create(); // Get CSRF token from login page $loginPage = $this->get('/login'); $token = session('_token'); // Verify login page loads $loginPage->assertStatus(200); $loginPage->assertViewIs('index'); expect($token)->not->toBeNull(); expect($token)->toBeString(); expect(strlen($token))->toBe(40); // Attempt login $response = $this->post('/login', [ '_token' => $token, 'username' => $user->username, 'password' => 'password', ]); // Response checks expect($response->status())->toBe(302); expect($response->isRedirect())->toBeTrue(); expect(auth()->check())->toBeTrue(); expect(auth()->user()->id)->toBe($user->id); expect(auth()->user()->username)->toBe($user->username); expect(parse_url($response->headers->get('Location'), PHP_URL_PATH))->toBe('/user/me'); // Session checks expect(session('_token'))->not->toBeNull(); expect(session('errors'))->toBeNull(); // Follow redirect and verify user sees dashboard $redirectResponse = $this->get('/user/me'); $redirectResponse->assertStatus(200); $redirectResponse->assertSee($user->username); $redirectResponse->assertViewIs('user.me'); // Database verification $this->assertDatabaseHas('users', [ 'id' => $user->id, 'username' => $user->username, ]); // User count check expect(User::count())->toBe(1); }); test('users can not authenticate with invalid password', function () { installHotel(); $user = User::factory()->create(); // Get CSRF token from login page $loginPage = $this->get('/login'); $token = session('_token'); // Verify initial state expect(auth()->guest())->toBeTrue(); expect(auth()->check())->toBeFalse(); // Attempt login with wrong password $response = $this->post('/login', [ '_token' => $token, 'username' => $user->username, 'password' => 'wrong-password', ]); // Response checks expect($response->status())->toBe(302); expect($response->isRedirect())->toBeTrue(); expect(auth()->guest())->toBeTrue(); expect(auth()->check())->toBeFalse(); // Error checks expect(session('errors'))->not->toBeNull(); expect(session()->has('errors'))->toBeTrue(); // Location check - should redirect back to login $location = $response->headers->get('Location'); expect($location)->toContain('/login'); // Database verification - user still exists $this->assertDatabaseHas('users', [ 'id' => $user->id, 'username' => $user->username, ]); // User count check expect(User::count())->toBe(1); }); test('login requires csrf token', function () { installHotel(); $user = User::factory()->create(); // Attempt login without CSRF token $response = $this->post('/login', [ 'username' => $user->username, 'password' => 'password', ]); // Should fail with 419 (CSRF token mismatch) expect($response->status())->toBe(419); expect(auth()->guest())->toBeTrue(); }); test('login requires username', function () { installHotel(); // Get CSRF token $this->get('/login'); $token = session('_token'); // Attempt login without username $response = $this->post('/login', [ '_token' => $token, 'password' => 'password', ]); expect($response->status())->toBe(302); expect(auth()->guest())->toBeTrue(); expect(session('errors'))->not->toBeNull(); }); test('login requires password', function () { installHotel(); $user = User::factory()->create(); // Get CSRF token $this->get('/login'); $token = session('_token'); // Attempt login without password $response = $this->post('/login', [ '_token' => $token, 'username' => $user->username, ]); expect($response->status())->toBe(302); expect(auth()->guest())->toBeTrue(); expect(session('errors'))->not->toBeNull(); }); test('login with non-existent user fails', function () { installHotel(); // Get CSRF token $this->get('/login'); $token = session('_token'); // Attempt login with non-existent user $response = $this->post('/login', [ '_token' => $token, 'username' => 'NonExistentUser', 'password' => 'password', ]); expect($response->status())->toBe(302); expect(auth()->guest())->toBeTrue(); expect(session('errors'))->not->toBeNull(); // Database check expect(User::where('username', 'NonExistentUser')->count())->toBe(0); }); test('authenticated user is redirected from login page', function () { installHotel(); $user = User::factory()->create(); // Login first $this->get('/login'); $token = session('_token'); $this->post('/login', [ '_token' => $token, 'username' => $user->username, 'password' => 'password', ]); expect(auth()->check())->toBeTrue(); // Try to access login page again $response = $this->get('/login'); // Should redirect to home expect($response->isRedirect())->toBeTrue(); expect($response->headers->get('Location'))->toBe('/'); }); test('user can logout', function () { installHotel(); $user = User::factory()->create(); // Login first $this->get('/login'); $token = session('_token'); $this->post('/login', [ '_token' => $token, 'username' => $user->username, 'password' => 'password', ]); expect(auth()->check())->toBeTrue(); // Logout $logoutResponse = $this->post('/logout', ['_token' => session('_token')]); expect(auth()->guest())->toBeTrue(); expect($logoutResponse->isRedirect())->toBeTrue(); });