12-05-2026 Frontend dev
This commit is contained in:
parent
405df0a122
commit
5b8bdf4182
779 changed files with 480564 additions and 6241 deletions
|
|
@ -2,14 +2,18 @@
|
|||
|
||||
use App\Models\User;
|
||||
use Livewire\Volt\Volt as LivewireVolt;
|
||||
use Tests\TestCase;
|
||||
|
||||
test('login screen can be rendered', function () {
|
||||
$response = $this->get('/login');
|
||||
/** @var TestCase $this */
|
||||
$portalUrl = rtrim((string) config('domains.domain_portal_url', 'http://presseportale.test'), '/');
|
||||
$response = $this->get($portalUrl.'/login');
|
||||
|
||||
$response->assertStatus(200);
|
||||
});
|
||||
|
||||
test('users can authenticate using the login screen', function () {
|
||||
/** @var TestCase $this */
|
||||
$user = User::factory()->create();
|
||||
|
||||
$response = LivewireVolt::test('auth.login')
|
||||
|
|
@ -22,9 +26,13 @@ test('users can authenticate using the login screen', function () {
|
|||
->assertRedirect(route('dashboard', absolute: false));
|
||||
|
||||
$this->assertAuthenticated();
|
||||
$user->refresh();
|
||||
expect($user->last_login_at)->not->toBeNull();
|
||||
expect($user->last_login_ip)->toBe('127.0.0.1');
|
||||
});
|
||||
|
||||
test('users can not authenticate with invalid password', function () {
|
||||
/** @var TestCase $this */
|
||||
$user = User::factory()->create();
|
||||
|
||||
$response = LivewireVolt::test('auth.login')
|
||||
|
|
@ -38,6 +46,7 @@ test('users can not authenticate with invalid password', function () {
|
|||
});
|
||||
|
||||
test('users can logout', function () {
|
||||
/** @var TestCase $this */
|
||||
$user = User::factory()->create();
|
||||
|
||||
$response = $this->actingAs($user)->post('/logout');
|
||||
|
|
@ -45,4 +54,4 @@ test('users can logout', function () {
|
|||
$response->assertRedirect('/');
|
||||
|
||||
$this->assertGuest();
|
||||
});
|
||||
});
|
||||
|
|
|
|||
|
|
@ -4,6 +4,19 @@ use App\Models\User;
|
|||
use Illuminate\Auth\Events\Verified;
|
||||
use Illuminate\Support\Facades\Event;
|
||||
use Illuminate\Support\Facades\URL;
|
||||
use Laravel\Fortify\Features;
|
||||
|
||||
/**
|
||||
* Fortify's emailVerification feature is intentionally disabled in
|
||||
* config/fortify.php (Volt handles the verification notice instead).
|
||||
* The tests below cover the Fortify-issued signed URL flow and become
|
||||
* relevant again once the feature is re-enabled.
|
||||
*/
|
||||
beforeEach(function () {
|
||||
if (! Features::enabled(Features::emailVerification())) {
|
||||
$this->markTestSkipped('Fortify emailVerification feature is disabled.');
|
||||
}
|
||||
});
|
||||
|
||||
test('email verification screen can be rendered', function () {
|
||||
$user = User::factory()->unverified()->create();
|
||||
|
|
@ -44,4 +57,4 @@ test('email is not verified with invalid hash', function () {
|
|||
$this->actingAs($user)->get($verificationUrl);
|
||||
|
||||
expect($user->fresh()->hasVerifiedEmail())->toBeFalse();
|
||||
});
|
||||
});
|
||||
|
|
|
|||
122
tests/Feature/Auth/MagicLinkLoginTest.php
Normal file
122
tests/Feature/Auth/MagicLinkLoginTest.php
Normal file
|
|
@ -0,0 +1,122 @@
|
|||
<?php
|
||||
|
||||
use App\Mail\MagicLoginLink;
|
||||
use App\Models\MagicLink;
|
||||
use App\Models\User;
|
||||
use Database\Seeders\RolesAndPermissionsSeeder;
|
||||
use Illuminate\Support\Facades\Mail;
|
||||
use Livewire\Volt\Volt as LivewireVolt;
|
||||
use Tests\TestCase;
|
||||
|
||||
test('user can request a magic login link from login page', function () {
|
||||
Mail::fake();
|
||||
$user = User::factory()->create(['is_active' => true]);
|
||||
|
||||
LivewireVolt::test('auth.login')
|
||||
->set('email', $user->email)
|
||||
->call('sendMagicLink')
|
||||
->assertHasNoErrors();
|
||||
|
||||
Mail::assertSent(MagicLoginLink::class, function (MagicLoginLink $mail) use ($user) {
|
||||
return $mail->user->is($user) && str_contains($mail->loginUrl, '/magic-login/');
|
||||
});
|
||||
|
||||
$magicLink = MagicLink::query()->firstOrFail();
|
||||
|
||||
expect($magicLink->user_id)->toBe($user->id);
|
||||
expect($magicLink->token_hash)->toHaveLength(64);
|
||||
});
|
||||
|
||||
test('admin can login with a valid magic link and lands on admin dashboard', function () {
|
||||
/** @var TestCase $this */
|
||||
$this->seed(RolesAndPermissionsSeeder::class);
|
||||
Mail::fake();
|
||||
$user = User::factory()->create(['is_active' => true]);
|
||||
$user->assignRole('admin');
|
||||
|
||||
LivewireVolt::test('auth.login')
|
||||
->set('email', $user->email)
|
||||
->call('sendMagicLink');
|
||||
|
||||
$sentMail = null;
|
||||
|
||||
Mail::assertSent(MagicLoginLink::class, function (MagicLoginLink $mail) use (&$sentMail) {
|
||||
$sentMail = $mail;
|
||||
|
||||
return true;
|
||||
});
|
||||
|
||||
expect($sentMail)->not->toBeNull();
|
||||
/** @var MagicLoginLink $sentMail */
|
||||
$this->get($sentMail->loginUrl)
|
||||
->assertRedirect(route('dashboard', absolute: false));
|
||||
|
||||
$this->assertAuthenticatedAs($user);
|
||||
|
||||
expect(MagicLink::query()->firstOrFail()->consumed_at)->not->toBeNull();
|
||||
$user->refresh();
|
||||
expect($user->last_login_at)->not->toBeNull();
|
||||
expect($user->last_login_ip)->toBe('127.0.0.1');
|
||||
});
|
||||
|
||||
test('customer is redirected to me dashboard after magic link login', function () {
|
||||
/** @var TestCase $this */
|
||||
$this->seed(RolesAndPermissionsSeeder::class);
|
||||
Mail::fake();
|
||||
$customer = User::factory()->create(['is_active' => true]);
|
||||
$customer->assignRole('customer');
|
||||
|
||||
LivewireVolt::test('auth.login')
|
||||
->set('email', $customer->email)
|
||||
->call('sendMagicLink');
|
||||
|
||||
$sentMail = null;
|
||||
Mail::assertSent(MagicLoginLink::class, function (MagicLoginLink $mail) use (&$sentMail) {
|
||||
$sentMail = $mail;
|
||||
|
||||
return true;
|
||||
});
|
||||
|
||||
/** @var MagicLoginLink $sentMail */
|
||||
$this->get($sentMail->loginUrl)
|
||||
->assertRedirect(route('me.dashboard', absolute: false));
|
||||
|
||||
$this->assertAuthenticatedAs($customer);
|
||||
});
|
||||
|
||||
test('expired magic link can not be used', function () {
|
||||
/** @var TestCase $this */
|
||||
$user = User::factory()->create(['is_active' => true]);
|
||||
$plainToken = 'expired-token';
|
||||
|
||||
MagicLink::query()->create([
|
||||
'user_id' => $user->id,
|
||||
'token_hash' => hash('sha256', $plainToken),
|
||||
'purpose' => 'login',
|
||||
'expires_at' => now()->subMinute(),
|
||||
]);
|
||||
|
||||
$this->get(route('magic-links.consume', ['token' => $plainToken]))
|
||||
->assertRedirect(route('login', absolute: false));
|
||||
|
||||
$this->assertGuest();
|
||||
});
|
||||
|
||||
test('consumed magic link can not be reused', function () {
|
||||
/** @var TestCase $this */
|
||||
$user = User::factory()->create(['is_active' => true]);
|
||||
$plainToken = 'consumed-token';
|
||||
|
||||
MagicLink::query()->create([
|
||||
'user_id' => $user->id,
|
||||
'token_hash' => hash('sha256', $plainToken),
|
||||
'purpose' => 'login',
|
||||
'expires_at' => now()->addMinutes(5),
|
||||
'consumed_at' => now()->subMinute(),
|
||||
]);
|
||||
|
||||
$this->get(route('magic-links.consume', ['token' => $plainToken]))
|
||||
->assertRedirect(route('login', absolute: false));
|
||||
|
||||
$this->assertGuest();
|
||||
});
|
||||
66
tests/Feature/Auth/UserAccessTest.php
Normal file
66
tests/Feature/Auth/UserAccessTest.php
Normal file
|
|
@ -0,0 +1,66 @@
|
|||
<?php
|
||||
|
||||
use App\Models\User;
|
||||
use Database\Seeders\RolesAndPermissionsSeeder;
|
||||
use Tests\TestCase;
|
||||
|
||||
test('active admin and editor users can access admin area', function () {
|
||||
/** @var TestCase $this */
|
||||
$this->seed(RolesAndPermissionsSeeder::class);
|
||||
|
||||
$admin = User::factory()->create(['is_active' => true]);
|
||||
$admin->assignRole('admin');
|
||||
|
||||
$editor = User::factory()->create(['is_active' => true]);
|
||||
$editor->assignRole('editor');
|
||||
|
||||
expect($admin->canAccessAdmin())->toBeTrue();
|
||||
expect($editor->canAccessAdmin())->toBeTrue();
|
||||
});
|
||||
|
||||
test('inactive users cannot access admin area', function () {
|
||||
/** @var TestCase $this */
|
||||
$this->seed(RolesAndPermissionsSeeder::class);
|
||||
|
||||
$admin = User::factory()->create(['is_active' => false]);
|
||||
$admin->assignRole('admin');
|
||||
|
||||
expect($admin->canAccessAdmin())->toBeFalse();
|
||||
});
|
||||
|
||||
test('super admin can access admin area without role', function () {
|
||||
$user = User::factory()->create([
|
||||
'is_active' => true,
|
||||
'is_super_admin' => true,
|
||||
]);
|
||||
|
||||
expect($user->canAccessAdmin())->toBeTrue();
|
||||
});
|
||||
|
||||
test('active customer and staff users can access customer area', function () {
|
||||
/** @var TestCase $this */
|
||||
$this->seed(RolesAndPermissionsSeeder::class);
|
||||
|
||||
$customer = User::factory()->create(['is_active' => true]);
|
||||
$customer->assignRole('customer');
|
||||
|
||||
$admin = User::factory()->create(['is_active' => true]);
|
||||
$admin->assignRole('admin');
|
||||
|
||||
expect($customer->canAccessCustomer())->toBeTrue();
|
||||
expect($admin->canAccessCustomer())->toBeTrue();
|
||||
});
|
||||
|
||||
test('api-only and inactive users cannot access customer area', function () {
|
||||
/** @var TestCase $this */
|
||||
$this->seed(RolesAndPermissionsSeeder::class);
|
||||
|
||||
$apiOnly = User::factory()->create(['is_active' => true]);
|
||||
$apiOnly->assignRole('api-only');
|
||||
|
||||
$inactiveCustomer = User::factory()->create(['is_active' => false]);
|
||||
$inactiveCustomer->assignRole('customer');
|
||||
|
||||
expect($apiOnly->canAccessCustomer())->toBeFalse();
|
||||
expect($inactiveCustomer->canAccessCustomer())->toBeFalse();
|
||||
});
|
||||
Loading…
Add table
Add a link
Reference in a new issue