first commit

tests/Feature/Auth/LoginTest.php

@@ -0,0 +1,126 @@
+<?php
+
+namespace Tests\Feature\Auth;
+
+use App\Models\User;
+use Cache;
+use Tests\Facades\UserFactory;
+use Tests\TestCase;
+
+class LoginTest extends TestCase
+{
+    private const URI = 'auth/login';
+    private const TEST_URI = 'auth/me';
+
+    private User $user;
+
+    private array $loginData;
+
+    private const CAPTCHA_CACHE_KEY = 'AUTH_RECAPTCHA_LIMITER_{ip}_{email}_ATTEMPTS';
+    private const BAN_CACHE_KEY = 'AUTH_RATE_LIMITER_{ip}';
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->user = UserFactory::create();
+
+        $this->loginData = [
+            'email' => $this->user->email,
+            'password' => $this->user->full_name
+        ];
+    }
+
+    public function test_success(): void
+    {
+        $response = $this->postJson(self::URI, $this->loginData);
+        $response->assertOk();
+
+        $this->actingAs($response->decodeResponseJson()['access_token'])->get(self::TEST_URI)->assertOk();
+    }
+
+    public function test_wrong_credentials(): void
+    {
+        $this->loginData['password'] = 'wrong_password';
+        $response = $this->postJson(self::URI, $this->loginData);
+
+        $response->assertUnauthorized();
+    }
+
+    public function test_disabled_user(): void
+    {
+        $this->user->active = false;
+        $this->user->save();
+        $response = $this->postJson(self::URI, $this->loginData);
+
+        $response->assertForbidden('authorization.user_disabled', false);
+    }
+
+    public function test_soft_deleted_user(): void
+    {
+        $this->user->delete();
+        $response = $this->postJson(self::URI, $this->loginData);
+
+        $response->assertUnauthorized();
+    }
+
+    public function test_without_params(): void
+    {
+        $response = $this->postJson(self::URI);
+
+        $response->assertError(self::HTTP_BAD_REQUEST);
+    }
+
+    public function test_recaptcha(): void
+    {
+        config(['recaptcha.enabled' => true]);
+        config(['recaptcha.failed_attempts' => 1]);
+
+        $cacheKey = str_replace(
+            ['{email}', '{ip}'],
+            [$this->loginData['email'], '127.0.0.1'],
+            self::CAPTCHA_CACHE_KEY
+        );
+
+        $this->assertFalse(Cache::has($cacheKey));
+
+        $this->loginData['password'] = 'wrong_password';
+        $this->postJson(self::URI, $this->loginData);
+
+        $this->assertTrue(Cache::has($cacheKey));
+
+        $this->assertEquals(1, Cache::get($cacheKey));
+
+        $response = $this->postJson(self::URI, $this->loginData);
+
+        $response->assertError(self::HTTP_TOO_MANY_REQUESTS, 'authorization.captcha');
+    }
+
+    public function test_ban(): void
+    {
+        config(['recaptcha.enabled' => true]);
+        config(['recaptcha.rate_limiter_enabled' => true]);
+        config(['recaptcha.failed_attempts' => 0]);
+        config(['recaptcha.ban_attempts' => 1]);
+
+        $cacheKey = str_replace('{ip}', '127.0.0.1', self::BAN_CACHE_KEY);
+
+        $this->assertFalse(Cache::has($cacheKey));
+
+        $this->loginData['password'] = 'wrong_password';
+        $this->postJson(self::URI, $this->loginData);
+
+        $this->assertTrue(Cache::has($cacheKey));
+
+        $cacheResponse = Cache::get($cacheKey);
+
+        $this->assertArrayHasKey('amounts', $cacheResponse);
+        $this->assertArrayHasKey('time', $cacheResponse);
+
+        $this->assertEquals(1, $cacheResponse['amounts']);
+
+        $response = $this->postJson(self::URI, $this->loginData);
+
+        $response->assertError(self::HTTP_LOCKED, 'authorization.banned');
+    }
+}

tests/Feature/Auth/LogoutFromAllTest.php

@@ -0,0 +1,48 @@
+<?php
+
+
+namespace Tests\Feature\Auth;
+
+use App\Models\User;
+use Tests\Facades\UserFactory;
+use Tests\TestCase;
+
+class LogoutFromAllTest extends TestCase
+{
+    private const URI = 'auth/logout-from-all';
+    private const TEST_URI = 'auth/me';
+
+    private User $user;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->user = UserFactory::withTokens(4)->create();
+    }
+
+    public function test_logout_from_all(): void
+    {
+        $tokens = cache("testing:{$this->user->id}:tokens");
+
+        $this->assertNotEmpty($tokens);
+
+        foreach ($tokens as $token) {
+            $this->actingAs($token['token'])->get(self::TEST_URI)->assertOk();
+        }
+
+        $response = $this->actingAs($tokens[0]['token'])->postJson(self::URI);
+        $response->assertOk();
+
+        foreach ($tokens as $token) {
+            $this->actingAs($token['token'])->get(self::TEST_URI)->assertUnauthorized();
+        }
+    }
+
+    public function test_unauthorized(): void
+    {
+        $response = $this->postJson(self::URI);
+
+        $response->assertUnauthorized();
+    }
+}

tests/Feature/Auth/LogoutTest.php

@@ -0,0 +1,46 @@
+<?php
+
+namespace Tests\Feature\Auth;
+
+use App\Models\User;
+use Tests\Facades\UserFactory;
+use Tests\TestCase;
+
+class LogoutTest extends TestCase
+{
+    private const URI = 'auth/logout';
+    private const TEST_URI = 'auth/me';
+
+    private User $user;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->user = UserFactory::withTokens()->create();
+    }
+
+    public function test_logout(): void
+    {
+        $token = cache("testing:{$this->user->id}:tokens");
+
+        $this->assertNotEmpty($token);
+        $this->assertNotEmpty($token[0]);
+        $this->assertNotEmpty($token[0]['token']);
+
+        $response = $this->actingAs($token[0]['token'])->postJson(self::URI);
+
+        $response->assertOk();
+
+        $response = $this->actingAs($token[0]['token'])->get(self::TEST_URI);
+
+        $response->assertUnauthorized();
+    }
+
+    public function test_unauthorized(): void
+    {
+        $response = $this->postJson(self::URI);
+
+        $response->assertUnauthorized();
+    }
+}

tests/Feature/Auth/MeTest.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace Tests\Feature\Auth;
+
+use App\Models\User;
+use Tests\Facades\UserFactory;
+use Tests\TestCase;
+
+class MeTest extends TestCase
+{
+    private const URI = 'auth/me';
+
+    private User $user;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->user = UserFactory::withTokens()->create();
+    }
+
+    public function test_me(): void
+    {
+        $response = $this->actingAs($this->user)->getJson(self::URI);
+
+        $response->assertOk();
+        $response->assertJson(['user' => $this->user->toArray()]);
+    }
+
+    public function test_without_auth(): void
+    {
+        $response = $this->getJson(self::URI);
+
+        $response->assertUnauthorized();
+    }
+}

tests/Feature/Auth/PasswordReset/ProcessTest.php

@@ -0,0 +1,104 @@
+<?php
+
+namespace Tests\Feature\Auth\PasswordReset;
+
+use App\Models\User;
+use DB;
+use Hash;
+use Tests\Facades\UserFactory;
+use Tests\TestCase;
+
+class ProcessTest extends TestCase
+{
+    private const URI = 'auth/password/reset/process';
+
+    private User $user;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->user = UserFactory::create();
+    }
+
+    protected function createReset(string $email, string $token, string $createdAt): array
+    {
+        DB::table('password_resets')->insert([
+            'email' => $email,
+            'token' => Hash::make($token),
+            'created_at' => $createdAt
+        ]);
+
+        return [
+            'email' => $email,
+            'token' => $token,
+            'password' => 'new_password',
+            'password_confirmation' => 'new_password'
+        ];
+    }
+
+    public function test_process(): void
+    {
+        $reset = $this->createReset($this->user->email, 'token', now());
+
+        $response = $this->postJson(self::URI, $reset);
+
+        $response->assertOk();
+
+        $this->user->refresh();
+
+        $this->assertTrue(Hash::check($reset['password'], $this->user->password));
+        $response->assertJsonStructure(['access_token']);
+    }
+
+    public function test_invalid_token(): void
+    {
+        $reset = $this->createReset($this->user->email, 'token', now());
+        $reset['token'] = 'invalid_token';
+
+        $response = $this->postJson(self::URI, $reset);
+
+        $response->assertUnauthorized();
+    }
+
+    public function test_invalid_email(): void
+    {
+        $reset = $this->createReset($this->user->email, 'token', now());
+        $reset['email'] = 'invalidemail@example.com';
+
+        $response = $this->postJson(self::URI, $reset);
+
+        $response->assertUnauthorized('authorization.invalid_password_data');
+    }
+
+    public function test_almost_expired(): void
+    {
+        $reset = [$this->user->email, 'expired', now()->subMinutes(config('auth.passwords.users.expire') - 1)];
+        $reset = $this->createReset(...$reset);
+
+        $response = $this->postJson(self::URI, $reset);
+
+        $response->assertOk();
+
+        $this->user->refresh();
+
+        $this->assertTrue(Hash::check($reset['password'], $this->user->password));
+        $response->assertJsonStructure(['access_token']);
+    }
+
+    public function test_expired(): void
+    {
+        $reset = [$this->user->email, 'expired', now()->subMinutes(config('auth.passwords.users.expire'))];
+        $reset = $this->createReset(...$reset);
+
+        $response = $this->postJson(self::URI, $reset);
+
+        $response->assertUnauthorized();
+    }
+
+    public function test_without_params(): void
+    {
+        $response = $this->postJson(self::URI);
+        $response->assertError(self::HTTP_BAD_REQUEST);
+    }
+}

tests/Feature/Auth/PasswordReset/RequestTest.php

@@ -0,0 +1,56 @@
+<?php
+
+namespace Tests\Feature\Auth\PasswordReset;
+
+use App\Mail\ResetPassword;
+use App\Models\User;
+use Notification;
+use Tests\Facades\UserFactory;
+use Tests\TestCase;
+
+class RequestTest extends TestCase
+{
+    private const URI = 'auth/password/reset/request';
+
+    private User $user;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->user = UserFactory::create();
+    }
+
+    public function test_request(): void
+    {
+        Notification::fake();
+        Notification::assertNothingSent();
+
+        $response = $this->postJson(self::URI, ['email' => $this->user->email]);
+
+        $response->assertOk();
+        Notification::assertSentTo($this->user, ResetPassword::class);
+    }
+
+    public function test_wrong_email(): void
+    {
+        Notification::fake();
+        Notification::assertNothingSent();
+
+        $response = $this->postJson(self::URI, ['email' => 'wronemail@example.com']);
+
+        $response->assertNotFound('authorization.user_not_found');
+        Notification::assertNothingSent();
+    }
+
+    public function test_without_params(): void
+    {
+        Notification::fake();
+        Notification::assertNothingSent();
+
+        $response = $this->postJson(self::URI);
+
+        $response->assertError(self::HTTP_BAD_REQUEST);
+        Notification::assertNothingSent();
+    }
+}

tests/Feature/Auth/PasswordReset/ValidateTest.php

@@ -0,0 +1,89 @@
+<?php
+
+namespace Tests\Feature\Auth\PasswordReset;
+
+use App\Models\User;
+use DB;
+use Hash;
+use Tests\Facades\UserFactory;
+use Tests\TestCase;
+
+class ValidateTest extends TestCase
+{
+    private const URI = 'auth/password/reset/validate';
+
+    private User $user;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->user = UserFactory::create();
+    }
+
+    protected function createReset(string $email, string $token, string $createdAt): array
+    {
+        DB::table('password_resets')->insert([
+            'email' => $email,
+            'token' => Hash::make($token),
+            'created_at' => $createdAt
+        ]);
+
+        return ['email' => $email, 'token' => $token];
+    }
+
+    public function test_validate(): void
+    {
+        $reset = $this->createReset($this->user->email, 'token', now());
+
+        $response = $this->postJson(self::URI, $reset);
+
+        $response->assertOk();
+    }
+
+    public function test_invalid_token(): void
+    {
+        $reset = $this->createReset($this->user->email, 'token', now());
+        $reset['token'] = 'invalid_token';
+
+        $response = $this->postJson(self::URI, $reset);
+
+        $response->assertUnauthorized('authorization.invalid_password_data');
+    }
+
+    public function test_invalid_email(): void
+    {
+        $reset = $this->createReset($this->user->email, 'token', now());
+        $reset['email'] = 'invalidemail@example.com';
+
+        $response = $this->postJson(self::URI, $reset);
+
+        $response->assertUnauthorized('authorization.invalid_password_data');
+    }
+
+    public function test_almost_expired(): void
+    {
+        $reset = [$this->user->email, 'expired', now()->subMinutes(config('auth.passwords.users.expire') - 1)];
+        $reset = $this->createReset(...$reset);
+
+        $response = $this->postJson(self::URI, $reset);
+
+        $response->assertOk();
+    }
+
+    public function test_expired(): void
+    {
+        $reset = [$this->user->email, 'expired', now()->subMinutes(config('auth.passwords.users.expire'))];
+        $reset = $this->createReset(...$reset);
+
+        $response = $this->postJson(self::URI, $reset);
+
+        $response->assertUnauthorized('authorization.invalid_password_data');
+    }
+
+    public function test_without_params(): void
+    {
+        $response = $this->postJson(self::URI);
+        $response->assertError(self::HTTP_BAD_REQUEST);
+    }
+}

tests/Feature/Auth/RefreshTest.php

@@ -0,0 +1,39 @@
+<?php
+
+namespace Tests\Feature\Auth;
+
+use App\Models\User;
+use Tests\Facades\UserFactory;
+use Tests\TestCase;
+
+class RefreshTest extends TestCase
+{
+    private const URI = 'auth/refresh';
+    private const TEST_URI = 'auth/me';
+
+    private User $user;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->user = UserFactory::withTokens()->create();
+    }
+
+    public function test_refresh(): void
+    {
+        $token = cache("testing:{$this->user->id}:tokens");
+
+        $this->assertNotEmpty($token);
+        $this->assertNotEmpty($token[0]);
+        $this->assertNotEmpty($token[0]['token']);
+
+        $this->actingAs($token[0]['token'])->get(self::TEST_URI)->assertOk();
+
+        $response = $this->actingAs($token[0]['token'])->postJson(self::URI);
+
+        $response->assertOk();
+
+        $this->actingAs($token[0]['token'])->get(self::TEST_URI)->assertUnauthorized();
+    }
+}