mostalive/firehose
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
firehose/app/test/firehose_web/controllers/user_session_controller_test.exs
Willem van den Ende a380d0cb69 Add phx.gen.auth authentication scaffolding 
- LiveView-based email/password auth via mix phx.gen.auth
- Auth links removed from public navigation (direct URL access only)
- Accounts context with User schema and token management
2026-04-01 20:31:13 +00:00

200 lines
6.3 KiB
Elixir
Raw Blame History

defmodule FirehoseWeb.UserSessionControllerTest do
use FirehoseWeb.ConnCase, async: true
import Firehose.AccountsFixtures
alias Firehose.Accounts
setup do
%{unconfirmed_user: unconfirmed_user_fixture(), user: user_fixture()}
end
describe "GET /users/log-in" do
test "renders login page", %{conn: conn} do
conn = get(conn, ~p"/users/log-in")
response = html_response(conn, 200)
assert response =~ "Log in"
assert response =~ ~p"/users/register"
assert response =~ "Log in with email"
end
test "renders login page with email filled in (sudo mode)", %{conn: conn, user: user} do
html =
conn
|> log_in_user(user)
|> get(~p"/users/log-in")
|> html_response(200)
assert html =~ "You need to reauthenticate"
refute html =~ "Register"
assert html =~ "Log in with email"
assert html =~
~s(<input type="email" name="user[email]" id="login_form_magic_email" value="#{user.email}")
end
test "renders login page (email + password)", %{conn: conn} do
conn = get(conn, ~p"/users/log-in?mode=password")
response = html_response(conn, 200)
assert response =~ "Log in"
assert response =~ ~p"/users/register"
assert response =~ "Log in with email"
end
end
describe "GET /users/log-in/:token" do
test "renders confirmation page for unconfirmed user", %{conn: conn, unconfirmed_user: user} do
token =
extract_user_token(fn url ->
Accounts.deliver_login_instructions(user, url)
end)
conn = get(conn, ~p"/users/log-in/#{token}")
assert html_response(conn, 200) =~ "Confirm and stay logged in"
end
test "renders login page for confirmed user", %{conn: conn, user: user} do
token =
extract_user_token(fn url ->
Accounts.deliver_login_instructions(user, url)
end)
conn = get(conn, ~p"/users/log-in/#{token}")
html = html_response(conn, 200)
refute html =~ "Confirm my account"
assert html =~ "Keep me logged in on this device"
end
test "raises error for invalid token", %{conn: conn} do
conn = get(conn, ~p"/users/log-in/invalid-token")
assert redirected_to(conn) == ~p"/users/log-in"
assert Phoenix.Flash.get(conn.assigns.flash, :error) ==
"Magic link is invalid or it has expired."
end
end
describe "POST /users/log-in - email and password" do
test "logs the user in", %{conn: conn, user: user} do
user = set_password(user)
conn =
post(conn, ~p"/users/log-in", %{
"user" => %{"email" => user.email, "password" => valid_user_password()}
})
assert get_session(conn, :user_token)
assert redirected_to(conn) == ~p"/"
end
test "logs the user in with remember me", %{conn: conn, user: user} do
user = set_password(user)
conn =
post(conn, ~p"/users/log-in", %{
"user" => %{
"email" => user.email,
"password" => valid_user_password(),
"remember_me" => "true"
}
})
assert conn.resp_cookies["_firehose_web_user_remember_me"]
assert redirected_to(conn) == ~p"/"
end
test "logs the user in with return to", %{conn: conn, user: user} do
user = set_password(user)
conn =
conn
|> init_test_session(user_return_to: "/foo/bar")
|> post(~p"/users/log-in", %{
"user" => %{
"email" => user.email,
"password" => valid_user_password()
}
})
assert redirected_to(conn) == "/foo/bar"
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Welcome back!"
end
test "emits error message with invalid credentials", %{conn: conn, user: user} do
conn =
post(conn, ~p"/users/log-in?mode=password", %{
"user" => %{"email" => user.email, "password" => "invalid_password"}
})
response = html_response(conn, 200)
assert response =~ "Log in"
assert response =~ "Invalid email or password"
end
end
describe "POST /users/log-in - magic link" do
test "sends magic link email when user exists", %{conn: conn, user: user} do
conn =
post(conn, ~p"/users/log-in", %{
"user" => %{"email" => user.email}
})
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "If your email is in our system"
assert Firehose.Repo.get_by!(Accounts.UserToken, user_id: user.id).context == "login"
end
test "logs the user in", %{conn: conn, user: user} do
{token, _hashed_token} = generate_user_magic_link_token(user)
conn =
post(conn, ~p"/users/log-in", %{
"user" => %{"token" => token}
})
assert get_session(conn, :user_token)
assert redirected_to(conn) == ~p"/"
end
test "confirms unconfirmed user", %{conn: conn, unconfirmed_user: user} do
{token, _hashed_token} = generate_user_magic_link_token(user)
refute user.confirmed_at
conn =
post(conn, ~p"/users/log-in", %{
"user" => %{"token" => token},
"_action" => "confirmed"
})
assert get_session(conn, :user_token)
assert redirected_to(conn) == ~p"/"
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "User confirmed successfully."
assert Accounts.get_user!(user.id).confirmed_at
end
test "emits error message when magic link is invalid", %{conn: conn} do
conn =
post(conn, ~p"/users/log-in", %{
"user" => %{"token" => "invalid"}
})
assert html_response(conn, 200) =~ "The link is invalid or it has expired."
end
end
describe "DELETE /users/log-out" do
test "logs the user out", %{conn: conn, user: user} do
conn = conn |> log_in_user(user) |> delete(~p"/users/log-out")
assert redirected_to(conn) == ~p"/"
refute get_session(conn, :user_token)
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Logged out successfully"
end
test "succeeds even if the user is not logged in", %{conn: conn} do
conn = delete(conn, ~p"/users/log-out")
assert redirected_to(conn) == ~p"/"
refute get_session(conn, :user_token)
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Logged out successfully"
end
end
end
Reference in New Issue View Git Blame Copy Permalink