tracer/speedBB
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
Files
54d4cd7f9900b38ccb4d5f9dc3d041d83caf3282
speedBB/tests/Feature/AuthControllerTest.php
tracer 88e4a70f88
Some checks failed
CI/CD Pipeline / test (push) Successful in 3s
Details
CI/CD Pipeline / deploy (push) Failing after 15s
Details
Add comprehensive test coverage and update notes
2026-02-08 19:04:12 +01:00

223 lines
6.2 KiB
PHP
Raw Blame History

<?php
use App\Models\User;
use Illuminate\Auth\Notifications\VerifyEmail;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Notification;
use Illuminate\Support\Facades\Password;
use Illuminate\Support\Facades\URL;
use Laravel\Sanctum\Sanctum;
it('registers a user with username and plainPassword', function (): void {
Notification::fake();
$response = $this->postJson('/api/register', [
'username' => 'NewUser',
'email' => 'newuser@example.com',
'plainPassword' => 'Password123!',
]);
$response->assertOk();
$response->assertJsonStructure(['user_id', 'email', 'message']);
$this->assertDatabaseHas('users', [
'email' => 'newuser@example.com',
'name' => 'NewUser',
'name_canonical' => 'newuser',
]);
$user = User::where('email', 'newuser@example.com')->firstOrFail();
Notification::assertSentTo($user, VerifyEmail::class);
});
it('rejects invalid login credentials', function (): void {
$user = User::factory()->create([
'password' => Hash::make('Password123!'),
]);
$response = $this->postJson('/api/login', [
'login' => $user->email,
'password' => 'wrong-password',
]);
$response->assertStatus(422);
$response->assertJsonValidationErrors(['login']);
});
it('blocks login for unverified email', function (): void {
$user = User::factory()->unverified()->create([
'password' => Hash::make('Password123!'),
]);
$response = $this->postJson('/api/login', [
'login' => $user->email,
'password' => 'Password123!',
]);
$response->assertStatus(403);
$response->assertJsonFragment(['message' => 'Email not verified.']);
});
it('logs in with username', function (): void {
$user = User::factory()->create([
'name' => 'TestUser',
'name_canonical' => 'testuser',
'password' => Hash::make('Password123!'),
]);
$response = $this->postJson('/api/login', [
'login' => 'TestUser',
'password' => 'Password123!',
]);
$response->assertOk();
$response->assertJsonStructure(['token', 'user_id', 'email', 'roles']);
});
it('validates forgot password requests', function (): void {
$response = $this->postJson('/api/forgot-password', []);
$response->assertStatus(422);
$response->assertJsonValidationErrors(['email']);
});
it('sends a reset link for valid email', function (): void {
$user = User::factory()->create([
'email' => 'reset@example.com',
]);
$response = $this->postJson('/api/forgot-password', [
'email' => $user->email,
]);
$response->assertOk();
$response->assertJsonStructure(['message']);
});
it('returns validation error when reset link cannot be sent', function (): void {
Password::shouldReceive('sendResetLink')
->once()
->andReturn(Password::INVALID_USER);
$response = $this->postJson('/api/forgot-password', [
'email' => 'missing@example.com',
]);
$response->assertStatus(422);
$response->assertJsonValidationErrors(['email']);
});
it('resets a password with a valid token', function (): void {
$user = User::factory()->create([
'email' => 'reset2@example.com',
'password' => Hash::make('OldPassword123!'),
]);
$token = Password::createToken($user);
$response = $this->postJson('/api/reset-password', [
'email' => $user->email,
'password' => 'NewPassword123!',
'password_confirmation' => 'NewPassword123!',
'token' => $token,
]);
$response->assertOk();
$response->assertJsonStructure(['message']);
$user->refresh();
expect(Hash::check('NewPassword123!', $user->password))->toBeTrue();
});
it('returns validation error when reset fails', function (): void {
Password::shouldReceive('reset')
->once()
->andReturn(Password::INVALID_TOKEN);
$response = $this->postJson('/api/reset-password', [
'email' => 'resetfail@example.com',
'password' => 'NewPassword123!',
'password_confirmation' => 'NewPassword123!',
'token' => 'bad-token',
]);
$response->assertStatus(422);
$response->assertJsonValidationErrors(['email']);
});
it('verifies email and redirects to login', function (): void {
$user = User::factory()->unverified()->create();
$hash = sha1($user->getEmailForVerification());
$url = URL::signedRoute('verification.verify', [
'id' => $user->id,
'hash' => $hash,
]);
$response = $this->get($url);
$response->assertRedirect('/login');
$user->refresh();
expect($user->hasVerifiedEmail())->toBeTrue();
});
it('rejects invalid email verification hash', function (): void {
$user = User::factory()->unverified()->create();
$url = URL::signedRoute('verification.verify', [
'id' => $user->id,
'hash' => sha1('wrong'),
]);
$response = $this->get($url);
$response->assertStatus(403);
});
it('updates password for authenticated users', function (): void {
$user = User::factory()->create([
'password' => Hash::make('OldPass123!'),
]);
Sanctum::actingAs($user);
$response = $this->postJson('/api/user/password', [
'current_password' => 'OldPass123!',
'password' => 'NewPass123!',
'password_confirmation' => 'NewPass123!',
]);
$response->assertOk();
$response->assertJsonFragment(['message' => 'Password updated.']);
$user->refresh();
expect(Hash::check('NewPass123!', $user->password))->toBeTrue();
});
it('rejects password update with wrong current password', function (): void {
$user = User::factory()->create([
'password' => Hash::make('OldPass123!'),
]);
Sanctum::actingAs($user);
$response = $this->postJson('/api/user/password', [
'current_password' => 'WrongPass123!',
'password' => 'NewPass123!',
'password_confirmation' => 'NewPass123!',
]);
$response->assertStatus(422);
$response->assertJsonValidationErrors(['current_password']);
});
it('logs out authenticated users', function (): void {
$user = User::factory()->create();
Sanctum::actingAs($user);
$response = $this->postJson('/api/logout');
$response->assertStatus(204);
});
Reference in New Issue View Git Blame Copy Permalink