add admin account recovery via setup secret
All checks were successful
deploy / deploy (push) Successful in 1m33s
All checks were successful
deploy / deploy (push) Successful in 1m33s
When email isn't configured, the login page now hides the magic link form and shows a recovery link. The /recover page logs the setup secret to server logs and lets the admin reset their password with it. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
jamey
@@ -1,5 +1,5 @@
|
||||
defmodule BerrypodWeb.Auth.LoginTest do
|
||||
use BerrypodWeb.ConnCase
|
||||
use BerrypodWeb.ConnCase, async: false
|
||||
|
||||
import Phoenix.LiveViewTest
|
||||
import Berrypod.AccountsFixtures
|
||||
@@ -75,6 +75,45 @@ defmodule BerrypodWeb.Auth.LoginTest do
|
||||
end
|
||||
end
|
||||
|
||||
describe "email not configured" do
|
||||
setup do
|
||||
original = Application.get_env(:berrypod, Berrypod.Mailer)
|
||||
Application.put_env(:berrypod, Berrypod.Mailer, adapter: Swoosh.Adapters.Local)
|
||||
on_exit(fn -> Application.put_env(:berrypod, Berrypod.Mailer, original) end)
|
||||
:ok
|
||||
end
|
||||
|
||||
test "hides magic link form and shows recovery link", %{conn: conn} do
|
||||
_user = user_fixture()
|
||||
{:ok, _lv, html} = live(conn, ~p"/users/log-in")
|
||||
|
||||
refute html =~ "Log in with email"
|
||||
assert html =~ "Locked out?"
|
||||
assert html =~ "Recover with setup secret"
|
||||
end
|
||||
end
|
||||
|
||||
describe "email configured" do
|
||||
setup do
|
||||
original = Application.get_env(:berrypod, Berrypod.Mailer)
|
||||
|
||||
Application.put_env(:berrypod, Berrypod.Mailer,
|
||||
adapter: Swoosh.Adapters.Postmark,
|
||||
api_key: "test"
|
||||
)
|
||||
|
||||
on_exit(fn -> Application.put_env(:berrypod, Berrypod.Mailer, original) end)
|
||||
:ok
|
||||
end
|
||||
|
||||
test "shows magic link form and hides recovery link", %{conn: conn} do
|
||||
{:ok, _lv, html} = live(conn, ~p"/users/log-in")
|
||||
|
||||
assert html =~ "Log in with email"
|
||||
refute html =~ "Locked out?"
|
||||
end
|
||||
end
|
||||
|
||||
describe "login navigation" do
|
||||
test "redirects to setup page when the setup link is clicked", %{conn: conn} do
|
||||
{:ok, lv, _html} = live(conn, ~p"/users/log-in")
|
||||
|
||||
108
test/berrypod_web/live/setup/recover_test.exs
Normal file
108
test/berrypod_web/live/setup/recover_test.exs
Normal file
@@ -0,0 +1,108 @@
|
||||
defmodule BerrypodWeb.Setup.RecoverTest do
|
||||
use BerrypodWeb.ConnCase, async: false
|
||||
|
||||
import Phoenix.LiveViewTest
|
||||
import Berrypod.AccountsFixtures
|
||||
import ExUnit.CaptureLog
|
||||
|
||||
alias Berrypod.Setup
|
||||
|
||||
describe "when no admin exists" do
|
||||
test "redirects to setup", %{conn: conn} do
|
||||
{:ok, _view, html} =
|
||||
conn
|
||||
|> live(~p"/recover")
|
||||
|> follow_redirect(conn, ~p"/setup")
|
||||
|
||||
assert html =~ "Set up your shop"
|
||||
end
|
||||
end
|
||||
|
||||
describe "when admin exists" do
|
||||
setup do
|
||||
user = user_fixture()
|
||||
%{user: user}
|
||||
end
|
||||
|
||||
test "renders recovery page", %{conn: conn} do
|
||||
{:ok, _view, html} = live(conn, ~p"/recover")
|
||||
|
||||
assert html =~ "Account recovery"
|
||||
assert html =~ "recovery secret has been printed"
|
||||
assert html =~ "New password"
|
||||
end
|
||||
|
||||
test "logs setup secret on mount", %{conn: conn} do
|
||||
log =
|
||||
capture_log(fn ->
|
||||
{:ok, _view, _html} = live(conn, ~p"/recover")
|
||||
end)
|
||||
|
||||
assert log =~ "Account recovery requested"
|
||||
assert log =~ Setup.setup_secret()
|
||||
end
|
||||
|
||||
test "rejects short password", %{conn: conn} do
|
||||
{:ok, view, _html} = live(conn, ~p"/recover")
|
||||
|
||||
html =
|
||||
view
|
||||
|> form("form", %{recover: %{password: "short"}})
|
||||
|> render_submit()
|
||||
|
||||
assert html =~ "at least 12 characters"
|
||||
end
|
||||
|
||||
test "resets password and redirects to login", %{conn: conn} do
|
||||
{:ok, view, _html} = live(conn, ~p"/recover")
|
||||
|
||||
result =
|
||||
view
|
||||
|> form("form", %{recover: %{password: "new_password_123"}})
|
||||
|> render_submit()
|
||||
|
||||
assert {:error, {:redirect, %{to: "/recover/login/" <> _token}}} = result
|
||||
end
|
||||
end
|
||||
|
||||
describe "when admin exists (prod mode)" do
|
||||
setup do
|
||||
original = Application.get_env(:berrypod, :env)
|
||||
Application.put_env(:berrypod, :env, :prod)
|
||||
user = user_fixture()
|
||||
on_exit(fn -> Application.put_env(:berrypod, :env, original) end)
|
||||
%{user: user}
|
||||
end
|
||||
|
||||
test "shows secret field in prod", %{conn: conn} do
|
||||
{:ok, _view, html} = live(conn, ~p"/recover")
|
||||
assert html =~ "Setup secret"
|
||||
end
|
||||
|
||||
test "rejects wrong secret", %{conn: conn} do
|
||||
{:ok, view, _html} = live(conn, ~p"/recover")
|
||||
|
||||
html =
|
||||
view
|
||||
|> form("form", %{recover: %{secret: "wrong_secret", password: "a_valid_password_123"}})
|
||||
|> render_submit()
|
||||
|
||||
assert html =~ "Wrong setup secret"
|
||||
end
|
||||
end
|
||||
|
||||
describe "when already logged in" do
|
||||
setup %{conn: conn} do
|
||||
user = user_fixture()
|
||||
conn = log_in_user(conn, user)
|
||||
%{conn: conn, user: user}
|
||||
end
|
||||
|
||||
test "redirects to admin", %{conn: conn} do
|
||||
{:ok, _view, _html} =
|
||||
conn
|
||||
|> live(~p"/recover")
|
||||
|> follow_redirect(conn, ~p"/admin")
|
||||
end
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user