complete story 1.3 with qa test & added future recommendations to the dev
This commit is contained in:
@@ -9,19 +9,34 @@ test('login screen can be rendered', function () {
|
||||
$response->assertStatus(200);
|
||||
});
|
||||
|
||||
test('users can authenticate using the login screen', function () {
|
||||
$user = User::factory()->create();
|
||||
test('admin user redirects to admin dashboard after login', function () {
|
||||
$admin = User::factory()->admin()->create();
|
||||
|
||||
$response = $this->post(route('login.store'), [
|
||||
'email' => $user->email,
|
||||
'email' => $admin->email,
|
||||
'password' => 'password',
|
||||
]);
|
||||
|
||||
$response
|
||||
->assertSessionHasNoErrors()
|
||||
->assertRedirect(route('dashboard', absolute: false));
|
||||
->assertRedirect('/admin/dashboard');
|
||||
|
||||
$this->assertAuthenticated();
|
||||
$this->assertAuthenticatedAs($admin);
|
||||
});
|
||||
|
||||
test('client user redirects to client dashboard after login', function () {
|
||||
$client = User::factory()->individual()->create();
|
||||
|
||||
$response = $this->post(route('login.store'), [
|
||||
'email' => $client->email,
|
||||
'password' => 'password',
|
||||
]);
|
||||
|
||||
$response
|
||||
->assertSessionHasNoErrors()
|
||||
->assertRedirect('/client/dashboard');
|
||||
|
||||
$this->assertAuthenticatedAs($client);
|
||||
});
|
||||
|
||||
test('users can not authenticate with invalid password', function () {
|
||||
@@ -32,21 +47,54 @@ test('users can not authenticate with invalid password', function () {
|
||||
'password' => 'wrong-password',
|
||||
]);
|
||||
|
||||
$response->assertSessionHasErrorsIn('email');
|
||||
$this->assertGuest();
|
||||
});
|
||||
|
||||
test('nonexistent user shows error', function () {
|
||||
$response = $this->post(route('login.store'), [
|
||||
'email' => 'nonexistent@example.com',
|
||||
'password' => 'password',
|
||||
]);
|
||||
|
||||
$this->assertGuest();
|
||||
});
|
||||
|
||||
test('deactivated user cannot login', function () {
|
||||
$user = User::factory()->deactivated()->create();
|
||||
|
||||
$response = $this->post(route('login.store'), [
|
||||
'email' => $user->email,
|
||||
'password' => 'password',
|
||||
]);
|
||||
|
||||
$this->assertGuest();
|
||||
});
|
||||
|
||||
test('rate limiting blocks after five attempts', function () {
|
||||
$user = User::factory()->create();
|
||||
|
||||
// Make 5 failed attempts
|
||||
for ($i = 0; $i < 5; $i++) {
|
||||
$this->post(route('login.store'), [
|
||||
'email' => $user->email,
|
||||
'password' => 'wrong-password',
|
||||
]);
|
||||
}
|
||||
|
||||
// 6th attempt should be throttled
|
||||
$response = $this->post(route('login.store'), [
|
||||
'email' => $user->email,
|
||||
'password' => 'wrong-password',
|
||||
]);
|
||||
|
||||
$response->assertStatus(429);
|
||||
});
|
||||
|
||||
test('users with two factor enabled are redirected to two factor challenge', function () {
|
||||
if (! Features::canManageTwoFactorAuthentication()) {
|
||||
$this->markTestSkipped('Two-factor authentication is not enabled.');
|
||||
}
|
||||
|
||||
Features::twoFactorAuthentication([
|
||||
'confirm' => true,
|
||||
'confirmPassword' => true,
|
||||
]);
|
||||
|
||||
$user = User::factory()->withTwoFactor()->create();
|
||||
|
||||
$response = $this->post(route('login.store'), [
|
||||
@@ -67,3 +115,36 @@ test('users can logout', function () {
|
||||
|
||||
$this->assertGuest();
|
||||
});
|
||||
|
||||
test('logout clears session', function () {
|
||||
$user = User::factory()->create();
|
||||
|
||||
$this->actingAs($user);
|
||||
$this->assertAuthenticated();
|
||||
|
||||
$this->post(route('logout'));
|
||||
|
||||
$this->assertGuest();
|
||||
});
|
||||
|
||||
test('authenticated user cannot access login page', function () {
|
||||
$user = User::factory()->create();
|
||||
|
||||
$response = $this->actingAs($user)->get(route('login'));
|
||||
|
||||
$response->assertRedirect();
|
||||
});
|
||||
|
||||
test('failed login attempts are logged', function () {
|
||||
$user = User::factory()->create();
|
||||
|
||||
$this->post(route('login.store'), [
|
||||
'email' => $user->email,
|
||||
'password' => 'wrong-password',
|
||||
]);
|
||||
|
||||
$this->assertDatabaseHas('admin_logs', [
|
||||
'action' => 'failed_login',
|
||||
'target_type' => 'user',
|
||||
]);
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user