create(); // Create required user settings only if not exists UserSetting::firstOrCreate([ 'user_id' => $user->id, ], [ 'allow_name_change' => true, ]); $response = $this->actingAs($user)->get('/user/settings/account'); // Status check $response->assertStatus(200); // Content checks $response->assertSee($user->username); $response->assertSee($user->mail); // View check $response->assertViewIs('user.settings.account'); // Auth checks expect(auth()->check())->toBeTrue(); expect(auth()->user()->id)->toBe($user->id); // Database checks $this->assertDatabaseHas('users', [ 'id' => $user->id, 'username' => $user->username, ]); $this->assertDatabaseHas('user_settings', [ 'user_id' => $user->id, ]); }); test('user can update account settings', function () { installHotel(); SettingsService::clearCache(); $user = User::factory()->create(); // Create required user settings only if not exists UserSetting::firstOrCreate([ 'user_id' => $user->id, ], [ 'allow_name_change' => true, ]); // Get CSRF token from settings page $this->actingAs($user)->get('/user/settings/account'); $token = session('_token'); $originalMail = $user->mail; $response = $this->actingAs($user)->put('/user/settings/account', [ '_token' => $token, 'username' => 'new_username', 'mail' => 'newemail@example.com', ]); // Redirect check $response->assertRedirect('/user/settings/account'); $response->assertStatus(302); $user->refresh(); // Note: username update is disabled in controller (commented out) // Only mail is actually updated expect($user->mail)->toBe('newemail@example.com'); expect($user->mail)->not->toBe($originalMail); // Database checks $this->assertDatabaseHas('users', [ 'id' => $user->id, 'mail' => 'newemail@example.com', ]); // No errors expect(session('errors'))->toBeNull(); }); test('user can access password settings', function () { installHotel(); $user = User::factory()->create(); // Create required user settings only if not exists UserSetting::firstOrCreate([ 'user_id' => $user->id, ], [ 'allow_name_change' => true, ]); $response = $this->actingAs($user)->get('/user/settings/password'); // Status check $response->assertStatus(200); // View check $response->assertViewIs('user.settings.password'); // Auth checks expect(auth()->check())->toBeTrue(); expect(auth()->user()->id)->toBe($user->id); }); test('user can access me page', function () { installHotel(); $user = User::factory()->create(); $response = $this->actingAs($user)->get('/user/me'); // Status check $response->assertStatus(200); // View check $response->assertViewIs('user.me'); // Content checks $response->assertSee($user->username); // Auth checks expect(auth()->check())->toBeTrue(); expect(auth()->user()->id)->toBe($user->id); }); test('guest cannot access user settings', function () { installHotel(); $response = $this->get('/user/settings/account'); // Redirect check $response->assertRedirect('/login'); $response->assertStatus(302); // Guest check expect(auth()->guest())->toBeTrue(); }); test('guest cannot access password settings', function () { installHotel(); $response = $this->get('/user/settings/password'); $response->assertRedirect('/login'); expect(auth()->guest())->toBeTrue(); }); test('guest cannot access me page', function () { installHotel(); $response = $this->get('/user/me'); $response->assertRedirect('/login'); expect(auth()->guest())->toBeTrue(); }); test('user can update password', function () { installHotel(); $user = User::factory()->create([ 'password' => bcrypt('oldpassword'), ]); // Get CSRF token $this->actingAs($user)->get('/user/settings/password'); $token = session('_token'); $oldPasswordHash = $user->password; $response = $this->actingAs($user)->put('/user/settings/password', [ '_token' => $token, 'current_password' => 'oldpassword', 'password' => 'newpassword', 'password_confirmation' => 'newpassword', ]); $response->assertRedirect('/user/settings/password'); $user->refresh(); // Password should be updated expect($user->password)->not->toBe($oldPasswordHash); }); test('user cannot update password with wrong current password', function () { installHotel(); $user = User::factory()->create([ 'password' => bcrypt('correctpassword'), ]); // Get CSRF token $this->actingAs($user)->get('/user/settings/password'); $token = session('_token'); $oldPasswordHash = $user->password; $response = $this->actingAs($user)->put('/user/settings/password', [ '_token' => $token, 'current_password' => 'wrongpassword', 'password' => 'newpassword', 'password_confirmation' => 'newpassword', ]); $response->assertRedirect('/user/settings/password'); $user->refresh(); // Password should not change expect($user->password)->toBe($oldPasswordHash); expect(session('errors'))->not->toBeNull(); }); test('user settings page contains navigation', function () { installHotel(); $user = User::factory()->create(); $response = $this->actingAs($user)->get('/user/settings/account'); $response->assertStatus(200); // Should contain navigation elements $response->assertSee('Account'); $response->assertSee('Password'); }); test('user can see their settings', function () { installHotel(); $user = User::factory()->create(); UserSetting::create([ 'user_id' => $user->id, 'allow_name_change' => true, ]); $response = $this->actingAs($user)->get('/user/settings/account'); $response->assertStatus(200); // Should show user information $response->assertSee($user->username); $response->assertSee($user->mail); }); test('settings update requires csrf token', function () { installHotel(); $user = User::factory()->create(); UserSetting::create([ 'user_id' => $user->id, 'allow_name_change' => true, ]); $originalMail = $user->mail; // Try to update without CSRF token $response = $this->actingAs($user)->put('/user/settings/account', [ 'mail' => 'newmail@example.com', ]); // Should fail expect($response->status())->toBe(419); $user->refresh(); expect($user->mail)->toBe($originalMail); }); test('unauthenticated user cannot update settings', function () { installHotel(); // Try to update without authentication $response = $this->put('/user/settings/account', [ '_token' => 'fake-token', 'mail' => 'newmail@example.com', ]); $response->assertRedirect('/login'); }); test('user settings are isolated per user', function () { installHotel(); $user1 = User::factory()->create(['username' => 'User1', 'mail' => 'user1@example.com']); $user2 = User::factory()->create(['username' => 'User2', 'mail' => 'user2@example.com']); UserSetting::create(['user_id' => $user1->id, 'allow_name_change' => true]); UserSetting::create(['user_id' => $user2->id, 'allow_name_change' => false]); // User 1 accesses settings $response1 = $this->actingAs($user1)->get('/user/settings/account'); $response1->assertSee('User1'); $response1->assertDontSee('User2'); // User 2 accesses settings $response2 = $this->actingAs($user2)->get('/user/settings/account'); $response2->assertSee('User2'); $response2->assertDontSee('User1'); // Settings are separate $setting1 = UserSetting::where('user_id', $user1->id)->first(); $setting2 = UserSetting::where('user_id', $user2->id)->first(); expect($setting1->allow_name_change)->toBe(true); expect($setting2->allow_name_change)->toBe(false); });