115 lines
2.8 KiB
PHP
115 lines
2.8 KiB
PHP
<?php
|
|
|
|
use App\Models\User;
|
|
use Illuminate\Foundation\Testing\RefreshDatabase;
|
|
|
|
uses(RefreshDatabase::class);
|
|
|
|
it('allows login with email and password', function () {
|
|
$user = User::factory()->create([
|
|
'email' => 'test@example.com',
|
|
'password' => 'password123',
|
|
]);
|
|
|
|
$this->post('/login', [
|
|
'login' => 'test@example.com',
|
|
'password' => 'password123',
|
|
])->assertRedirect('/dashboard');
|
|
|
|
$this->assertAuthenticatedAs($user);
|
|
});
|
|
|
|
it('allows login with username and password', function () {
|
|
$user = User::factory()->create([
|
|
'username' => 'testuser',
|
|
'password' => 'password123',
|
|
]);
|
|
|
|
$this->post('/login', [
|
|
'login' => 'testuser',
|
|
'password' => 'password123',
|
|
])->assertRedirect('/dashboard');
|
|
|
|
$this->assertAuthenticatedAs($user);
|
|
});
|
|
|
|
it('allows case-insensitive username login', function () {
|
|
$user = User::factory()->create([
|
|
'username' => 'TestUser',
|
|
'password' => 'password123',
|
|
]);
|
|
|
|
$this->post('/login', [
|
|
'login' => 'testuser',
|
|
'password' => 'password123',
|
|
])->assertRedirect('/dashboard');
|
|
|
|
$this->assertAuthenticatedAs($user);
|
|
});
|
|
|
|
it('rejects login with wrong password', function () {
|
|
User::factory()->create([
|
|
'email' => 'test@example.com',
|
|
'password' => 'password123',
|
|
]);
|
|
|
|
$this->post('/login', [
|
|
'login' => 'test@example.com',
|
|
'password' => 'wrongpassword',
|
|
])->assertSessionHasErrors('login');
|
|
|
|
$this->assertGuest();
|
|
});
|
|
|
|
it('rejects login with nonexistent user', function () {
|
|
$this->post('/login', [
|
|
'login' => 'nobody@example.com',
|
|
'password' => 'password123',
|
|
])->assertSessionHasErrors('login');
|
|
|
|
$this->assertGuest();
|
|
});
|
|
|
|
it('blocks password login for social-only users', function () {
|
|
User::factory()->social()->create([
|
|
'email' => 'social@example.com',
|
|
]);
|
|
|
|
$this->post('/login', [
|
|
'login' => 'social@example.com',
|
|
'password' => 'anything',
|
|
])->assertSessionHasErrors('login');
|
|
|
|
$this->assertGuest();
|
|
});
|
|
|
|
it('blocks password login for social-only users with any password attempt', function () {
|
|
User::factory()->social()->create([
|
|
'email' => 'social@example.com',
|
|
]);
|
|
|
|
$passwords = ['', 'password', 'null', '0', 'false'];
|
|
|
|
foreach ($passwords as $password) {
|
|
$this->post('/login', [
|
|
'login' => 'social@example.com',
|
|
'password' => $password,
|
|
]);
|
|
|
|
$this->assertGuest();
|
|
}
|
|
});
|
|
|
|
it('blocks password login for social-only users via username', function () {
|
|
User::factory()->social()->create([
|
|
'username' => 'socialuser',
|
|
]);
|
|
|
|
$this->post('/login', [
|
|
'login' => 'socialuser',
|
|
'password' => 'anything',
|
|
])->assertSessionHasErrors('login');
|
|
|
|
$this->assertGuest();
|
|
});
|