Initialer Laravel Commit für BetiX

tests/Feature/Auth/AuthenticationTest.php

@@ -0,0 +1,90 @@
+<?php
+
+use App\Models\User;
+use Illuminate\Support\Facades\RateLimiter;
+use Laravel\Fortify\Features;
+
+test('login screen can be rendered', function () {
+    $response = $this->get(route('login'));
+
+    $response->assertOk();
+});
+
+test('users can authenticate using the login screen', function () {
+    $user = User::factory()->create();
+
+    $response = $this->post(route('login'), [
+        'email' => $user->email,
+        'password' => 'password',
+    ]);
+
+    $this->assertAuthenticated();
+    $response->assertRedirect(route('dashboard', absolute: false));
+});
+
+test('users with two factor enabled are redirected to two factor challenge', function () {
+    if (! Features::canManageTwoFactorAuthentication()) {
+        $this->markTestSkipped('Two-factor authentication is not enabled.');
+    }
+
+    Features::twoFactorAuthentication([
+        'confirm' => true,
+        'confirmPassword' => true,
+    ]);
+
+    $user = User::factory()->create();
+
+    $user->forceFill([
+        'two_factor_secret' => encrypt('test-secret'),
+        'two_factor_recovery_codes' => encrypt(json_encode(['code1', 'code2'])),
+        'two_factor_confirmed_at' => now(),
+    ])->save();
+
+    $response = $this->post(route('login'), [
+        'email' => $user->email,
+        'password' => 'password',
+    ]);
+
+    $response->assertRedirect(route('two-factor.login'));
+    $response->assertSessionHas('login.id', $user->id);
+    $this->assertGuest();
+});
+
+test('users can not authenticate with invalid password', function () {
+    $user = User::factory()->create();
+
+    $this->post(route('login'), [
+        'email' => $user->email,
+        'password' => 'wrong-password',
+    ]);
+
+    $this->assertGuest();
+});
+
+test('users can logout', function () {
+    $user = User::factory()->create();
+
+    $response = $this->actingAs($user)->post(route('logout'));
+
+    $this->assertGuest();
+    $response->assertRedirect(route('home'));
+});
+
+test('users are rate limited', function () {
+    $user = User::factory()->create();
+
+    for ($i = 0; $i < 5; $i++) {
+        $this->post(route('login'), [
+            'email' => $user->email,
+            'password' => 'wrong-password',
+        ]);
+    }
+
+    $response = $this->post(route('login'), [
+        'email' => $user->email,
+        'password' => 'wrong-password',
+    ]);
+
+    $response->assertStatus(302);
+    $response->assertSessionHasErrors('email');
+});

tests/Feature/Auth/EmailVerificationTest.php

@@ -0,0 +1,95 @@
+<?php
+
+use App\Models\User;
+use Illuminate\Auth\Events\Verified;
+use Illuminate\Support\Facades\Event;
+use Illuminate\Support\Facades\URL;
+
+test('email verification screen can be rendered', function () {
+    $user = User::factory()->unverified()->create();
+
+    $response = $this->actingAs($user)->get(route('verification.notice'));
+
+    $response->assertOk();
+});
+
+test('email can be verified', function () {
+    $user = User::factory()->unverified()->create();
+
+    Event::fake();
+
+    $verificationUrl = URL::temporarySignedRoute(
+        'verification.verify',
+        now()->addMinutes(60),
+        ['id' => $user->id, 'hash' => sha1($user->email)]
+    );
+
+    $response = $this->actingAs($user)->get($verificationUrl);
+
+    Event::assertDispatched(Verified::class);
+    expect($user->fresh()->hasVerifiedEmail())->toBeTrue();
+    $response->assertRedirect(route('dashboard', absolute: false).'?verified=1');
+});
+
+test('email is not verified with invalid hash', function () {
+    $user = User::factory()->unverified()->create();
+
+    Event::fake();
+
+    $verificationUrl = URL::temporarySignedRoute(
+        'verification.verify',
+        now()->addMinutes(60),
+        ['id' => $user->id, 'hash' => sha1('wrong-email')]
+    );
+
+    $this->actingAs($user)->get($verificationUrl);
+
+    Event::assertNotDispatched(Verified::class);
+    expect($user->fresh()->hasVerifiedEmail())->toBeFalse();
+});
+
+test('email is not verified with invalid user id', function () {
+    $user = User::factory()->unverified()->create();
+
+    Event::fake();
+
+    $verificationUrl = URL::temporarySignedRoute(
+        'verification.verify',
+        now()->addMinutes(60),
+        ['id' => 123, 'hash' => sha1($user->email)]
+    );
+
+    $this->actingAs($user)->get($verificationUrl);
+
+    Event::assertNotDispatched(Verified::class);
+    expect($user->fresh()->hasVerifiedEmail())->toBeFalse();
+});
+
+test('verified user is redirected to dashboard from verification prompt', function () {
+    $user = User::factory()->create();
+
+    Event::fake();
+
+    $response = $this->actingAs($user)->get(route('verification.notice'));
+
+    Event::assertNotDispatched(Verified::class);
+    $response->assertRedirect(route('dashboard', absolute: false));
+});
+
+test('already verified user visiting verification link is redirected without firing event again', function () {
+    $user = User::factory()->create();
+
+    Event::fake();
+
+    $verificationUrl = URL::temporarySignedRoute(
+        'verification.verify',
+        now()->addMinutes(60),
+        ['id' => $user->id, 'hash' => sha1($user->email)]
+    );
+
+    $this->actingAs($user)->get($verificationUrl)
+        ->assertRedirect(route('dashboard', absolute: false).'?verified=1');
+
+    Event::assertNotDispatched(Verified::class);
+    expect($user->fresh()->hasVerifiedEmail())->toBeTrue();
+});

tests/Feature/Auth/PasswordConfirmationTest.php

@@ -0,0 +1,22 @@
+<?php
+
+use App\Models\User;
+use Inertia\Testing\AssertableInertia as Assert;
+
+test('confirm password screen can be rendered', function () {
+    $user = User::factory()->create();
+
+    $response = $this->actingAs($user)->get(route('password.confirm'));
+
+    $response->assertOk();
+
+    $response->assertInertia(fn (Assert $page) => $page
+        ->component('auth/ConfirmPassword')
+    );
+});
+
+test('password confirmation requires authentication', function () {
+    $response = $this->get(route('password.confirm'));
+
+    $response->assertRedirect(route('login'));
+});

tests/Feature/Auth/PasswordResetTest.php

@@ -0,0 +1,76 @@
+<?php
+
+use App\Notifications\ResetPassword;
+use App\Models\User;
+use Illuminate\Support\Facades\Notification;
+
+test('reset password link screen can be rendered', function () {
+    $response = $this->get(route('password.request'));
+
+    $response->assertOk();
+});
+
+test('reset password link can be requested', function () {
+    $user = User::factory()->create();
+
+    Notification::fake();
+
+    $this->post(route('password.email'), ['email' => $user->email]);
+
+    Notification::assertSentTo($user, ResetPassword::class);
+});
+
+test('reset password screen can be rendered', function () {
+    $user = User::factory()->create();
+
+    Notification::fake();
+
+    $this->post(route('password.email'), ['email' => $user->email]);
+
+    Notification::assertSentTo($user, ResetPassword::class, function ($notification) {
+        $response = $this->get(route('password.reset', [
+            'token' => $notification->token,
+            'email' => 'test@example.com' // Any email works for rendering
+        ]));
+
+        $response->assertOk();
+
+        return true;
+    });
+});
+
+test('password can be reset with valid token', function () {
+    $user = User::factory()->create();
+
+    Notification::fake();
+
+    $this->post(route('password.email'), ['email' => $user->email]);
+
+    Notification::assertSentTo($user, ResetPassword::class, function ($notification) use ($user) {
+        $response = $this->post(route('password.update'), [
+            'token' => $notification->token,
+            'email' => $user->email,
+            'password' => 'new-password',
+            'password_confirmation' => 'new-password',
+        ]);
+
+        $response
+            ->assertSessionHasNoErrors()
+            ->assertRedirect(route('login'));
+
+        return true;
+    });
+});
+
+test('password cannot be reset with invalid token', function () {
+    $user = User::factory()->create();
+
+    $response = $this->post(route('password.update'), [
+        'token' => 'invalid-token',
+        'email' => $user->email,
+        'password' => 'newpassword123',
+        'password_confirmation' => 'newpassword123',
+    ]);
+
+    $response->assertSessionHasErrors('email');
+});

tests/Feature/Auth/RegistrationTest.php

@@ -0,0 +1,41 @@
+<?php
+
+test('registration screen can be rendered', function () {
+    $response = $this->get(route('register'));
+
+    $response->assertOk();
+});
+
+test('new users can register', function () {
+    $response = $this->post('/register', [
+        'username' => 'Dolo',
+        'first_name' => 'Kevin',
+        'last_name' => 'Geiger',
+        'email' => 'laynox9@gmail.com',
+        'birthdate' => '2004-01-23',
+        'gender' => 'male',
+        'phone' => '+4915112350255',
+        'country' => 'DE',
+        'address_line1' => 'Siedlerstr. 15',
+        'address_line2' => '',
+        'city' => 'Türkheim',
+        'postal_code' => '86842',
+        'currency' => 'EUR',
+        'password' => 'Geheim123!',
+        'password_confirmation' => 'Geheim123!',
+        'is_adult' => true,
+        'terms_accepted' => true
+    ]);
+
+    if ($response->status() !== 302) {
+        // Log errors to see what's failing if it's not a redirect
+        $errors = session('errors');
+        if ($errors) {
+            fwrite(STDERR, print_r($errors->getMessages(), true));
+        }
+    }
+
+    $response->assertStatus(302);
+    $this->assertAuthenticated('web');
+    $response->assertRedirect(route('dashboard', absolute: false));
+});

tests/Feature/Auth/TwoFactorChallengeTest.php

@@ -0,0 +1,45 @@
+<?php
+
+use App\Models\User;
+use Inertia\Testing\AssertableInertia as Assert;
+use Laravel\Fortify\Features;
+
+test('two factor challenge redirects to login when not authenticated', function () {
+    if (! Features::canManageTwoFactorAuthentication()) {
+        $this->markTestSkipped('Two-factor authentication is not enabled.');
+    }
+
+    $response = $this->get(route('two-factor.login'));
+
+    $response->assertRedirect(route('login'));
+});
+
+test('two factor challenge can be rendered', function () {
+    if (! Features::canManageTwoFactorAuthentication()) {
+        $this->markTestSkipped('Two-factor authentication is not enabled.');
+    }
+
+    Features::twoFactorAuthentication([
+        'confirm' => true,
+        'confirmPassword' => true,
+    ]);
+
+    $user = User::factory()->create();
+
+    $user->forceFill([
+        'two_factor_secret' => encrypt('test-secret'),
+        'two_factor_recovery_codes' => encrypt(json_encode(['code1', 'code2'])),
+        'two_factor_confirmed_at' => now(),
+    ])->save();
+
+    $this->post(route('login'), [
+        'email' => $user->email,
+        'password' => 'password',
+    ]);
+
+    $this->get(route('two-factor.login'))
+        ->assertOk()
+        ->assertInertia(fn (Assert $page) => $page
+            ->component('auth/TwoFactorChallenge')
+        );
+});

tests/Feature/Auth/VerificationNotificationTest.php

@@ -0,0 +1,29 @@
+<?php
+
+use App\Notifications\VerifyEmail;
+use App\Models\User;
+use Illuminate\Support\Facades\Notification;
+
+test('sends verification notification', function () {
+    $user = User::factory()->unverified()->create();
+
+    Notification::fake();
+
+    $this->actingAs($user)
+        ->post(route('verification.send'))
+        ->assertRedirect(route('dashboard'));
+
+    Notification::assertSentTo($user, VerifyEmail::class);
+});
+
+test('does not send verification notification if email is verified', function () {
+    Notification::fake();
+
+    $user = User::factory()->create();
+
+    $this->actingAs($user)
+        ->post(route('verification.send'))
+        ->assertRedirect(route('dashboard'));
+
+    Notification::assertNothingSent();
+});