c2caeed64d
- new /setup page with three-section onboarding (account, provider, payments) - dashboard launch checklist with progress bar, go-live, dismiss - provider registry on Provider module (single source of truth for metadata) - payments registry for Stripe - setup context made provider-agnostic (provider_connected, theme_customised, etc.) - admin provider pages now fully registry-driven (no hardcoded provider names) - auth flow: fresh installs redirect to /setup, signed_in_path respects setup state - removed old /admin/setup wizard - 840 tests, 0 failures Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
142 lines
4.4 KiB
Elixir
142 lines
4.4 KiB
Elixir
defmodule BerrypodWeb.UserSessionControllerTest do
|
|
use BerrypodWeb.ConnCase
|
|
|
|
import Berrypod.AccountsFixtures
|
|
alias Berrypod.Accounts
|
|
|
|
setup do
|
|
%{unconfirmed_user: unconfirmed_user_fixture(), user: user_fixture()}
|
|
end
|
|
|
|
describe "POST /users/log-in - email and password" do
|
|
test "logs the user in", %{conn: conn, user: user} do
|
|
user = set_password(user)
|
|
|
|
conn =
|
|
post(conn, ~p"/users/log-in", %{
|
|
"user" => %{"email" => user.email, "password" => valid_user_password()}
|
|
})
|
|
|
|
assert get_session(conn, :user_token)
|
|
assert redirected_to(conn) == ~p"/setup"
|
|
|
|
# Now do a logged in request and assert on the page content
|
|
conn = get(conn, ~p"/admin/settings")
|
|
response = html_response(conn, 200)
|
|
assert response =~ user.email
|
|
end
|
|
|
|
test "logs the user in with remember me", %{conn: conn, user: user} do
|
|
user = set_password(user)
|
|
|
|
conn =
|
|
post(conn, ~p"/users/log-in", %{
|
|
"user" => %{
|
|
"email" => user.email,
|
|
"password" => valid_user_password(),
|
|
"remember_me" => "true"
|
|
}
|
|
})
|
|
|
|
assert conn.resp_cookies["_berrypod_web_user_remember_me"]
|
|
assert redirected_to(conn) == ~p"/setup"
|
|
end
|
|
|
|
test "logs the user in with return to", %{conn: conn, user: user} do
|
|
user = set_password(user)
|
|
|
|
conn =
|
|
conn
|
|
|> init_test_session(user_return_to: "/foo/bar")
|
|
|> post(~p"/users/log-in", %{
|
|
"user" => %{
|
|
"email" => user.email,
|
|
"password" => valid_user_password()
|
|
}
|
|
})
|
|
|
|
assert redirected_to(conn) == "/foo/bar"
|
|
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Welcome back!"
|
|
end
|
|
|
|
test "redirects to login page with invalid credentials", %{conn: conn, user: user} do
|
|
conn =
|
|
post(conn, ~p"/users/log-in?mode=password", %{
|
|
"user" => %{"email" => user.email, "password" => "invalid_password"}
|
|
})
|
|
|
|
assert Phoenix.Flash.get(conn.assigns.flash, :error) == "Invalid email or password"
|
|
assert redirected_to(conn) == ~p"/users/log-in"
|
|
end
|
|
end
|
|
|
|
describe "POST /users/log-in - magic link" do
|
|
test "logs the user in", %{conn: conn, user: user} do
|
|
{token, _hashed_token} = generate_user_magic_link_token(user)
|
|
|
|
conn =
|
|
post(conn, ~p"/users/log-in", %{
|
|
"user" => %{"token" => token}
|
|
})
|
|
|
|
assert get_session(conn, :user_token)
|
|
assert redirected_to(conn) == ~p"/setup"
|
|
|
|
# Now do a logged in request and assert on the page content
|
|
conn = get(conn, ~p"/admin/settings")
|
|
response = html_response(conn, 200)
|
|
assert response =~ user.email
|
|
end
|
|
|
|
test "confirms unconfirmed user", %{conn: conn, unconfirmed_user: user} do
|
|
{token, _hashed_token} = generate_user_magic_link_token(user)
|
|
refute user.confirmed_at
|
|
|
|
conn =
|
|
post(conn, ~p"/users/log-in", %{
|
|
"user" => %{"token" => token},
|
|
"_action" => "confirmed"
|
|
})
|
|
|
|
assert get_session(conn, :user_token)
|
|
assert redirected_to(conn) == ~p"/setup"
|
|
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "User confirmed successfully."
|
|
|
|
assert Accounts.get_user!(user.id).confirmed_at
|
|
|
|
# Now do a logged in request and assert on the page content
|
|
conn = get(conn, ~p"/admin/settings")
|
|
response = html_response(conn, 200)
|
|
assert response =~ user.email
|
|
end
|
|
|
|
test "redirects to login page when magic link is invalid", %{conn: conn} do
|
|
conn =
|
|
post(conn, ~p"/users/log-in", %{
|
|
"user" => %{"token" => "invalid"}
|
|
})
|
|
|
|
assert Phoenix.Flash.get(conn.assigns.flash, :error) ==
|
|
"The link is invalid or it has expired."
|
|
|
|
assert redirected_to(conn) == ~p"/users/log-in"
|
|
end
|
|
end
|
|
|
|
describe "DELETE /users/log-out" do
|
|
test "logs the user out", %{conn: conn, user: user} do
|
|
conn = conn |> log_in_user(user) |> delete(~p"/users/log-out")
|
|
assert redirected_to(conn) == ~p"/"
|
|
refute get_session(conn, :user_token)
|
|
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Logged out successfully"
|
|
end
|
|
|
|
test "succeeds even if the user is not logged in", %{conn: conn} do
|
|
conn = delete(conn, ~p"/users/log-out")
|
|
assert redirected_to(conn) == ~p"/"
|
|
refute get_session(conn, :user_token)
|
|
assert Phoenix.Flash.get(conn.assigns.flash, :info) =~ "Logged out successfully"
|
|
end
|
|
end
|
|
end
|