fotospiel-app/tests/Feature/Auth/LoginTest.php

<?php

namespace Tests\Feature\Auth;

use App\Models\User;
use App\Notifications\VerifyEmail;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Notification;
use Tests\TestCase;
use Illuminate\Support\Facades\Auth;

class LoginTest extends TestCase
{
    use RefreshDatabase;

    public function test_successful_login_with_valid_credentials()
    {
        $user = User::factory()->create([
            'email' => 'valid@example.com',
            'password' => bcrypt('password'),
            'email_verified_at' => now(),
        ]);

        $response = $this->post(route('login.store'), [
            'login' => 'valid@example.com',
            'password' => 'password',
        ]);

        $this->assertAuthenticated();
        $response->assertRedirect(route('dashboard', absolute: false));
        $this->assertEquals('valid@example.com', Auth::user()->email);
    }

    public function test_successful_login_with_username()
    {
        $user = User::factory()->create([
            'username' => 'validuser',
            'password' => bcrypt('password'),
            'email_verified_at' => now(),
        ]);

        $response = $this->post(route('login.store'), [
            'login' => 'validuser',
            'password' => 'password',
        ]);

        $this->assertAuthenticated();
        $response->assertRedirect(route('dashboard', absolute: false));
        $this->assertEquals('validuser', Auth::user()->username);
    }

    public function test_login_fails_with_invalid_credentials()
    {
        User::factory()->create([
            'email' => 'invalid@example.com',
            'password' => bcrypt('password'),
        ]);

        $response = $this->post(route('login.store'), [
            'login' => 'invalid@example.com',
            'password' => 'wrongpassword',
        ]);

        $this->assertGuest();
        $response->assertStatus(302);
        $response->assertRedirect(route('login', absolute: false));
        $response->assertSessionHasErrors(['login' => 'Diese Anmeldedaten wurden nicht gefunden.']);
    }

    public function test_login_redirects_unverified_user_to_verification_notice()
    {
        $user = User::factory()->create([
            'email' => 'unverified@example.com',
            'password' => bcrypt('password'),
            'email_verified_at' => null,
        ]);

        $response = $this->post(route('login.store'), [
            'login' => 'unverified@example.com',
            'password' => 'password',
        ]);

        $this->assertAuthenticated();
        $response->assertRedirect(route('verification.notice', absolute: false));
    }

    public function test_rate_limiting_on_failed_logins()
    {
        $user = User::factory()->create([
            'email' => 'ratelimit@example.com',
            'password' => bcrypt('password'),
        ]);

        // Simulate 5 failed attempts
        for ($i = 0; $i < 5; $i++) {
            $response = $this->post(route('login.store'), [
                'login' => 'ratelimit@example.com',
                'password' => 'wrongpassword',
            ]);
            $response->assertStatus(302);
            $response->assertSessionHasErrors(['login' => 'Diese Anmeldedaten wurden nicht gefunden.']);
        }

        $response = $this->post(route('login.store'), [
            'login' => 'ratelimit@example.com',
            'password' => 'wrongpassword',
        ]);

        $this->assertGuest();
        $response->assertStatus(302);
        $response->assertSessionHasErrors(['login' => 'Zu viele Login-Versuche. Bitte versuche es in :seconds Sekunden erneut.']);
    }
}