klevze/SkinbaseNova
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Auth: convert auth views and verification email to Nova layout

Browse Source
This commit is contained in:
Gregor Klevže
2026-02-21 07:37:08 +01:00
parent 93b009d42a
commit 795c7a835f
117 changed files with 5385 additions and 1291 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
tests/Feature/Auth/EnsureOnboardingCompleteTest.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('redirects verified step user to setup password from profile', function () {
$user = User::factory()->create([
'onboarding_step' => 'verified',
]);
$this->actingAs($user)
->get('/profile')
->assertRedirect('/setup/password');
});
it('redirects password step user to setup username from upload', function () {
$user = User::factory()->create([
'onboarding_step' => 'password',
]);
$this->actingAs($user)
->get('/upload')
->assertRedirect('/setup/username');
});
it('redirects email step user to login from forum and gallery', function () {
$user = User::factory()->create([
'onboarding_step' => 'email',
]);
$this->actingAs($user)
->get('/forum')
->assertRedirect('/login');
$this->actingAs($user)
->get('/gallery/1/test')
->assertRedirect('/login');
});
it('allows complete onboarding user to access profile and upload', function () {
$user = User::factory()->create([
'onboarding_step' => 'complete',
]);
$this->actingAs($user)
->get('/profile')
->assertOk();
$this->actingAs($user)
->get('/upload')
->assertOk();
});

53
tests/Feature/Auth/OnboardingUxTest.php Normal file
View File

@@ -0,0 +1,53 @@
<?php
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('shows onboarding progress and status on setup password page', function () {
$user = User::factory()->create([
'onboarding_step' => 'verified',
]);
$this->actingAs($user)
->withSession(['status' => 'Email verified. Continue with password setup.'])
->get('/setup/password')
->assertOk()
->assertSee('Email')
->assertSee('Verified')
->assertSee('Password')
->assertSee('Username')
->assertSee('Email verified. Continue with password setup.');
});
it('shows onboarding progress and status on setup username page', function () {
$user = User::factory()->create([
'onboarding_step' => 'password',
]);
$this->actingAs($user)
->withSession(['status' => 'Password saved. Choose your public username to finish setup.'])
->get('/setup/username')
->assertOk()
->assertSee('Email')
->assertSee('Verified')
->assertSee('Password')
->assertSee('Username')
->assertSee('Password saved. Choose your public username to finish setup.');
});
it('returns clear validation message for weak setup password', function () {
$user = User::factory()->create([
'onboarding_step' => 'verified',
]);
$this->actingAs($user)
->from('/setup/password')
->post('/setup/password', [
'password' => 'short',
'password_confirmation' => 'short',
])
->assertRedirect('/setup/password')
->assertSessionHasErrors('password');
});

74
tests/Feature/Auth/RegistrationAntiSpamTest.php Normal file
View File

@@ -0,0 +1,74 @@
<?php
use App\Services\Security\RecaptchaVerifier;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Facades\RateLimiter;
uses(RefreshDatabase::class);
it('rejects registration when honeypot field is filled', function () {
Mail::fake();
$response = $this->from('/register')->post('/register', [
'email' => 'bot1@example.com',
'website' => 'https://spam.example',
]);
$response->assertRedirect('/register');
$response->assertSessionHasErrors('website');
$this->assertDatabaseMissing('users', ['email' => 'bot1@example.com']);
});
it('throttles excessive registration attempts by ip', function () {
Mail::fake();
config()->set('antispam.register.ip_per_minute', 2);
config()->set('antispam.register.email_per_minute', 20);
for ($i = 0; $i < 2; $i++) {
$this->post('/register', [
'email' => 'user-rate-' . $i . '@example.com',
])->assertRedirect('/register/notice');
}
$this->post('/register', [
'email' => 'user-rate-3@example.com',
])->assertStatus(429);
RateLimiter::clear('register:ip:127.0.0.1');
});
it('rejects registration when recaptcha is enabled and verification fails', function () {
Mail::fake();
$mock = \Mockery::mock(RecaptchaVerifier::class);
$mock->shouldReceive('isEnabled')->andReturn(true);
$mock->shouldReceive('verify')->once()->andReturn(false);
$this->app->instance(RecaptchaVerifier::class, $mock);
$response = $this->from('/register')->post('/register', [
'email' => 'captcha-user@example.com',
'g-recaptcha-response' => 'bad-token',
]);
$response->assertRedirect('/register');
$response->assertSessionHasErrors('captcha');
$this->assertDatabaseMissing('users', ['email' => 'captcha-user@example.com']);
});
it('allows registration when recaptcha is enabled and verification succeeds', function () {
Mail::fake();
$mock = \Mockery::mock(RecaptchaVerifier::class);
$mock->shouldReceive('isEnabled')->andReturn(true);
$mock->shouldReceive('verify')->once()->andReturn(true);
$this->app->instance(RecaptchaVerifier::class, $mock);
$response = $this->post('/register', [
'email' => 'captcha-pass@example.com',
'g-recaptcha-response' => 'good-token',
]);
$response->assertRedirect('/register/notice');
$this->assertDatabaseHas('users', ['email' => 'captcha-pass@example.com']);
});

125
tests/Feature/Auth/RegistrationFlowChecklistTest.php Normal file
View File

@@ -0,0 +1,125 @@
<?php
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Mail;
uses(RefreshDatabase::class);
it('completes happy path registration onboarding flow', function () {
Mail::fake();
$register = $this->post('/register', [
'email' => 'flow-user@example.com',
]);
$register->assertRedirect('/register/notice');
$user = User::query()->where('email', 'flow-user@example.com')->firstOrFail();
expect($user->onboarding_step)->toBe('email');
$token = (string) DB::table('user_verification_tokens')
->where('user_id', $user->id)
->value('token');
$this->get('/verify/' . $token)->assertRedirect('/setup/password');
$user->refresh();
expect($user->onboarding_step)->toBe('verified');
$this->actingAs($user)
->post('/setup/password', [
'password' => 'StrongPass1!',
'password_confirmation' => 'StrongPass1!',
])->assertRedirect('/setup/username');
$this->actingAs($user)
->post('/setup/username', [
'username' => 'flow_user_final',
])->assertRedirect('/@flow_user_final');
$user->refresh();
expect($user->onboarding_step)->toBe('complete');
expect($user->username)->toBe('flow_user_final');
});
it('rejects invalid verification token', function () {
$response = $this->from('/login')->get('/verify/not-a-real-token');
$response->assertRedirect('/login');
$response->assertSessionHasErrors('email');
});
it('rejects expired verification token', function () {
$user = User::factory()->create([
'email_verified_at' => null,
'onboarding_step' => 'email',
'is_active' => false,
]);
DB::table('user_verification_tokens')->insert([
'user_id' => $user->id,
'token' => 'expired-checklist-token',
'expires_at' => now()->subHour(),
'created_at' => now(),
'updated_at' => now(),
]);
$response = $this->from('/login')->get('/verify/expired-checklist-token');
$response->assertRedirect('/login');
$response->assertSessionHasErrors('email');
expect($user->fresh()->email_verified_at)->toBeNull();
});
it('rejects duplicate email at registration', function () {
User::factory()->create([
'email' => 'duplicate-check@example.com',
]);
$response = $this->from('/register')->post('/register', [
'email' => 'duplicate-check@example.com',
]);
$response->assertRedirect('/register');
$response->assertSessionHasErrors('email');
});
it('rejects username conflict during username setup', function () {
User::factory()->create([
'username' => 'taken_username',
'onboarding_step' => 'complete',
]);
$user = User::factory()->create([
'username' => 'candidate_username',
'onboarding_step' => 'password',
]);
$this->actingAs($user)
->from('/setup/username')
->post('/setup/username', [
'username' => 'taken_username',
])
->assertRedirect('/setup/username')
->assertSessionHasErrors('username');
expect($user->fresh()->onboarding_step)->toBe('password');
});
it('resumes onboarding by redirecting user to current required step', function () {
$user = User::factory()->create([
'onboarding_step' => 'verified',
]);
$this->actingAs($user)
->get('/profile')
->assertRedirect('/setup/password');
$user->forceFill(['onboarding_step' => 'password'])->save();
$this->actingAs($user)
->get('/upload')
->assertRedirect('/setup/username');
});

60
tests/Feature/Auth/RegistrationNoticeResendTest.php Normal file
View File

@@ -0,0 +1,60 @@
<?php
use App\Mail\RegistrationVerificationMail;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\Mail;
uses(RefreshDatabase::class);
it('shows registration notice with email after first step', function () {
Mail::fake();
$this->post('/register', [
'email' => 'notice@example.com',
])->assertRedirect('/register/notice');
$this->get('/register/notice')
->assertOk()
->assertSee('notice@example.com')
->assertSee('Change email');
});
it('prefills register form email from query string', function () {
$this->get('/register?email=prefill@example.com')
->assertOk()
->assertSee('value="prefill@example.com"', false);
});
it('blocks resend while cooldown is active', function () {
Mail::fake();
$this->post('/register', [
'email' => 'cooldown@example.com',
])->assertRedirect('/register/notice');
$this->from('/register/notice')->post('/register/resend-verification', [
'email' => 'cooldown@example.com',
])->assertRedirect('/register/notice')
->assertSessionHasErrors('email');
});
it('resends verification after cooldown expires', function () {
Mail::fake();
$this->post('/register', [
'email' => 'resend@example.com',
])->assertRedirect('/register/notice');
$key = 'register:resend:cooldown:' . sha1('resend@example.com');
Cache::forget($key);
$this->post('/register/resend-verification', [
'email' => 'resend@example.com',
])->assertRedirect('/register/notice');
Mail::assertQueued(RegistrationVerificationMail::class, 2);
expect(User::query()->where('email', 'resend@example.com')->exists())->toBeTrue();
});

30
tests/Feature/Auth/RegistrationTest.php
View File

@@ -1,19 +1,37 @@
<?php
use App\Mail\RegistrationVerificationMail;
use Illuminate\Support\Facades\Mail;
test('registration screen can be rendered', function () {
$response = $this->get('/register');
$response->assertStatus(200);
$response->assertStatus(200)
->assertDontSee('name="name"', false)
->assertDontSee('name="username"', false)
->assertDontSee('name="password"', false)
->assertDontSee('name="password_confirmation"', false);
});
test('new users can register', function () {
Mail::fake();
$response = $this->post('/register', [
'name' => 'Test User',
'email' => 'test@example.com',
'password' => 'password',
'password_confirmation' => 'password',
]);
$this->assertAuthenticated();
$response->assertRedirect(route('dashboard', absolute: false));
$this->assertGuest();
$response->assertRedirect(route('register.notice', absolute: false));
$this->assertDatabaseHas('users', [
'email' => 'test@example.com',
'onboarding_step' => 'email',
'is_active' => 0,
]);
$this->assertDatabaseHas('user_verification_tokens', [
'user_id' => (int) \App\Models\User::query()->where('email', 'test@example.com')->value('id'),
]);
Mail::assertQueued(RegistrationVerificationMail::class);
});

74
tests/Feature/Auth/RegistrationTokenVerificationTest.php Normal file
View File

@@ -0,0 +1,74 @@
<?php
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\DB;
uses(RefreshDatabase::class);
it('verifies token and redirects to password setup', function () {
$user = User::factory()->create([
'email_verified_at' => null,
'onboarding_step' => 'email',
'is_active' => false,
]);
DB::table('user_verification_tokens')->insert([
'user_id' => $user->id,
'token' => 'verify-token-1',
'expires_at' => now()->addHour(),
'created_at' => now(),
'updated_at' => now(),
]);
$response = $this->get('/verify/verify-token-1');
$response->assertRedirect('/setup/password');
$this->assertAuthenticatedAs($user->fresh());
$this->assertDatabaseHas('users', [
'id' => $user->id,
'onboarding_step' => 'verified',
'is_active' => 1,
]);
expect($user->fresh()->email_verified_at)->not->toBeNull();
$this->assertDatabaseMissing('user_verification_tokens', ['token' => 'verify-token-1']);
});
it('rejects expired token', function () {
$user = User::factory()->create([
'email_verified_at' => null,
'onboarding_step' => 'email',
'is_active' => false,
]);
DB::table('user_verification_tokens')->insert([
'user_id' => $user->id,
'token' => 'expired-token-1',
'expires_at' => now()->subMinute(),
'created_at' => now(),
'updated_at' => now(),
]);
$response = $this->from('/login')->get('/verify/expired-token-1');
$response->assertRedirect('/login');
$response->assertSessionHasErrors('email');
$this->assertGuest();
$this->assertDatabaseHas('users', [
'id' => $user->id,
'onboarding_step' => 'email',
'is_active' => 0,
]);
expect($user->fresh()->email_verified_at)->toBeNull();
});
it('rejects unknown token', function () {
$response = $this->from('/login')->get('/verify/not-real-token');
$response->assertRedirect('/login');
$response->assertSessionHasErrors('email');
$this->assertGuest();
});

43
tests/Feature/Auth/RegistrationVerificationMailTest.php Normal file
View File

@@ -0,0 +1,43 @@
<?php
use App\Mail\RegistrationVerificationMail;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('registration verification mailable is queued with retry policy', function () {
$mail = new RegistrationVerificationMail('token-123');
expect($mail)->toBeInstanceOf(ShouldQueue::class);
expect($mail->tries)->toBe(3);
expect($mail->timeout)->toBe(30);
expect($mail->backoff)->toBe([60, 300, 900]);
});
it('registration email contains verification link expiry and support url', function () {
config()->set('app.url', 'https://skinbase.example');
config()->set('app.name', 'Skinbase');
$mail = new RegistrationVerificationMail('abc-token');
$html = $mail->render();
expect($html)->toContain('Verify Email');
expect($html)->toContain('/verify/abc-token');
expect($html)->toContain('expires in 24 hours');
expect($html)->toContain('https://skinbase.example/support');
});
it('registration endpoint still queues verification mail', function () {
\Illuminate\Support\Facades\Mail::fake();
$this->post('/register', [
'email' => 'mail-test@example.com',
])->assertRedirect('/register/notice');
\Illuminate\Support\Facades\Mail::assertQueued(RegistrationVerificationMail::class);
$this->assertDatabaseHas('users', [
'email' => 'mail-test@example.com',
'onboarding_step' => 'email',
]);
});

62
tests/Feature/Auth/SetupPasswordTest.php Normal file
View File

@@ -0,0 +1,62 @@
<?php
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Hash;
uses(RefreshDatabase::class);
it('requires authentication to open setup password screen', function () {
$this->get('/setup/password')
->assertRedirect('/login');
});
it('renders setup password screen for authenticated user', function () {
$user = User::factory()->create([
'onboarding_step' => 'verified',
'needs_password_reset' => true,
]);
$this->actingAs($user)
->get('/setup/password')
->assertOk();
});
it('accepts strong password and moves onboarding to password step', function () {
$user = User::factory()->create([
'onboarding_step' => 'verified',
'needs_password_reset' => true,
'password' => Hash::make('old-password'),
]);
$response = $this->actingAs($user)
->post('/setup/password', [
'password' => 'StrongPass1!',
'password_confirmation' => 'StrongPass1!',
]);
$response->assertRedirect('/setup/username');
$user->refresh();
expect(Hash::check('StrongPass1!', $user->password))->toBeTrue();
expect($user->onboarding_step)->toBe('password');
expect((bool) $user->needs_password_reset)->toBeFalse();
});
it('rejects password without number or symbol or minimum length', function () {
$user = User::factory()->create([
'onboarding_step' => 'verified',
'needs_password_reset' => true,
]);
$this->actingAs($user)
->from('/setup/password')
->post('/setup/password', [
'password' => 'weakpass',
'password_confirmation' => 'weakpass',
])
->assertRedirect('/setup/password')
->assertSessionHasErrors('password');
expect($user->fresh()->onboarding_step)->toBe('verified');
});

77
tests/Feature/Auth/SetupUsernameTest.php Normal file
View File

@@ -0,0 +1,77 @@
<?php
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('requires authentication to open setup username screen', function () {
$this->get('/setup/username')
->assertRedirect('/login');
});
it('renders setup username screen for authenticated user', function () {
$user = User::factory()->create([
'onboarding_step' => 'password',
]);
$this->actingAs($user)
->get('/setup/username')
->assertOk();
});
it('accepts unique username and completes onboarding', function () {
$user = User::factory()->create([
'username' => 'initial_user',
'onboarding_step' => 'password',
]);
$response = $this->actingAs($user)
->post('/setup/username', [
'username' => 'Final_User_7',
]);
$response->assertRedirect('/@final_user_7');
$user->refresh();
expect($user->username)->toBe('final_user_7');
expect($user->onboarding_step)->toBe('complete');
expect($user->username_changed_at)->not->toBeNull();
});
it('rejects reserved username in setup flow', function () {
$user = User::factory()->create([
'onboarding_step' => 'password',
]);
$this->actingAs($user)
->from('/setup/username')
->post('/setup/username', [
'username' => 'admin',
])
->assertRedirect('/setup/username')
->assertSessionHasErrors('username');
expect($user->fresh()->onboarding_step)->toBe('password');
});
it('queues similarity-flagged username for manual approval in setup flow', function () {
$user = User::factory()->create([
'onboarding_step' => 'password',
]);
$this->actingAs($user)
->from('/setup/username')
->post('/setup/username', [
'username' => 'support1',
])
->assertRedirect('/setup/username')
->assertSessionHasErrors('username');
$this->assertDatabaseHas('username_approval_requests', [
'user_id' => $user->id,
'requested_username' => 'support1',
'context' => 'onboarding_username',
'status' => 'pending',
]);
});

38
tests/Feature/Auth/UsernameAvailabilityTest.php Normal file
View File

@@ -0,0 +1,38 @@
<?php
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('returns available true for valid free username', function () {
$response = $this->getJson('/api/username/availability?username=free_name');
$response->assertOk()->assertJson([
'available' => true,
'normalized' => 'free_name',
]);
});
it('returns validation error for invalid username format', function () {
$response = $this->getJson('/api/username/availability?username=bad.name');
$response->assertStatus(422)->assertJsonPath('available', false);
});
it('returns validation error for reserved username', function () {
$response = $this->getJson('/api/username/availability?username=admin');
$response->assertStatus(422)->assertJsonPath('available', false);
});
it('returns available false for already taken username', function () {
User::factory()->create(['username' => 'taken_name']);
$response = $this->getJson('/api/username/availability?username=taken_name');
$response->assertOk()->assertJson([
'available' => false,
'normalized' => 'taken_name',
]);
});

83
tests/Feature/Auth/UsernamePolicyTest.php Normal file
View File

@@ -0,0 +1,83 @@
<?php
use App\Models\User;
test('registration normalizes username to lowercase', function () {
$user = User::factory()->create([
'onboarding_step' => 'password',
'username' => null,
]);
$response = $this->actingAs($user)->post('/setup/username', [
'username' => ' GregOr_One ',
]);
$response->assertRedirect('/@gregor_one');
$this->assertDatabaseHas('users', [
'id' => $user->id,
'username' => 'gregor_one',
]);
});
test('registration rejects reserved usernames', function () {
$user = User::factory()->create([
'onboarding_step' => 'password',
]);
$response = $this->actingAs($user)->from('/setup/username')->post('/setup/username', [
'username' => 'admin',
]);
$response->assertSessionHasErrors('username');
$this->assertAuthenticatedAs($user);
});
test('legacy profile username route redirects to canonical at-username route', function () {
$user = User::factory()->create(['username' => 'author_two']);
$response = $this->get('/profile/Author_Two');
$response->assertRedirect('/@author_two');
});
test('non-canonical at-username route redirects to lowercase canonical route', function () {
$user = User::factory()->create(['username' => 'author_two']);
$response = $this->get('/@Author_Two');
$response->assertRedirect('/@author_two');
});
test('profile username update writes history and redirect map', function () {
$user = User::factory()->create([
'username' => 'oldname',
'username_changed_at' => now()->subDays(120),
]);
$response = $this
->actingAs($user)
->patch('/profile', [
'username' => 'New_Name',
'name' => $user->name,
'email' => $user->email,
]);
$response->assertRedirect('/user');
$this->assertDatabaseHas('users', [
'id' => $user->id,
'username' => 'new_name',
]);
$this->assertDatabaseHas('username_history', [
'user_id' => $user->id,
'old_username' => 'oldname',
]);
$this->assertDatabaseHas('username_redirects', [
'old_username' => 'oldname',
'new_username' => 'new_name',
'user_id' => $user->id,
]);
});