test: add auth, social login, email verification, and validation tests

tests/Feature/Auth/LoginTest.php

@@ -0,0 +1,114 @@
+<?php
+
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+
+uses(RefreshDatabase::class);
+
+it('allows login with email and password', function () {
+    $user = User::factory()->create([
+        'email' => 'test@example.com',
+        'password' => 'password123',
+    ]);
+
+    $this->post('/login', [
+        'login' => 'test@example.com',
+        'password' => 'password123',
+    ])->assertRedirect('/dashboard');
+
+    $this->assertAuthenticatedAs($user);
+});
+
+it('allows login with username and password', function () {
+    $user = User::factory()->create([
+        'username' => 'testuser',
+        'password' => 'password123',
+    ]);
+
+    $this->post('/login', [
+        'login' => 'testuser',
+        'password' => 'password123',
+    ])->assertRedirect('/dashboard');
+
+    $this->assertAuthenticatedAs($user);
+});
+
+it('allows case-insensitive username login', function () {
+    $user = User::factory()->create([
+        'username' => 'TestUser',
+        'password' => 'password123',
+    ]);
+
+    $this->post('/login', [
+        'login' => 'testuser',
+        'password' => 'password123',
+    ])->assertRedirect('/dashboard');
+
+    $this->assertAuthenticatedAs($user);
+});
+
+it('rejects login with wrong password', function () {
+    User::factory()->create([
+        'email' => 'test@example.com',
+        'password' => 'password123',
+    ]);
+
+    $this->post('/login', [
+        'login' => 'test@example.com',
+        'password' => 'wrongpassword',
+    ])->assertSessionHasErrors('login');
+
+    $this->assertGuest();
+});
+
+it('rejects login with nonexistent user', function () {
+    $this->post('/login', [
+        'login' => 'nobody@example.com',
+        'password' => 'password123',
+    ])->assertSessionHasErrors('login');
+
+    $this->assertGuest();
+});
+
+it('blocks password login for social-only users', function () {
+    User::factory()->social()->create([
+        'email' => 'social@example.com',
+    ]);
+
+    $this->post('/login', [
+        'login' => 'social@example.com',
+        'password' => 'anything',
+    ])->assertSessionHasErrors('login');
+
+    $this->assertGuest();
+});
+
+it('blocks password login for social-only users with any password attempt', function () {
+    User::factory()->social()->create([
+        'email' => 'social@example.com',
+    ]);
+
+    $passwords = ['', 'password', 'null', '0', 'false'];
+
+    foreach ($passwords as $password) {
+        $this->post('/login', [
+            'login' => 'social@example.com',
+            'password' => $password,
+        ]);
+
+        $this->assertGuest();
+    }
+});
+
+it('blocks password login for social-only users via username', function () {
+    User::factory()->social()->create([
+        'username' => 'socialuser',
+    ]);
+
+    $this->post('/login', [
+        'login' => 'socialuser',
+        'password' => 'anything',
+    ])->assertSessionHasErrors('login');
+
+    $this->assertGuest();
+});