cannery/test/cannery_web/controllers/user_auth_test.exs

defmodule CanneryWeb.UserAuthTest do
  @moduledoc """
  Tests user auth
  """

  use CanneryWeb.ConnCase, async: true
  import CanneryWeb.Gettext
  alias Cannery.Accounts
  alias CanneryWeb.UserAuth

  @moduletag :user_auth_test
  @remember_me_cookie "_cannery_web_user_remember_me"

  setup %{conn: conn} do
    conn =
      conn
      |> Map.replace!(:secret_key_base, CanneryWeb.Endpoint.config(:secret_key_base))
      |> init_test_session(%{})

    [current_user: user_fixture() |> confirm_user(), conn: conn]
  end

  describe "log_in_user/3" do
    test "stores the user token in the session", %{conn: conn, current_user: current_user} do
      conn = UserAuth.log_in_user(conn, current_user)
      assert token = get_session(conn, :user_token)
      assert get_session(conn, :live_socket_id) == "users_sessions:#{Base.url_encode64(token)}"
      assert redirected_to(conn) == "/"
      assert Accounts.get_user_by_session_token(token)
    end

    test "clears everything previously stored in the session",
         %{conn: conn, current_user: current_user} do
      conn = conn |> put_session(:to_be_removed, "value") |> UserAuth.log_in_user(current_user)
      refute get_session(conn, :to_be_removed)
    end

    test "redirects to the configured path", %{conn: conn, current_user: current_user} do
      conn = conn |> put_session(:user_return_to, "/hello") |> UserAuth.log_in_user(current_user)
      assert redirected_to(conn) == "/hello"
    end

    test "writes a cookie if remember_me is configured", %{conn: conn, current_user: current_user} do
      conn =
        conn |> fetch_cookies() |> UserAuth.log_in_user(current_user, %{"remember_me" => "true"})

      assert get_session(conn, :user_token) == conn.cookies[@remember_me_cookie]

      assert %{value: signed_token, max_age: max_age} = conn.resp_cookies[@remember_me_cookie]
      assert signed_token != get_session(conn, :user_token)
      assert max_age == 5_184_000
    end
  end

  describe "logout_user/1" do
    test "erases session and cookies", %{conn: conn, current_user: current_user} do
      user_token = Accounts.generate_user_session_token(current_user)

      conn =
        conn
        |> put_session(:user_token, user_token)
        |> put_req_cookie(@remember_me_cookie, user_token)
        |> fetch_cookies()
        |> UserAuth.log_out_user()

      refute get_session(conn, :user_token)
      refute conn.cookies[@remember_me_cookie]
      assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie]
      assert redirected_to(conn) == "/"
      refute Accounts.get_user_by_session_token(user_token)
    end

    test "broadcasts to the given live_socket_id", %{conn: conn} do
      live_socket_id = "users_sessions:abcdef-token"
      CanneryWeb.Endpoint.subscribe(live_socket_id)

      conn
      |> put_session(:live_socket_id, live_socket_id)
      |> UserAuth.log_out_user()

      assert_receive %Phoenix.Socket.Broadcast{
        event: "disconnect",
        topic: "users_sessions:abcdef-token"
      }
    end

    test "works even if user is already logged out", %{conn: conn} do
      conn = conn |> fetch_cookies() |> UserAuth.log_out_user()
      refute get_session(conn, :user_token)
      assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie]
      assert redirected_to(conn) == "/"
    end
  end

  describe "fetch_current_user/2" do
    test "authenticates user from session", %{conn: conn, current_user: current_user} do
      user_token = Accounts.generate_user_session_token(current_user)
      conn = conn |> put_session(:user_token, user_token) |> UserAuth.fetch_current_user([])
      assert conn.assigns.current_user.id == current_user.id
    end

    test "authenticates user from cookies", %{conn: conn, current_user: current_user} do
      logged_in_conn =
        conn |> fetch_cookies() |> UserAuth.log_in_user(current_user, %{"remember_me" => "true"})

      user_token = logged_in_conn.cookies[@remember_me_cookie]
      %{value: signed_token} = logged_in_conn.resp_cookies[@remember_me_cookie]

      conn =
        conn
        |> put_req_cookie(@remember_me_cookie, signed_token)
        |> UserAuth.fetch_current_user([])

      assert get_session(conn, :user_token) == user_token
      assert conn.assigns.current_user.id == current_user.id
    end

    test "does not authenticate if data is missing", %{conn: conn, current_user: current_user} do
      _token = Accounts.generate_user_session_token(current_user)
      conn = UserAuth.fetch_current_user(conn, [])
      refute get_session(conn, :user_token)
      refute conn.assigns.current_user
    end
  end

  describe "redirect_if_user_is_authenticated/2" do
    test "redirects if user is authenticated", %{conn: conn, current_user: current_user} do
      conn =
        conn
        |> assign(:current_user, current_user)
        |> UserAuth.redirect_if_user_is_authenticated([])

      assert conn.halted
      assert redirected_to(conn) == "/"
    end

    test "does not redirect if user is not authenticated", %{conn: conn} do
      conn = UserAuth.redirect_if_user_is_authenticated(conn, [])
      refute conn.halted
      refute conn.status
    end
  end

  describe "require_authenticated_user/2" do
    test "redirects if user is not authenticated", %{conn: conn} do
      conn = conn |> fetch_flash() |> UserAuth.require_authenticated_user([])
      assert conn.halted
      assert redirected_to(conn) == Routes.user_session_path(conn, :new)

      assert get_flash(conn, :error) ==
               dgettext("errors", "You must confirm your account and log in to access this page.")
    end

    test "stores the path to redirect to on GET", %{conn: conn} do
      halted_conn =
        %{conn | path_info: ["foo"], query_string: ""}
        |> fetch_flash()
        |> UserAuth.require_authenticated_user([])

      assert halted_conn.halted
      assert get_session(halted_conn, :user_return_to) == "/foo"

      halted_conn =
        %{conn | path_info: ["foo"], query_string: "bar=baz"}
        |> fetch_flash()
        |> UserAuth.require_authenticated_user([])

      assert halted_conn.halted
      assert get_session(halted_conn, :user_return_to) == "/foo?bar=baz"

      halted_conn =
        %{conn | path_info: ["/foo?bar"], method: "POST"}
        |> fetch_flash()
        |> UserAuth.require_authenticated_user([])

      assert halted_conn.halted
      refute get_session(halted_conn, :user_return_to)
    end

    test "does not redirect if user is authenticated", %{conn: conn, current_user: current_user} do
      conn =
        conn |> assign(:current_user, current_user) |> UserAuth.require_authenticated_user([])

      refute conn.halted
      refute conn.status
    end
  end
end
initial commit 2021-03-11 21:12:55 -05:00			`defmodule CanneryWeb.UserAuthTest do`
pass user auth test 2022-02-16 20:59:22 -05:00			`@moduledoc """`
			`Tests user auth`
			`"""`
initial commit 2021-03-11 21:12:55 -05:00
pass user auth test 2022-02-16 20:59:22 -05:00			`use CanneryWeb.ConnCase, async: true`
pass user settings controller test 2022-02-16 21:20:04 -05:00			`import CanneryWeb.Gettext`
initial commit 2021-03-11 21:12:55 -05:00			`alias Cannery.Accounts`
			`alias CanneryWeb.UserAuth`

pass user auth test 2022-02-16 20:59:22 -05:00			`@moduletag :user_auth_test`
initial commit 2021-03-11 21:12:55 -05:00			`@remember_me_cookie "_cannery_web_user_remember_me"`

			`setup %{conn: conn} do`
			`conn =`
			`conn`
			`\|> Map.replace!(:secret_key_base, CanneryWeb.Endpoint.config(:secret_key_base))`
			`\|> init_test_session(%{})`

pass user auth test 2022-02-17 20:53:17 -05:00			`[current_user: user_fixture() \|> confirm_user(), conn: conn]`
initial commit 2021-03-11 21:12:55 -05:00			`end`

			`describe "log_in_user/3" do`
pass user auth test 2022-02-17 20:53:17 -05:00			`test "stores the user token in the session", %{conn: conn, current_user: current_user} do`
			`conn = UserAuth.log_in_user(conn, current_user)`
initial commit 2021-03-11 21:12:55 -05:00			`assert token = get_session(conn, :user_token)`
			`assert get_session(conn, :live_socket_id) == "users_sessions:#{Base.url_encode64(token)}"`
			`assert redirected_to(conn) == "/"`
			`assert Accounts.get_user_by_session_token(token)`
			`end`

pass user auth test 2022-02-17 20:53:17 -05:00			`test "clears everything previously stored in the session",`
			`%{conn: conn, current_user: current_user} do`
			`conn = conn \|> put_session(:to_be_removed, "value") \|> UserAuth.log_in_user(current_user)`
initial commit 2021-03-11 21:12:55 -05:00			`refute get_session(conn, :to_be_removed)`
			`end`

pass user auth test 2022-02-17 20:53:17 -05:00			`test "redirects to the configured path", %{conn: conn, current_user: current_user} do`
			`conn = conn \|> put_session(:user_return_to, "/hello") \|> UserAuth.log_in_user(current_user)`
initial commit 2021-03-11 21:12:55 -05:00			`assert redirected_to(conn) == "/hello"`
			`end`

pass user auth test 2022-02-17 20:53:17 -05:00			`test "writes a cookie if remember_me is configured", %{conn: conn, current_user: current_user} do`
			`conn =`
			`conn \|> fetch_cookies() \|> UserAuth.log_in_user(current_user, %{"remember_me" => "true"})`

initial commit 2021-03-11 21:12:55 -05:00			`assert get_session(conn, :user_token) == conn.cookies[@remember_me_cookie]`

			`assert %{value: signed_token, max_age: max_age} = conn.resp_cookies[@remember_me_cookie]`
			`assert signed_token != get_session(conn, :user_token)`
			`assert max_age == 5_184_000`
			`end`
			`end`

			`describe "logout_user/1" do`
pass user auth test 2022-02-17 20:53:17 -05:00			`test "erases session and cookies", %{conn: conn, current_user: current_user} do`
			`user_token = Accounts.generate_user_session_token(current_user)`
initial commit 2021-03-11 21:12:55 -05:00
			`conn =`
			`conn`
			`\|> put_session(:user_token, user_token)`
			`\|> put_req_cookie(@remember_me_cookie, user_token)`
			`\|> fetch_cookies()`
			`\|> UserAuth.log_out_user()`

			`refute get_session(conn, :user_token)`
			`refute conn.cookies[@remember_me_cookie]`
			`assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie]`
			`assert redirected_to(conn) == "/"`
			`refute Accounts.get_user_by_session_token(user_token)`
			`end`

			`test "broadcasts to the given live_socket_id", %{conn: conn} do`
			`live_socket_id = "users_sessions:abcdef-token"`
			`CanneryWeb.Endpoint.subscribe(live_socket_id)`

			`conn`
			`\|> put_session(:live_socket_id, live_socket_id)`
			`\|> UserAuth.log_out_user()`

			`assert_receive %Phoenix.Socket.Broadcast{`
			`event: "disconnect",`
			`topic: "users_sessions:abcdef-token"`
			`}`
			`end`

			`test "works even if user is already logged out", %{conn: conn} do`
			`conn = conn \|> fetch_cookies() \|> UserAuth.log_out_user()`
			`refute get_session(conn, :user_token)`
			`assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie]`
			`assert redirected_to(conn) == "/"`
			`end`
			`end`

			`describe "fetch_current_user/2" do`
pass user auth test 2022-02-17 20:53:17 -05:00			`test "authenticates user from session", %{conn: conn, current_user: current_user} do`
			`user_token = Accounts.generate_user_session_token(current_user)`
initial commit 2021-03-11 21:12:55 -05:00			`conn = conn \|> put_session(:user_token, user_token) \|> UserAuth.fetch_current_user([])`
pass user auth test 2022-02-17 20:53:17 -05:00			`assert conn.assigns.current_user.id == current_user.id`
initial commit 2021-03-11 21:12:55 -05:00			`end`

pass user auth test 2022-02-17 20:53:17 -05:00			`test "authenticates user from cookies", %{conn: conn, current_user: current_user} do`
initial commit 2021-03-11 21:12:55 -05:00			`logged_in_conn =`
pass user auth test 2022-02-17 20:53:17 -05:00			`conn \|> fetch_cookies() \|> UserAuth.log_in_user(current_user, %{"remember_me" => "true"})`
initial commit 2021-03-11 21:12:55 -05:00
			`user_token = logged_in_conn.cookies[@remember_me_cookie]`
			`%{value: signed_token} = logged_in_conn.resp_cookies[@remember_me_cookie]`

			`conn =`
			`conn`
			`\|> put_req_cookie(@remember_me_cookie, signed_token)`
			`\|> UserAuth.fetch_current_user([])`

			`assert get_session(conn, :user_token) == user_token`
pass user auth test 2022-02-17 20:53:17 -05:00			`assert conn.assigns.current_user.id == current_user.id`
initial commit 2021-03-11 21:12:55 -05:00			`end`

pass user auth test 2022-02-17 20:53:17 -05:00			`test "does not authenticate if data is missing", %{conn: conn, current_user: current_user} do`
fix credo 2022-03-28 23:05:12 -04:00			`_token = Accounts.generate_user_session_token(current_user)`
initial commit 2021-03-11 21:12:55 -05:00			`conn = UserAuth.fetch_current_user(conn, [])`
			`refute get_session(conn, :user_token)`
			`refute conn.assigns.current_user`
			`end`
			`end`

			`describe "redirect_if_user_is_authenticated/2" do`
pass user auth test 2022-02-17 20:53:17 -05:00			`test "redirects if user is authenticated", %{conn: conn, current_user: current_user} do`
			`conn =`
			`conn`
			`\|> assign(:current_user, current_user)`
			`\|> UserAuth.redirect_if_user_is_authenticated([])`

initial commit 2021-03-11 21:12:55 -05:00			`assert conn.halted`
			`assert redirected_to(conn) == "/"`
			`end`

			`test "does not redirect if user is not authenticated", %{conn: conn} do`
			`conn = UserAuth.redirect_if_user_is_authenticated(conn, [])`
			`refute conn.halted`
			`refute conn.status`
			`end`
			`end`

			`describe "require_authenticated_user/2" do`
			`test "redirects if user is not authenticated", %{conn: conn} do`
			`conn = conn \|> fetch_flash() \|> UserAuth.require_authenticated_user([])`
			`assert conn.halted`
			`assert redirected_to(conn) == Routes.user_session_path(conn, :new)`
pass user auth test 2022-02-17 20:53:17 -05:00
			`assert get_flash(conn, :error) ==`
			`dgettext("errors", "You must confirm your account and log in to access this page.")`
initial commit 2021-03-11 21:12:55 -05:00			`end`

			`test "stores the path to redirect to on GET", %{conn: conn} do`
			`halted_conn =`
pass user auth test 2022-02-16 20:59:22 -05:00			`%{conn \| path_info: ["foo"], query_string: ""}`
initial commit 2021-03-11 21:12:55 -05:00			`\|> fetch_flash()`
			`\|> UserAuth.require_authenticated_user([])`

			`assert halted_conn.halted`
			`assert get_session(halted_conn, :user_return_to) == "/foo"`

			`halted_conn =`
pass user auth test 2022-02-16 20:59:22 -05:00			`%{conn \| path_info: ["foo"], query_string: "bar=baz"}`
initial commit 2021-03-11 21:12:55 -05:00			`\|> fetch_flash()`
			`\|> UserAuth.require_authenticated_user([])`

			`assert halted_conn.halted`
			`assert get_session(halted_conn, :user_return_to) == "/foo?bar=baz"`

			`halted_conn =`
pass user auth test 2022-02-16 20:59:22 -05:00			`%{conn \| path_info: ["/foo?bar"], method: "POST"}`
initial commit 2021-03-11 21:12:55 -05:00			`\|> fetch_flash()`
			`\|> UserAuth.require_authenticated_user([])`

			`assert halted_conn.halted`
			`refute get_session(halted_conn, :user_return_to)`
			`end`

pass user auth test 2022-02-17 20:53:17 -05:00			`test "does not redirect if user is authenticated", %{conn: conn, current_user: current_user} do`
			`conn =`
			`conn \|> assign(:current_user, current_user) \|> UserAuth.require_authenticated_user([])`

initial commit 2021-03-11 21:12:55 -05:00			`refute conn.halted`
			`refute conn.status`
			`end`
			`end`
			`end`