Accueil Explorer Aide
S'inscrire Connexion
dth
/
strprfcrm
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

auth tests

Alexander Musikhin il y a 2 semaines
Parent
5c90c21962
commit
18deb1cff0
2 fichiers modifiés avec 296 ajouts et 0 suppressions
Vue unifiée Afficher les stats Diff
  1. 128 0
      tests/Feature/Auth/AuthControllerTest.php
  2. 168 0
      tests/Feature/AuthorizationTest.php

+ 128 - 0
tests/Feature/Auth/AuthControllerTest.php
Voir le fichier 

@@ -0,0 +1,128 @@
 
+<?php
 
+
 
+namespace Tests\Feature\Auth;
 
+
 
+use App\Models\Role;
 
+use App\Models\User;
 
+use Illuminate\Foundation\Testing\RefreshDatabase;
 
+use Tests\TestCase;
 
+
 
+class AuthControllerTest extends TestCase
 
+{
 
+    use RefreshDatabase;
 
+
 
+    protected $seed = true;
 
+
 
+    // ==================== Login Form ====================
 
+
 
+    public function test_login_page_is_accessible_to_guest(): void
 
+    {
 
+        $response = $this->get('/login');
 
+
 
+        $response->assertStatus(200);
 
+    }
 
+
 
+    public function test_authenticated_user_is_redirected_from_login_page(): void
 
+    {
 
+        $user = User::factory()->create(['role' => Role::MANAGER]);
 
+
 
+        $response = $this->actingAs($user)->get('/login');
 
+
 
+        $response->assertRedirect('/home');
 
+    }
 
+
 
+    // ==================== Login ====================
 
+
 
+    public function test_user_can_login_with_correct_credentials(): void
 
+    {
 
+        $user = User::factory()->create([
 
+            'role' => Role::MANAGER,
 
+            'password' => bcrypt('secret123'),
 
+        ]);
 
+
 
+        $response = $this->post('/login', [
 
+            'email' => $user->email,
 
+            'password' => 'secret123',
 
+        ]);
 
+
 
+        $response->assertRedirect('/order');
 
+        $this->assertAuthenticatedAs($user);
 
+    }
 
+
 
+    public function test_login_fails_with_wrong_password(): void
 
+    {
 
+        $user = User::factory()->create([
 
+            'password' => bcrypt('correct-password'),
 
+        ]);
 
+
 
+        $response = $this->post('/login', [
 
+            'email' => $user->email,
 
+            'password' => 'wrong-password',
 
+        ]);
 
+
 
+        $response->assertSessionHasErrors();
 
+        $this->assertGuest();
 
+    }
 
+
 
+    public function test_login_fails_with_nonexistent_email(): void
 
+    {
 
+        $response = $this->post('/login', [
 
+            'email' => 'nonexistent@example.com',
 
+            'password' => 'password',
 
+        ]);
 
+
 
+        $response->assertSessionHasErrors();
 
+        $this->assertGuest();
 
+    }
 
+
 
+    public function test_login_requires_email(): void
 
+    {
 
+        $response = $this->post('/login', [
 
+            'password' => 'password',
 
+        ]);
 
+
 
+        $response->assertSessionHasErrors('email');
 
+        $this->assertGuest();
 
+    }
 
+
 
+    public function test_login_requires_password(): void
 
+    {
 
+        $user = User::factory()->create();
 
+
 
+        $response = $this->post('/login', [
 
+            'email' => $user->email,
 
+        ]);
 
+
 
+        $response->assertSessionHasErrors('password');
 
+        $this->assertGuest();
 
+    }
 
+
 
+    // ==================== Logout ====================
 
+
 
+    public function test_authenticated_user_can_logout(): void
 
+    {
 
+        $user = User::factory()->create(['role' => Role::MANAGER]);
 
+
 
+        $response = $this->actingAs($user)->post('/logout');
 
+
 
+        $response->assertRedirect('/');
 
+        $this->assertGuest();
 
+    }
 
+
 
+    public function test_guest_cannot_access_protected_route(): void
 
+    {
 
+        $response = $this->get('/order');
 
+
 
+        $response->assertRedirect('/login');
 
+    }
 
+
 
+    public function test_guest_redirected_to_login_from_any_auth_route(): void
 
+    {
 
+        $routes = ['/order', '/reclamations', '/schedule'];
 
+
 
+        foreach ($routes as $route) {
 
+            $response = $this->get($route);
 
+            $response->assertRedirect('/login');
 
+        }
 
+    }
 
+}

+ 168 - 0
tests/Feature/AuthorizationTest.php
Voir le fichier 

@@ -0,0 +1,168 @@
 
+<?php
 
+
 
+namespace Tests\Feature;
 
+
 
+use App\Models\Order;
 
+use App\Models\Role;
 
+use App\Models\User;
 
+use Illuminate\Foundation\Testing\RefreshDatabase;
 
+use Tests\TestCase;
 
+
 
+class AuthorizationTest extends TestCase
 
+{
 
+    use RefreshDatabase;
 
+
 
+    protected $seed = true;
 
+
 
+    private User $adminUser;
 
+    private User $managerUser;
 
+    private User $brigadierUser;
 
+
 
+    protected function setUp(): void
 
+    {
 
+        parent::setUp();
 
+
 
+        $this->adminUser = User::factory()->create(['role' => Role::ADMIN]);
 
+        $this->managerUser = User::factory()->create(['role' => Role::MANAGER]);
 
+        $this->brigadierUser = User::factory()->create(['role' => Role::BRIGADIER]);
 
+    }
 
+
 
+    // ==================== Admin-only routes ====================
 
+
 
+    public function test_only_admin_can_access_admin_areas(): void
 
+    {
 
+        // Guest
 
+        $this->get(route('admin.area.index'))->assertRedirect(route('login'));
 
+
 
+        // Brigadier
 
+        $this->actingAs($this->brigadierUser)
 
+            ->get(route('admin.area.index'))
 
+            ->assertStatus(403);
 
+
 
+        // Manager
 
+        $this->actingAs($this->managerUser)
 
+            ->get(route('admin.area.index'))
 
+            ->assertStatus(403);
 
+
 
+        // Admin
 
+        $this->actingAs($this->adminUser)
 
+            ->get(route('admin.area.index'))
 
+            ->assertStatus(200);
 
+    }
 
+
 
+    public function test_only_admin_can_access_admin_districts(): void
 
+    {
 
+        $this->get(route('admin.district.index'))->assertRedirect(route('login'));
 
+
 
+        $this->actingAs($this->brigadierUser)
 
+            ->get(route('admin.district.index'))
 
+            ->assertStatus(403);
 
+
 
+        $this->actingAs($this->managerUser)
 
+            ->get(route('admin.district.index'))
 
+            ->assertStatus(403);
 
+
 
+        $this->actingAs($this->adminUser)
 
+            ->get(route('admin.district.index'))
 
+            ->assertStatus(200);
 
+    }
 
+
 
+    public function test_only_admin_can_access_user_management(): void
 
+    {
 
+        $this->get(route('user.index'))->assertRedirect(route('login'));
 
+
 
+        $this->actingAs($this->brigadierUser)
 
+            ->get(route('user.index'))
 
+            ->assertStatus(403);
 
+
 
+        $this->actingAs($this->managerUser)
 
+            ->get(route('user.index'))
 
+            ->assertStatus(403);
 
+
 
+        $this->actingAs($this->adminUser)
 
+            ->get(route('user.index'))
 
+            ->assertStatus(200);
 
+    }
 
+
 
+    // ==================== Manager cannot delete users ====================
 
+
 
+    public function test_manager_cannot_delete_user(): void
 
+    {
 
+        $targetUser = User::factory()->create(['role' => Role::BRIGADIER]);
 
+
 
+        $this->actingAs($this->managerUser)
 
+            ->delete(route('user.destroy', $targetUser))
 
+            ->assertStatus(403);
 
+    }
 
+
 
+    public function test_admin_can_delete_user(): void
 
+    {
 
+        $targetUser = User::factory()->create(['role' => Role::BRIGADIER]);
 
+
 
+        $this->actingAs($this->adminUser)
 
+            ->delete(route('user.destroy', $targetUser))
 
+            ->assertRedirect();
 
+
 
+        $this->assertSoftDeleted('users', ['id' => $targetUser->id]);
 
+    }
 
+
 
+    // ==================== Brigadier access restrictions ====================
 
+
 
+    public function test_brigadier_can_access_orders_index(): void
 
+    {
 
+        $this->actingAs($this->brigadierUser)
 
+            ->get(route('order.index'))
 
+            ->assertStatus(200);
 
+    }
 
+
 
+    public function test_brigadier_cannot_access_admin_panel(): void
 
+    {
 
+        $this->actingAs($this->brigadierUser)
 
+            ->get(route('admin.area.index'))
 
+            ->assertStatus(403);
 
+
 
+        $this->actingAs($this->brigadierUser)
 
+            ->get(route('admin.district.index'))
 
+            ->assertStatus(403);
 
+    }
 
+
 
+    public function test_brigadier_cannot_access_user_management(): void
 
+    {
 
+        $this->actingAs($this->brigadierUser)
 
+            ->get(route('user.index'))
 
+            ->assertStatus(403);
 
+    }
 
+
 
+    // ==================== Manager access ====================
 
+
 
+    public function test_manager_can_access_orders(): void
 
+    {
 
+        $this->actingAs($this->managerUser)
 
+            ->get(route('order.index'))
 
+            ->assertStatus(200);
 
+    }
 
+
 
+    public function test_manager_can_access_reclamations(): void
 
+    {
 
+        $this->actingAs($this->managerUser)
 
+            ->get(route('reclamations.index'))
 
+            ->assertStatus(200);
 
+    }
 
+
 
+    // ==================== Guest redirects ====================
 
+
 
+    public function test_guest_redirected_from_order(): void
 
+    {
 
+        $this->get(route('order.index'))->assertRedirect(route('login'));
 
+    }
 
+
 
+    public function test_guest_redirected_from_reclamations(): void
 
+    {
 
+        $this->get(route('reclamations.index'))->assertRedirect(route('login'));
 
+    }
 
+
 
+    public function test_guest_redirected_from_schedule(): void
 
+    {
 
+        $this->get(route('schedule.index'))->assertRedirect(route('login'));
 
+    }
 
+}