remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4378144f454becc7721aa43dc09ce83739728453
Atomcms-edit/tests/Feature/User/SettingsTest.php
T
root 9d73f82529 Initial commit
2026-05-09 17:32:17 +02:00

321 lines
8.2 KiB
PHP
Executable File
Raw Blame History

<?php
use App\Models\Game\Player\UserSetting;
use App\Models\User;
use App\Services\SettingsService;
test('user can access account settings', function () {
installHotel();
$user = User::factory()->create();
// Create required user settings only if not exists
UserSetting::firstOrCreate([
'user_id' => $user->id,
], [
'allow_name_change' => true,
]);
$response = $this->actingAs($user)->get('/user/settings/account');
// Status check
$response->assertStatus(200);
// Content checks
$response->assertSee($user->username);
$response->assertSee($user->mail);
// View check
$response->assertViewIs('user.settings.account');
// Auth checks
expect(auth()->check())->toBeTrue();
expect(auth()->user()->id)->toBe($user->id);
// Database checks
$this->assertDatabaseHas('users', [
'id' => $user->id,
'username' => $user->username,
]);
$this->assertDatabaseHas('user_settings', [
'user_id' => $user->id,
]);
});
test('user can update account settings', function () {
installHotel();
SettingsService::clearCache();
$user = User::factory()->create();
// Create required user settings only if not exists
UserSetting::firstOrCreate([
'user_id' => $user->id,
], [
'allow_name_change' => true,
]);
// Get CSRF token from settings page
$this->actingAs($user)->get('/user/settings/account');
$token = session('_token');
$originalMail = $user->mail;
$response = $this->actingAs($user)->put('/user/settings/account', [
'_token' => $token,
'username' => 'new_username',
'mail' => 'newemail@example.com',
]);
// Redirect check
$response->assertRedirect('/user/settings/account');
$response->assertStatus(302);
$user->refresh();
// Note: username update is disabled in controller (commented out)
// Only mail is actually updated
expect($user->mail)->toBe('newemail@example.com');
expect($user->mail)->not->toBe($originalMail);
// Database checks
$this->assertDatabaseHas('users', [
'id' => $user->id,
'mail' => 'newemail@example.com',
]);
// No errors
expect(session('errors'))->toBeNull();
});
test('user can access password settings', function () {
installHotel();
$user = User::factory()->create();
// Create required user settings only if not exists
UserSetting::firstOrCreate([
'user_id' => $user->id,
], [
'allow_name_change' => true,
]);
$response = $this->actingAs($user)->get('/user/settings/password');
// Status check
$response->assertStatus(200);
// View check
$response->assertViewIs('user.settings.password');
// Auth checks
expect(auth()->check())->toBeTrue();
expect(auth()->user()->id)->toBe($user->id);
});
test('user can access me page', function () {
installHotel();
$user = User::factory()->create();
$response = $this->actingAs($user)->get('/user/me');
// Status check
$response->assertStatus(200);
// View check
$response->assertViewIs('user.me');
// Content checks
$response->assertSee($user->username);
// Auth checks
expect(auth()->check())->toBeTrue();
expect(auth()->user()->id)->toBe($user->id);
});
test('guest cannot access user settings', function () {
installHotel();
$response = $this->get('/user/settings/account');
// Redirect check
$response->assertRedirect('/login');
$response->assertStatus(302);
// Guest check
expect(auth()->guest())->toBeTrue();
});
test('guest cannot access password settings', function () {
installHotel();
$response = $this->get('/user/settings/password');
$response->assertRedirect('/login');
expect(auth()->guest())->toBeTrue();
});
test('guest cannot access me page', function () {
installHotel();
$response = $this->get('/user/me');
$response->assertRedirect('/login');
expect(auth()->guest())->toBeTrue();
});
test('user can update password', function () {
installHotel();
$user = User::factory()->create([
'password' => bcrypt('oldpassword'),
]);
// Get CSRF token
$this->actingAs($user)->get('/user/settings/password');
$token = session('_token');
$oldPasswordHash = $user->password;
$response = $this->actingAs($user)->put('/user/settings/password', [
'_token' => $token,
'current_password' => 'oldpassword',
'password' => 'newpassword',
'password_confirmation' => 'newpassword',
]);
$response->assertRedirect('/user/settings/password');
$user->refresh();
// Password should be updated
expect($user->password)->not->toBe($oldPasswordHash);
});
test('user cannot update password with wrong current password', function () {
installHotel();
$user = User::factory()->create([
'password' => bcrypt('correctpassword'),
]);
// Get CSRF token
$this->actingAs($user)->get('/user/settings/password');
$token = session('_token');
$oldPasswordHash = $user->password;
$response = $this->actingAs($user)->put('/user/settings/password', [
'_token' => $token,
'current_password' => 'wrongpassword',
'password' => 'newpassword',
'password_confirmation' => 'newpassword',
]);
$response->assertRedirect('/user/settings/password');
$user->refresh();
// Password should not change
expect($user->password)->toBe($oldPasswordHash);
expect(session('errors'))->not->toBeNull();
});
test('user settings page contains navigation', function () {
installHotel();
$user = User::factory()->create();
$response = $this->actingAs($user)->get('/user/settings/account');
$response->assertStatus(200);
// Should contain navigation elements
$response->assertSee('Account');
$response->assertSee('Password');
});
test('user can see their settings', function () {
installHotel();
$user = User::factory()->create();
UserSetting::create([
'user_id' => $user->id,
'allow_name_change' => true,
]);
$response = $this->actingAs($user)->get('/user/settings/account');
$response->assertStatus(200);
// Should show user information
$response->assertSee($user->username);
$response->assertSee($user->mail);
});
test('settings update requires csrf token', function () {
installHotel();
$user = User::factory()->create();
UserSetting::create([
'user_id' => $user->id,
'allow_name_change' => true,
]);
$originalMail = $user->mail;
// Try to update without CSRF token
$response = $this->actingAs($user)->put('/user/settings/account', [
'mail' => 'newmail@example.com',
]);
// Should fail
expect($response->status())->toBe(419);
$user->refresh();
expect($user->mail)->toBe($originalMail);
});
test('unauthenticated user cannot update settings', function () {
installHotel();
// Try to update without authentication
$response = $this->put('/user/settings/account', [
'_token' => 'fake-token',
'mail' => 'newmail@example.com',
]);
$response->assertRedirect('/login');
});
test('user settings are isolated per user', function () {
installHotel();
$user1 = User::factory()->create(['username' => 'User1', 'mail' => 'user1@example.com']);
$user2 = User::factory()->create(['username' => 'User2', 'mail' => 'user2@example.com']);
UserSetting::create(['user_id' => $user1->id, 'allow_name_change' => true]);
UserSetting::create(['user_id' => $user2->id, 'allow_name_change' => false]);
// User 1 accesses settings
$response1 = $this->actingAs($user1)->get('/user/settings/account');
$response1->assertSee('User1');
$response1->assertDontSee('User2');
// User 2 accesses settings
$response2 = $this->actingAs($user2)->get('/user/settings/account');
$response2->assertSee('User2');
$response2->assertDontSee('User1');
// Settings are separate
$setting1 = UserSetting::where('user_id', $user1->id)->first();
$setting2 = UserSetting::where('user_id', $user2->id)->first();
expect($setting1->allow_name_change)->toBe(true);
expect($setting2->allow_name_change)->toBe(false);
});
Reference in New Issue View Git Blame Copy Permalink