get($portalUrl.'/login'); $response->assertStatus(200); }); test('the auth area forces light mode and never inherits the portal dark class', function () { /** @var TestCase $this */ $portalUrl = rtrim((string) config('domains.domain_portal_url', 'http://pressekonto.test'), '/'); // Auch mit gesetztem Dark-Cookie aus dem Portal bleibt der Login hell: // das -Tag trägt keine .dark-Klasse und das Strip-Skript ist präsent. $response = $this->withCookie('flux_appearance', 'dark')->get($portalUrl.'/login'); $response->assertStatus(200); $response->assertSee("classList.remove('dark')", false); expect($response->getContent())->not->toContain('superAdmin()->create(); $response = LivewireVolt::test('auth.login') ->set('email', $user->email) ->set('password', 'password') ->call('login'); $response ->assertHasNoErrors() ->assertRedirect(route('dashboard', absolute: false)); $this->assertAuthenticated(); $user->refresh(); expect($user->last_login_at)->not->toBeNull(); expect($user->last_login_ip)->toBe('127.0.0.1'); }); test('unverified users are redirected to the verification notice on login', function () { /** @var TestCase $this */ $user = User::factory()->unverified()->create(['is_active' => false]); LivewireVolt::test('auth.login') ->set('email', $user->email) ->set('password', 'password') ->call('login') ->assertHasNoErrors() ->assertRedirect(route('verification.notice', absolute: false)); $this->assertAuthenticated(); }); test('users can not authenticate with invalid password', function () { /** @var TestCase $this */ $user = User::factory()->create(); $response = LivewireVolt::test('auth.login') ->set('email', $user->email) ->set('password', 'wrong-password') ->call('login'); $response->assertHasErrors('email'); $this->assertGuest(); }); test('an authenticated customer visiting guest routes is not trapped on the admin dashboard', function () { /** @var TestCase $this */ $this->seed(RolesAndPermissionsSeeder::class); $customer = User::factory()->create(['is_active' => true]); $customer->assignRole('customer'); $this->actingAs($customer)->get('/login')->assertRedirect(route('me.dashboard')); $this->actingAs($customer)->get('/register')->assertRedirect(route('me.dashboard')); }); test('an authenticated admin visiting guest routes lands on the admin dashboard', function () { /** @var TestCase $this */ $admin = User::factory()->superAdmin()->create(); $this->actingAs($admin)->get('/login')->assertRedirect(route('dashboard')); }); test('an unverified authenticated user visiting guest routes lands on the notice', function () { /** @var TestCase $this */ $user = User::factory()->unverified()->create(['is_active' => false]); $this->actingAs($user)->get('/login')->assertRedirect(route('verification.notice')); }); test('a customer login with a stale intended admin url is redirected to the customer area', function () { /** @var TestCase $this */ $this->seed(RolesAndPermissionsSeeder::class); $customer = User::factory()->create(['is_active' => true]); $customer->assignRole('customer'); session()->put('url.intended', url('/admin/users')); LivewireVolt::test('auth.login') ->set('email', $customer->email) ->set('password', 'password') ->call('login') ->assertHasNoErrors() ->assertRedirect(route('me.dashboard', absolute: false)); $this->assertAuthenticatedAs($customer); }); test('an inactive but verified user cannot log in with a password', function () { /** @var TestCase $this */ // Factory ist standardmäßig verifiziert; nur deaktiviert. $user = User::factory()->create(['is_active' => false]); LivewireVolt::test('auth.login') ->set('email', $user->email) ->set('password', 'password') ->call('login') ->assertHasErrors(['email']); $this->assertGuest(); }); test('users can logout', function () { /** @var TestCase $this */ $user = User::factory()->create(); $response = $this->actingAs($user)->post('/logout'); $response->assertRedirect('/'); $this->assertGuest(); });