klevze/SkinbaseNova
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a9dfa6ea116ac4e8083dcc4f1ac1ce0be33d68ae
SkinbaseNova/tests/Feature/Auth/RegistrationTokenVerificationTest.php
Gregor Klevze 87d60af5a9 Save workspace changes
2026-04-18 17:02:56 +02:00

119 lines
3.8 KiB
PHP
Raw Blame History

<?php
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Schema;
use Illuminate\Support\Facades\Queue;
uses(RefreshDatabase::class);
it('registration no longer creates verification tokens', function () {
Queue::fake();
$response = $this->post('/register', [
'email' => 'token-hash@example.com',
]);
$userId = (int) User::query()->where('email', 'token-hash@example.com')->value('id');
$response->assertRedirect('/setup/password');
expect($userId)->toBeGreaterThan(0);
expect(DB::table('user_verification_tokens')->where('user_id', $userId)->count())->toBe(0);
Queue::assertNothingPushed();
});
it('verifies token and redirects to password setup', function () {
$user = User::factory()->create([
'email_verified_at' => null,
'onboarding_step' => 'email',
'is_active' => false,
]);
$column = Schema::hasColumn('user_verification_tokens', 'token_hash') ? 'token_hash' : 'token';
DB::table('user_verification_tokens')->insert([
'user_id' => $user->id,
$column => hash('sha256', 'verify-token-1'),
'expires_at' => now()->addHour(),
'created_at' => now(),
'updated_at' => now(),
]);
$response = $this->get('/verify/verify-token-1');
$response->assertRedirect('/setup/password');
$this->assertAuthenticatedAs($user->fresh());
$this->assertDatabaseHas('users', [
'id' => $user->id,
'onboarding_step' => 'verified',
'is_active' => 1,
]);
expect($user->fresh()->email_verified_at)->not->toBeNull();
$column = Schema::hasColumn('user_verification_tokens', 'token_hash') ? 'token_hash' : 'token';
$this->assertDatabaseMissing('user_verification_tokens', [$column => hash('sha256', 'verify-token-1')]);
});
it('rejects expired token', function () {
$user = User::factory()->create([
'email_verified_at' => null,
'onboarding_step' => 'email',
'is_active' => false,
]);
$column = Schema::hasColumn('user_verification_tokens', 'token_hash') ? 'token_hash' : 'token';
DB::table('user_verification_tokens')->insert([
'user_id' => $user->id,
$column => hash('sha256', 'expired-token-1'),
'expires_at' => now()->subMinute(),
'created_at' => now(),
'updated_at' => now(),
]);
$response = $this->from('/login')->get('/verify/expired-token-1');
$response->assertRedirect('/login');
$response->assertSessionHasErrors('email');
$this->assertGuest();
$this->assertDatabaseHas('users', [
'id' => $user->id,
'onboarding_step' => 'email',
'is_active' => 0,
]);
expect($user->fresh()->email_verified_at)->toBeNull();
});
it('rejects unknown token', function () {
$response = $this->from('/login')->get('/verify/not-real-token');
$response->assertRedirect('/login');
$response->assertSessionHasErrors('email');
$this->assertGuest();
});
it('rejects token reuse after successful verification', function () {
$user = User::factory()->create([
'email_verified_at' => null,
'onboarding_step' => 'email',
'is_active' => false,
]);
$column = Schema::hasColumn('user_verification_tokens', 'token_hash') ? 'token_hash' : 'token';
DB::table('user_verification_tokens')->insert([
'user_id' => $user->id,
$column => hash('sha256', 'one-time-token'),
'expires_at' => now()->addHour(),
'created_at' => now(),
'updated_at' => now(),
]);
$this->get('/verify/one-time-token')->assertRedirect('/setup/password');
auth()->logout();
$secondTry = $this->from('/login')->get('/verify/one-time-token');
$secondTry->assertRedirect('/login');
$secondTry->assertSessionHasErrors('email');
});
Reference in New Issue View Git Blame Copy Permalink