Current state

tests/Feature/Api/ArtworkApiTest.php

@@ -0,0 +1,62 @@
+<?php
+use App\Models\Artwork;
+use App\Models\ContentType;
+use App\Models\Category;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+
+uses(RefreshDatabase::class);
+
+test('view public artwork by slug', function () {
+    $art = Artwork::factory()->create();
+
+    $this->getJson('/api/v1/artworks/' . $art->slug)
+        ->assertStatus(200)
+        ->assertJsonPath('slug', $art->slug)
+        ->assertJsonStructure(['slug', 'title', 'description', 'file', 'published_at']);
+});
+
+test('cannot view unapproved artwork', function () {
+    $art = Artwork::factory()->unapproved()->create();
+
+    $this->getJson('/api/v1/artworks/' . $art->slug)
+        ->assertStatus(404);
+});
+
+test('soft-deleted artwork returns 404', function () {
+    $art = Artwork::factory()->create();
+    $art->delete();
+
+    $this->getJson('/api/v1/artworks/' . $art->slug)
+        ->assertStatus(404);
+});
+
+test('category browsing returns artworks for the category only', function () {
+    $contentType = ContentType::create(['name' => 'Photography', 'slug' => 'photography', 'description' => '']);
+    $category = Category::create([
+        'content_type_id' => $contentType->id,
+        'parent_id' => null,
+        'name' => 'Abstract',
+        'slug' => 'abstract',
+        'description' => '',
+        'is_active' => true,
+        'sort_order' => 0,
+    ]);
+
+    $inCat = Artwork::factory()->create();
+    $outCat = Artwork::factory()->create();
+
+    $inCat->categories()->attach($category->id);
+
+    $this->getJson('/api/v1/categories/' . $category->slug . '/artworks')
+        ->assertStatus(200)
+        ->assertJsonStructure(['data', 'links', 'meta'])
+        ->assertJsonCount(1, 'data')
+        ->assertJsonPath('data.0.slug', $inCat->slug);
+});
+
+test('unauthorized or private access is blocked (private artwork)', function () {
+    $art = Artwork::factory()->private()->create();
+
+    $this->getJson('/api/v1/artworks/' . $art->slug)
+        ->assertStatus(404);
+});

tests/Feature/ArtworkFeatureTest.php

@@ -0,0 +1,43 @@
+<?php
+use App\Models\Artwork;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+
+uses(RefreshDatabase::class);
+
+test('public browsing scopes include only public approved not-deleted artworks', function () {
+    Artwork::factory()->create(); // public + approved
+    Artwork::factory()->private()->create();
+    Artwork::factory()->unapproved()->create();
+
+    expect(Artwork::public()->count())->toBe(1);
+});
+
+test('slug-based route generation produces SEO friendly url', function () {
+    $art = Artwork::factory()->create(['slug' => 'my-unique-art']);
+
+    $url = route('artworks.show', [
+        'contentTypeSlug' => 'photography',
+        'categoryPath' => 'abstract',
+        'artwork' => $art->slug,
+    ]);
+
+    expect($url)->toContain('/photography/abstract/my-unique-art');
+});
+
+test('soft delete hides artwork from public scope', function () {
+    $art = Artwork::factory()->create();
+    $art->delete();
+
+    expect(Artwork::public()->where('id', $art->id)->exists())->toBeFalse();
+});
+
+test('approval filtering works via approved scope', function () {
+    Artwork::factory()->create();
+    Artwork::factory()->unapproved()->create();
+
+    expect(Artwork::approved()->count())->toBe(1);
+});
+
+test('admin routes are protected from unauthenticated users', function () {
+    $this->get('/admin/artworks')->assertRedirect('/login');
+});

tests/Feature/Auth/AuthenticationTest.php

@@ -0,0 +1,41 @@
+<?php
+
+use App\Models\User;
+
+test('login screen can be rendered', function () {
+    $response = $this->get('/login');
+
+    $response->assertStatus(200);
+});
+
+test('users can authenticate using the login screen', function () {
+    $user = User::factory()->create();
+
+    $response = $this->post('/login', [
+        'email' => $user->email,
+        'password' => 'password',
+    ]);
+
+    $this->assertAuthenticated();
+    $response->assertRedirect(route('dashboard', absolute: false));
+});
+
+test('users can not authenticate with invalid password', function () {
+    $user = User::factory()->create();
+
+    $this->post('/login', [
+        'email' => $user->email,
+        'password' => 'wrong-password',
+    ]);
+
+    $this->assertGuest();
+});
+
+test('users can logout', function () {
+    $user = User::factory()->create();
+
+    $response = $this->actingAs($user)->post('/logout');
+
+    $this->assertGuest();
+    $response->assertRedirect('/');
+});

tests/Feature/Auth/EmailVerificationTest.php

@@ -0,0 +1,46 @@
+<?php
+
+use App\Models\User;
+use Illuminate\Auth\Events\Verified;
+use Illuminate\Support\Facades\Event;
+use Illuminate\Support\Facades\URL;
+
+test('email verification screen can be rendered', function () {
+    $user = User::factory()->unverified()->create();
+
+    $response = $this->actingAs($user)->get('/verify-email');
+
+    $response->assertStatus(200);
+});
+
+test('email can be verified', function () {
+    $user = User::factory()->unverified()->create();
+
+    Event::fake();
+
+    $verificationUrl = URL::temporarySignedRoute(
+        'verification.verify',
+        now()->addMinutes(60),
+        ['id' => $user->id, 'hash' => sha1($user->email)]
+    );
+
+    $response = $this->actingAs($user)->get($verificationUrl);
+
+    Event::assertDispatched(Verified::class);
+    expect($user->fresh()->hasVerifiedEmail())->toBeTrue();
+    $response->assertRedirect(route('dashboard', absolute: false).'?verified=1');
+});
+
+test('email is not verified with invalid hash', function () {
+    $user = User::factory()->unverified()->create();
+
+    $verificationUrl = URL::temporarySignedRoute(
+        'verification.verify',
+        now()->addMinutes(60),
+        ['id' => $user->id, 'hash' => sha1('wrong-email')]
+    );
+
+    $this->actingAs($user)->get($verificationUrl);
+
+    expect($user->fresh()->hasVerifiedEmail())->toBeFalse();
+});

tests/Feature/Auth/PasswordConfirmationTest.php

@@ -0,0 +1,32 @@
+<?php
+
+use App\Models\User;
+
+test('confirm password screen can be rendered', function () {
+    $user = User::factory()->create();
+
+    $response = $this->actingAs($user)->get('/confirm-password');
+
+    $response->assertStatus(200);
+});
+
+test('password can be confirmed', function () {
+    $user = User::factory()->create();
+
+    $response = $this->actingAs($user)->post('/confirm-password', [
+        'password' => 'password',
+    ]);
+
+    $response->assertRedirect();
+    $response->assertSessionHasNoErrors();
+});
+
+test('password is not confirmed with invalid password', function () {
+    $user = User::factory()->create();
+
+    $response = $this->actingAs($user)->post('/confirm-password', [
+        'password' => 'wrong-password',
+    ]);
+
+    $response->assertSessionHasErrors();
+});

tests/Feature/Auth/PasswordResetTest.php

@@ -0,0 +1,60 @@
+<?php
+
+use App\Models\User;
+use Illuminate\Auth\Notifications\ResetPassword;
+use Illuminate\Support\Facades\Notification;
+
+test('reset password link screen can be rendered', function () {
+    $response = $this->get('/forgot-password');
+
+    $response->assertStatus(200);
+});
+
+test('reset password link can be requested', function () {
+    Notification::fake();
+
+    $user = User::factory()->create();
+
+    $this->post('/forgot-password', ['email' => $user->email]);
+
+    Notification::assertSentTo($user, ResetPassword::class);
+});
+
+test('reset password screen can be rendered', function () {
+    Notification::fake();
+
+    $user = User::factory()->create();
+
+    $this->post('/forgot-password', ['email' => $user->email]);
+
+    Notification::assertSentTo($user, ResetPassword::class, function ($notification) {
+        $response = $this->get('/reset-password/'.$notification->token);
+
+        $response->assertStatus(200);
+
+        return true;
+    });
+});
+
+test('password can be reset with valid token', function () {
+    Notification::fake();
+
+    $user = User::factory()->create();
+
+    $this->post('/forgot-password', ['email' => $user->email]);
+
+    Notification::assertSentTo($user, ResetPassword::class, function ($notification) use ($user) {
+        $response = $this->post('/reset-password', [
+            'token' => $notification->token,
+            'email' => $user->email,
+            'password' => 'password',
+            'password_confirmation' => 'password',
+        ]);
+
+        $response
+            ->assertSessionHasNoErrors()
+            ->assertRedirect(route('login'));
+
+        return true;
+    });
+});

tests/Feature/Auth/PasswordUpdateTest.php

@@ -0,0 +1,40 @@
+<?php
+
+use App\Models\User;
+use Illuminate\Support\Facades\Hash;
+
+test('password can be updated', function () {
+    $user = User::factory()->create();
+
+    $response = $this
+        ->actingAs($user)
+        ->from('/profile')
+        ->put('/password', [
+            'current_password' => 'password',
+            'password' => 'new-password',
+            'password_confirmation' => 'new-password',
+        ]);
+
+    $response
+        ->assertSessionHasNoErrors()
+        ->assertRedirect('/profile');
+
+    $this->assertTrue(Hash::check('new-password', $user->refresh()->password));
+});
+
+test('correct password must be provided to update password', function () {
+    $user = User::factory()->create();
+
+    $response = $this
+        ->actingAs($user)
+        ->from('/profile')
+        ->put('/password', [
+            'current_password' => 'wrong-password',
+            'password' => 'new-password',
+            'password_confirmation' => 'new-password',
+        ]);
+
+    $response
+        ->assertSessionHasErrorsIn('updatePassword', 'current_password')
+        ->assertRedirect('/profile');
+});

tests/Feature/Auth/RegistrationTest.php

@@ -0,0 +1,19 @@
+<?php
+
+test('registration screen can be rendered', function () {
+    $response = $this->get('/register');
+
+    $response->assertStatus(200);
+});
+
+test('new users can register', function () {
+    $response = $this->post('/register', [
+        'name' => 'Test User',
+        'email' => 'test@example.com',
+        'password' => 'password',
+        'password_confirmation' => 'password',
+    ]);
+
+    $this->assertAuthenticated();
+    $response->assertRedirect(route('dashboard', absolute: false));
+});

tests/Feature/BrowseApiTest.php

@@ -0,0 +1,86 @@
+<?php
+
+namespace Tests\Feature;
+
+use App\Models\Artwork;
+use App\Models\Category;
+use App\Models\ContentType;
+use App\Models\User;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Str;
+use Tests\TestCase;
+
+class BrowseApiTest extends TestCase
+{
+    use RefreshDatabase;
+
+    public function test_api_browse_returns_public_artworks(): void
+    {
+        $user = User::factory()->create(['name' => 'Author One']);
+        $contentType = ContentType::create([
+            'name' => 'Wallpapers',
+            'slug' => 'wallpapers',
+            'description' => 'Wallpapers content type',
+        ]);
+
+        $category = Category::create([
+            'content_type_id' => $contentType->id,
+            'name' => 'Abstract',
+            'slug' => 'abstract',
+            'description' => 'Abstract wallpapers',
+            'is_active' => true,
+            'sort_order' => 1,
+        ]);
+
+        $artwork = Artwork::factory()
+            ->for($user)
+            ->create([
+                'slug' => 'neon-city',
+                'published_at' => now()->subDay(),
+            ]);
+
+        $artwork->categories()->attach($category->id);
+
+        $response = $this->getJson('/api/v1/browse');
+
+        $response->assertOk()
+            ->assertJsonPath('data.0.slug', 'neon-city')
+            ->assertJsonPath('data.0.category.slug', 'abstract')
+            ->assertJsonPath('data.0.author.name', 'Author One');
+    }
+
+    public function test_web_browse_shows_artworks(): void
+    {
+        $user = User::factory()->create(['name' => 'Author Two']);
+        $contentType = ContentType::create([
+            'name' => 'Photography',
+            'slug' => 'photography',
+            'description' => 'Photos',
+        ]);
+
+        $category = Category::create([
+            'content_type_id' => $contentType->id,
+            'name' => 'Nature',
+            'slug' => 'nature',
+            'description' => 'Nature photos',
+            'is_active' => true,
+            'sort_order' => 1,
+        ]);
+
+        $artwork = Artwork::factory()
+            ->for($user)
+            ->create([
+                'title' => 'Forest Light',
+                'slug' => 'forest-light',
+                'published_at' => now()->subDay(),
+            ]);
+
+        $artwork->categories()->attach($category->id);
+
+        $response = $this->get('/browse');
+
+        $response->assertOk();
+        $response->assertSee('Forest Light');
+        $response->assertSee('Author Two');
+    }
+}

tests/Feature/ExampleTest.php

@@ -0,0 +1,7 @@
+<?php
+
+it('returns a successful response', function () {
+    $response = $this->get('/');
+
+    $response->assertStatus(200);
+});

tests/Feature/ProfileTest.php

@@ -0,0 +1,86 @@
+<?php
+
+use App\Models\User;
+
+test('profile page is displayed', function () {
+    $user = User::factory()->create();
+
+    $response = $this
+        ->actingAs($user)
+        ->get('/profile');
+
+    $response->assertOk();
+});
+
+test('profile information can be updated', function () {
+    $user = User::factory()->create();
+
+    $response = $this
+        ->actingAs($user)
+        ->patch('/profile', [
+            'name' => 'Test User',
+            'email' => 'test@example.com',
+        ]);
+
+    $response
+        ->assertSessionHasNoErrors()
+        ->assertRedirect('/profile');
+
+    $user->refresh();
+
+    $this->assertSame('Test User', $user->name);
+    $this->assertSame('test@example.com', $user->email);
+    $this->assertNull($user->email_verified_at);
+});
+
+test('email verification status is unchanged when the email address is unchanged', function () {
+    $user = User::factory()->create();
+
+    $response = $this
+        ->actingAs($user)
+        ->patch('/profile', [
+            'name' => 'Test User',
+            'email' => $user->email,
+        ]);
+
+    $response
+        ->assertSessionHasNoErrors()
+        ->assertRedirect('/profile');
+
+    $this->assertNotNull($user->refresh()->email_verified_at);
+});
+
+test('user can delete their account', function () {
+    $user = User::factory()->create();
+
+    $response = $this
+        ->actingAs($user)
+        ->delete('/profile', [
+            'password' => 'password',
+        ]);
+
+    $response
+        ->assertSessionHasNoErrors()
+        ->assertRedirect('/');
+
+    $this->assertGuest();
+    // User should be soft-deleted, not permanently removed
+    $this->assertSoftDeleted('users', ['id' => $user->id]);
+});
+
+test('correct password must be provided to delete account', function () {
+    $user = User::factory()->create();
+
+    $response = $this
+        ->actingAs($user)
+        ->from('/profile')
+        ->delete('/profile', [
+            'password' => 'wrong-password',
+        ]);
+
+    $response
+        ->assertSessionHasErrorsIn('userDeletion', 'password')
+        ->assertRedirect('/profile');
+
+    $this->assertNotNull($user->fresh());
+});