feat(auth): complete registration anti-spam and quota hardening
This commit is contained in:
@@ -2,13 +2,14 @@
|
||||
|
||||
use App\Models\User;
|
||||
use Illuminate\Foundation\Testing\RefreshDatabase;
|
||||
use Illuminate\Support\Facades\Queue;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Support\Facades\Mail;
|
||||
use App\Jobs\SendVerificationEmailJob;
|
||||
|
||||
uses(RefreshDatabase::class);
|
||||
|
||||
it('completes happy path registration onboarding flow', function () {
|
||||
Mail::fake();
|
||||
Queue::fake();
|
||||
|
||||
$register = $this->post('/register', [
|
||||
'email' => 'flow-user@example.com',
|
||||
@@ -19,9 +20,12 @@ it('completes happy path registration onboarding flow', function () {
|
||||
$user = User::query()->where('email', 'flow-user@example.com')->firstOrFail();
|
||||
expect($user->onboarding_step)->toBe('email');
|
||||
|
||||
$token = (string) DB::table('user_verification_tokens')
|
||||
->where('user_id', $user->id)
|
||||
->value('token');
|
||||
$token = null;
|
||||
Queue::assertPushed(SendVerificationEmailJob::class, function (SendVerificationEmailJob $job) use (&$token) {
|
||||
$token = $job->token;
|
||||
|
||||
return true;
|
||||
});
|
||||
|
||||
$this->get('/verify/' . $token)->assertRedirect('/setup/password');
|
||||
|
||||
@@ -58,9 +62,10 @@ it('rejects expired verification token', function () {
|
||||
'is_active' => false,
|
||||
]);
|
||||
|
||||
$column = \Illuminate\Support\Facades\Schema::hasColumn('user_verification_tokens', 'token_hash') ? 'token_hash' : 'token';
|
||||
DB::table('user_verification_tokens')->insert([
|
||||
'user_id' => $user->id,
|
||||
'token' => 'expired-checklist-token',
|
||||
$column => hash('sha256', 'expired-checklist-token'),
|
||||
'expires_at' => now()->subHour(),
|
||||
'created_at' => now(),
|
||||
'updated_at' => now(),
|
||||
@@ -74,16 +79,22 @@ it('rejects expired verification token', function () {
|
||||
});
|
||||
|
||||
it('rejects duplicate email at registration', function () {
|
||||
Queue::fake();
|
||||
|
||||
User::factory()->create([
|
||||
'email' => 'duplicate-check@example.com',
|
||||
'email_verified_at' => now(),
|
||||
'onboarding_step' => 'complete',
|
||||
'is_active' => true,
|
||||
]);
|
||||
|
||||
$response = $this->from('/register')->post('/register', [
|
||||
$response = $this->post('/register', [
|
||||
'email' => 'duplicate-check@example.com',
|
||||
]);
|
||||
|
||||
$response->assertRedirect('/register');
|
||||
$response->assertSessionHasErrors('email');
|
||||
$response->assertRedirect('/register/notice');
|
||||
$response->assertSessionHas('status', 'If that email is valid, we sent a verification link.');
|
||||
Queue::assertNothingPushed();
|
||||
});
|
||||
|
||||
it('rejects username conflict during username setup', function () {
|
||||
|
||||
Reference in New Issue
Block a user