klevze/SkinbaseNova
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Save workspace changes

Browse Source
This commit is contained in:
Gregor Klevže
2026-04-18 17:02:56 +02:00
parent f02ea9a711
commit 87d60af5a9
4220 changed files with 1388603 additions and 1554 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
.deploy/artwork-evolution-release/tests/Feature/Auth/AuthenticationTest.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
use App\Models\User;
test('login screen can be rendered', function () {
$response = $this->get('/login');
$response->assertStatus(200)
->assertSee('Read signup and login help')
->assertSee(route('help.auth'), false)
->assertSee(route('help.troubleshooting'), false);
});
test('users can authenticate using the login screen', function () {
$user = User::factory()->create();
$response = $this->post('/login', [
'email' => $user->email,
'password' => 'password',
]);
$this->assertAuthenticated();
$response->assertRedirect(route('dashboard', absolute: false));
});
test('users can not authenticate with invalid password', function () {
$user = User::factory()->create();
$this->post('/login', [
'email' => $user->email,
'password' => 'wrong-password',
]);
$this->assertGuest();
});
test('users can logout', function () {
$user = User::factory()->create();
$response = $this->actingAs($user)->post('/logout');
$this->assertGuest();
$response->assertRedirect('/');
});

46
.deploy/artwork-evolution-release/tests/Feature/Auth/EmailVerificationTest.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
use App\Models\User;
use Illuminate\Auth\Events\Verified;
use Illuminate\Support\Facades\Event;
use Illuminate\Support\Facades\URL;
test('email verification screen can be rendered', function () {
$user = User::factory()->unverified()->create();
$response = $this->actingAs($user)->get('/verify-email');
$response->assertStatus(200);
});
test('email can be verified', function () {
$user = User::factory()->unverified()->create();
Event::fake();
$verificationUrl = URL::temporarySignedRoute(
'verification.verify',
now()->addMinutes(60),
['id' => $user->id, 'hash' => sha1($user->email)]
);
$response = $this->actingAs($user)->get($verificationUrl);
Event::assertDispatched(Verified::class);
expect($user->fresh()->hasVerifiedEmail())->toBeTrue();
$response->assertRedirect(route('dashboard', absolute: false).'?verified=1');
});
test('email is not verified with invalid hash', function () {
$user = User::factory()->unverified()->create();
$verificationUrl = URL::temporarySignedRoute(
'verification.verify',
now()->addMinutes(60),
['id' => $user->id, 'hash' => sha1('wrong-email')]
);
$this->actingAs($user)->get($verificationUrl);
expect($user->fresh()->hasVerifiedEmail())->toBeFalse();
});

55
.deploy/artwork-evolution-release/tests/Feature/Auth/EnsureOnboardingCompleteTest.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('redirects verified step user to setup password from profile', function () {
$user = User::factory()->create([
'onboarding_step' => 'verified',
]);
$this->actingAs($user)
->get('/profile')
->assertRedirect('/setup/password');
});
it('redirects password step user to setup username from upload', function () {
$user = User::factory()->create([
'onboarding_step' => 'password',
]);
$this->actingAs($user)
->get('/upload')
->assertRedirect('/setup/username');
});
it('redirects email step user to login from forum and gallery', function () {
$user = User::factory()->create([
'onboarding_step' => 'email',
]);
$this->actingAs($user)
->get('/forum')
->assertRedirect('/login');
$this->actingAs($user)
->get('/gallery/1/test')
->assertRedirect('/login');
});
it('allows complete onboarding user to access profile and upload', function () {
$user = User::factory()->create([
'onboarding_step' => 'complete',
]);
$this->actingAs($user)
->get('/profile')
->assertRedirect('/dashboard/profile')
->assertStatus(301);
$this->actingAs($user)
->get('/upload')
->assertOk();
});

53
.deploy/artwork-evolution-release/tests/Feature/Auth/OnboardingUxTest.php Normal file
View File

@@ -0,0 +1,53 @@
<?php
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('shows onboarding progress and status on setup password page', function () {
$user = User::factory()->create([
'onboarding_step' => 'verified',
]);
$this->actingAs($user)
->withSession(['status' => 'Email verified. Continue with password setup.'])
->get('/setup/password')
->assertOk()
->assertSee('Email')
->assertSee('Verified')
->assertSee('Password')
->assertSee('Username')
->assertSee('Email verified. Continue with password setup.');
});
it('shows onboarding progress and status on setup username page', function () {
$user = User::factory()->create([
'onboarding_step' => 'password',
]);
$this->actingAs($user)
->withSession(['status' => 'Password saved. Choose your public username to finish setup.'])
->get('/setup/username')
->assertOk()
->assertSee('Email')
->assertSee('Verified')
->assertSee('Password')
->assertSee('Username')
->assertSee('Password saved. Choose your public username to finish setup.');
});
it('returns clear validation message for weak setup password', function () {
$user = User::factory()->create([
'onboarding_step' => 'verified',
]);
$this->actingAs($user)
->from('/setup/password')
->post('/setup/password', [
'password' => 'short',
'password_confirmation' => 'short',
])
->assertRedirect('/setup/password')
->assertSessionHasErrors('password');
});

32
.deploy/artwork-evolution-release/tests/Feature/Auth/PasswordConfirmationTest.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
use App\Models\User;
test('confirm password screen can be rendered', function () {
$user = User::factory()->create();
$response = $this->actingAs($user)->get('/confirm-password');
$response->assertStatus(200);
});
test('password can be confirmed', function () {
$user = User::factory()->create();
$response = $this->actingAs($user)->post('/confirm-password', [
'password' => 'password',
]);
$response->assertRedirect();
$response->assertSessionHasNoErrors();
});
test('password is not confirmed with invalid password', function () {
$user = User::factory()->create();
$response = $this->actingAs($user)->post('/confirm-password', [
'password' => 'wrong-password',
]);
$response->assertSessionHasErrors();
});

63
.deploy/artwork-evolution-release/tests/Feature/Auth/PasswordResetTest.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
use App\Models\User;
use Illuminate\Auth\Notifications\ResetPassword;
use Illuminate\Support\Facades\Notification;
test('reset password link screen can be rendered', function () {
$response = $this->get('/forgot-password');
$response->assertStatus(200)
->assertSee('Read signup and login help')
->assertSee(route('help.auth'), false)
->assertSee(route('help.troubleshooting'), false);
});
test('reset password link can be requested', function () {
Notification::fake();
$user = User::factory()->create();
$this->post('/forgot-password', ['email' => $user->email]);
Notification::assertSentTo($user, ResetPassword::class);
});
test('reset password screen can be rendered', function () {
Notification::fake();
$user = User::factory()->create();
$this->post('/forgot-password', ['email' => $user->email]);
Notification::assertSentTo($user, ResetPassword::class, function ($notification) {
$response = $this->get('/reset-password/'.$notification->token);
$response->assertStatus(200);
return true;
});
});
test('password can be reset with valid token', function () {
Notification::fake();
$user = User::factory()->create();
$this->post('/forgot-password', ['email' => $user->email]);
Notification::assertSentTo($user, ResetPassword::class, function ($notification) use ($user) {
$response = $this->post('/reset-password', [
'token' => $notification->token,
'email' => $user->email,
'password' => 'password',
'password_confirmation' => 'password',
]);
$response
->assertSessionHasNoErrors()
->assertRedirect(route('login'));
return true;
});
});

40
.deploy/artwork-evolution-release/tests/Feature/Auth/PasswordUpdateTest.php Normal file
View File

@@ -0,0 +1,40 @@
<?php
use App\Models\User;
use Illuminate\Support\Facades\Hash;
test('password can be updated', function () {
$user = User::factory()->create();
$response = $this
->actingAs($user)
->from('/profile')
->put('/password', [
'current_password' => 'password',
'password' => 'new-password',
'password_confirmation' => 'new-password',
]);
$response
->assertSessionHasNoErrors()
->assertRedirect('/profile');
$this->assertTrue(Hash::check('new-password', $user->refresh()->password));
});
test('correct password must be provided to update password', function () {
$user = User::factory()->create();
$response = $this
->actingAs($user)
->from('/profile')
->put('/password', [
'current_password' => 'wrong-password',
'password' => 'new-password',
'password_confirmation' => 'new-password',
]);
$response
->assertSessionHasErrorsIn('updatePassword', 'current_password')
->assertRedirect('/profile');
});

156
.deploy/artwork-evolution-release/tests/Feature/Auth/RegistrationAntiSpamTest.php Normal file
View File

@@ -0,0 +1,156 @@
<?php
use App\Jobs\SendVerificationEmailJob;
use App\Models\User;
use App\Services\Security\TurnstileVerifier;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Queue;
use Illuminate\Support\Facades\RateLimiter;
uses(RefreshDatabase::class);
it('rejects registration when honeypot field is filled', function () {
Queue::fake();
$response = $this->from('/register')->post('/register', [
'email' => 'bot1@example.com',
'website' => 'https://spam.example',
]);
$response->assertRedirect('/register');
$response->assertSessionHasErrors('website');
$this->assertDatabaseMissing('users', ['email' => 'bot1@example.com']);
});
it('throttles excessive registration attempts by ip', function () {
Queue::fake();
config()->set('registration.ip_per_minute_limit', 2);
config()->set('registration.ip_per_day_limit', 100);
for ($i = 0; $i < 2; $i++) {
$this->post('/register', [
'email' => 'user-rate-' . $i . '@example.com',
])->assertRedirect('/register/notice');
}
$this->post('/register', [
'email' => 'user-rate-3@example.com',
])->assertStatus(429);
RateLimiter::clear('register:ip:127.0.0.1');
RateLimiter::clear('register:ip:daily:127.0.0.1');
});
it('blocks disposable email domains during registration', function () {
Queue::fake();
config()->set('registration.disposable_domains_enabled', true);
config()->set('disposable_email_domains.domains', ['tempmail.com']);
$response = $this->from('/register')->post('/register', [
'email' => 'bot@tempmail.com',
]);
$response->assertRedirect('/register');
$response->assertSessionHasErrors('email');
$this->assertDatabaseMissing('users', ['email' => 'bot@tempmail.com']);
});
it('requires turnstile after suspicious registration attempts', function () {
Queue::fake();
config()->set('registration.enable_turnstile', true);
config()->set('registration.turnstile_suspicious_attempts', 1);
config()->set('services.turnstile.site_key', 'site-key');
config()->set('services.turnstile.secret_key', 'secret-key');
$mock = \Mockery::mock(TurnstileVerifier::class);
$mock->shouldReceive('isEnabled')->andReturn(true);
$mock->shouldReceive('verify')->once()->andReturn(false);
$this->app->instance(TurnstileVerifier::class, $mock);
$response = $this->from('/register')->post('/register', [
'email' => 'captcha-user@example.com',
]);
$response->assertRedirect('/register');
$response->assertSessionHasErrors('captcha');
$this->assertDatabaseMissing('users', ['email' => 'captcha-user@example.com']);
});
it('shows turnstile when ip is in rate-limited state', function () {
config()->set('registration.enable_turnstile', true);
config()->set('registration.ip_per_minute_limit', 1);
config()->set('services.turnstile.site_key', 'site-key');
config()->set('services.turnstile.secret_key', 'secret-key');
RateLimiter::hit('register:ip:127.0.0.1', 60);
$this->get('/register')
->assertOk()
->assertSee('cf-turnstile', false);
RateLimiter::clear('register:ip:127.0.0.1');
});
it('enforces verification email cooldown per address', function () {
Queue::fake();
$this->post('/register', [
'email' => 'cooldown2@example.com',
])->assertRedirect('/register/notice');
$response = $this->post('/register', [
'email' => 'cooldown2@example.com',
]);
$response->assertRedirect('/register/notice');
$response->assertSessionHas('status', 'If that email is valid, we sent a verification link.');
Queue::assertPushed(SendVerificationEmailJob::class, 1);
});
it('returns generic success for existing verified emails (anti-enumeration)', function () {
Queue::fake();
User::factory()->create([
'email' => 'existing@example.com',
'email_verified_at' => now(),
'onboarding_step' => 'complete',
'is_active' => true,
]);
$response = $this->post('/register', [
'email' => 'existing@example.com',
]);
$response->assertRedirect('/register/notice');
$response->assertSessionHas('status', 'If that email is valid, we sent a verification link.');
Queue::assertNothingPushed();
});
it('still allows registration when turnstile passes', function () {
Queue::fake();
config()->set('registration.enable_turnstile', true);
config()->set('registration.turnstile_suspicious_attempts', 1);
config()->set('services.turnstile.site_key', 'site-key');
config()->set('services.turnstile.secret_key', 'secret-key');
$mock = \Mockery::mock(TurnstileVerifier::class);
$mock->shouldReceive('isEnabled')->andReturn(true);
$mock->shouldReceive('verify')->once()->andReturn(false);
$mock->shouldReceive('verify')->once()->andReturn(true);
$this->app->instance(TurnstileVerifier::class, $mock);
$first = $this->from('/register')->post('/register', [
'email' => 'captcha-block@example.com',
]);
$first->assertRedirect('/register');
$first->assertSessionHasErrors('captcha');
$response = $this->post('/register', [
'email' => 'captcha-pass@example.com',
'cf-turnstile-response' => 'good-token',
]);
$response->assertRedirect('/register/notice');
$this->assertDatabaseHas('users', ['email' => 'captcha-pass@example.com']);
});

136
.deploy/artwork-evolution-release/tests/Feature/Auth/RegistrationFlowChecklistTest.php Normal file
View File

@@ -0,0 +1,136 @@
<?php
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Queue;
use Illuminate\Support\Facades\DB;
use App\Jobs\SendVerificationEmailJob;
uses(RefreshDatabase::class);
it('completes happy path registration onboarding flow', function () {
Queue::fake();
$register = $this->post('/register', [
'email' => 'flow-user@example.com',
]);
$register->assertRedirect('/register/notice');
$user = User::query()->where('email', 'flow-user@example.com')->firstOrFail();
expect($user->onboarding_step)->toBe('email');
$token = null;
Queue::assertPushed(SendVerificationEmailJob::class, function (SendVerificationEmailJob $job) use (&$token) {
$token = $job->token;
return true;
});
$this->get('/verify/' . $token)->assertRedirect('/setup/password');
$user->refresh();
expect($user->onboarding_step)->toBe('verified');
$this->actingAs($user)
->post('/setup/password', [
'password' => 'StrongPass1!',
'password_confirmation' => 'StrongPass1!',
])->assertRedirect('/setup/username');
$this->actingAs($user)
->post('/setup/username', [
'username' => 'flow_user_final',
])->assertRedirect('/@flow_user_final');
$user->refresh();
expect($user->onboarding_step)->toBe('complete');
expect($user->username)->toBe('flow_user_final');
});
it('rejects invalid verification token', function () {
$response = $this->from('/login')->get('/verify/not-a-real-token');
$response->assertRedirect('/login');
$response->assertSessionHasErrors('email');
});
it('rejects expired verification token', function () {
$user = User::factory()->create([
'email_verified_at' => null,
'onboarding_step' => 'email',
'is_active' => false,
]);
$column = \Illuminate\Support\Facades\Schema::hasColumn('user_verification_tokens', 'token_hash') ? 'token_hash' : 'token';
DB::table('user_verification_tokens')->insert([
'user_id' => $user->id,
$column => hash('sha256', 'expired-checklist-token'),
'expires_at' => now()->subHour(),
'created_at' => now(),
'updated_at' => now(),
]);
$response = $this->from('/login')->get('/verify/expired-checklist-token');
$response->assertRedirect('/login');
$response->assertSessionHasErrors('email');
expect($user->fresh()->email_verified_at)->toBeNull();
});
it('rejects duplicate email at registration', function () {
Queue::fake();
User::factory()->create([
'email' => 'duplicate-check@example.com',
'email_verified_at' => now(),
'onboarding_step' => 'complete',
'is_active' => true,
]);
$response = $this->post('/register', [
'email' => 'duplicate-check@example.com',
]);
$response->assertRedirect('/register/notice');
$response->assertSessionHas('status', 'If that email is valid, we sent a verification link.');
Queue::assertNothingPushed();
});
it('rejects username conflict during username setup', function () {
User::factory()->create([
'username' => 'taken_username',
'onboarding_step' => 'complete',
]);
$user = User::factory()->create([
'username' => 'candidate_username',
'onboarding_step' => 'password',
]);
$this->actingAs($user)
->from('/setup/username')
->post('/setup/username', [
'username' => 'taken_username',
])
->assertRedirect('/setup/username')
->assertSessionHasErrors('username');
expect($user->fresh()->onboarding_step)->toBe('password');
});
it('resumes onboarding by redirecting user to current required step', function () {
$user = User::factory()->create([
'onboarding_step' => 'verified',
]);
$this->actingAs($user)
->get('/profile')
->assertRedirect('/setup/password');
$user->forceFill(['onboarding_step' => 'password'])->save();
$this->actingAs($user)
->get('/upload')
->assertRedirect('/setup/username');
});

66
.deploy/artwork-evolution-release/tests/Feature/Auth/RegistrationNoticeResendTest.php Normal file
View File

@@ -0,0 +1,66 @@
<?php
use App\Jobs\SendVerificationEmailJob;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Queue;
uses(RefreshDatabase::class);
it('shows registration notice with email after first step', function () {
Queue::fake();
$this->post('/register', [
'email' => 'notice@example.com',
])->assertRedirect('/register/notice');
$this->get('/register/notice')
->assertOk()
->assertSee('notice@example.com')
->assertSee('Change email');
});
it('prefills register form email from query string', function () {
$this->get('/register?email=prefill@example.com')
->assertOk()
->assertSee('value="prefill@example.com"', false);
});
it('blocks resend while cooldown is active', function () {
Queue::fake();
$this->post('/register', [
'email' => 'cooldown@example.com',
])->assertRedirect('/register/notice');
$response = $this->from('/register/notice')->post('/register/resend-verification', [
'email' => 'cooldown@example.com',
]);
$response->assertRedirect('/register/notice');
$response->assertSessionHasNoErrors();
$response->assertSessionHas('status', 'If that email is valid, we sent a verification link.');
Queue::assertPushed(SendVerificationEmailJob::class, 1);
});
it('resends verification after cooldown expires', function () {
Queue::fake();
$this->post('/register', [
'email' => 'resend@example.com',
])->assertRedirect('/register/notice');
$user = User::query()->where('email', 'resend@example.com')->firstOrFail();
$user->forceFill([
'last_verification_sent_at' => now()->subMinutes(31),
])->save();
$this->post('/register/resend-verification', [
'email' => 'resend@example.com',
])->assertRedirect('/register/notice');
Queue::assertPushed(SendVerificationEmailJob::class, 2);
expect(User::query()->where('email', 'resend@example.com')->exists())->toBeTrue();
});

67
.deploy/artwork-evolution-release/tests/Feature/Auth/RegistrationQuotaCircuitBreakerTest.php Normal file
View File

@@ -0,0 +1,67 @@
<?php
use App\Jobs\SendVerificationEmailJob;
use App\Services\Auth\RegistrationEmailQuotaService;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Facades\Queue;
use Illuminate\Support\Facades\DB;
uses(RefreshDatabase::class);
it('returns generic success even when quota is exceeded', function () {
Queue::fake();
DB::table('system_email_quota')->insert([
'period' => now()->format('Y-m'),
'sent_count' => 10,
'limit_count' => 10,
'updated_at' => now(),
]);
$response = $this->post('/register', [
'email' => 'quota-hit@example.com',
]);
$response->assertRedirect('/register/notice');
$response->assertSessionHas('status', 'If that email is valid, we sent a verification link.');
Queue::assertPushed(SendVerificationEmailJob::class);
});
it('blocks actual send in job when monthly quota is exceeded', function () {
Mail::fake();
DB::table('system_email_quota')->insert([
'period' => now()->format('Y-m'),
'sent_count' => 10,
'limit_count' => 10,
'updated_at' => now(),
]);
$eventId = DB::table('email_send_events')->insertGetId([
'type' => 'verify_email',
'email' => 'quota-block@example.com',
'ip' => '127.0.0.1',
'user_id' => null,
'status' => 'queued',
'reason' => null,
'created_at' => now(),
]);
$job = new SendVerificationEmailJob(
emailEventId: (int) $eventId,
email: 'quota-block@example.com',
token: 'raw-token',
userId: null,
ip: '127.0.0.1'
);
$job->handle(app(RegistrationEmailQuotaService::class));
Mail::assertNothingSent();
$this->assertDatabaseHas('email_send_events', [
'id' => $eventId,
'status' => 'blocked',
'reason' => 'quota',
]);
});

40
.deploy/artwork-evolution-release/tests/Feature/Auth/RegistrationTest.php Normal file
View File

@@ -0,0 +1,40 @@
<?php
use App\Jobs\SendVerificationEmailJob;
use Illuminate\Support\Facades\Queue;
test('registration screen can be rendered', function () {
$response = $this->get('/register');
$response->assertStatus(200)
->assertSee('Read signup and login help')
->assertSee(route('help.auth'), false)
->assertSee(route('help.troubleshooting'), false)
->assertDontSee('name="name"', false)
->assertDontSee('name="username"', false)
->assertDontSee('name="password"', false)
->assertDontSee('name="password_confirmation"', false);
});
test('new users can register', function () {
Queue::fake();
$response = $this->post('/register', [
'email' => 'test@example.com',
]);
$this->assertGuest();
$response->assertRedirect(route('register.notice', absolute: false));
$this->assertDatabaseHas('users', [
'email' => 'test@example.com',
'onboarding_step' => 'email',
'is_active' => 0,
]);
$this->assertDatabaseHas('user_verification_tokens', [
'user_id' => (int) \App\Models\User::query()->where('email', 'test@example.com')->value('id'),
]);
Queue::assertPushed(SendVerificationEmailJob::class);
});

129
.deploy/artwork-evolution-release/tests/Feature/Auth/RegistrationTokenVerificationTest.php Normal file
View File

@@ -0,0 +1,129 @@
<?php
use App\Jobs\SendVerificationEmailJob;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Schema;
use Illuminate\Support\Facades\Queue;
uses(RefreshDatabase::class);
it('stores verification tokens hashed instead of raw token', function () {
Queue::fake();
$this->post('/register', [
'email' => 'token-hash@example.com',
])->assertRedirect('/register/notice');
$rawToken = null;
Queue::assertPushed(SendVerificationEmailJob::class, function (SendVerificationEmailJob $job) use (&$rawToken) {
$rawToken = $job->token;
return true;
});
$userId = (int) User::query()->where('email', 'token-hash@example.com')->value('id');
$column = Schema::hasColumn('user_verification_tokens', 'token_hash') ? 'token_hash' : 'token';
$storedToken = (string) DB::table('user_verification_tokens')
->where('user_id', $userId)
->value($column);
expect($rawToken)->not->toBeNull();
expect($storedToken)->toBe(hash('sha256', (string) $rawToken));
expect($storedToken)->not->toBe((string) $rawToken);
});
it('verifies token and redirects to password setup', function () {
$user = User::factory()->create([
'email_verified_at' => null,
'onboarding_step' => 'email',
'is_active' => false,
]);
$column = Schema::hasColumn('user_verification_tokens', 'token_hash') ? 'token_hash' : 'token';
DB::table('user_verification_tokens')->insert([
'user_id' => $user->id,
$column => hash('sha256', 'verify-token-1'),
'expires_at' => now()->addHour(),
'created_at' => now(),
'updated_at' => now(),
]);
$response = $this->get('/verify/verify-token-1');
$response->assertRedirect('/setup/password');
$this->assertAuthenticatedAs($user->fresh());
$this->assertDatabaseHas('users', [
'id' => $user->id,
'onboarding_step' => 'verified',
'is_active' => 1,
]);
expect($user->fresh()->email_verified_at)->not->toBeNull();
$column = Schema::hasColumn('user_verification_tokens', 'token_hash') ? 'token_hash' : 'token';
$this->assertDatabaseMissing('user_verification_tokens', [$column => hash('sha256', 'verify-token-1')]);
});
it('rejects expired token', function () {
$user = User::factory()->create([
'email_verified_at' => null,
'onboarding_step' => 'email',
'is_active' => false,
]);
$column = Schema::hasColumn('user_verification_tokens', 'token_hash') ? 'token_hash' : 'token';
DB::table('user_verification_tokens')->insert([
'user_id' => $user->id,
$column => hash('sha256', 'expired-token-1'),
'expires_at' => now()->subMinute(),
'created_at' => now(),
'updated_at' => now(),
]);
$response = $this->from('/login')->get('/verify/expired-token-1');
$response->assertRedirect('/login');
$response->assertSessionHasErrors('email');
$this->assertGuest();
$this->assertDatabaseHas('users', [
'id' => $user->id,
'onboarding_step' => 'email',
'is_active' => 0,
]);
expect($user->fresh()->email_verified_at)->toBeNull();
});
it('rejects unknown token', function () {
$response = $this->from('/login')->get('/verify/not-real-token');
$response->assertRedirect('/login');
$response->assertSessionHasErrors('email');
$this->assertGuest();
});
it('rejects token reuse after successful verification', function () {
$user = User::factory()->create([
'email_verified_at' => null,
'onboarding_step' => 'email',
'is_active' => false,
]);
$column = Schema::hasColumn('user_verification_tokens', 'token_hash') ? 'token_hash' : 'token';
DB::table('user_verification_tokens')->insert([
'user_id' => $user->id,
$column => hash('sha256', 'one-time-token'),
'expires_at' => now()->addHour(),
'created_at' => now(),
'updated_at' => now(),
]);
$this->get('/verify/one-time-token')->assertRedirect('/setup/password');
auth()->logout();
$secondTry = $this->from('/login')->get('/verify/one-time-token');
$secondTry->assertRedirect('/login');
$secondTry->assertSessionHasErrors('email');
});

45
.deploy/artwork-evolution-release/tests/Feature/Auth/RegistrationVerificationMailTest.php Normal file
View File

@@ -0,0 +1,45 @@
<?php
use App\Jobs\SendVerificationEmailJob;
use App\Mail\RegistrationVerificationMail;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Queue;
uses(RefreshDatabase::class);
it('registration verification mailable is queued with retry policy', function () {
$mail = new RegistrationVerificationMail('token-123');
expect($mail)->toBeInstanceOf(ShouldQueue::class);
expect($mail->tries)->toBe(3);
expect($mail->timeout)->toBe(30);
expect($mail->backoff)->toBe([60, 300, 900]);
});
it('registration email contains verification link expiry and support url', function () {
config()->set('app.url', 'https://skinbase.example');
config()->set('app.name', 'Skinbase');
$mail = new RegistrationVerificationMail('abc-token');
$html = $mail->render();
expect($html)->toContain('Verify Email');
expect($html)->toContain('/verify/abc-token');
expect($html)->toContain('expires in 24 hours');
expect($html)->toContain('https://skinbase.example/support');
});
it('registration endpoint queues verification email job', function () {
Queue::fake();
$this->post('/register', [
'email' => 'mail-test@example.com',
])->assertRedirect('/register/notice');
Queue::assertPushed(SendVerificationEmailJob::class);
$this->assertDatabaseHas('users', [
'email' => 'mail-test@example.com',
'onboarding_step' => 'email',
]);
});

62
.deploy/artwork-evolution-release/tests/Feature/Auth/SetupPasswordTest.php Normal file
View File

@@ -0,0 +1,62 @@
<?php
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Hash;
uses(RefreshDatabase::class);
it('requires authentication to open setup password screen', function () {
$this->get('/setup/password')
->assertRedirect('/login');
});
it('renders setup password screen for authenticated user', function () {
$user = User::factory()->create([
'onboarding_step' => 'verified',
'needs_password_reset' => true,
]);
$this->actingAs($user)
->get('/setup/password')
->assertOk();
});
it('accepts strong password and moves onboarding to password step', function () {
$user = User::factory()->create([
'onboarding_step' => 'verified',
'needs_password_reset' => true,
'password' => Hash::make('old-password'),
]);
$response = $this->actingAs($user)
->post('/setup/password', [
'password' => 'StrongPass1!',
'password_confirmation' => 'StrongPass1!',
]);
$response->assertRedirect('/setup/username');
$user->refresh();
expect(Hash::check('StrongPass1!', $user->password))->toBeTrue();
expect($user->onboarding_step)->toBe('password');
expect((bool) $user->needs_password_reset)->toBeFalse();
});
it('rejects password without number or symbol or minimum length', function () {
$user = User::factory()->create([
'onboarding_step' => 'verified',
'needs_password_reset' => true,
]);
$this->actingAs($user)
->from('/setup/password')
->post('/setup/password', [
'password' => 'weakpass',
'password_confirmation' => 'weakpass',
])
->assertRedirect('/setup/password')
->assertSessionHasErrors('password');
expect($user->fresh()->onboarding_step)->toBe('verified');
});

77
.deploy/artwork-evolution-release/tests/Feature/Auth/SetupUsernameTest.php Normal file
View File

@@ -0,0 +1,77 @@
<?php
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('requires authentication to open setup username screen', function () {
$this->get('/setup/username')
->assertRedirect('/login');
});
it('renders setup username screen for authenticated user', function () {
$user = User::factory()->create([
'onboarding_step' => 'password',
]);
$this->actingAs($user)
->get('/setup/username')
->assertOk();
});
it('accepts unique username and completes onboarding', function () {
$user = User::factory()->create([
'username' => 'initial_user',
'onboarding_step' => 'password',
]);
$response = $this->actingAs($user)
->post('/setup/username', [
'username' => 'Final_User_7',
]);
$response->assertRedirect('/@final_user_7');
$user->refresh();
expect($user->username)->toBe('final_user_7');
expect($user->onboarding_step)->toBe('complete');
expect($user->username_changed_at)->not->toBeNull();
});
it('rejects reserved username in setup flow', function () {
$user = User::factory()->create([
'onboarding_step' => 'password',
]);
$this->actingAs($user)
->from('/setup/username')
->post('/setup/username', [
'username' => 'admin',
])
->assertRedirect('/setup/username')
->assertSessionHasErrors('username');
expect($user->fresh()->onboarding_step)->toBe('password');
});
it('queues similarity-flagged username for manual approval in setup flow', function () {
$user = User::factory()->create([
'onboarding_step' => 'password',
]);
$this->actingAs($user)
->from('/setup/username')
->post('/setup/username', [
'username' => 'support1',
])
->assertRedirect('/setup/username')
->assertSessionHasErrors('username');
$this->assertDatabaseHas('username_approval_requests', [
'user_id' => $user->id,
'requested_username' => 'support1',
'context' => 'onboarding_username',
'status' => 'pending',
]);
});

38
.deploy/artwork-evolution-release/tests/Feature/Auth/UsernameAvailabilityTest.php Normal file
View File

@@ -0,0 +1,38 @@
<?php
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('returns available true for valid free username', function () {
$response = $this->getJson('/api/username/availability?username=free_name');
$response->assertOk()->assertJson([
'available' => true,
'normalized' => 'free_name',
]);
});
it('returns validation error for invalid username format', function () {
$response = $this->getJson('/api/username/availability?username=bad.name');
$response->assertStatus(422)->assertJsonPath('available', false);
});
it('returns validation error for reserved username', function () {
$response = $this->getJson('/api/username/availability?username=admin');
$response->assertStatus(422)->assertJsonPath('available', false);
});
it('returns available false for already taken username', function () {
User::factory()->create(['username' => 'taken_name']);
$response = $this->getJson('/api/username/availability?username=taken_name');
$response->assertOk()->assertJson([
'available' => false,
'normalized' => 'taken_name',
]);
});

83
.deploy/artwork-evolution-release/tests/Feature/Auth/UsernamePolicyTest.php Normal file
View File

@@ -0,0 +1,83 @@
<?php
use App\Models\User;
test('registration normalizes username to lowercase', function () {
$user = User::factory()->create([
'onboarding_step' => 'password',
'username' => null,
]);
$response = $this->actingAs($user)->post('/setup/username', [
'username' => ' GregOr_One ',
]);
$response->assertRedirect('/@gregor_one');
$this->assertDatabaseHas('users', [
'id' => $user->id,
'username' => 'gregor_one',
]);
});
test('registration rejects reserved usernames', function () {
$user = User::factory()->create([
'onboarding_step' => 'password',
]);
$response = $this->actingAs($user)->from('/setup/username')->post('/setup/username', [
'username' => 'admin',
]);
$response->assertSessionHasErrors('username');
$this->assertAuthenticatedAs($user);
});
test('legacy profile username route redirects to canonical at-username route', function () {
$user = User::factory()->create(['username' => 'author_two']);
$response = $this->get('/profile/Author_Two');
$response->assertRedirect('/@author_two');
});
test('non-canonical at-username route redirects to lowercase canonical route', function () {
$user = User::factory()->create(['username' => 'author_two']);
$response = $this->get('/@Author_Two');
$response->assertRedirect('/@author_two');
});
test('profile username update writes history and redirect map', function () {
$user = User::factory()->create([
'username' => 'oldname',
'username_changed_at' => now()->subDays(120),
]);
$response = $this
->actingAs($user)
->patch('/profile', [
'username' => 'New_Name',
'name' => $user->name,
'email' => $user->email,
]);
$response->assertRedirect('/dashboard/profile');
$this->assertDatabaseHas('users', [
'id' => $user->id,
'username' => 'new_name',
]);
$this->assertDatabaseHas('username_history', [
'user_id' => $user->id,
'old_username' => 'oldname',
]);
$this->assertDatabaseHas('username_redirects', [
'old_username' => 'oldname',
'new_username' => 'new_name',
'user_id' => $user->id,
]);
});