bent/BeetRoundServer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

After "mix phx.gen.auth Admins Admin admins" with added working register and login path.

Browse Source
This commit is contained in:
Bent Witthold
2026-02-20 13:09:55 +01:00
parent a47931f40e
commit 53d19a3a18
28 changed files with 2830 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

397
test/beet_round_server/admins_test.exs Normal file
View File

@ -0,0 +1,397 @@
defmodule BeetRoundServer.AdminsTest do
use BeetRoundServer.DataCase
alias BeetRoundServer.Admins
import BeetRoundServer.AdminsFixtures
alias BeetRoundServer.Admins.{Admin, AdminToken}
describe "get_admin_by_email/1" do
test "does not return the admin if the email does not exist" do
refute Admins.get_admin_by_email("unknown@example.com")
end
test "returns the admin if the email exists" do
%{id: id} = admin = admin_fixture()
assert %Admin{id: ^id} = Admins.get_admin_by_email(admin.email)
end
end
describe "get_admin_by_email_and_password/2" do
test "does not return the admin if the email does not exist" do
refute Admins.get_admin_by_email_and_password("unknown@example.com", "hello world!")
end
test "does not return the admin if the password is not valid" do
admin = admin_fixture() |> set_password()
refute Admins.get_admin_by_email_and_password(admin.email, "invalid")
end
test "returns the admin if the email and password are valid" do
%{id: id} = admin = admin_fixture() |> set_password()
assert %Admin{id: ^id} =
Admins.get_admin_by_email_and_password(admin.email, valid_admin_password())
end
end
describe "get_admin!/1" do
test "raises if id is invalid" do
assert_raise Ecto.NoResultsError, fn ->
Admins.get_admin!("11111111-1111-1111-1111-111111111111")
end
end
test "returns the admin with the given id" do
%{id: id} = admin = admin_fixture()
assert %Admin{id: ^id} = Admins.get_admin!(admin.id)
end
end
describe "register_admin/1" do
test "requires email to be set" do
{:error, changeset} = Admins.register_admin(%{})
assert %{email: ["can't be blank"]} = errors_on(changeset)
end
test "validates email when given" do
{:error, changeset} = Admins.register_admin(%{email: "not valid"})
assert %{email: ["must have the @ sign and no spaces"]} = errors_on(changeset)
end
test "validates maximum values for email for security" do
too_long = String.duplicate("db", 100)
{:error, changeset} = Admins.register_admin(%{email: too_long})
assert "should be at most 160 character(s)" in errors_on(changeset).email
end
test "validates email uniqueness" do
%{email: email} = admin_fixture()
{:error, changeset} = Admins.register_admin(%{email: email})
assert "has already been taken" in errors_on(changeset).email
# Now try with the uppercased email too, to check that email case is ignored.
{:error, changeset} = Admins.register_admin(%{email: String.upcase(email)})
assert "has already been taken" in errors_on(changeset).email
end
test "registers admins without password" do
email = unique_admin_email()
{:ok, admin} = Admins.register_admin(valid_admin_attributes(email: email))
assert admin.email == email
assert is_nil(admin.hashed_password)
assert is_nil(admin.confirmed_at)
assert is_nil(admin.password)
end
end
describe "sudo_mode?/2" do
test "validates the authenticated_at time" do
now = DateTime.utc_now()
assert Admins.sudo_mode?(%Admin{authenticated_at: DateTime.utc_now()})
assert Admins.sudo_mode?(%Admin{authenticated_at: DateTime.add(now, -19, :minute)})
refute Admins.sudo_mode?(%Admin{authenticated_at: DateTime.add(now, -21, :minute)})
# minute override
refute Admins.sudo_mode?(
%Admin{authenticated_at: DateTime.add(now, -11, :minute)},
-10
)
# not authenticated
refute Admins.sudo_mode?(%Admin{})
end
end
describe "change_admin_email/3" do
test "returns a admin changeset" do
assert %Ecto.Changeset{} = changeset = Admins.change_admin_email(%Admin{})
assert changeset.required == [:email]
end
end
describe "deliver_admin_update_email_instructions/3" do
setup do
%{admin: admin_fixture()}
end
test "sends token through notification", %{admin: admin} do
token =
extract_admin_token(fn url ->
Admins.deliver_admin_update_email_instructions(admin, "current@example.com", url)
end)
{:ok, token} = Base.url_decode64(token, padding: false)
assert admin_token = Repo.get_by(AdminToken, token: :crypto.hash(:sha256, token))
assert admin_token.admin_id == admin.id
assert admin_token.sent_to == admin.email
assert admin_token.context == "change:current@example.com"
end
end
describe "update_admin_email/2" do
setup do
admin = unconfirmed_admin_fixture()
email = unique_admin_email()
token =
extract_admin_token(fn url ->
Admins.deliver_admin_update_email_instructions(%{admin | email: email}, admin.email, url)
end)
%{admin: admin, token: token, email: email}
end
test "updates the email with a valid token", %{admin: admin, token: token, email: email} do
assert {:ok, %{email: ^email}} = Admins.update_admin_email(admin, token)
changed_admin = Repo.get!(Admin, admin.id)
assert changed_admin.email != admin.email
assert changed_admin.email == email
refute Repo.get_by(AdminToken, admin_id: admin.id)
end
test "does not update email with invalid token", %{admin: admin} do
assert Admins.update_admin_email(admin, "oops") ==
{:error, :transaction_aborted}
assert Repo.get!(Admin, admin.id).email == admin.email
assert Repo.get_by(AdminToken, admin_id: admin.id)
end
test "does not update email if admin email changed", %{admin: admin, token: token} do
assert Admins.update_admin_email(%{admin | email: "current@example.com"}, token) ==
{:error, :transaction_aborted}
assert Repo.get!(Admin, admin.id).email == admin.email
assert Repo.get_by(AdminToken, admin_id: admin.id)
end
test "does not update email if token expired", %{admin: admin, token: token} do
{1, nil} = Repo.update_all(AdminToken, set: [inserted_at: ~N[2020-01-01 00:00:00]])
assert Admins.update_admin_email(admin, token) ==
{:error, :transaction_aborted}
assert Repo.get!(Admin, admin.id).email == admin.email
assert Repo.get_by(AdminToken, admin_id: admin.id)
end
end
describe "change_admin_password/3" do
test "returns a admin changeset" do
assert %Ecto.Changeset{} = changeset = Admins.change_admin_password(%Admin{})
assert changeset.required == [:password]
end
test "allows fields to be set" do
changeset =
Admins.change_admin_password(
%Admin{},
%{
"password" => "new valid password"
},
hash_password: false
)
assert changeset.valid?
assert get_change(changeset, :password) == "new valid password"
assert is_nil(get_change(changeset, :hashed_password))
end
end
describe "update_admin_password/2" do
setup do
%{admin: admin_fixture()}
end
test "validates password", %{admin: admin} do
{:error, changeset} =
Admins.update_admin_password(admin, %{
password: "not valid",
password_confirmation: "another"
})
assert %{
password: ["should be at least 12 character(s)"],
password_confirmation: ["does not match password"]
} = errors_on(changeset)
end
test "validates maximum values for password for security", %{admin: admin} do
too_long = String.duplicate("db", 100)
{:error, changeset} =
Admins.update_admin_password(admin, %{password: too_long})
assert "should be at most 72 character(s)" in errors_on(changeset).password
end
test "updates the password", %{admin: admin} do
{:ok, {admin, expired_tokens}} =
Admins.update_admin_password(admin, %{
password: "new valid password"
})
assert expired_tokens == []
assert is_nil(admin.password)
assert Admins.get_admin_by_email_and_password(admin.email, "new valid password")
end
test "deletes all tokens for the given admin", %{admin: admin} do
_ = Admins.generate_admin_session_token(admin)
{:ok, {_, _}} =
Admins.update_admin_password(admin, %{
password: "new valid password"
})
refute Repo.get_by(AdminToken, admin_id: admin.id)
end
end
describe "generate_admin_session_token/1" do
setup do
%{admin: admin_fixture()}
end
test "generates a token", %{admin: admin} do
token = Admins.generate_admin_session_token(admin)
assert admin_token = Repo.get_by(AdminToken, token: token)
assert admin_token.context == "session"
assert admin_token.authenticated_at != nil
# Creating the same token for another admin should fail
assert_raise Ecto.ConstraintError, fn ->
Repo.insert!(%AdminToken{
token: admin_token.token,
admin_id: admin_fixture().id,
context: "session"
})
end
end
test "duplicates the authenticated_at of given admin in new token", %{admin: admin} do
admin = %{admin | authenticated_at: DateTime.add(DateTime.utc_now(:second), -3600)}
token = Admins.generate_admin_session_token(admin)
assert admin_token = Repo.get_by(AdminToken, token: token)
assert admin_token.authenticated_at == admin.authenticated_at
assert DateTime.compare(admin_token.inserted_at, admin.authenticated_at) == :gt
end
end
describe "get_admin_by_session_token/1" do
setup do
admin = admin_fixture()
token = Admins.generate_admin_session_token(admin)
%{admin: admin, token: token}
end
test "returns admin by token", %{admin: admin, token: token} do
assert {session_admin, token_inserted_at} = Admins.get_admin_by_session_token(token)
assert session_admin.id == admin.id
assert session_admin.authenticated_at != nil
assert token_inserted_at != nil
end
test "does not return admin for invalid token" do
refute Admins.get_admin_by_session_token("oops")
end
test "does not return admin for expired token", %{token: token} do
dt = ~N[2020-01-01 00:00:00]
{1, nil} = Repo.update_all(AdminToken, set: [inserted_at: dt, authenticated_at: dt])
refute Admins.get_admin_by_session_token(token)
end
end
describe "get_admin_by_magic_link_token/1" do
setup do
admin = admin_fixture()
{encoded_token, _hashed_token} = generate_admin_magic_link_token(admin)
%{admin: admin, token: encoded_token}
end
test "returns admin by token", %{admin: admin, token: token} do
assert session_admin = Admins.get_admin_by_magic_link_token(token)
assert session_admin.id == admin.id
end
test "does not return admin for invalid token" do
refute Admins.get_admin_by_magic_link_token("oops")
end
test "does not return admin for expired token", %{token: token} do
{1, nil} = Repo.update_all(AdminToken, set: [inserted_at: ~N[2020-01-01 00:00:00]])
refute Admins.get_admin_by_magic_link_token(token)
end
end
describe "login_admin_by_magic_link/1" do
test "confirms admin and expires tokens" do
admin = unconfirmed_admin_fixture()
refute admin.confirmed_at
{encoded_token, hashed_token} = generate_admin_magic_link_token(admin)
assert {:ok, {admin, [%{token: ^hashed_token}]}} =
Admins.login_admin_by_magic_link(encoded_token)
assert admin.confirmed_at
end
test "returns admin and (deleted) token for confirmed admin" do
admin = admin_fixture()
assert admin.confirmed_at
{encoded_token, _hashed_token} = generate_admin_magic_link_token(admin)
assert {:ok, {^admin, []}} = Admins.login_admin_by_magic_link(encoded_token)
# one time use only
assert {:error, :not_found} = Admins.login_admin_by_magic_link(encoded_token)
end
test "raises when unconfirmed admin has password set" do
admin = unconfirmed_admin_fixture()
{1, nil} = Repo.update_all(Admin, set: [hashed_password: "hashed"])
{encoded_token, _hashed_token} = generate_admin_magic_link_token(admin)
assert_raise RuntimeError, ~r/magic link log in is not allowed/, fn ->
Admins.login_admin_by_magic_link(encoded_token)
end
end
end
describe "delete_admin_session_token/1" do
test "deletes the token" do
admin = admin_fixture()
token = Admins.generate_admin_session_token(admin)
assert Admins.delete_admin_session_token(token) == :ok
refute Admins.get_admin_by_session_token(token)
end
end
describe "deliver_login_instructions/2" do
setup do
%{admin: unconfirmed_admin_fixture()}
end
test "sends token through notification", %{admin: admin} do
token =
extract_admin_token(fn url ->
Admins.deliver_login_instructions(admin, url)
end)
{:ok, token} = Base.url_decode64(token, padding: false)
assert admin_token = Repo.get_by(AdminToken, token: :crypto.hash(:sha256, token))
assert admin_token.admin_id == admin.id
assert admin_token.sent_to == admin.email
assert admin_token.context == "login"
end
end
describe "inspect/2 for the Admin module" do
test "does not include password" do
refute inspect(%Admin{password: "123456"}) =~ "password: \"123456\""
end
end
end

293
test/beet_round_server_web/admin_auth_test.exs Normal file
View File

@ -0,0 +1,293 @@
defmodule BeetRoundServerWeb.AdminAuthTest do
use BeetRoundServerWeb.ConnCase, async: true
alias BeetRoundServer.Admins
alias BeetRoundServer.Admins.Scope
alias BeetRoundServerWeb.AdminAuth
import BeetRoundServer.AdminsFixtures
@remember_me_cookie "_beet_round_server_web_admin_remember_me"
@remember_me_cookie_max_age 60 * 60 * 24 * 14
setup %{conn: conn} do
conn =
conn
|> Map.replace!(:secret_key_base, BeetRoundServerWeb.Endpoint.config(:secret_key_base))
|> init_test_session(%{})
%{admin: %{admin_fixture() | authenticated_at: DateTime.utc_now(:second)}, conn: conn}
end
describe "log_in_admin/3" do
test "stores the admin token in the session", %{conn: conn, admin: admin} do
conn = AdminAuth.log_in_admin(conn, admin)
assert token = get_session(conn, :admin_token)
assert redirected_to(conn) == ~p"/"
assert Admins.get_admin_by_session_token(token)
end
test "clears everything previously stored in the session", %{conn: conn, admin: admin} do
conn = conn |> put_session(:to_be_removed, "value") |> AdminAuth.log_in_admin(admin)
refute get_session(conn, :to_be_removed)
end
test "keeps session when re-authenticating", %{conn: conn, admin: admin} do
conn =
conn
|> assign(:current_scope, Scope.for_admin(admin))
|> put_session(:to_be_removed, "value")
|> AdminAuth.log_in_admin(admin)
assert get_session(conn, :to_be_removed)
end
test "clears session when admin does not match when re-authenticating", %{
conn: conn,
admin: admin
} do
other_admin = admin_fixture()
conn =
conn
|> assign(:current_scope, Scope.for_admin(other_admin))
|> put_session(:to_be_removed, "value")
|> AdminAuth.log_in_admin(admin)
refute get_session(conn, :to_be_removed)
end
test "redirects to the configured path", %{conn: conn, admin: admin} do
conn = conn |> put_session(:admin_return_to, "/hello") |> AdminAuth.log_in_admin(admin)
assert redirected_to(conn) == "/hello"
end
test "writes a cookie if remember_me is configured", %{conn: conn, admin: admin} do
conn = conn |> fetch_cookies() |> AdminAuth.log_in_admin(admin, %{"remember_me" => "true"})
assert get_session(conn, :admin_token) == conn.cookies[@remember_me_cookie]
assert get_session(conn, :admin_remember_me) == true
assert %{value: signed_token, max_age: max_age} = conn.resp_cookies[@remember_me_cookie]
assert signed_token != get_session(conn, :admin_token)
assert max_age == @remember_me_cookie_max_age
end
test "writes a cookie if remember_me was set in previous session", %{conn: conn, admin: admin} do
conn = conn |> fetch_cookies() |> AdminAuth.log_in_admin(admin, %{"remember_me" => "true"})
assert get_session(conn, :admin_token) == conn.cookies[@remember_me_cookie]
assert get_session(conn, :admin_remember_me) == true
conn =
conn
|> recycle()
|> Map.replace!(:secret_key_base, BeetRoundServerWeb.Endpoint.config(:secret_key_base))
|> fetch_cookies()
|> init_test_session(%{admin_remember_me: true})
# the conn is already logged in and has the remember_me cookie set,
# now we log in again and even without explicitly setting remember_me,
# the cookie should be set again
conn = conn |> AdminAuth.log_in_admin(admin, %{})
assert %{value: signed_token, max_age: max_age} = conn.resp_cookies[@remember_me_cookie]
assert signed_token != get_session(conn, :admin_token)
assert max_age == @remember_me_cookie_max_age
assert get_session(conn, :admin_remember_me) == true
end
end
describe "logout_admin/1" do
test "erases session and cookies", %{conn: conn, admin: admin} do
admin_token = Admins.generate_admin_session_token(admin)
conn =
conn
|> put_session(:admin_token, admin_token)
|> put_req_cookie(@remember_me_cookie, admin_token)
|> fetch_cookies()
|> AdminAuth.log_out_admin()
refute get_session(conn, :admin_token)
refute conn.cookies[@remember_me_cookie]
assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie]
assert redirected_to(conn) == ~p"/"
refute Admins.get_admin_by_session_token(admin_token)
end
test "works even if admin is already logged out", %{conn: conn} do
conn = conn |> fetch_cookies() |> AdminAuth.log_out_admin()
refute get_session(conn, :admin_token)
assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie]
assert redirected_to(conn) == ~p"/"
end
end
describe "fetch_current_scope_for_admin/2" do
test "authenticates admin from session", %{conn: conn, admin: admin} do
admin_token = Admins.generate_admin_session_token(admin)
conn =
conn |> put_session(:admin_token, admin_token) |> AdminAuth.fetch_current_scope_for_admin([])
assert conn.assigns.current_scope.admin.id == admin.id
assert conn.assigns.current_scope.admin.authenticated_at == admin.authenticated_at
assert get_session(conn, :admin_token) == admin_token
end
test "authenticates admin from cookies", %{conn: conn, admin: admin} do
logged_in_conn =
conn |> fetch_cookies() |> AdminAuth.log_in_admin(admin, %{"remember_me" => "true"})
admin_token = logged_in_conn.cookies[@remember_me_cookie]
%{value: signed_token} = logged_in_conn.resp_cookies[@remember_me_cookie]
conn =
conn
|> put_req_cookie(@remember_me_cookie, signed_token)
|> AdminAuth.fetch_current_scope_for_admin([])
assert conn.assigns.current_scope.admin.id == admin.id
assert conn.assigns.current_scope.admin.authenticated_at == admin.authenticated_at
assert get_session(conn, :admin_token) == admin_token
assert get_session(conn, :admin_remember_me)
end
test "does not authenticate if data is missing", %{conn: conn, admin: admin} do
_ = Admins.generate_admin_session_token(admin)
conn = AdminAuth.fetch_current_scope_for_admin(conn, [])
refute get_session(conn, :admin_token)
refute conn.assigns.current_scope
end
test "reissues a new token after a few days and refreshes cookie", %{conn: conn, admin: admin} do
logged_in_conn =
conn |> fetch_cookies() |> AdminAuth.log_in_admin(admin, %{"remember_me" => "true"})
token = logged_in_conn.cookies[@remember_me_cookie]
%{value: signed_token} = logged_in_conn.resp_cookies[@remember_me_cookie]
offset_admin_token(token, -10, :day)
{admin, _} = Admins.get_admin_by_session_token(token)
conn =
conn
|> put_session(:admin_token, token)
|> put_session(:admin_remember_me, true)
|> put_req_cookie(@remember_me_cookie, signed_token)
|> AdminAuth.fetch_current_scope_for_admin([])
assert conn.assigns.current_scope.admin.id == admin.id
assert conn.assigns.current_scope.admin.authenticated_at == admin.authenticated_at
assert new_token = get_session(conn, :admin_token)
assert new_token != token
assert %{value: new_signed_token, max_age: max_age} = conn.resp_cookies[@remember_me_cookie]
assert new_signed_token != signed_token
assert max_age == @remember_me_cookie_max_age
end
end
describe "require_sudo_mode/2" do
test "allows admins that have authenticated in the last 10 minutes", %{conn: conn, admin: admin} do
conn =
conn
|> fetch_flash()
|> assign(:current_scope, Scope.for_admin(admin))
|> AdminAuth.require_sudo_mode([])
refute conn.halted
refute conn.status
end
test "redirects when authentication is too old", %{conn: conn, admin: admin} do
eleven_minutes_ago = DateTime.utc_now(:second) |> DateTime.add(-11, :minute)
admin = %{admin | authenticated_at: eleven_minutes_ago}
admin_token = Admins.generate_admin_session_token(admin)
{admin, token_inserted_at} = Admins.get_admin_by_session_token(admin_token)
assert DateTime.compare(token_inserted_at, admin.authenticated_at) == :gt
conn =
conn
|> fetch_flash()
|> assign(:current_scope, Scope.for_admin(admin))
|> AdminAuth.require_sudo_mode([])
assert redirected_to(conn) == ~p"/admins/log-in"
assert Phoenix.Flash.get(conn.assigns.flash, :error) ==
"You must re-authenticate to access this page."
end
end
describe "redirect_if_admin_is_authenticated/2" do
setup %{conn: conn} do
%{conn: AdminAuth.fetch_current_scope_for_admin(conn, [])}
end
test "redirects if admin is authenticated", %{conn: conn, admin: admin} do
conn =
conn
|> assign(:current_scope, Scope.for_admin(admin))
|> AdminAuth.redirect_if_admin_is_authenticated([])
assert conn.halted
assert redirected_to(conn) == ~p"/"
end
test "does not redirect if admin is not authenticated", %{conn: conn} do
conn = AdminAuth.redirect_if_admin_is_authenticated(conn, [])
refute conn.halted
refute conn.status
end
end
describe "require_authenticated_admin/2" do
setup %{conn: conn} do
%{conn: AdminAuth.fetch_current_scope_for_admin(conn, [])}
end
test "redirects if admin is not authenticated", %{conn: conn} do
conn = conn |> fetch_flash() |> AdminAuth.require_authenticated_admin([])
assert conn.halted
assert redirected_to(conn) == ~p"/admins/log-in"
assert Phoenix.Flash.get(conn.assigns.flash, :error) ==
"You must log in to access this page."
end
test "stores the path to redirect to on GET", %{conn: conn} do
halted_conn =
%{conn | path_info: ["foo"], query_string: ""}
|> fetch_flash()
|> AdminAuth.require_authenticated_admin([])
assert halted_conn.halted
assert get_session(halted_conn, :admin_return_to) == "/foo"
halted_conn =
%{conn | path_info: ["foo"], query_string: "bar=baz"}
|> fetch_flash()
|> AdminAuth.require_authenticated_admin([])
assert halted_conn.halted
assert get_session(halted_conn, :admin_return_to) == "/foo?bar=baz"
halted_conn =
%{conn | path_info: ["foo"], query_string: "bar", method: "POST"}
|> fetch_flash()
|> AdminAuth.require_authenticated_admin([])
assert halted_conn.halted
refute get_session(halted_conn, :admin_return_to)
end
test "does not redirect if admin is authenticated", %{conn: conn, admin: admin} do
conn =
conn
|> assign(:current_scope, Scope.for_admin(admin))
|> AdminAuth.require_authenticated_admin([])
refute conn.halted
refute conn.status
end
end
end

50
test/beet_round_server_web/controllers/admin_registration_controller_test.exs Normal file
View File

@ -0,0 +1,50 @@
defmodule BeetRoundServerWeb.AdminRegistrationControllerTest do
use BeetRoundServerWeb.ConnCase, async: true
import BeetRoundServer.AdminsFixtures
describe "GET /admins/register" do
test "renders registration page", %{conn: conn} do
conn = get(conn, ~p"/admins/register")
response = html_response(conn, 200)
assert response =~ "Register"
assert response =~ ~p"/admins/log-in"
assert response =~ ~p"/admins/register"
end
test "redirects if already logged in", %{conn: conn} do
conn = conn |> log_in_admin(admin_fixture()) |> get(~p"/admins/register")
assert redirected_to(conn) == ~p"/"
end
end
describe "POST /admins/register" do
@tag :capture_log
test "creates account but does not log in", %{conn: conn} do
email = unique_admin_email()
conn =
post(conn, ~p"/admins/register", %{
"admin" => valid_admin_attributes(email: email)
})
refute get_session(conn, :admin_token)
assert redirected_to(conn) == ~p"/admins/log-in"
assert conn.assigns.flash["info"] =~
~r/An email was sent to .*, please access it to confirm your account/
end
test "render errors for invalid data", %{conn: conn} do
conn =
post(conn, ~p"/admins/register", %{
"admin" => %{"email" => "with spaces"}
})
response = html_response(conn, 200)
assert response =~ "Register"
assert response =~ "must have the @ sign and no spaces"
end
end
end

220
test/beet_round_server_web/controllers/admin_session_controller_test.exs Normal file
View File

@ -0,0 +1,220 @@
defmodule BeetRoundServerWeb.AdminSessionControllerTest do
use BeetRoundServerWeb.ConnCase, async: true
import BeetRoundServer.AdminsFixtures
alias BeetRoundServer.Admins
setup do
%{unconfirmed_admin: unconfirmed_admin_fixture(), admin: admin_fixture()}
end
describe "GET /admins/log-in" do
test "renders login page", %{conn: conn} do
conn = get(conn, ~p"/admins/log-in")
response = html_response(conn, 200)
assert response =~ "Log in"
assert response =~ ~p"/admins/register"
assert response =~ "Log in with email"
end
test "renders login page with email filled in (sudo mode)", %{conn: conn, admin: admin} do
html =
conn
|> log_in_admin(admin)
|> get(~p"/admins/log-in")
|> html_response(200)
assert html =~ "You need to reauthenticate"
refute html =~ "Register"
assert html =~ "Log in with email"
assert html =~
~s(<input type="email" name="admin[email]" id="login_form_magic_email" value="#{admin.email}")
end
test "renders login page (email + password)", %{conn: conn} do
conn = get(conn, ~p"/admins/log-in?mode=password")
response = html_response(conn, 200)
assert response =~ "Log in"
assert response =~ ~p"/admins/register"
assert response =~ "Log in with email"
end
end
describe "GET /admins/log-in/:token" do
test "renders confirmation page for unconfirmed admin", %{conn: conn, unconfirmed_admin: admin} do
token =
extract_admin_token(fn url ->
Admins.deliver_login_instructions(admin, url)
end)
conn = get(conn, ~p"/admins/log-in/#{token}")
assert html_response(conn, 200) =~ "Confirm and stay logged in"
end
test "renders login page for confirmed admin", %{conn: conn, admin: admin} do
token =
extract_admin_token(fn url ->
Admins.deliver_login_instructions(admin, url)
end)
conn = get(conn, ~p"/admins/log-in/#{token}")
html = html_response(conn, 200)
refute html =~ "Confirm my account"
assert html =~ "Log in"
end
test "raises error for invalid token", %{conn: conn} do
conn = get(conn, ~p"/admins/log-in/invalid-token")
assert redirected_to(conn) == ~p"/admins/log-in"
assert Phoenix.Flash.get(conn.assigns.flash, :error) ==
"Magic link is invalid or it has expired."
end
end
describe "POST /admins/log-in - email and password" do
test "logs the admin in", %{conn: conn, admin: admin} do
admin = set_password(admin)
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{"email" => admin.email, "password" => valid_admin_password()}
})
assert get_session(conn, :admin_token)
assert redirected_to(conn) == ~p"/"
# Now do a logged in request and assert on the menu
conn = get(conn, ~p"/")
response = html_response(conn, 200)
assert response =~ admin.email
assert response =~ ~p"/admins/settings"
assert response =~ ~p"/admins/log-out"
end
test "logs the admin in with remember me", %{conn: conn, admin: admin} do
admin = set_password(admin)
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{
"email" => admin.email,
"password" => valid_admin_password(),
"remember_me" => "true"
}
})
assert conn.resp_cookies["_beet_round_server_web_admin_remember_me"]
assert redirected_to(conn) == ~p"/"
end
test "logs the admin in with return to", %{conn: conn, admin: admin} do
admin = set_password(admin)
conn =
conn
|> init_test_session(admin_return_to: "/foo/bar")
|> post(~p"/admins/log-in", %{
"admin" => %{
"email" => admin.email,
"password" => valid_admin_password()
}
})
assert redirected_to(conn) == "/foo/bar"
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Welcome back!"
end
test "emits error message with invalid credentials", %{conn: conn, admin: admin} do
conn =
post(conn, ~p"/admins/log-in?mode=password", %{
"admin" => %{"email" => admin.email, "password" => "invalid_password"}
})
response = html_response(conn, 200)
assert response =~ "Log in"
assert response =~ "Invalid email or password"
end
end
describe "POST /admins/log-in - magic link" do
test "sends magic link email when admin exists", %{conn: conn, admin: admin} do
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{"email" => admin.email}
})
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "If your email is in our system"
assert BeetRoundServer.Repo.get_by!(Admins.AdminToken, admin_id: admin.id).context == "login"
end
test "logs the admin in", %{conn: conn, admin: admin} do
{token, _hashed_token} = generate_admin_magic_link_token(admin)
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{"token" => token}
})
assert get_session(conn, :admin_token)
assert redirected_to(conn) == ~p"/"
# Now do a logged in request and assert on the menu
conn = get(conn, ~p"/")
response = html_response(conn, 200)
assert response =~ admin.email
assert response =~ ~p"/admins/settings"
assert response =~ ~p"/admins/log-out"
end
test "confirms unconfirmed admin", %{conn: conn, unconfirmed_admin: admin} do
{token, _hashed_token} = generate_admin_magic_link_token(admin)
refute admin.confirmed_at
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{"token" => token},
"_action" => "confirmed"
})
assert get_session(conn, :admin_token)
assert redirected_to(conn) == ~p"/"
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Admin confirmed successfully."
assert Admins.get_admin!(admin.id).confirmed_at
# Now do a logged in request and assert on the menu
conn = get(conn, ~p"/")
response = html_response(conn, 200)
assert response =~ admin.email
assert response =~ ~p"/admins/settings"
assert response =~ ~p"/admins/log-out"
end
test "emits error message when magic link is invalid", %{conn: conn} do
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{"token" => "invalid"}
})
assert html_response(conn, 200) =~ "The link is invalid or it has expired."
end
end
describe "DELETE /admins/log-out" do
test "logs the admin out", %{conn: conn, admin: admin} do
conn = conn |> log_in_admin(admin) |> delete(~p"/admins/log-out")
assert redirected_to(conn) == ~p"/"
refute get_session(conn, :admin_token)
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Logged out successfully"
end
test "succeeds even if the admin is not logged in", %{conn: conn} do
conn = delete(conn, ~p"/admins/log-out")
assert redirected_to(conn) == ~p"/"
refute get_session(conn, :admin_token)
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Logged out successfully"
end
end
end

148
test/beet_round_server_web/controllers/admin_settings_controller_test.exs Normal file
View File

@ -0,0 +1,148 @@
defmodule BeetRoundServerWeb.AdminSettingsControllerTest do
use BeetRoundServerWeb.ConnCase, async: true
alias BeetRoundServer.Admins
import BeetRoundServer.AdminsFixtures
setup :register_and_log_in_admin
describe "GET /admins/settings" do
test "renders settings page", %{conn: conn} do
conn = get(conn, ~p"/admins/settings")
response = html_response(conn, 200)
assert response =~ "Settings"
end
test "redirects if admin is not logged in" do
conn = build_conn()
conn = get(conn, ~p"/admins/settings")
assert redirected_to(conn) == ~p"/admins/log-in"
end
@tag token_authenticated_at: DateTime.add(DateTime.utc_now(:second), -11, :minute)
test "redirects if admin is not in sudo mode", %{conn: conn} do
conn = get(conn, ~p"/admins/settings")
assert redirected_to(conn) == ~p"/admins/log-in"
assert Phoenix.Flash.get(conn.assigns.flash, :error) ==
"You must re-authenticate to access this page."
end
end
describe "PUT /admins/settings (change password form)" do
test "updates the admin password and resets tokens", %{conn: conn, admin: admin} do
new_password_conn =
put(conn, ~p"/admins/settings", %{
"action" => "update_password",
"admin" => %{
"password" => "new valid password",
"password_confirmation" => "new valid password"
}
})
assert redirected_to(new_password_conn) == ~p"/admins/settings"
assert get_session(new_password_conn, :admin_token) != get_session(conn, :admin_token)
assert Phoenix.Flash.get(new_password_conn.assigns.flash, :info) =~
"Password updated successfully"
assert Admins.get_admin_by_email_and_password(admin.email, "new valid password")
end
test "does not update password on invalid data", %{conn: conn} do
old_password_conn =
put(conn, ~p"/admins/settings", %{
"action" => "update_password",
"admin" => %{
"password" => "too short",
"password_confirmation" => "does not match"
}
})
response = html_response(old_password_conn, 200)
assert response =~ "Settings"
assert response =~ "should be at least 12 character(s)"
assert response =~ "does not match password"
assert get_session(old_password_conn, :admin_token) == get_session(conn, :admin_token)
end
end
describe "PUT /admins/settings (change email form)" do
@tag :capture_log
test "updates the admin email", %{conn: conn, admin: admin} do
conn =
put(conn, ~p"/admins/settings", %{
"action" => "update_email",
"admin" => %{"email" => unique_admin_email()}
})
assert redirected_to(conn) == ~p"/admins/settings"
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~
"A link to confirm your email"
assert Admins.get_admin_by_email(admin.email)
end
test "does not update email on invalid data", %{conn: conn} do
conn =
put(conn, ~p"/admins/settings", %{
"action" => "update_email",
"admin" => %{"email" => "with spaces"}
})
response = html_response(conn, 200)
assert response =~ "Settings"
assert response =~ "must have the @ sign and no spaces"
end
end
describe "GET /admins/settings/confirm-email/:token" do
setup %{admin: admin} do
email = unique_admin_email()
token =
extract_admin_token(fn url ->
Admins.deliver_admin_update_email_instructions(%{admin | email: email}, admin.email, url)
end)
%{token: token, email: email}
end
test "updates the admin email once", %{conn: conn, admin: admin, token: token, email: email} do
conn = get(conn, ~p"/admins/settings/confirm-email/#{token}")
assert redirected_to(conn) == ~p"/admins/settings"
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~
"Email changed successfully"
refute Admins.get_admin_by_email(admin.email)
assert Admins.get_admin_by_email(email)
conn = get(conn, ~p"/admins/settings/confirm-email/#{token}")
assert redirected_to(conn) == ~p"/admins/settings"
assert Phoenix.Flash.get(conn.assigns.flash, :error) =~
"Email change link is invalid or it has expired"
end
test "does not update email with invalid token", %{conn: conn, admin: admin} do
conn = get(conn, ~p"/admins/settings/confirm-email/oops")
assert redirected_to(conn) == ~p"/admins/settings"
assert Phoenix.Flash.get(conn.assigns.flash, :error) =~
"Email change link is invalid or it has expired"
assert Admins.get_admin_by_email(admin.email)
end
test "redirects if admin is not logged in", %{token: token} do
conn = build_conn()
conn = get(conn, ~p"/admins/settings/confirm-email/#{token}")
assert redirected_to(conn) == ~p"/admins/log-in"
end
end
end

41
test/support/conn_case.ex
View File

@ -76,4 +76,45 @@ defmodule BeetRoundServerWeb.ConnCase do
defp maybe_set_token_authenticated_at(token, authenticated_at) do
BeetRoundServer.AccountsFixtures.override_token_authenticated_at(token, authenticated_at)
end
@doc """
Setup helper that registers and logs in admins.
setup :register_and_log_in_admin
It stores an updated connection and a registered admin in the
test context.
"""
def register_and_log_in_admin(%{conn: conn} = context) do
admin = BeetRoundServer.AdminsFixtures.admin_fixture()
scope = BeetRoundServer.Admins.Scope.for_admin(admin)
opts =
context
|> Map.take([:token_authenticated_at])
|> Enum.into([])
%{conn: log_in_admin(conn, admin, opts), admin: admin, scope: scope}
end
@doc """
Logs the given `admin` into the `conn`.
It returns an updated `conn`.
"""
def log_in_admin(conn, admin, opts \\ []) do
token = BeetRoundServer.Admins.generate_admin_session_token(admin)
maybe_set_token_authenticated_at(token, opts[:token_authenticated_at])
conn
|> Phoenix.ConnTest.init_test_session(%{})
|> Plug.Conn.put_session(:admin_token, token)
end
defp maybe_set_token_authenticated_at(_token, nil), do: nil
defp maybe_set_token_authenticated_at(token, authenticated_at) do
BeetRoundServer.AdminsFixtures.override_token_authenticated_at(token, authenticated_at)
end
end

89
test/support/fixtures/admins_fixtures.ex Normal file
View File

@ -0,0 +1,89 @@
defmodule BeetRoundServer.AdminsFixtures do
@moduledoc """
This module defines test helpers for creating
entities via the `BeetRoundServer.Admins` context.
"""
import Ecto.Query
alias BeetRoundServer.Admins
alias BeetRoundServer.Admins.Scope
def unique_admin_email, do: "admin#{System.unique_integer()}@example.com"
def valid_admin_password, do: "hello world!"
def valid_admin_attributes(attrs \\ %{}) do
Enum.into(attrs, %{
email: unique_admin_email()
})
end
def unconfirmed_admin_fixture(attrs \\ %{}) do
{:ok, admin} =
attrs
|> valid_admin_attributes()
|> Admins.register_admin()
admin
end
def admin_fixture(attrs \\ %{}) do
admin = unconfirmed_admin_fixture(attrs)
token =
extract_admin_token(fn url ->
Admins.deliver_login_instructions(admin, url)
end)
{:ok, {admin, _expired_tokens}} =
Admins.login_admin_by_magic_link(token)
admin
end
def admin_scope_fixture do
admin = admin_fixture()
admin_scope_fixture(admin)
end
def admin_scope_fixture(admin) do
Scope.for_admin(admin)
end
def set_password(admin) do
{:ok, {admin, _expired_tokens}} =
Admins.update_admin_password(admin, %{password: valid_admin_password()})
admin
end
def extract_admin_token(fun) do
{:ok, captured_email} = fun.(&"[TOKEN]#{&1}[TOKEN]")
[_, token | _] = String.split(captured_email.text_body, "[TOKEN]")
token
end
def override_token_authenticated_at(token, authenticated_at) when is_binary(token) do
BeetRoundServer.Repo.update_all(
from(t in Admins.AdminToken,
where: t.token == ^token
),
set: [authenticated_at: authenticated_at]
)
end
def generate_admin_magic_link_token(admin) do
{encoded_token, admin_token} = Admins.AdminToken.build_email_token(admin, "login")
BeetRoundServer.Repo.insert!(admin_token)
{encoded_token, admin_token.token}
end
def offset_admin_token(token, amount_to_add, unit) do
dt = DateTime.add(DateTime.utc_now(:second), amount_to_add, unit)
BeetRoundServer.Repo.update_all(
from(ut in Admins.AdminToken, where: ut.token == ^token),
set: [inserted_at: dt, authenticated_at: dt]
)
end
end