255 lines
8.5 KiB
PHP
255 lines
8.5 KiB
PHP
<?php
|
|
|
|
namespace Tests\Feature\Auth;
|
|
|
|
use App\Models\User;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Tests\TestCase;
|
|
|
|
class LoginTest extends TestCase
|
|
{
|
|
use RefreshDatabase;
|
|
|
|
public function test_successful_login_with_valid_credentials()
|
|
{
|
|
$user = User::factory()->create([
|
|
'email' => 'valid@example.com',
|
|
'password' => bcrypt('password'),
|
|
'email_verified_at' => now(),
|
|
]);
|
|
|
|
$response = $this->post(route('login.store'), [
|
|
'login' => 'valid@example.com',
|
|
'password' => 'password',
|
|
]);
|
|
|
|
$this->assertAuthenticated();
|
|
// User without specific role (null/default) redirects to packages for package selection
|
|
$response->assertRedirect('/packages');
|
|
$this->assertEquals('valid@example.com', Auth::user()->email);
|
|
}
|
|
|
|
public function test_successful_login_with_username()
|
|
{
|
|
$user = User::factory()->create([
|
|
'username' => 'validuser',
|
|
'password' => bcrypt('password'),
|
|
'email_verified_at' => now(),
|
|
]);
|
|
|
|
$response = $this->post(route('login.store'), [
|
|
'login' => 'validuser',
|
|
'password' => 'password',
|
|
]);
|
|
|
|
$this->assertAuthenticated();
|
|
// User without specific role (null/default) redirects to packages for package selection
|
|
$response->assertRedirect('/packages');
|
|
$this->assertEquals('validuser', Auth::user()->username);
|
|
}
|
|
|
|
public function test_login_fails_with_invalid_credentials()
|
|
{
|
|
User::factory()->create([
|
|
'email' => 'invalid@example.com',
|
|
'password' => bcrypt('password'),
|
|
]);
|
|
|
|
$response = $this->post(route('login.store'), [
|
|
'login' => 'invalid@example.com',
|
|
'password' => 'wrongpassword',
|
|
]);
|
|
|
|
$this->assertGuest();
|
|
$response->assertStatus(302);
|
|
$response->assertRedirect(route('login', absolute: false));
|
|
$response->assertSessionHasErrors(['login' => 'Diese Anmeldedaten wurden nicht gefunden.']);
|
|
$response->assertSessionHas('error', 'Diese Anmeldedaten wurden nicht gefunden.');
|
|
}
|
|
|
|
public function test_login_success_shows_success_flash()
|
|
{
|
|
$user = User::factory()->create([
|
|
'email' => 'success@example.com',
|
|
'role' => 'user', // Regular user
|
|
'password' => bcrypt('password'),
|
|
'email_verified_at' => now(),
|
|
]);
|
|
|
|
$response = $this->post(route('login.store'), [
|
|
'login' => 'success@example.com',
|
|
'password' => 'password',
|
|
]);
|
|
|
|
$this->assertAuthenticated();
|
|
// Regular users now redirect to /packages for package selection
|
|
$response->assertRedirect('/packages');
|
|
$response->assertSessionHas('success', 'Sie sind nun eingeloggt.');
|
|
}
|
|
|
|
public function test_login_honors_return_to_parameter()
|
|
{
|
|
$user = User::factory()->create([
|
|
'email' => 'return@example.com',
|
|
'role' => 'user', // Regular user
|
|
'password' => bcrypt('password'),
|
|
'email_verified_at' => now(),
|
|
]);
|
|
|
|
// Test that return_to parameter is honored - set it to a specific dashboard path
|
|
$target = '/marketing/profile';
|
|
$encoded = rtrim(strtr(base64_encode($target), '+/', '-_'), '=');
|
|
|
|
$response = $this->post(route('login.store'), [
|
|
'login' => 'return@example.com',
|
|
'password' => 'password',
|
|
'return_to' => $encoded,
|
|
]);
|
|
|
|
$this->assertAuthenticated();
|
|
$response->assertRedirect($target);
|
|
}
|
|
|
|
public function test_login_prefers_intended_url_over_return_to_parameter()
|
|
{
|
|
$user = User::factory()->create([
|
|
'email' => 'tenant@example.com',
|
|
'role' => 'tenant_admin',
|
|
'password' => bcrypt('password'),
|
|
'email_verified_at' => now(),
|
|
]);
|
|
|
|
$intended = url('/event-admin/dashboard?from=intended-test');
|
|
$returnTarget = '/event-admin/dashboard';
|
|
$encodedReturn = rtrim(strtr(base64_encode($returnTarget), '+/', '-_'), '=');
|
|
|
|
$response = $this
|
|
->withSession(['url.intended' => $intended])
|
|
->post(route('login.store'), [
|
|
'login' => 'tenant@example.com',
|
|
'password' => 'password',
|
|
'return_to' => $encodedReturn,
|
|
]);
|
|
|
|
$this->assertAuthenticated();
|
|
$this->assertSame($user->id, Auth::id());
|
|
$response->assertRedirect($intended);
|
|
}
|
|
|
|
public function test_tenant_admin_login_with_absolute_intended_redirects_to_event_admin_dashboard(): void
|
|
{
|
|
$user = User::factory()->create([
|
|
'email' => 'absolute@example.com',
|
|
'role' => 'tenant_admin',
|
|
'password' => bcrypt('password'),
|
|
'email_verified_at' => now(),
|
|
]);
|
|
|
|
$intended = url('/event-admin/dashboard?from=oauth');
|
|
|
|
$response = $this
|
|
->withSession(['url.intended' => $intended])
|
|
->post(route('login.store'), [
|
|
'login' => 'absolute@example.com',
|
|
'password' => 'password',
|
|
]);
|
|
|
|
$this->assertAuthenticatedAs($user);
|
|
$response->assertRedirect($intended);
|
|
|
|
$dashboardResponse = $this->get('/dashboard');
|
|
$dashboardResponse->assertRedirect('/event-admin/dashboard?from=oauth');
|
|
}
|
|
|
|
public function test_tenant_admin_login_ignores_non_admin_return_path()
|
|
{
|
|
$user = User::factory()->create([
|
|
'email' => 'admin@example.com',
|
|
'role' => 'tenant_admin',
|
|
'password' => bcrypt('password'),
|
|
'email_verified_at' => now(),
|
|
]);
|
|
|
|
$encodedReturn = rtrim(strtr(base64_encode('/dashboard'), '+/', '-_'), '=');
|
|
|
|
$response = $this->post(route('login.store'), [
|
|
'login' => 'admin@example.com',
|
|
'password' => 'password',
|
|
'return_to' => $encodedReturn,
|
|
]);
|
|
|
|
$this->assertAuthenticatedAs($user);
|
|
$response->assertRedirect('/event-admin/dashboard');
|
|
}
|
|
|
|
public function test_tenant_admin_can_access_login_with_admin_return_path_when_authenticated()
|
|
{
|
|
$user = User::factory()->create([
|
|
'email' => 'already@logged.in',
|
|
'role' => 'tenant_admin',
|
|
'password' => bcrypt('password'),
|
|
'email_verified_at' => now(),
|
|
]);
|
|
|
|
$this->actingAs($user);
|
|
|
|
$adminStart = '/event-admin/start?return_to='.rtrim(strtr(base64_encode('/event-admin/dashboard'), '+/', '-_'), '=');
|
|
$encoded = rtrim(strtr(base64_encode($adminStart), '+/', '-_'), '=');
|
|
|
|
$response = $this->get('/de/login?return_to='.$encoded);
|
|
$response->assertRedirect('/dashboard');
|
|
|
|
$eventAdminResponse = $this->get('/event-admin/dashboard');
|
|
$eventAdminResponse->assertOk();
|
|
}
|
|
|
|
public function test_login_redirects_unverified_user_to_verification_notice()
|
|
{
|
|
$user = User::factory()->create([
|
|
'email' => 'unverified@example.com',
|
|
'password' => bcrypt('password'),
|
|
'email_verified_at' => null,
|
|
]);
|
|
|
|
$response = $this->post(route('login.store'), [
|
|
'login' => 'unverified@example.com',
|
|
'password' => 'password',
|
|
]);
|
|
|
|
$this->assertAuthenticated();
|
|
$response->assertRedirect(route('verification.notice', absolute: false));
|
|
}
|
|
|
|
public function test_rate_limiting_on_failed_logins()
|
|
{
|
|
$user = User::factory()->create([
|
|
'email' => 'ratelimit@example.com',
|
|
'password' => bcrypt('password'),
|
|
]);
|
|
|
|
// Simulate 5 failed attempts
|
|
for ($i = 0; $i < 5; $i++) {
|
|
$response = $this->post(route('login.store'), [
|
|
'login' => 'ratelimit@example.com',
|
|
'password' => 'wrongpassword',
|
|
]);
|
|
$response->assertStatus(302);
|
|
$response->assertSessionHasErrors(['login' => 'Diese Anmeldedaten wurden nicht gefunden.']);
|
|
}
|
|
|
|
$response = $this->post(route('login.store'), [
|
|
'login' => 'ratelimit@example.com',
|
|
'password' => 'wrongpassword',
|
|
]);
|
|
|
|
$this->assertGuest();
|
|
$response->assertStatus(302);
|
|
$response->assertSessionHasErrors(['login']);
|
|
$this->assertStringContainsString(
|
|
'Zu viele Login-Versuche.',
|
|
collect(session('errors')->get('login'))->first()
|
|
);
|
|
}
|
|
}
|