test: add auth, social login, email verification, and validation tests

2026-03-19 23:17:32 +01:00
parent dd1e3d9053
commit 2351718939
7 changed files with 813 additions and 17 deletions
--- a/tests/Feature/Auth/EmailVerificationTest.php
+++ b/tests/Feature/Auth/EmailVerificationTest.php
@@ -0,0 +1,154 @@
+<?php
+
+use App\Models\User;
+use Illuminate\Auth\Notifications\VerifyEmail;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Facades\Notification;
+use Illuminate\Support\Facades\URL;
+
+uses(RefreshDatabase::class);
+
+it('does not send verification email when feature is disabled', function () {
+    config(['auth-ui.features.email_verification' => false]);
+
+    Notification::fake();
+
+    $this->post('/register', [
+        'username' => 'testuser',
+        'first_name' => 'Test',
+        'last_name' => 'User',
+        'email' => 'test@example.com',
+        'password' => 'password123',
+        'password_confirmation' => 'password123',
+    ]);
+
+    Notification::assertNothingSent();
+});
+
+it('sends verification email when feature is enabled', function () {
+    config(['auth-ui.features.email_verification' => true]);
+
+    Notification::fake();
+
+    $this->post('/register', [
+        'username' => 'testuser',
+        'first_name' => 'Test',
+        'last_name' => 'User',
+        'email' => 'test@example.com',
+        'password' => 'password123',
+        'password_confirmation' => 'password123',
+    ]);
+
+    $user = User::where('email', 'test@example.com')->first();
+
+    Notification::assertSentTo($user, VerifyEmail::class);
+});
+
+it('shows verification notice to unverified users when feature is enabled', function () {
+    config(['auth-ui.features.email_verification' => true]);
+
+    $user = User::factory()->unverified()->create();
+
+    $this->actingAs($user)
+        ->get('/email/verify')
+        ->assertSuccessful();
+});
+
+it('redirects verified users from verification notice', function () {
+    config(['auth-ui.features.email_verification' => true]);
+
+    $user = User::factory()->create();
+
+    $this->actingAs($user)
+        ->get('/email/verify')
+        ->assertRedirect('/dashboard');
+});
+
+it('verifies email with valid signed url', function () {
+    config(['auth-ui.features.email_verification' => true]);
+
+    $user = User::factory()->unverified()->create();
+
+    $verificationUrl = URL::temporarySignedRoute(
+        'verification.verify',
+        now()->addMinutes(60),
+        ['id' => $user->id, 'hash' => sha1($user->email)]
+    );
+
+    $this->actingAs($user)
+        ->get($verificationUrl)
+        ->assertRedirect('/dashboard');
+
+    expect($user->fresh()->hasVerifiedEmail())->toBeTrue();
+});
+
+it('rejects verification with invalid hash', function () {
+    config(['auth-ui.features.email_verification' => true]);
+
+    $user = User::factory()->unverified()->create();
+
+    $verificationUrl = URL::temporarySignedRoute(
+        'verification.verify',
+        now()->addMinutes(60),
+        ['id' => $user->id, 'hash' => sha1('wrong@email.com')]
+    );
+
+    $this->actingAs($user)
+        ->get($verificationUrl)
+        ->assertForbidden();
+
+    expect($user->fresh()->hasVerifiedEmail())->toBeFalse();
+});
+
+it('allows resending verification email', function () {
+    config(['auth-ui.features.email_verification' => true]);
+
+    Notification::fake();
+
+    $user = User::factory()->unverified()->create();
+
+    $this->actingAs($user)
+        ->post('/email/verification-notification')
+        ->assertRedirect()
+        ->assertSessionHas('status', 'verification-link-sent');
+
+    Notification::assertSentTo($user, VerifyEmail::class);
+});
+
+it('does not register verification routes when feature is disabled', function () {
+    config(['auth-ui.features.email_verification' => false]);
+
+    $user = User::factory()->unverified()->create();
+
+    $this->actingAs($user)
+        ->get('/email/verify')
+        ->assertNotFound();
+});
+
+it('redirects to verification notice after registration when feature is enabled', function () {
+    config(['auth-ui.features.email_verification' => true]);
+
+    Notification::fake();
+
+    $this->post('/register', [
+        'username' => 'newuser',
+        'first_name' => 'New',
+        'last_name' => 'User',
+        'email' => 'new@example.com',
+        'password' => 'password123',
+        'password_confirmation' => 'password123',
+    ])->assertRedirect('/email/verify');
+});
+
+it('redirects to home after registration when feature is disabled', function () {
+    config(['auth-ui.features.email_verification' => false]);
+
+    $this->post('/register', [
+        'username' => 'newuser',
+        'first_name' => 'New',
+        'last_name' => 'User',
+        'email' => 'new@example.com',
+        'password' => 'password123',
+        'password_confirmation' => 'password123',
+    ])->assertRedirect('/dashboard');
+});