soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nicer package layout, also in checkout step 1, fixed missing registration language strings, registration error handling, email verification redirect, email verification error handling and messaging,

Browse Source
This commit is contained in:
Codex Agent
2025-11-19 20:21:54 +01:00
parent 91d3e61b0e
commit 8d2075bdd2
24 changed files with 1000 additions and 363 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
tests/Feature/Auth/EmailVerificationTest.php
View File

@@ -31,14 +31,37 @@ class EmailVerificationTest extends TestCase
$verificationUrl = URL::temporarySignedRoute(
'verification.verify',
now()->addMinutes(60),
['id' => $user->id, 'hash' => sha1($user->email)]
['id' => $user->id, 'hash' => sha1($user->email)],
absolute: false,
);
$response = $this->actingAs($user)->get($verificationUrl);
Event::assertDispatched(Verified::class);
$this->assertTrue($user->fresh()->hasVerifiedEmail());
$response->assertRedirect(route('dashboard', absolute: false).'?verified=1');
$response->assertRedirect(route('marketing.login', absolute: false).'?verified=1');
}
public function test_email_can_be_verified_when_link_contains_html_encoded_ampersand(): void
{
$user = User::factory()->unverified()->create();
Event::fake();
$verificationUrl = URL::temporarySignedRoute(
'verification.verify',
now()->addMinutes(60),
['id' => $user->id, 'hash' => sha1($user->email)],
absolute: false,
);
$encodedUrl = str_replace('&', '&', $verificationUrl);
$this->actingAs($user)->get($encodedUrl)
->assertRedirect(route('marketing.login', absolute: false).'?verified=1');
$this->assertTrue($user->fresh()->hasVerifiedEmail());
Event::assertDispatched(Verified::class);
}
public function test_email_is_not_verified_with_invalid_hash()
@@ -48,7 +71,8 @@ class EmailVerificationTest extends TestCase
$verificationUrl = URL::temporarySignedRoute(
'verification.verify',
now()->addMinutes(60),
['id' => $user->id, 'hash' => sha1('wrong-email')]
['id' => $user->id, 'hash' => sha1('wrong-email')],
absolute: false,
);
$this->actingAs($user)->get($verificationUrl);
@@ -65,7 +89,8 @@ class EmailVerificationTest extends TestCase
$verificationUrl = URL::temporarySignedRoute(
'verification.verify',
now()->addMinutes(60),
['id' => 123, 'hash' => sha1($user->email)]
['id' => 123, 'hash' => sha1($user->email)],
absolute: false,
);
$this->actingAs($user)->get($verificationUrl);
@@ -95,13 +120,36 @@ class EmailVerificationTest extends TestCase
$verificationUrl = URL::temporarySignedRoute(
'verification.verify',
now()->addMinutes(60),
['id' => $user->id, 'hash' => sha1($user->email)]
['id' => $user->id, 'hash' => sha1($user->email)],
absolute: false,
);
$this->actingAs($user)->get($verificationUrl)
->assertRedirect(route('dashboard', absolute: false).'?verified=1');
->assertRedirect(route('marketing.login', absolute: false).'?verified=1');
$this->assertTrue($user->fresh()->hasVerifiedEmail());
Event::assertNotDispatched(Verified::class);
}
public function test_invalid_signature_redirects_to_verification_prompt(): void
{
$user = User::factory()->unverified()->create();
$verificationUrl = URL::temporarySignedRoute(
'verification.verify',
now()->addMinutes(60),
['id' => $user->id, 'hash' => sha1($user->email)],
absolute: false,
);
$tampered = $verificationUrl.'-tamper';
$response = $this->actingAs($user)->get($tampered);
$response->assertRedirect(route('verification.notice', absolute: false));
$response->assertSessionHas('verification', function ($flash): bool {
return is_array($flash)
&& ($flash['status'] ?? null) === 'error';
});
}
}