gitmedia/markemacht
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
markemacht/tests/Feature/Settings/SecurityTest.php
Kevin Adametz 2a617e09cc
Some checks are pending
linter / quality (push) Waiting to run
Details
tests / ci (8.3) (push) Waiting to run
Details
tests / ci (8.4) (push) Waiting to run
Details
tests / ci (8.5) (push) Waiting to run
Details
Initial commit: Laravel-Skelett + Markenwissen-Verfassung + markemacht.de Web 
Erfasst den vollständigen Projektstand mit drei Hauptbereichen:

1. Laravel 11 Application-Skelett
   - Standard-Setup (app/, bootstrap/, config/, database/, public/, resources/, routes/, storage/, tests/)
   - Composer + npm Konfiguration
   - Devcontainer für Laravel Sail (PHP/MySQL/Redis)
   - GitHub Actions Workflows (lint + tests)
   - Tailwind/Vite Build-Pipeline

2. docs/ – Wissensbasis "Marke macht." (Methodik-Verfassung)
   Stand nach Pflegerunde 2026-05-28:
   - 00_Methodik-Verfassung: Dok. 000 (v2.0.2) bis Dok. 013 (NEU) + Anhänge
   - 10_Quellen-Original: Wala, Sharp, Simon (read-only Quellen)
   - 20_Markenwissen: 25 abgeleitete MW-Dokumente (Wala_MW-WAL, Sharp_MW-HBG, Simon_MW-SIM)
   - 30_Synthese: Markenwissen_I_Synthese_Gesamt + Scorecard-Regeln
   - 40_Implementierung: 011b-Erweiterung
   - _Steuerung: 00_START_HIER, Serienübersicht, CHANGELOG.md

   Letzte methodische Eingriffe:
   - Methodik-Update v2.0 (Ownership Autorenschaft/Anwendung, Geltungsbereich Kernthese,
     Score-Ebenen DNA-Reifegrad, Preislogik Governance-Scope)
   - Dok. 013 NEU: Akquise- & Conversion-Logik (Auffahrten statt Funnel)
   - Rebranding brandwork.io → Brand Rules (brand-rules.com)
   - Schichtverletzungen behoben, Ordner-Symmetrie hergestellt, Verweise konsolidiert

3. _markemacht.de/ – Web-Frontend Design-Sandbox
   - Statische HTML-Entwürfe (Startseite, Methode, Manifest, Denken, Blog)
   - Design-System (warm_intellectualism, based_web_design)
   - Assets (CSS, JS, Favicon)

Konfiguration:
- .gitignore um .DS_Store und Thumbs.db erweitert
- Lokale Git-Identity gesetzt: Kevin Adametz <kevin.adametz@me.com>
- .env wird ignoriert (nur .env.example versioniert)

Konfliktregel: Bei Spannung zwischen Code und Methodik gilt die Methodik (Dok. 000).
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-28 16:01:54 +00:00

113 lines
No EOL
3.3 KiB
PHP
Raw Blame History

<?php
use App\Models\User;
use Illuminate\Support\Facades\Hash;
use Laravel\Fortify\Features;
use Livewire\Livewire;
beforeEach(function () {
$this->skipUnlessFortifyHas(Features::twoFactorAuthentication());
Features::twoFactorAuthentication([
'confirm' => true,
'confirmPassword' => true,
]);
Features::passkeys([
'confirmPassword' => true,
]);
});
test('security settings page can be rendered', function () {
$user = User::factory()->create();
$response = $this->actingAs($user)
->withSession(['auth.password_confirmed_at' => time()])
->get(route('security.edit'));
$response->assertOk();
$response->assertSee('Passkeys');
$response->assertSee('No passkeys yet');
$response->assertSee('Two-factor authentication');
$response->assertSee('Enable 2FA');
});
test('security settings page requires password confirmation when enabled', function () {
$user = User::factory()->create();
$response = $this->actingAs($user)
->get(route('security.edit'));
$response->assertRedirect(route('password.confirm'));
});
test('security settings page renders without two factor when feature is disabled', function () {
config(['fortify.features' => []]);
$user = User::factory()->create();
$this->actingAs($user)
->withSession(['auth.password_confirmed_at' => time()])
->get(route('security.edit'))
->assertOk()
->assertSee('Update password')
->assertDontSee('Manage your passkeys for passwordless sign-in')
->assertDontSee('Add a passkey to sign in without a password')
->assertDontSee('Two-factor authentication');
});
test('two factor authentication disabled when confirmation abandoned between requests', function () {
$user = User::factory()->create();
$user->forceFill([
'two_factor_secret' => encrypt('test-secret'),
'two_factor_recovery_codes' => encrypt(json_encode(['code1', 'code2'])),
'two_factor_confirmed_at' => null,
])->save();
$this->actingAs($user);
$component = Livewire::test('pages::settings.security');
$component->assertSet('twoFactorEnabled', false);
$this->assertDatabaseHas('users', [
'id' => $user->id,
'two_factor_secret' => null,
'two_factor_recovery_codes' => null,
]);
});
test('password can be updated', function () {
$user = User::factory()->create([
'password' => Hash::make('password'),
]);
$this->actingAs($user);
$response = Livewire::test('pages::settings.security')
->set('current_password', 'password')
->set('password', 'new-password')
->set('password_confirmation', 'new-password')
->call('updatePassword');
$response->assertHasNoErrors();
expect(Hash::check('new-password', $user->refresh()->password))->toBeTrue();
});
test('correct password must be provided to update password', function () {
$user = User::factory()->create([
'password' => Hash::make('password'),
]);
$this->actingAs($user);
$response = Livewire::test('pages::settings.security')
->set('current_password', 'wrong-password')
->set('password', 'new-password')
->set('password_confirmation', 'new-password')
->call('updatePassword');
$response->assertHasErrors(['current_password']);
});
Reference in a new issue View git blame Copy permalink