bent/BeetRoundServer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

After "mix phx.gen.auth Admins Admin admins" with added working register and login path.

Browse Source
This commit is contained in:
Bent Witthold
2026-02-20 13:09:55 +01:00
parent a47931f40e
commit 53d19a3a18
28 changed files with 2830 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

293
test/beet_round_server_web/admin_auth_test.exs Normal file
View File

@ -0,0 +1,293 @@
defmodule BeetRoundServerWeb.AdminAuthTest do
use BeetRoundServerWeb.ConnCase, async: true
alias BeetRoundServer.Admins
alias BeetRoundServer.Admins.Scope
alias BeetRoundServerWeb.AdminAuth
import BeetRoundServer.AdminsFixtures
@remember_me_cookie "_beet_round_server_web_admin_remember_me"
@remember_me_cookie_max_age 60 * 60 * 24 * 14
setup %{conn: conn} do
conn =
conn
|> Map.replace!(:secret_key_base, BeetRoundServerWeb.Endpoint.config(:secret_key_base))
|> init_test_session(%{})
%{admin: %{admin_fixture() | authenticated_at: DateTime.utc_now(:second)}, conn: conn}
end
describe "log_in_admin/3" do
test "stores the admin token in the session", %{conn: conn, admin: admin} do
conn = AdminAuth.log_in_admin(conn, admin)
assert token = get_session(conn, :admin_token)
assert redirected_to(conn) == ~p"/"
assert Admins.get_admin_by_session_token(token)
end
test "clears everything previously stored in the session", %{conn: conn, admin: admin} do
conn = conn |> put_session(:to_be_removed, "value") |> AdminAuth.log_in_admin(admin)
refute get_session(conn, :to_be_removed)
end
test "keeps session when re-authenticating", %{conn: conn, admin: admin} do
conn =
conn
|> assign(:current_scope, Scope.for_admin(admin))
|> put_session(:to_be_removed, "value")
|> AdminAuth.log_in_admin(admin)
assert get_session(conn, :to_be_removed)
end
test "clears session when admin does not match when re-authenticating", %{
conn: conn,
admin: admin
} do
other_admin = admin_fixture()
conn =
conn
|> assign(:current_scope, Scope.for_admin(other_admin))
|> put_session(:to_be_removed, "value")
|> AdminAuth.log_in_admin(admin)
refute get_session(conn, :to_be_removed)
end
test "redirects to the configured path", %{conn: conn, admin: admin} do
conn = conn |> put_session(:admin_return_to, "/hello") |> AdminAuth.log_in_admin(admin)
assert redirected_to(conn) == "/hello"
end
test "writes a cookie if remember_me is configured", %{conn: conn, admin: admin} do
conn = conn |> fetch_cookies() |> AdminAuth.log_in_admin(admin, %{"remember_me" => "true"})
assert get_session(conn, :admin_token) == conn.cookies[@remember_me_cookie]
assert get_session(conn, :admin_remember_me) == true
assert %{value: signed_token, max_age: max_age} = conn.resp_cookies[@remember_me_cookie]
assert signed_token != get_session(conn, :admin_token)
assert max_age == @remember_me_cookie_max_age
end
test "writes a cookie if remember_me was set in previous session", %{conn: conn, admin: admin} do
conn = conn |> fetch_cookies() |> AdminAuth.log_in_admin(admin, %{"remember_me" => "true"})
assert get_session(conn, :admin_token) == conn.cookies[@remember_me_cookie]
assert get_session(conn, :admin_remember_me) == true
conn =
conn
|> recycle()
|> Map.replace!(:secret_key_base, BeetRoundServerWeb.Endpoint.config(:secret_key_base))
|> fetch_cookies()
|> init_test_session(%{admin_remember_me: true})
# the conn is already logged in and has the remember_me cookie set,
# now we log in again and even without explicitly setting remember_me,
# the cookie should be set again
conn = conn |> AdminAuth.log_in_admin(admin, %{})
assert %{value: signed_token, max_age: max_age} = conn.resp_cookies[@remember_me_cookie]
assert signed_token != get_session(conn, :admin_token)
assert max_age == @remember_me_cookie_max_age
assert get_session(conn, :admin_remember_me) == true
end
end
describe "logout_admin/1" do
test "erases session and cookies", %{conn: conn, admin: admin} do
admin_token = Admins.generate_admin_session_token(admin)
conn =
conn
|> put_session(:admin_token, admin_token)
|> put_req_cookie(@remember_me_cookie, admin_token)
|> fetch_cookies()
|> AdminAuth.log_out_admin()
refute get_session(conn, :admin_token)
refute conn.cookies[@remember_me_cookie]
assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie]
assert redirected_to(conn) == ~p"/"
refute Admins.get_admin_by_session_token(admin_token)
end
test "works even if admin is already logged out", %{conn: conn} do
conn = conn |> fetch_cookies() |> AdminAuth.log_out_admin()
refute get_session(conn, :admin_token)
assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie]
assert redirected_to(conn) == ~p"/"
end
end
describe "fetch_current_scope_for_admin/2" do
test "authenticates admin from session", %{conn: conn, admin: admin} do
admin_token = Admins.generate_admin_session_token(admin)
conn =
conn |> put_session(:admin_token, admin_token) |> AdminAuth.fetch_current_scope_for_admin([])
assert conn.assigns.current_scope.admin.id == admin.id
assert conn.assigns.current_scope.admin.authenticated_at == admin.authenticated_at
assert get_session(conn, :admin_token) == admin_token
end
test "authenticates admin from cookies", %{conn: conn, admin: admin} do
logged_in_conn =
conn |> fetch_cookies() |> AdminAuth.log_in_admin(admin, %{"remember_me" => "true"})
admin_token = logged_in_conn.cookies[@remember_me_cookie]
%{value: signed_token} = logged_in_conn.resp_cookies[@remember_me_cookie]
conn =
conn
|> put_req_cookie(@remember_me_cookie, signed_token)
|> AdminAuth.fetch_current_scope_for_admin([])
assert conn.assigns.current_scope.admin.id == admin.id
assert conn.assigns.current_scope.admin.authenticated_at == admin.authenticated_at
assert get_session(conn, :admin_token) == admin_token
assert get_session(conn, :admin_remember_me)
end
test "does not authenticate if data is missing", %{conn: conn, admin: admin} do
_ = Admins.generate_admin_session_token(admin)
conn = AdminAuth.fetch_current_scope_for_admin(conn, [])
refute get_session(conn, :admin_token)
refute conn.assigns.current_scope
end
test "reissues a new token after a few days and refreshes cookie", %{conn: conn, admin: admin} do
logged_in_conn =
conn |> fetch_cookies() |> AdminAuth.log_in_admin(admin, %{"remember_me" => "true"})
token = logged_in_conn.cookies[@remember_me_cookie]
%{value: signed_token} = logged_in_conn.resp_cookies[@remember_me_cookie]
offset_admin_token(token, -10, :day)
{admin, _} = Admins.get_admin_by_session_token(token)
conn =
conn
|> put_session(:admin_token, token)
|> put_session(:admin_remember_me, true)
|> put_req_cookie(@remember_me_cookie, signed_token)
|> AdminAuth.fetch_current_scope_for_admin([])
assert conn.assigns.current_scope.admin.id == admin.id
assert conn.assigns.current_scope.admin.authenticated_at == admin.authenticated_at
assert new_token = get_session(conn, :admin_token)
assert new_token != token
assert %{value: new_signed_token, max_age: max_age} = conn.resp_cookies[@remember_me_cookie]
assert new_signed_token != signed_token
assert max_age == @remember_me_cookie_max_age
end
end
describe "require_sudo_mode/2" do
test "allows admins that have authenticated in the last 10 minutes", %{conn: conn, admin: admin} do
conn =
conn
|> fetch_flash()
|> assign(:current_scope, Scope.for_admin(admin))
|> AdminAuth.require_sudo_mode([])
refute conn.halted
refute conn.status
end
test "redirects when authentication is too old", %{conn: conn, admin: admin} do
eleven_minutes_ago = DateTime.utc_now(:second) |> DateTime.add(-11, :minute)
admin = %{admin | authenticated_at: eleven_minutes_ago}
admin_token = Admins.generate_admin_session_token(admin)
{admin, token_inserted_at} = Admins.get_admin_by_session_token(admin_token)
assert DateTime.compare(token_inserted_at, admin.authenticated_at) == :gt
conn =
conn
|> fetch_flash()
|> assign(:current_scope, Scope.for_admin(admin))
|> AdminAuth.require_sudo_mode([])
assert redirected_to(conn) == ~p"/admins/log-in"
assert Phoenix.Flash.get(conn.assigns.flash, :error) ==
"You must re-authenticate to access this page."
end
end
describe "redirect_if_admin_is_authenticated/2" do
setup %{conn: conn} do
%{conn: AdminAuth.fetch_current_scope_for_admin(conn, [])}
end
test "redirects if admin is authenticated", %{conn: conn, admin: admin} do
conn =
conn
|> assign(:current_scope, Scope.for_admin(admin))
|> AdminAuth.redirect_if_admin_is_authenticated([])
assert conn.halted
assert redirected_to(conn) == ~p"/"
end
test "does not redirect if admin is not authenticated", %{conn: conn} do
conn = AdminAuth.redirect_if_admin_is_authenticated(conn, [])
refute conn.halted
refute conn.status
end
end
describe "require_authenticated_admin/2" do
setup %{conn: conn} do
%{conn: AdminAuth.fetch_current_scope_for_admin(conn, [])}
end
test "redirects if admin is not authenticated", %{conn: conn} do
conn = conn |> fetch_flash() |> AdminAuth.require_authenticated_admin([])
assert conn.halted
assert redirected_to(conn) == ~p"/admins/log-in"
assert Phoenix.Flash.get(conn.assigns.flash, :error) ==
"You must log in to access this page."
end
test "stores the path to redirect to on GET", %{conn: conn} do
halted_conn =
%{conn | path_info: ["foo"], query_string: ""}
|> fetch_flash()
|> AdminAuth.require_authenticated_admin([])
assert halted_conn.halted
assert get_session(halted_conn, :admin_return_to) == "/foo"
halted_conn =
%{conn | path_info: ["foo"], query_string: "bar=baz"}
|> fetch_flash()
|> AdminAuth.require_authenticated_admin([])
assert halted_conn.halted
assert get_session(halted_conn, :admin_return_to) == "/foo?bar=baz"
halted_conn =
%{conn | path_info: ["foo"], query_string: "bar", method: "POST"}
|> fetch_flash()
|> AdminAuth.require_authenticated_admin([])
assert halted_conn.halted
refute get_session(halted_conn, :admin_return_to)
end
test "does not redirect if admin is authenticated", %{conn: conn, admin: admin} do
conn =
conn
|> assign(:current_scope, Scope.for_admin(admin))
|> AdminAuth.require_authenticated_admin([])
refute conn.halted
refute conn.status
end
end
end

50
test/beet_round_server_web/controllers/admin_registration_controller_test.exs Normal file
View File

@ -0,0 +1,50 @@
defmodule BeetRoundServerWeb.AdminRegistrationControllerTest do
use BeetRoundServerWeb.ConnCase, async: true
import BeetRoundServer.AdminsFixtures
describe "GET /admins/register" do
test "renders registration page", %{conn: conn} do
conn = get(conn, ~p"/admins/register")
response = html_response(conn, 200)
assert response =~ "Register"
assert response =~ ~p"/admins/log-in"
assert response =~ ~p"/admins/register"
end
test "redirects if already logged in", %{conn: conn} do
conn = conn |> log_in_admin(admin_fixture()) |> get(~p"/admins/register")
assert redirected_to(conn) == ~p"/"
end
end
describe "POST /admins/register" do
@tag :capture_log
test "creates account but does not log in", %{conn: conn} do
email = unique_admin_email()
conn =
post(conn, ~p"/admins/register", %{
"admin" => valid_admin_attributes(email: email)
})
refute get_session(conn, :admin_token)
assert redirected_to(conn) == ~p"/admins/log-in"
assert conn.assigns.flash["info"] =~
~r/An email was sent to .*, please access it to confirm your account/
end
test "render errors for invalid data", %{conn: conn} do
conn =
post(conn, ~p"/admins/register", %{
"admin" => %{"email" => "with spaces"}
})
response = html_response(conn, 200)
assert response =~ "Register"
assert response =~ "must have the @ sign and no spaces"
end
end
end

220
test/beet_round_server_web/controllers/admin_session_controller_test.exs Normal file
View File

@ -0,0 +1,220 @@
defmodule BeetRoundServerWeb.AdminSessionControllerTest do
use BeetRoundServerWeb.ConnCase, async: true
import BeetRoundServer.AdminsFixtures
alias BeetRoundServer.Admins
setup do
%{unconfirmed_admin: unconfirmed_admin_fixture(), admin: admin_fixture()}
end
describe "GET /admins/log-in" do
test "renders login page", %{conn: conn} do
conn = get(conn, ~p"/admins/log-in")
response = html_response(conn, 200)
assert response =~ "Log in"
assert response =~ ~p"/admins/register"
assert response =~ "Log in with email"
end
test "renders login page with email filled in (sudo mode)", %{conn: conn, admin: admin} do
html =
conn
|> log_in_admin(admin)
|> get(~p"/admins/log-in")
|> html_response(200)
assert html =~ "You need to reauthenticate"
refute html =~ "Register"
assert html =~ "Log in with email"
assert html =~
~s(<input type="email" name="admin[email]" id="login_form_magic_email" value="#{admin.email}")
end
test "renders login page (email + password)", %{conn: conn} do
conn = get(conn, ~p"/admins/log-in?mode=password")
response = html_response(conn, 200)
assert response =~ "Log in"
assert response =~ ~p"/admins/register"
assert response =~ "Log in with email"
end
end
describe "GET /admins/log-in/:token" do
test "renders confirmation page for unconfirmed admin", %{conn: conn, unconfirmed_admin: admin} do
token =
extract_admin_token(fn url ->
Admins.deliver_login_instructions(admin, url)
end)
conn = get(conn, ~p"/admins/log-in/#{token}")
assert html_response(conn, 200) =~ "Confirm and stay logged in"
end
test "renders login page for confirmed admin", %{conn: conn, admin: admin} do
token =
extract_admin_token(fn url ->
Admins.deliver_login_instructions(admin, url)
end)
conn = get(conn, ~p"/admins/log-in/#{token}")
html = html_response(conn, 200)
refute html =~ "Confirm my account"
assert html =~ "Log in"
end
test "raises error for invalid token", %{conn: conn} do
conn = get(conn, ~p"/admins/log-in/invalid-token")
assert redirected_to(conn) == ~p"/admins/log-in"
assert Phoenix.Flash.get(conn.assigns.flash, :error) ==
"Magic link is invalid or it has expired."
end
end
describe "POST /admins/log-in - email and password" do
test "logs the admin in", %{conn: conn, admin: admin} do
admin = set_password(admin)
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{"email" => admin.email, "password" => valid_admin_password()}
})
assert get_session(conn, :admin_token)
assert redirected_to(conn) == ~p"/"
# Now do a logged in request and assert on the menu
conn = get(conn, ~p"/")
response = html_response(conn, 200)
assert response =~ admin.email
assert response =~ ~p"/admins/settings"
assert response =~ ~p"/admins/log-out"
end
test "logs the admin in with remember me", %{conn: conn, admin: admin} do
admin = set_password(admin)
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{
"email" => admin.email,
"password" => valid_admin_password(),
"remember_me" => "true"
}
})
assert conn.resp_cookies["_beet_round_server_web_admin_remember_me"]
assert redirected_to(conn) == ~p"/"
end
test "logs the admin in with return to", %{conn: conn, admin: admin} do
admin = set_password(admin)
conn =
conn
|> init_test_session(admin_return_to: "/foo/bar")
|> post(~p"/admins/log-in", %{
"admin" => %{
"email" => admin.email,
"password" => valid_admin_password()
}
})
assert redirected_to(conn) == "/foo/bar"
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Welcome back!"
end
test "emits error message with invalid credentials", %{conn: conn, admin: admin} do
conn =
post(conn, ~p"/admins/log-in?mode=password", %{
"admin" => %{"email" => admin.email, "password" => "invalid_password"}
})
response = html_response(conn, 200)
assert response =~ "Log in"
assert response =~ "Invalid email or password"
end
end
describe "POST /admins/log-in - magic link" do
test "sends magic link email when admin exists", %{conn: conn, admin: admin} do
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{"email" => admin.email}
})
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "If your email is in our system"
assert BeetRoundServer.Repo.get_by!(Admins.AdminToken, admin_id: admin.id).context == "login"
end
test "logs the admin in", %{conn: conn, admin: admin} do
{token, _hashed_token} = generate_admin_magic_link_token(admin)
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{"token" => token}
})
assert get_session(conn, :admin_token)
assert redirected_to(conn) == ~p"/"
# Now do a logged in request and assert on the menu
conn = get(conn, ~p"/")
response = html_response(conn, 200)
assert response =~ admin.email
assert response =~ ~p"/admins/settings"
assert response =~ ~p"/admins/log-out"
end
test "confirms unconfirmed admin", %{conn: conn, unconfirmed_admin: admin} do
{token, _hashed_token} = generate_admin_magic_link_token(admin)
refute admin.confirmed_at
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{"token" => token},
"_action" => "confirmed"
})
assert get_session(conn, :admin_token)
assert redirected_to(conn) == ~p"/"
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Admin confirmed successfully."
assert Admins.get_admin!(admin.id).confirmed_at
# Now do a logged in request and assert on the menu
conn = get(conn, ~p"/")
response = html_response(conn, 200)
assert response =~ admin.email
assert response =~ ~p"/admins/settings"
assert response =~ ~p"/admins/log-out"
end
test "emits error message when magic link is invalid", %{conn: conn} do
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{"token" => "invalid"}
})
assert html_response(conn, 200) =~ "The link is invalid or it has expired."
end
end
describe "DELETE /admins/log-out" do
test "logs the admin out", %{conn: conn, admin: admin} do
conn = conn |> log_in_admin(admin) |> delete(~p"/admins/log-out")
assert redirected_to(conn) == ~p"/"
refute get_session(conn, :admin_token)
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Logged out successfully"
end
test "succeeds even if the admin is not logged in", %{conn: conn} do
conn = delete(conn, ~p"/admins/log-out")
assert redirected_to(conn) == ~p"/"
refute get_session(conn, :admin_token)
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Logged out successfully"
end
end
end

148
test/beet_round_server_web/controllers/admin_settings_controller_test.exs Normal file
View File

@ -0,0 +1,148 @@
defmodule BeetRoundServerWeb.AdminSettingsControllerTest do
use BeetRoundServerWeb.ConnCase, async: true
alias BeetRoundServer.Admins
import BeetRoundServer.AdminsFixtures
setup :register_and_log_in_admin
describe "GET /admins/settings" do
test "renders settings page", %{conn: conn} do
conn = get(conn, ~p"/admins/settings")
response = html_response(conn, 200)
assert response =~ "Settings"
end
test "redirects if admin is not logged in" do
conn = build_conn()
conn = get(conn, ~p"/admins/settings")
assert redirected_to(conn) == ~p"/admins/log-in"
end
@tag token_authenticated_at: DateTime.add(DateTime.utc_now(:second), -11, :minute)
test "redirects if admin is not in sudo mode", %{conn: conn} do
conn = get(conn, ~p"/admins/settings")
assert redirected_to(conn) == ~p"/admins/log-in"
assert Phoenix.Flash.get(conn.assigns.flash, :error) ==
"You must re-authenticate to access this page."
end
end
describe "PUT /admins/settings (change password form)" do
test "updates the admin password and resets tokens", %{conn: conn, admin: admin} do
new_password_conn =
put(conn, ~p"/admins/settings", %{
"action" => "update_password",
"admin" => %{
"password" => "new valid password",
"password_confirmation" => "new valid password"
}
})
assert redirected_to(new_password_conn) == ~p"/admins/settings"
assert get_session(new_password_conn, :admin_token) != get_session(conn, :admin_token)
assert Phoenix.Flash.get(new_password_conn.assigns.flash, :info) =~
"Password updated successfully"
assert Admins.get_admin_by_email_and_password(admin.email, "new valid password")
end
test "does not update password on invalid data", %{conn: conn} do
old_password_conn =
put(conn, ~p"/admins/settings", %{
"action" => "update_password",
"admin" => %{
"password" => "too short",
"password_confirmation" => "does not match"
}
})
response = html_response(old_password_conn, 200)
assert response =~ "Settings"
assert response =~ "should be at least 12 character(s)"
assert response =~ "does not match password"
assert get_session(old_password_conn, :admin_token) == get_session(conn, :admin_token)
end
end
describe "PUT /admins/settings (change email form)" do
@tag :capture_log
test "updates the admin email", %{conn: conn, admin: admin} do
conn =
put(conn, ~p"/admins/settings", %{
"action" => "update_email",
"admin" => %{"email" => unique_admin_email()}
})
assert redirected_to(conn) == ~p"/admins/settings"
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~
"A link to confirm your email"
assert Admins.get_admin_by_email(admin.email)
end
test "does not update email on invalid data", %{conn: conn} do
conn =
put(conn, ~p"/admins/settings", %{
"action" => "update_email",
"admin" => %{"email" => "with spaces"}
})
response = html_response(conn, 200)
assert response =~ "Settings"
assert response =~ "must have the @ sign and no spaces"
end
end
describe "GET /admins/settings/confirm-email/:token" do
setup %{admin: admin} do
email = unique_admin_email()
token =
extract_admin_token(fn url ->
Admins.deliver_admin_update_email_instructions(%{admin | email: email}, admin.email, url)
end)
%{token: token, email: email}
end
test "updates the admin email once", %{conn: conn, admin: admin, token: token, email: email} do
conn = get(conn, ~p"/admins/settings/confirm-email/#{token}")
assert redirected_to(conn) == ~p"/admins/settings"
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~
"Email changed successfully"
refute Admins.get_admin_by_email(admin.email)
assert Admins.get_admin_by_email(email)
conn = get(conn, ~p"/admins/settings/confirm-email/#{token}")
assert redirected_to(conn) == ~p"/admins/settings"
assert Phoenix.Flash.get(conn.assigns.flash, :error) =~
"Email change link is invalid or it has expired"
end
test "does not update email with invalid token", %{conn: conn, admin: admin} do
conn = get(conn, ~p"/admins/settings/confirm-email/oops")
assert redirected_to(conn) == ~p"/admins/settings"
assert Phoenix.Flash.get(conn.assigns.flash, :error) =~
"Email change link is invalid or it has expired"
assert Admins.get_admin_by_email(admin.email)
end
test "redirects if admin is not logged in", %{token: token} do
conn = build_conn()
conn = get(conn, ~p"/admins/settings/confirm-email/#{token}")
assert redirected_to(conn) == ~p"/admins/log-in"
end
end
end