cannery/test/cannery_web/controllers/user_auth_test.exs

189 lines
6.6 KiB
Elixir
Raw Normal View History

2021-03-11 21:12:55 -05:00
defmodule CanneryWeb.UserAuthTest do
2022-02-16 20:59:22 -05:00
@moduledoc """
Tests user auth
"""
2021-03-11 21:12:55 -05:00
2022-02-16 20:59:22 -05:00
use CanneryWeb.ConnCase, async: true
2022-02-16 21:20:04 -05:00
import CanneryWeb.Gettext
2021-03-11 21:12:55 -05:00
alias Cannery.Accounts
alias CanneryWeb.UserAuth
2022-02-16 20:59:22 -05:00
@moduletag :user_auth_test
2021-03-11 21:12:55 -05:00
@remember_me_cookie "_cannery_web_user_remember_me"
setup %{conn: conn} do
conn =
conn
|> Map.replace!(:secret_key_base, CanneryWeb.Endpoint.config(:secret_key_base))
|> init_test_session(%{})
2022-02-17 20:53:17 -05:00
[current_user: user_fixture() |> confirm_user(), conn: conn]
2021-03-11 21:12:55 -05:00
end
describe "log_in_user/3" do
2022-02-17 20:53:17 -05:00
test "stores the user token in the session", %{conn: conn, current_user: current_user} do
conn = UserAuth.log_in_user(conn, current_user)
2021-03-11 21:12:55 -05:00
assert token = get_session(conn, :user_token)
assert get_session(conn, :live_socket_id) == "users_sessions:#{Base.url_encode64(token)}"
assert redirected_to(conn) == "/"
assert Accounts.get_user_by_session_token(token)
end
2022-02-17 20:53:17 -05:00
test "clears everything previously stored in the session",
%{conn: conn, current_user: current_user} do
conn = conn |> put_session(:to_be_removed, "value") |> UserAuth.log_in_user(current_user)
2021-03-11 21:12:55 -05:00
refute get_session(conn, :to_be_removed)
end
2022-02-17 20:53:17 -05:00
test "redirects to the configured path", %{conn: conn, current_user: current_user} do
conn = conn |> put_session(:user_return_to, "/hello") |> UserAuth.log_in_user(current_user)
2021-03-11 21:12:55 -05:00
assert redirected_to(conn) == "/hello"
end
2022-02-17 20:53:17 -05:00
test "writes a cookie if remember_me is configured", %{conn: conn, current_user: current_user} do
conn =
conn |> fetch_cookies() |> UserAuth.log_in_user(current_user, %{"remember_me" => "true"})
2021-03-11 21:12:55 -05:00
assert get_session(conn, :user_token) == conn.cookies[@remember_me_cookie]
assert %{value: signed_token, max_age: max_age} = conn.resp_cookies[@remember_me_cookie]
assert signed_token != get_session(conn, :user_token)
assert max_age == 5_184_000
end
end
describe "logout_user/1" do
2022-02-17 20:53:17 -05:00
test "erases session and cookies", %{conn: conn, current_user: current_user} do
user_token = Accounts.generate_user_session_token(current_user)
2021-03-11 21:12:55 -05:00
conn =
conn
|> put_session(:user_token, user_token)
|> put_req_cookie(@remember_me_cookie, user_token)
|> fetch_cookies()
|> UserAuth.log_out_user()
refute get_session(conn, :user_token)
refute conn.cookies[@remember_me_cookie]
assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie]
assert redirected_to(conn) == "/"
refute Accounts.get_user_by_session_token(user_token)
end
test "broadcasts to the given live_socket_id", %{conn: conn} do
live_socket_id = "users_sessions:abcdef-token"
CanneryWeb.Endpoint.subscribe(live_socket_id)
conn
|> put_session(:live_socket_id, live_socket_id)
|> UserAuth.log_out_user()
assert_receive %Phoenix.Socket.Broadcast{
event: "disconnect",
topic: "users_sessions:abcdef-token"
}
end
test "works even if user is already logged out", %{conn: conn} do
conn = conn |> fetch_cookies() |> UserAuth.log_out_user()
refute get_session(conn, :user_token)
assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie]
assert redirected_to(conn) == "/"
end
end
describe "fetch_current_user/2" do
2022-02-17 20:53:17 -05:00
test "authenticates user from session", %{conn: conn, current_user: current_user} do
user_token = Accounts.generate_user_session_token(current_user)
2021-03-11 21:12:55 -05:00
conn = conn |> put_session(:user_token, user_token) |> UserAuth.fetch_current_user([])
2022-02-17 20:53:17 -05:00
assert conn.assigns.current_user.id == current_user.id
2021-03-11 21:12:55 -05:00
end
2022-02-17 20:53:17 -05:00
test "authenticates user from cookies", %{conn: conn, current_user: current_user} do
2021-03-11 21:12:55 -05:00
logged_in_conn =
2022-02-17 20:53:17 -05:00
conn |> fetch_cookies() |> UserAuth.log_in_user(current_user, %{"remember_me" => "true"})
2021-03-11 21:12:55 -05:00
user_token = logged_in_conn.cookies[@remember_me_cookie]
%{value: signed_token} = logged_in_conn.resp_cookies[@remember_me_cookie]
conn =
conn
|> put_req_cookie(@remember_me_cookie, signed_token)
|> UserAuth.fetch_current_user([])
assert get_session(conn, :user_token) == user_token
2022-02-17 20:53:17 -05:00
assert conn.assigns.current_user.id == current_user.id
2021-03-11 21:12:55 -05:00
end
2022-02-17 20:53:17 -05:00
test "does not authenticate if data is missing", %{conn: conn, current_user: current_user} do
2022-03-28 23:05:12 -04:00
_token = Accounts.generate_user_session_token(current_user)
2021-03-11 21:12:55 -05:00
conn = UserAuth.fetch_current_user(conn, [])
refute get_session(conn, :user_token)
refute conn.assigns.current_user
end
end
describe "redirect_if_user_is_authenticated/2" do
2022-02-17 20:53:17 -05:00
test "redirects if user is authenticated", %{conn: conn, current_user: current_user} do
conn =
conn
|> assign(:current_user, current_user)
|> UserAuth.redirect_if_user_is_authenticated([])
2021-03-11 21:12:55 -05:00
assert conn.halted
assert redirected_to(conn) == "/"
end
test "does not redirect if user is not authenticated", %{conn: conn} do
conn = UserAuth.redirect_if_user_is_authenticated(conn, [])
refute conn.halted
refute conn.status
end
end
describe "require_authenticated_user/2" do
test "redirects if user is not authenticated", %{conn: conn} do
conn = conn |> fetch_flash() |> UserAuth.require_authenticated_user([])
assert conn.halted
assert redirected_to(conn) == Routes.user_session_path(conn, :new)
2022-02-17 20:53:17 -05:00
assert get_flash(conn, :error) ==
dgettext("errors", "You must confirm your account and log in to access this page.")
2021-03-11 21:12:55 -05:00
end
test "stores the path to redirect to on GET", %{conn: conn} do
halted_conn =
2022-02-16 20:59:22 -05:00
%{conn | path_info: ["foo"], query_string: ""}
2021-03-11 21:12:55 -05:00
|> fetch_flash()
|> UserAuth.require_authenticated_user([])
assert halted_conn.halted
assert get_session(halted_conn, :user_return_to) == "/foo"
halted_conn =
2022-02-16 20:59:22 -05:00
%{conn | path_info: ["foo"], query_string: "bar=baz"}
2021-03-11 21:12:55 -05:00
|> fetch_flash()
|> UserAuth.require_authenticated_user([])
assert halted_conn.halted
assert get_session(halted_conn, :user_return_to) == "/foo?bar=baz"
halted_conn =
2022-02-16 20:59:22 -05:00
%{conn | path_info: ["/foo?bar"], method: "POST"}
2021-03-11 21:12:55 -05:00
|> fetch_flash()
|> UserAuth.require_authenticated_user([])
assert halted_conn.halted
refute get_session(halted_conn, :user_return_to)
end
2022-02-17 20:53:17 -05:00
test "does not redirect if user is authenticated", %{conn: conn, current_user: current_user} do
conn =
conn |> assign(:current_user, current_user) |> UserAuth.require_authenticated_user([])
2021-03-11 21:12:55 -05:00
refute conn.halted
refute conn.status
end
end
end