButtonPageObject = (testArgs: { page: EnhancedPage }) =>
 
   const self = {
     waitForMounted: () => {
-      return page.waitForSelector('.cl-userButtonTrigger', { state: 'attached', timeout: 30_000 });
+      return page.waitForSelector('.cl-userButtonTrigger', { state: 'attached' });
     },
     toggleTrigger: () => {
       return page.locator('.cl-userButtonTrigger').click();