defmodule BerrypodWeb.UserSessionControllerTest do use BerrypodWeb.ConnCase import Berrypod.AccountsFixtures alias Berrypod.Accounts setup do %{unconfirmed_user: unconfirmed_user_fixture(), user: user_fixture()} end describe "POST /users/log-in - email and password" do test "logs the user in", %{conn: conn, user: user} do user = set_password(user) conn = post(conn, ~p"/users/log-in", %{ "user" => %{"email" => user.email, "password" => valid_user_password()} }) assert get_session(conn, :user_token) assert redirected_to(conn) == ~p"/admin" # Now do a logged in request and assert on the page content conn = get(conn, ~p"/admin/settings") response = html_response(conn, 200) assert response =~ user.email end test "logs the user in with remember me", %{conn: conn, user: user} do user = set_password(user) conn = post(conn, ~p"/users/log-in", %{ "user" => %{ "email" => user.email, "password" => valid_user_password(), "remember_me" => "true" } }) assert conn.resp_cookies["_berrypod_web_user_remember_me"] assert redirected_to(conn) == ~p"/admin" end test "logs the user in with return to", %{conn: conn, user: user} do user = set_password(user) conn = conn |> init_test_session(user_return_to: "/foo/bar") |> post(~p"/users/log-in", %{ "user" => %{ "email" => user.email, "password" => valid_user_password() } }) assert redirected_to(conn) == "/foo/bar" assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Welcome back!" end test "redirects to login page with invalid credentials", %{conn: conn, user: user} do conn = post(conn, ~p"/users/log-in?mode=password", %{ "user" => %{"email" => user.email, "password" => "invalid_password"} }) assert Phoenix.Flash.get(conn.assigns.flash, :error) == "Invalid email or password" assert redirected_to(conn) == ~p"/users/log-in" end end describe "POST /users/log-in - magic link" do test "logs the user in", %{conn: conn, user: user} do {token, _hashed_token} = generate_user_magic_link_token(user) conn = post(conn, ~p"/users/log-in", %{ "user" => %{"token" => token} }) assert get_session(conn, :user_token) assert redirected_to(conn) == ~p"/admin" # Now do a logged in request and assert on the page content conn = get(conn, ~p"/admin/settings") response = html_response(conn, 200) assert response =~ user.email end test "confirms unconfirmed user", %{conn: conn, unconfirmed_user: user} do {token, _hashed_token} = generate_user_magic_link_token(user) refute user.confirmed_at conn = post(conn, ~p"/users/log-in", %{ "user" => %{"token" => token}, "_action" => "confirmed" }) assert get_session(conn, :user_token) assert redirected_to(conn) == ~p"/admin" assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "User confirmed successfully." assert Accounts.get_user!(user.id).confirmed_at # Now do a logged in request and assert on the page content conn = get(conn, ~p"/admin/settings") response = html_response(conn, 200) assert response =~ user.email end test "redirects to login page when magic link is invalid", %{conn: conn} do conn = post(conn, ~p"/users/log-in", %{ "user" => %{"token" => "invalid"} }) assert Phoenix.Flash.get(conn.assigns.flash, :error) == "The link is invalid or it has expired." assert redirected_to(conn) == ~p"/users/log-in" end end describe "DELETE /users/log-out" do test "logs the user out", %{conn: conn, user: user} do conn = conn |> log_in_user(user) |> delete(~p"/users/log-out") assert redirected_to(conn) == ~p"/" refute get_session(conn, :user_token) assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Logged out successfully" end test "succeeds even if the user is not logged in", %{conn: conn} do conn = delete(conn, ~p"/users/log-out") assert redirected_to(conn) == ~p"/" refute get_session(conn, :user_token) assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Logged out successfully" end end end