fix(tests): stabilize login() helper with waitForURL before navigation

Replace waitForLoadState('networkidle') with waitForURL (not /login) to
ensure React auth processing completes before tests proceed with
page.goto(). Prevents race condition where page.goto() interrupted
in-progress token storage.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

tests/dev-smoke-test.spec.js

@@ -18,6 +18,8 @@ async function login(page) {
   await page.fill('input[type="email"]', TEST_EMAIL);
   await page.fill('input[type="password"]', TEST_PASSWORD);
   await submitLoginForm(page);
+  // Wait until auth is complete: URL leaves /login and Dashboard is rendered
+  await page.waitForURL((url) => !url.toString().includes('/login'), { timeout: 15000 });
   await page.waitForLoadState('networkidle');
 }
 
@@ -232,32 +234,35 @@ test('P-01: Login-Seite enthält Links zu allen vier Rechtstextseiten', async ({
 
 // P-01b: Rechtliches über Einstellungen (Mobile/PWA-Erreichbarkeit)
 
+async function gotoAuthenticated(page, path) {
+  await page.goto(path);
+  await page.waitForLoadState('networkidle');
+  // After full-page reload the app re-checks auth from localStorage; wait for spinner to clear
+  await expect(page.locator('.spinner')).toHaveCount(0, { timeout: 15000 });
+}
+
 test('P-01b: Einstellungen enthält Link zu Rechtliches', async ({ page }) => {
-  await page.setViewportSize({ width: 390, height: 844 });
   await login(page);
-  await page.waitForLoadState('networkidle');
+  await expect(page.locator('.spinner')).toHaveCount(0, { timeout: 10000 });
 
-  await page.goto('/settings');
-  await page.waitForLoadState('networkidle');
+  await gotoAuthenticated(page, '/settings');
+  await expect(page.locator('.app-main').getByRole('heading', { level: 1, name: 'Einstellungen' })).toBeVisible({ timeout: 8000 });
 
-  const link = page.locator('a[href="/settings/legal"]');
+  const link = page.locator('.app-main a[href="/settings/legal"]');
   await expect(link).toBeVisible();
 
   console.log('✓ P-01b: Einstellungen enthält Link zu /settings/legal');
 });
 
 test('P-01b: /settings/legal enthält Links zu allen vier Rechtstextseiten', async ({ page }) => {
-  await page.setViewportSize({ width: 390, height: 844 });
   await login(page);
-  await page.waitForLoadState('networkidle');
+  await expect(page.locator('.spinner')).toHaveCount(0, { timeout: 10000 });
 
-  await page.goto('/settings/legal');
-  await page.waitForLoadState('networkidle');
-
-  await expect(page.getByRole('heading', { level: 1 })).toContainText('Rechtliches');
+  await gotoAuthenticated(page, '/settings/legal');
+  await expect(page.locator('.app-main').getByRole('heading', { level: 1, name: 'Rechtliches' })).toBeVisible({ timeout: 8000 });
 
   for (const route of LEGAL_ROUTES) {
-    const link = page.locator(`a[href="${route.path}"]`);
+    const link = page.locator(`.app-main a[href="${route.path}"]`);
     await expect(link).toBeVisible();
   }
 
@@ -265,15 +270,14 @@ test('P-01b: /settings/legal enthält Links zu allen vier Rechtstextseiten', asy
 });
 
 test('P-01b: Jeder Rechtstext-Link aus /settings/legal führt zur korrekten Route', async ({ page }) => {
-  await page.setViewportSize({ width: 390, height: 844 });
   await login(page);
-  await page.waitForLoadState('networkidle');
+  await expect(page.locator('.spinner')).toHaveCount(0, { timeout: 10000 });
 
   for (const route of LEGAL_ROUTES) {
-    await page.goto('/settings/legal');
-    await page.waitForLoadState('networkidle');
+    await gotoAuthenticated(page, '/settings/legal');
+    await expect(page.locator('.app-main').getByRole('heading', { level: 1, name: 'Rechtliches' })).toBeVisible({ timeout: 8000 });
 
-    await page.locator(`a[href="${route.path}"]`).click();
+    await page.locator(`.app-main a[href="${route.path}"]`).click();
     await page.waitForLoadState('networkidle');
 
     expect(page.url()).toContain(route.path);