156 lines
4.7 KiB
PHP
156 lines
4.7 KiB
PHP
<?php
|
|
|
|
namespace Tests\Feature\Auth;
|
|
|
|
use App\Models\User;
|
|
use Illuminate\Auth\Events\Verified;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Facades\Event;
|
|
use Illuminate\Support\Facades\URL;
|
|
use Tests\TestCase;
|
|
|
|
class EmailVerificationTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
public function test_email_verification_screen_can_be_rendered()
|
|
{
|
|
$user = User::factory()->unverified()->create();
|
|
|
|
$response = $this->actingAs($user)->get(route('verification.notice'));
|
|
|
|
$response->assertStatus(200);
|
|
}
|
|
|
|
public function test_email_can_be_verified()
|
|
{
|
|
$user = User::factory()->unverified()->create();
|
|
|
|
Event::fake();
|
|
|
|
$verificationUrl = URL::temporarySignedRoute(
|
|
'verification.verify',
|
|
now()->addMinutes(60),
|
|
['id' => $user->id, 'hash' => sha1($user->email)],
|
|
absolute: false,
|
|
);
|
|
|
|
$response = $this->actingAs($user)->get($verificationUrl);
|
|
|
|
Event::assertDispatched(Verified::class);
|
|
$this->assertTrue($user->fresh()->hasVerifiedEmail());
|
|
$response->assertRedirect(route('marketing.login', absolute: false).'?verified=1');
|
|
}
|
|
|
|
public function test_email_can_be_verified_when_link_contains_html_encoded_ampersand(): void
|
|
{
|
|
$user = User::factory()->unverified()->create();
|
|
|
|
Event::fake();
|
|
|
|
$verificationUrl = URL::temporarySignedRoute(
|
|
'verification.verify',
|
|
now()->addMinutes(60),
|
|
['id' => $user->id, 'hash' => sha1($user->email)],
|
|
absolute: false,
|
|
);
|
|
|
|
$encodedUrl = str_replace('&', '&', $verificationUrl);
|
|
|
|
$this->actingAs($user)->get($encodedUrl)
|
|
->assertRedirect(route('marketing.login', absolute: false).'?verified=1');
|
|
|
|
$this->assertTrue($user->fresh()->hasVerifiedEmail());
|
|
Event::assertDispatched(Verified::class);
|
|
}
|
|
|
|
public function test_email_is_not_verified_with_invalid_hash()
|
|
{
|
|
$user = User::factory()->unverified()->create();
|
|
|
|
$verificationUrl = URL::temporarySignedRoute(
|
|
'verification.verify',
|
|
now()->addMinutes(60),
|
|
['id' => $user->id, 'hash' => sha1('wrong-email')],
|
|
absolute: false,
|
|
);
|
|
|
|
$this->actingAs($user)->get($verificationUrl);
|
|
|
|
$this->assertFalse($user->fresh()->hasVerifiedEmail());
|
|
}
|
|
|
|
public function test_email_is_not_verified_with_invalid_user_id(): void
|
|
{
|
|
$user = User::factory()->create([
|
|
'email_verified_at' => null,
|
|
]);
|
|
|
|
$verificationUrl = URL::temporarySignedRoute(
|
|
'verification.verify',
|
|
now()->addMinutes(60),
|
|
['id' => 123, 'hash' => sha1($user->email)],
|
|
absolute: false,
|
|
);
|
|
|
|
$this->actingAs($user)->get($verificationUrl);
|
|
|
|
$this->assertFalse($user->fresh()->hasVerifiedEmail());
|
|
}
|
|
|
|
public function test_verified_user_is_redirected_to_dashboard_from_verification_prompt(): void
|
|
{
|
|
$user = User::factory()->create([
|
|
'email_verified_at' => now(),
|
|
]);
|
|
|
|
$response = $this->actingAs($user)->get(route('verification.notice'));
|
|
|
|
$response->assertRedirect(route('dashboard', absolute: false));
|
|
}
|
|
|
|
public function test_already_verified_user_visiting_verification_link_is_redirected_without_firing_event_again(): void
|
|
{
|
|
$user = User::factory()->create([
|
|
'email_verified_at' => now(),
|
|
]);
|
|
|
|
Event::fake();
|
|
|
|
$verificationUrl = URL::temporarySignedRoute(
|
|
'verification.verify',
|
|
now()->addMinutes(60),
|
|
['id' => $user->id, 'hash' => sha1($user->email)],
|
|
absolute: false,
|
|
);
|
|
|
|
$this->actingAs($user)->get($verificationUrl)
|
|
->assertRedirect(route('marketing.login', absolute: false).'?verified=1');
|
|
|
|
$this->assertTrue($user->fresh()->hasVerifiedEmail());
|
|
Event::assertNotDispatched(Verified::class);
|
|
}
|
|
|
|
public function test_invalid_signature_redirects_to_verification_prompt(): void
|
|
{
|
|
$user = User::factory()->unverified()->create();
|
|
|
|
$verificationUrl = URL::temporarySignedRoute(
|
|
'verification.verify',
|
|
now()->addMinutes(60),
|
|
['id' => $user->id, 'hash' => sha1($user->email)],
|
|
absolute: false,
|
|
);
|
|
|
|
$tampered = $verificationUrl.'-tamper';
|
|
|
|
$response = $this->actingAs($user)->get($tampered);
|
|
|
|
$response->assertRedirect(route('verification.notice', absolute: false));
|
|
$response->assertSessionHas('verification', function ($flash): bool {
|
|
return is_array($flash)
|
|
&& ($flash['status'] ?? null) === 'error';
|
|
});
|
|
}
|
|
}
|