2026-02-18 21:23:15 +00:00
|
|
|
defmodule BerrypodWeb.Auth.LoginTest do
|
2026-02-21 21:40:53 +00:00
|
|
|
use BerrypodWeb.ConnCase, async: false
|
2025-12-30 12:26:46 +00:00
|
|
|
|
|
|
|
|
import Phoenix.LiveViewTest
|
2026-02-18 21:23:15 +00:00
|
|
|
import Berrypod.AccountsFixtures
|
2025-12-30 12:26:46 +00:00
|
|
|
|
2026-02-21 22:25:27 +00:00
|
|
|
alias Berrypod.Mailer
|
|
|
|
|
|
2025-12-30 12:26:46 +00:00
|
|
|
describe "login page" do
|
2026-02-21 22:25:27 +00:00
|
|
|
setup do
|
2026-03-03 17:41:08 +00:00
|
|
|
user_fixture()
|
2026-02-21 22:25:27 +00:00
|
|
|
Mailer.mark_email_verified()
|
|
|
|
|
:ok
|
|
|
|
|
end
|
|
|
|
|
|
2025-12-30 12:26:46 +00:00
|
|
|
test "renders login page", %{conn: conn} do
|
|
|
|
|
{:ok, _lv, html} = live(conn, ~p"/users/log-in")
|
|
|
|
|
|
|
|
|
|
assert html =~ "Log in"
|
|
|
|
|
assert html =~ "Log in with email"
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe "user login - magic link" do
|
2026-02-21 22:25:27 +00:00
|
|
|
setup do
|
|
|
|
|
Mailer.mark_email_verified()
|
|
|
|
|
:ok
|
|
|
|
|
end
|
|
|
|
|
|
2025-12-30 12:26:46 +00:00
|
|
|
test "sends magic link email when user exists", %{conn: conn} do
|
|
|
|
|
user = user_fixture()
|
|
|
|
|
|
|
|
|
|
{:ok, lv, _html} = live(conn, ~p"/users/log-in")
|
|
|
|
|
|
|
|
|
|
{:ok, _lv, html} =
|
|
|
|
|
form(lv, "#login_form_magic", user: %{email: user.email})
|
|
|
|
|
|> render_submit()
|
|
|
|
|
|> follow_redirect(conn, ~p"/users/log-in")
|
|
|
|
|
|
|
|
|
|
assert html =~ "If your email is in our system"
|
|
|
|
|
|
2026-02-18 21:23:15 +00:00
|
|
|
assert Berrypod.Repo.get_by!(Berrypod.Accounts.UserToken, user_id: user.id).context ==
|
2025-12-30 12:26:46 +00:00
|
|
|
"login"
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test "does not disclose if user is registered", %{conn: conn} do
|
2026-03-03 17:41:08 +00:00
|
|
|
user_fixture()
|
|
|
|
|
|
2025-12-30 12:26:46 +00:00
|
|
|
{:ok, lv, _html} = live(conn, ~p"/users/log-in")
|
|
|
|
|
|
|
|
|
|
{:ok, _lv, html} =
|
|
|
|
|
form(lv, "#login_form_magic", user: %{email: "idonotexist@example.com"})
|
|
|
|
|
|> render_submit()
|
|
|
|
|
|> follow_redirect(conn, ~p"/users/log-in")
|
|
|
|
|
|
|
|
|
|
assert html =~ "If your email is in our system"
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe "user login - password" do
|
|
|
|
|
test "redirects if user logs in with valid credentials", %{conn: conn} do
|
|
|
|
|
user = user_fixture() |> set_password()
|
|
|
|
|
|
|
|
|
|
{:ok, lv, _html} = live(conn, ~p"/users/log-in")
|
|
|
|
|
|
|
|
|
|
form =
|
|
|
|
|
form(lv, "#login_form_password",
|
|
|
|
|
user: %{email: user.email, password: valid_user_password(), remember_me: true}
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
conn = submit_form(form, conn)
|
|
|
|
|
|
add setup onboarding page, dashboard launch checklist, provider registry
- new /setup page with three-section onboarding (account, provider, payments)
- dashboard launch checklist with progress bar, go-live, dismiss
- provider registry on Provider module (single source of truth for metadata)
- payments registry for Stripe
- setup context made provider-agnostic (provider_connected, theme_customised, etc.)
- admin provider pages now fully registry-driven (no hardcoded provider names)
- auth flow: fresh installs redirect to /setup, signed_in_path respects setup state
- removed old /admin/setup wizard
- 840 tests, 0 failures
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-20 00:34:06 +00:00
|
|
|
assert redirected_to(conn) == ~p"/setup"
|
2025-12-30 12:26:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test "redirects to login page with a flash error if credentials are invalid", %{
|
|
|
|
|
conn: conn
|
|
|
|
|
} do
|
2026-03-03 17:41:08 +00:00
|
|
|
user_fixture()
|
|
|
|
|
|
2025-12-30 12:26:46 +00:00
|
|
|
{:ok, lv, _html} = live(conn, ~p"/users/log-in")
|
|
|
|
|
|
|
|
|
|
form =
|
|
|
|
|
form(lv, "#login_form_password", user: %{email: "test@email.com", password: "123456"})
|
|
|
|
|
|
|
|
|
|
render_submit(form, %{user: %{remember_me: true}})
|
|
|
|
|
|
|
|
|
|
conn = follow_trigger_action(form, conn)
|
|
|
|
|
assert Phoenix.Flash.get(conn.assigns.flash, :error) == "Invalid email or password"
|
|
|
|
|
assert redirected_to(conn) == ~p"/users/log-in"
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2026-02-21 21:40:53 +00:00
|
|
|
describe "email not configured" do
|
|
|
|
|
setup do
|
|
|
|
|
original = Application.get_env(:berrypod, Berrypod.Mailer)
|
|
|
|
|
Application.put_env(:berrypod, Berrypod.Mailer, adapter: Swoosh.Adapters.Local)
|
|
|
|
|
on_exit(fn -> Application.put_env(:berrypod, Berrypod.Mailer, original) end)
|
|
|
|
|
:ok
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test "hides magic link form and shows recovery link", %{conn: conn} do
|
|
|
|
|
_user = user_fixture()
|
|
|
|
|
{:ok, _lv, html} = live(conn, ~p"/users/log-in")
|
|
|
|
|
|
|
|
|
|
refute html =~ "Log in with email"
|
|
|
|
|
assert html =~ "Locked out?"
|
|
|
|
|
assert html =~ "Recover with setup secret"
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2026-02-21 22:25:27 +00:00
|
|
|
describe "email configured and verified" do
|
2026-02-21 21:40:53 +00:00
|
|
|
setup do
|
2026-03-03 17:41:08 +00:00
|
|
|
# Create user before switching adapter (fixture sends a confirmation email)
|
|
|
|
|
_user = user_fixture()
|
|
|
|
|
|
2026-02-21 21:40:53 +00:00
|
|
|
original = Application.get_env(:berrypod, Berrypod.Mailer)
|
|
|
|
|
|
|
|
|
|
Application.put_env(:berrypod, Berrypod.Mailer,
|
|
|
|
|
adapter: Swoosh.Adapters.Postmark,
|
|
|
|
|
api_key: "test"
|
|
|
|
|
)
|
|
|
|
|
|
2026-02-21 22:25:27 +00:00
|
|
|
Mailer.mark_email_verified()
|
|
|
|
|
|
2026-02-21 21:40:53 +00:00
|
|
|
on_exit(fn -> Application.put_env(:berrypod, Berrypod.Mailer, original) end)
|
|
|
|
|
:ok
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test "shows magic link form and hides recovery link", %{conn: conn} do
|
|
|
|
|
{:ok, _lv, html} = live(conn, ~p"/users/log-in")
|
|
|
|
|
|
|
|
|
|
assert html =~ "Log in with email"
|
|
|
|
|
refute html =~ "Locked out?"
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2026-02-21 22:25:27 +00:00
|
|
|
describe "email configured but not verified" do
|
|
|
|
|
setup do
|
|
|
|
|
# Create user before switching adapter (fixture sends a confirmation email)
|
|
|
|
|
_user = user_fixture()
|
|
|
|
|
|
|
|
|
|
original = Application.get_env(:berrypod, Berrypod.Mailer)
|
|
|
|
|
|
|
|
|
|
Application.put_env(:berrypod, Berrypod.Mailer,
|
|
|
|
|
adapter: Swoosh.Adapters.Postmark,
|
|
|
|
|
api_key: "test"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
Mailer.clear_email_verified()
|
|
|
|
|
|
|
|
|
|
on_exit(fn -> Application.put_env(:berrypod, Berrypod.Mailer, original) end)
|
|
|
|
|
:ok
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test "hides magic link form and shows recovery link", %{conn: conn} do
|
|
|
|
|
{:ok, _lv, html} = live(conn, ~p"/users/log-in")
|
|
|
|
|
|
|
|
|
|
refute html =~ "Log in with email"
|
|
|
|
|
assert html =~ "Locked out?"
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2026-03-03 17:41:08 +00:00
|
|
|
describe "no admin exists" do
|
|
|
|
|
test "redirects to setup", %{conn: conn} do
|
|
|
|
|
assert {:error, {:redirect, %{to: "/setup"}}} = live(conn, ~p"/users/log-in")
|
2025-12-30 12:26:46 +00:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
describe "re-authentication (sudo mode)" do
|
|
|
|
|
setup %{conn: conn} do
|
2026-02-21 22:25:27 +00:00
|
|
|
Mailer.mark_email_verified()
|
2025-12-30 12:26:46 +00:00
|
|
|
user = user_fixture()
|
|
|
|
|
%{user: user, conn: log_in_user(conn, user)}
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
test "shows login page with email filled in", %{conn: conn, user: user} do
|
|
|
|
|
{:ok, _lv, html} = live(conn, ~p"/users/log-in")
|
|
|
|
|
|
|
|
|
|
assert html =~ "You need to reauthenticate"
|
|
|
|
|
refute html =~ "Register"
|
|
|
|
|
assert html =~ "Log in with email"
|
|
|
|
|
|
|
|
|
|
assert html =~
|
|
|
|
|
~s(<input type="email" name="user[email]" id="login_form_magic_email" value="#{user.email}")
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
