bent/BeetRoundServer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

After "mix phx.gen.auth Admins Admin admins" with added working register and login path.

Browse Source
This commit is contained in:
Bent Witthold
2026-02-20 13:09:55 +01:00
parent a47931f40e
commit 53d19a3a18
28 changed files with 2830 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
test/beet_round_server_web/controllers/admin_registration_controller_test.exs Normal file
View File

@ -0,0 +1,50 @@
defmodule BeetRoundServerWeb.AdminRegistrationControllerTest do
use BeetRoundServerWeb.ConnCase, async: true
import BeetRoundServer.AdminsFixtures
describe "GET /admins/register" do
test "renders registration page", %{conn: conn} do
conn = get(conn, ~p"/admins/register")
response = html_response(conn, 200)
assert response =~ "Register"
assert response =~ ~p"/admins/log-in"
assert response =~ ~p"/admins/register"
end
test "redirects if already logged in", %{conn: conn} do
conn = conn |> log_in_admin(admin_fixture()) |> get(~p"/admins/register")
assert redirected_to(conn) == ~p"/"
end
end
describe "POST /admins/register" do
@tag :capture_log
test "creates account but does not log in", %{conn: conn} do
email = unique_admin_email()
conn =
post(conn, ~p"/admins/register", %{
"admin" => valid_admin_attributes(email: email)
})
refute get_session(conn, :admin_token)
assert redirected_to(conn) == ~p"/admins/log-in"
assert conn.assigns.flash["info"] =~
~r/An email was sent to .*, please access it to confirm your account/
end
test "render errors for invalid data", %{conn: conn} do
conn =
post(conn, ~p"/admins/register", %{
"admin" => %{"email" => "with spaces"}
})
response = html_response(conn, 200)
assert response =~ "Register"
assert response =~ "must have the @ sign and no spaces"
end
end
end

220
test/beet_round_server_web/controllers/admin_session_controller_test.exs Normal file
View File

@ -0,0 +1,220 @@
defmodule BeetRoundServerWeb.AdminSessionControllerTest do
use BeetRoundServerWeb.ConnCase, async: true
import BeetRoundServer.AdminsFixtures
alias BeetRoundServer.Admins
setup do
%{unconfirmed_admin: unconfirmed_admin_fixture(), admin: admin_fixture()}
end
describe "GET /admins/log-in" do
test "renders login page", %{conn: conn} do
conn = get(conn, ~p"/admins/log-in")
response = html_response(conn, 200)
assert response =~ "Log in"
assert response =~ ~p"/admins/register"
assert response =~ "Log in with email"
end
test "renders login page with email filled in (sudo mode)", %{conn: conn, admin: admin} do
html =
conn
|> log_in_admin(admin)
|> get(~p"/admins/log-in")
|> html_response(200)
assert html =~ "You need to reauthenticate"
refute html =~ "Register"
assert html =~ "Log in with email"
assert html =~
~s(<input type="email" name="admin[email]" id="login_form_magic_email" value="#{admin.email}")
end
test "renders login page (email + password)", %{conn: conn} do
conn = get(conn, ~p"/admins/log-in?mode=password")
response = html_response(conn, 200)
assert response =~ "Log in"
assert response =~ ~p"/admins/register"
assert response =~ "Log in with email"
end
end
describe "GET /admins/log-in/:token" do
test "renders confirmation page for unconfirmed admin", %{conn: conn, unconfirmed_admin: admin} do
token =
extract_admin_token(fn url ->
Admins.deliver_login_instructions(admin, url)
end)
conn = get(conn, ~p"/admins/log-in/#{token}")
assert html_response(conn, 200) =~ "Confirm and stay logged in"
end
test "renders login page for confirmed admin", %{conn: conn, admin: admin} do
token =
extract_admin_token(fn url ->
Admins.deliver_login_instructions(admin, url)
end)
conn = get(conn, ~p"/admins/log-in/#{token}")
html = html_response(conn, 200)
refute html =~ "Confirm my account"
assert html =~ "Log in"
end
test "raises error for invalid token", %{conn: conn} do
conn = get(conn, ~p"/admins/log-in/invalid-token")
assert redirected_to(conn) == ~p"/admins/log-in"
assert Phoenix.Flash.get(conn.assigns.flash, :error) ==
"Magic link is invalid or it has expired."
end
end
describe "POST /admins/log-in - email and password" do
test "logs the admin in", %{conn: conn, admin: admin} do
admin = set_password(admin)
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{"email" => admin.email, "password" => valid_admin_password()}
})
assert get_session(conn, :admin_token)
assert redirected_to(conn) == ~p"/"
# Now do a logged in request and assert on the menu
conn = get(conn, ~p"/")
response = html_response(conn, 200)
assert response =~ admin.email
assert response =~ ~p"/admins/settings"
assert response =~ ~p"/admins/log-out"
end
test "logs the admin in with remember me", %{conn: conn, admin: admin} do
admin = set_password(admin)
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{
"email" => admin.email,
"password" => valid_admin_password(),
"remember_me" => "true"
}
})
assert conn.resp_cookies["_beet_round_server_web_admin_remember_me"]
assert redirected_to(conn) == ~p"/"
end
test "logs the admin in with return to", %{conn: conn, admin: admin} do
admin = set_password(admin)
conn =
conn
|> init_test_session(admin_return_to: "/foo/bar")
|> post(~p"/admins/log-in", %{
"admin" => %{
"email" => admin.email,
"password" => valid_admin_password()
}
})
assert redirected_to(conn) == "/foo/bar"
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Welcome back!"
end
test "emits error message with invalid credentials", %{conn: conn, admin: admin} do
conn =
post(conn, ~p"/admins/log-in?mode=password", %{
"admin" => %{"email" => admin.email, "password" => "invalid_password"}
})
response = html_response(conn, 200)
assert response =~ "Log in"
assert response =~ "Invalid email or password"
end
end
describe "POST /admins/log-in - magic link" do
test "sends magic link email when admin exists", %{conn: conn, admin: admin} do
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{"email" => admin.email}
})
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "If your email is in our system"
assert BeetRoundServer.Repo.get_by!(Admins.AdminToken, admin_id: admin.id).context == "login"
end
test "logs the admin in", %{conn: conn, admin: admin} do
{token, _hashed_token} = generate_admin_magic_link_token(admin)
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{"token" => token}
})
assert get_session(conn, :admin_token)
assert redirected_to(conn) == ~p"/"
# Now do a logged in request and assert on the menu
conn = get(conn, ~p"/")
response = html_response(conn, 200)
assert response =~ admin.email
assert response =~ ~p"/admins/settings"
assert response =~ ~p"/admins/log-out"
end
test "confirms unconfirmed admin", %{conn: conn, unconfirmed_admin: admin} do
{token, _hashed_token} = generate_admin_magic_link_token(admin)
refute admin.confirmed_at
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{"token" => token},
"_action" => "confirmed"
})
assert get_session(conn, :admin_token)
assert redirected_to(conn) == ~p"/"
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Admin confirmed successfully."
assert Admins.get_admin!(admin.id).confirmed_at
# Now do a logged in request and assert on the menu
conn = get(conn, ~p"/")
response = html_response(conn, 200)
assert response =~ admin.email
assert response =~ ~p"/admins/settings"
assert response =~ ~p"/admins/log-out"
end
test "emits error message when magic link is invalid", %{conn: conn} do
conn =
post(conn, ~p"/admins/log-in", %{
"admin" => %{"token" => "invalid"}
})
assert html_response(conn, 200) =~ "The link is invalid or it has expired."
end
end
describe "DELETE /admins/log-out" do
test "logs the admin out", %{conn: conn, admin: admin} do
conn = conn |> log_in_admin(admin) |> delete(~p"/admins/log-out")
assert redirected_to(conn) == ~p"/"
refute get_session(conn, :admin_token)
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Logged out successfully"
end
test "succeeds even if the admin is not logged in", %{conn: conn} do
conn = delete(conn, ~p"/admins/log-out")
assert redirected_to(conn) == ~p"/"
refute get_session(conn, :admin_token)
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Logged out successfully"
end
end
end

148
test/beet_round_server_web/controllers/admin_settings_controller_test.exs Normal file
View File

@ -0,0 +1,148 @@
defmodule BeetRoundServerWeb.AdminSettingsControllerTest do
use BeetRoundServerWeb.ConnCase, async: true
alias BeetRoundServer.Admins
import BeetRoundServer.AdminsFixtures
setup :register_and_log_in_admin
describe "GET /admins/settings" do
test "renders settings page", %{conn: conn} do
conn = get(conn, ~p"/admins/settings")
response = html_response(conn, 200)
assert response =~ "Settings"
end
test "redirects if admin is not logged in" do
conn = build_conn()
conn = get(conn, ~p"/admins/settings")
assert redirected_to(conn) == ~p"/admins/log-in"
end
@tag token_authenticated_at: DateTime.add(DateTime.utc_now(:second), -11, :minute)
test "redirects if admin is not in sudo mode", %{conn: conn} do
conn = get(conn, ~p"/admins/settings")
assert redirected_to(conn) == ~p"/admins/log-in"
assert Phoenix.Flash.get(conn.assigns.flash, :error) ==
"You must re-authenticate to access this page."
end
end
describe "PUT /admins/settings (change password form)" do
test "updates the admin password and resets tokens", %{conn: conn, admin: admin} do
new_password_conn =
put(conn, ~p"/admins/settings", %{
"action" => "update_password",
"admin" => %{
"password" => "new valid password",
"password_confirmation" => "new valid password"
}
})
assert redirected_to(new_password_conn) == ~p"/admins/settings"
assert get_session(new_password_conn, :admin_token) != get_session(conn, :admin_token)
assert Phoenix.Flash.get(new_password_conn.assigns.flash, :info) =~
"Password updated successfully"
assert Admins.get_admin_by_email_and_password(admin.email, "new valid password")
end
test "does not update password on invalid data", %{conn: conn} do
old_password_conn =
put(conn, ~p"/admins/settings", %{
"action" => "update_password",
"admin" => %{
"password" => "too short",
"password_confirmation" => "does not match"
}
})
response = html_response(old_password_conn, 200)
assert response =~ "Settings"
assert response =~ "should be at least 12 character(s)"
assert response =~ "does not match password"
assert get_session(old_password_conn, :admin_token) == get_session(conn, :admin_token)
end
end
describe "PUT /admins/settings (change email form)" do
@tag :capture_log
test "updates the admin email", %{conn: conn, admin: admin} do
conn =
put(conn, ~p"/admins/settings", %{
"action" => "update_email",
"admin" => %{"email" => unique_admin_email()}
})
assert redirected_to(conn) == ~p"/admins/settings"
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~
"A link to confirm your email"
assert Admins.get_admin_by_email(admin.email)
end
test "does not update email on invalid data", %{conn: conn} do
conn =
put(conn, ~p"/admins/settings", %{
"action" => "update_email",
"admin" => %{"email" => "with spaces"}
})
response = html_response(conn, 200)
assert response =~ "Settings"
assert response =~ "must have the @ sign and no spaces"
end
end
describe "GET /admins/settings/confirm-email/:token" do
setup %{admin: admin} do
email = unique_admin_email()
token =
extract_admin_token(fn url ->
Admins.deliver_admin_update_email_instructions(%{admin | email: email}, admin.email, url)
end)
%{token: token, email: email}
end
test "updates the admin email once", %{conn: conn, admin: admin, token: token, email: email} do
conn = get(conn, ~p"/admins/settings/confirm-email/#{token}")
assert redirected_to(conn) == ~p"/admins/settings"
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~
"Email changed successfully"
refute Admins.get_admin_by_email(admin.email)
assert Admins.get_admin_by_email(email)
conn = get(conn, ~p"/admins/settings/confirm-email/#{token}")
assert redirected_to(conn) == ~p"/admins/settings"
assert Phoenix.Flash.get(conn.assigns.flash, :error) =~
"Email change link is invalid or it has expired"
end
test "does not update email with invalid token", %{conn: conn, admin: admin} do
conn = get(conn, ~p"/admins/settings/confirm-email/oops")
assert redirected_to(conn) == ~p"/admins/settings"
assert Phoenix.Flash.get(conn.assigns.flash, :error) =~
"Email change link is invalid or it has expired"
assert Admins.get_admin_by_email(admin.email)
end
test "redirects if admin is not logged in", %{token: token} do
conn = build_conn()
conn = get(conn, ~p"/admins/settings/confirm-email/#{token}")
assert redirected_to(conn) == ~p"/admins/log-in"
end
end
end