Update & Complete tests

tests/Api/v1/Controllers/SettingControllerTest.php

@@ -5,6 +5,9 @@ namespace Tests\Api\v1\Controllers;
 use App\Api\v1\Controllers\SettingController;
 use App\Facades\Settings;
 use App\Models\User;
+use Illuminate\Support\Arr;
+use Illuminate\Support\Facades\Route;
+use Illuminate\Support\Str;
 use PHPUnit\Framework\Attributes\CoversClass;
 use Tests\FeatureTestCase;
 
@@ -49,6 +52,24 @@ class SettingControllerTest extends FeatureTestCase
         $this->admin = User::factory()->administrator()->create();
     }
 
+    /**
+     * @test
+     */
+    public function test_all_controller_routes_are_protected_by_admin_middleware()
+    {
+        $routes = Route::getRoutes()->getRoutes();
+
+        $controllerRoutes = Arr::where($routes, function (\Illuminate\Routing\Route $route, int $key) {
+            if (Str::startsWith($route->getActionName(), SettingController::class)) {
+                return $route;
+            }
+        });
+
+        foreach ($controllerRoutes as $controllerRoute) {
+            $this->assertContains('admin', $controllerRoute->middleware());
+        }
+    }
+
     /**
      * @test
      */

tests/Api/v1/Controllers/UserManagerControllerTest.php

@@ -0,0 +1,488 @@
+<?php
+
+namespace Tests\Api\v1\Controllers;
+
+use App\Api\v1\Controllers\UserManagerController;
+use App\Api\v1\Resources\UserManagerResource;
+use App\Models\User;
+use App\Policies\UserPolicy;
+use Database\Factories\UserFactory;
+use Illuminate\Auth\Notifications\ResetPassword;
+use Illuminate\Http\Request;
+use Illuminate\Support\Arr;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Hash;
+use Illuminate\Support\Facades\Notification;
+use Illuminate\Support\Facades\Password;
+use Illuminate\Support\Facades\Route;
+use Illuminate\Support\Str;
+use Laravel\Passport\TokenRepository;
+use Mockery\MockInterface;
+use PHPUnit\Framework\Attributes\CoversClass;
+use Tests\FeatureTestCase;
+
+#[CoversClass(UserManagerController::class)]
+#[CoversClass(UserManagerResource::class)]
+#[CoversClass(UserPolicy::class)]
+#[CoversClass(User::class)]
+class UserManagerControllerTest extends FeatureTestCase
+{
+    /**
+     * @var \App\Models\User|\Illuminate\Contracts\Auth\Authenticatable
+     */
+    protected $admin;
+
+    protected $user;
+
+    protected $anotherUser;
+
+    private const USERNAME = 'john doe';
+
+    private const EMAIL = 'johndoe@example.org';
+
+    private const PASSWORD = 'password';
+
+    /**
+     * @test
+     */
+    public function setUp() : void
+    {
+        parent::setUp();
+
+        $this->admin       = User::factory()->administrator()->create();
+        $this->user        = User::factory()->create();
+        $this->anotherUser = User::factory()->create();
+    }
+
+    /**
+     * @test
+     */
+    public function test_all_controller_routes_are_protected_by_admin_middleware()
+    {
+        $routes = Route::getRoutes()->getRoutes();
+
+        $controllerRoutes = Arr::where($routes, function (\Illuminate\Routing\Route $route, int $key) {
+            if (Str::startsWith($route->getActionName(), UserManagerController::class)) {
+                return $route;
+            }
+        });
+
+        foreach ($controllerRoutes as $controllerRoute) {
+            $this->assertContains('admin', $controllerRoute->middleware());
+        }
+    }
+
+    /**
+     * @test
+     */
+    public function test_index_returns_all_users()
+    {
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('GET', '/api/v1/users')
+            ->assertOk()
+            ->assertJsonCount(3)
+            ->assertJsonFragment([
+                'email' => $this->admin->email,
+            ])
+            ->assertJsonFragment([
+                'email' => $this->user->email,
+            ])
+            ->assertJsonFragment([
+                'email' => $this->anotherUser->email,
+            ]);
+    }
+
+    /**
+     * @test
+     */
+    public function test_index_succeeds_and_returns_UserManagerResource(): void
+    {
+        $path = '/api/v1/users';
+        $resources = UserManagerResource::collection(User::all());
+        $request  = Request::create($path, 'GET');
+
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('GET', $path)
+            ->assertExactJson($resources->response($request)->getData(true));
+    }
+
+    /**
+     * @test
+     */
+    public function test_show_returns_the_correct_user()
+    {
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('GET', '/api/v1/users/' . $this->user->id)
+            ->assertJsonFragment([
+                'email' => $this->user->email,
+            ]);
+    }
+
+    /**
+     * @test
+     */
+    public function test_show_returns_UserManagerResource(): void
+    {
+        $path = '/api/v1/users/' . $this->user->id;
+        $resources = UserManagerResource::make($this->user);
+        $request  = Request::create($path, 'GET');
+
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('GET', $path)
+            ->assertExactJson($resources->response($request)->getData(true));
+    }
+
+    /**
+     * @test
+     */
+    public function test_resetPassword_resets_password_and_sends_password_reset_to_user()
+    {
+        Notification::fake();
+
+        DB::table(config('auth.passwords.users.table'))->delete();
+        $user  = User::factory()->create();
+        $oldPassword = $user->password;
+
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('PATCH', '/api/v1/users/' . $user->id . '/password/reset')
+            ->assertOk();
+
+        $user->refresh();
+        $this->assertNotEquals($oldPassword, $user->password);
+
+        $resetToken = DB::table(config('auth.passwords.users.table'))->first();
+
+        $this->assertNotNull($resetToken);
+        Notification::assertSentTo($user, ResetPassword::class, function ($notification, $channels) use ($resetToken) {
+            return Hash::check($notification->token, $resetToken->token) === true;
+        });
+    }
+
+    /**
+     * @test
+     */
+    public function test_resetPassword_returns_UserManagerResource()
+    {
+        Notification::fake();
+
+        $user  = User::factory()->create();
+        $path = '/api/v1/users/' . $user->id . '/password/reset';
+        $request  = Request::create($path, 'PATCH');
+
+        $response = $this->actingAs($this->admin, 'api-guard')
+            ->json('PATCH', $path);
+        $resources = UserManagerResource::make($user);
+
+        $response->assertExactJson($resources->response($request)->getData(true));
+    }
+
+    /**
+     * @test
+     */
+    public function test_resetPassword_does_not_notify_when_reset_failed_and_returns_error()
+    {
+        Notification::fake();
+
+        $broker = $this->partialMock(\Illuminate\Auth\Passwords\PasswordBroker::class, function (MockInterface $broker) {
+            $broker->shouldReceive('createToken')
+                ->andReturn('fakeValue');
+            $broker->shouldReceive('reset')
+                ->andReturn(false);
+        });
+
+        Password::shouldReceive('broker')->andReturn($broker);
+
+        $user = User::factory()->create();
+
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('PATCH', '/api/v1/users/' . $user->id . '/password/reset')
+            ->assertStatus(400)
+            ->assertJsonStructure([
+                'message',
+                'reason',
+            ]);
+        
+        Notification::assertNothingSent();
+    }
+
+    /**
+     * @test
+     */
+    public function test_resetPassword_returns_error_when_notify_send_failed()
+    {
+        Notification::fake();
+
+        $broker = $this->partialMock(\Illuminate\Auth\Passwords\PasswordBroker::class, function (MockInterface $broker) {
+            $broker->shouldReceive('createToken')
+                ->andReturn('fakeValue');
+            $broker->shouldReceive('reset')
+                ->andReturn(Password::PASSWORD_RESET);
+            $broker->shouldReceive('sendResetLink')
+                ->andReturn('badValue');
+        });
+
+        Password::shouldReceive('broker')->andReturn($broker);
+
+        $user = User::factory()->create();
+
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('PATCH', '/api/v1/users/' . $user->id . '/password/reset')
+            ->assertStatus(400)
+            ->assertJsonStructure([
+                'message',
+                'reason',
+            ]);
+        
+        Notification::assertNothingSent();
+    }
+
+    /**
+     * @test
+     */
+    public function test_store_creates_the_user_and_returns_success()
+    {
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('POST', '/api/v1/users', [
+                'name'                  => self::USERNAME,
+                'email'                 => self::EMAIL,
+                'password'              => self::PASSWORD,
+                'password_confirmation' => self::PASSWORD,
+                'is_admin'              => false
+            ])
+            ->assertCreated();
+        
+        $this->assertDatabaseHas('users', [
+            'name'  => self::USERNAME,
+            'email' => self::EMAIL,
+        ]);
+    }
+
+    /**
+     * @test
+     */
+    public function test_store_returns_UserManagerResource_of_created_user(): void
+    {
+        $path = '/api/v1/users';
+        $userDefinition = (new UserFactory)->definition();
+        $userDefinition['password_confirmation'] = $userDefinition['password'];
+        $request  = Request::create($path, 'POST');
+
+        $response = $this->actingAs($this->admin, 'api-guard')
+            ->json('POST', $path, $userDefinition)
+            ->assertCreated();
+            
+        $user = User::where('email', $userDefinition['email'])->first();
+        $resource = UserManagerResource::make($user);
+
+        $response->assertExactJson($resource->response($request)->getData(true));
+    }
+
+    /**
+     * @test
+     */
+    public function test_store_returns_UserManagerResource_of_created_admin(): void
+    {
+        $path = '/api/v1/users';
+        $userDefinition = (new UserFactory)->definition();
+        $userDefinition['is_admin'] = true;
+        $userDefinition['password_confirmation'] = $userDefinition['password'];
+        $request  = Request::create($path, 'POST');
+
+        $response = $this->actingAs($this->admin, 'api-guard')
+            ->json('POST', $path, $userDefinition)
+            ->assertCreated();
+            
+        $user = User::where('email', $userDefinition['email'])->first();
+        $resource = UserManagerResource::make($user);
+
+        $response->assertExactJson($resource->response($request)->getData(true));
+    }
+
+    /**
+     * @test
+     */
+    public function test_revokePATs_flushes_pats()
+    {
+        $tokenRepository = app(TokenRepository::class);
+
+        $this->actingAs($this->user, 'api-guard')
+            ->json('POST', '/oauth/personal-access-tokens', [
+                'name' => 'RandomTokenName',
+            ])
+            ->assertOk();
+        
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('DELETE', '/api/v1/users/' . $this->user->id . '/pats');
+        
+        $tokens = $tokenRepository->forUser($this->user->getAuthIdentifier());
+        $tokens = $tokens->load('client')->filter(function ($token) {
+            return $token->client->personal_access_client && ! $token->revoked;
+        });
+
+        $this->assertCount(0, $tokens);
+    }
+
+    /**
+     * @test
+     */
+    public function test_revokePATs_returns_no_content()
+    {
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('DELETE', '/api/v1/users/' . $this->user->id . '/pats')
+            ->assertNoContent();
+    }
+
+    /**
+     * @test
+     */
+    public function test_revokePATs_always_returns_no_content()
+    {
+        // a fresh user has no token
+        $user = User::factory()->create();
+
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('DELETE', '/api/v1/users/' . $user->id . '/pats')
+            ->assertNoContent();
+    }
+
+    /**
+     * @test
+     */
+    public function test_revokeWebauthnCredentials_flushes_credentials()
+    {
+        DB::table('webauthn_credentials')->insert([
+            'id'                   => '-VOLFKPY-_FuMI_sJ7gMllK76L3VoRUINj6lL_Z3qDg',
+            'authenticatable_type' => \App\Models\User::class,
+            'authenticatable_id'   => $this->user->id,
+            'user_id'              => 'e8af6f703f8042aa91c30cf72289aa07',
+            'counter'              => 0,
+            'rp_id'                => 'http://localhost',
+            'origin'               => 'http://localhost',
+            'aaguid'               => '00000000-0000-0000-0000-000000000000',
+            'attestation_format'   => 'none',
+            'public_key'           => 'eyJpdiI6Imp0U0NVeFNNbW45KzEvMXpad2p2SUE9PSIsInZhbHVlIjoic0VxZ2I1WnlHM2lJakhkWHVkK2kzMWtibk1IN2ZlaExGT01qOElXMDdRTjhnVlR0TDgwOHk1S0xQUy9BQ1JCWHRLNzRtenNsMml1dVQydWtERjFEU0h0bkJGT2RwUXE1M1JCcVpablE2Y2VGV2YvVEE2RGFIRUE5L0x1K0JIQXhLVE1aNVNmN3AxeHdjRUo2V0hwREZSRTJYaThNNnB1VnozMlVXZEVPajhBL3d3ODlkTVN3bW54RTEwSG0ybzRQZFFNNEFrVytUYThub2IvMFRtUlBZamoyZElWKzR1bStZQ1IwU3FXbkYvSm1FU2FlMTFXYUo0SG9kc1BDME9CNUNKeE9IelE5d2dmNFNJRXBKNUdlVzJ3VHUrQWJZRFluK0hib0xvVTdWQ0ZISjZmOWF3by83aVJES1dxbU9Zd1lhRTlLVmhZSUdlWmlBOUFtcTM2ZVBaRWNKNEFSQUhENk5EaC9hN3REdnVFbm16WkRxekRWOXd4cVcvZFdKa2tlWWJqZWlmZnZLS0F1VEVCZEZQcXJkTExiNWRyQmxsZWtaSDRlT3VVS0ZBSXFBRG1JMjRUMnBKRXZxOUFUa2xxMjg2TEplUzdscVo2UytoVU5SdXk1OE1lcFN6aU05ZkVXTkdIM2tKM3Q5bmx1TGtYb1F5bGxxQVR3K3BVUVlia1VybDFKRm9lZDViNzYraGJRdmtUb2FNTEVGZmZYZ3lYRDRiOUVjRnJpcTVvWVExOHJHSTJpMnVBZ3E0TmljbUlKUUtXY2lSWDh1dE5MVDNRUzVRSkQrTjVJUU8rSGhpeFhRRjJvSEdQYjBoVT0iLCJtYWMiOiI5MTdmNWRkZGE5OTEwNzQ3MjhkYWVhYjRlNjk0MWZlMmI5OTQ4YzlmZWI1M2I4OGVkMjE1MjMxNjUwOWRmZTU2IiwidGFnIjoiIn0=',
+            'updated_at'           => now(),
+            'created_at'           => now(),
+        ]);
+
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('DELETE', '/api/v1/users/' . $this->user->id . '/credentials');
+
+        $this->assertDatabaseMissing('webauthn_credentials', [
+            'authenticatable_id' => $this->user->id,
+        ]);
+    }
+
+    /**
+     * @test
+     */
+    public function test_revokeWebauthnCredentials_returns_no_content()
+    {
+        DB::table('webauthn_credentials')->insert([
+            'id'                   => '-VOLFKPY-_FuMI_sJ7gMllK76L3VoRUINj6lL_Z3qDg',
+            'authenticatable_type' => \App\Models\User::class,
+            'authenticatable_id'   => $this->user->id,
+            'user_id'              => 'e8af6f703f8042aa91c30cf72289aa07',
+            'counter'              => 0,
+            'rp_id'                => 'http://localhost',
+            'origin'               => 'http://localhost',
+            'aaguid'               => '00000000-0000-0000-0000-000000000000',
+            'attestation_format'   => 'none',
+            'public_key'           => 'eyJpdiI6Imp0U0NVeFNNbW45KzEvMXpad2p2SUE9PSIsInZhbHVlIjoic0VxZ2I1WnlHM2lJakhkWHVkK2kzMWtibk1IN2ZlaExGT01qOElXMDdRTjhnVlR0TDgwOHk1S0xQUy9BQ1JCWHRLNzRtenNsMml1dVQydWtERjFEU0h0bkJGT2RwUXE1M1JCcVpablE2Y2VGV2YvVEE2RGFIRUE5L0x1K0JIQXhLVE1aNVNmN3AxeHdjRUo2V0hwREZSRTJYaThNNnB1VnozMlVXZEVPajhBL3d3ODlkTVN3bW54RTEwSG0ybzRQZFFNNEFrVytUYThub2IvMFRtUlBZamoyZElWKzR1bStZQ1IwU3FXbkYvSm1FU2FlMTFXYUo0SG9kc1BDME9CNUNKeE9IelE5d2dmNFNJRXBKNUdlVzJ3VHUrQWJZRFluK0hib0xvVTdWQ0ZISjZmOWF3by83aVJES1dxbU9Zd1lhRTlLVmhZSUdlWmlBOUFtcTM2ZVBaRWNKNEFSQUhENk5EaC9hN3REdnVFbm16WkRxekRWOXd4cVcvZFdKa2tlWWJqZWlmZnZLS0F1VEVCZEZQcXJkTExiNWRyQmxsZWtaSDRlT3VVS0ZBSXFBRG1JMjRUMnBKRXZxOUFUa2xxMjg2TEplUzdscVo2UytoVU5SdXk1OE1lcFN6aU05ZkVXTkdIM2tKM3Q5bmx1TGtYb1F5bGxxQVR3K3BVUVlia1VybDFKRm9lZDViNzYraGJRdmtUb2FNTEVGZmZYZ3lYRDRiOUVjRnJpcTVvWVExOHJHSTJpMnVBZ3E0TmljbUlKUUtXY2lSWDh1dE5MVDNRUzVRSkQrTjVJUU8rSGhpeFhRRjJvSEdQYjBoVT0iLCJtYWMiOiI5MTdmNWRkZGE5OTEwNzQ3MjhkYWVhYjRlNjk0MWZlMmI5OTQ4YzlmZWI1M2I4OGVkMjE1MjMxNjUwOWRmZTU2IiwidGFnIjoiIn0=',
+            'updated_at'           => now(),
+            'created_at'           => now(),
+        ]);
+
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('DELETE', '/api/v1/users/' . $this->user->id . '/credentials')
+            ->assertNoContent();
+    }
+
+    /**
+     * @test
+     */
+    public function test_revokeWebauthnCredentials_always_returns_no_content()
+    {
+        DB::table('webauthn_credentials')->delete();
+
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('DELETE', '/api/v1/users/' . $this->user->id . '/credentials')
+            ->assertNoContent();
+    }
+
+    /**
+     * @test
+     */
+    public function test_revokeWebauthnCredentials_resets_useWebauthnOnly_user_preference()
+    {
+        $this->user['preferences->useWebauthnOnly'] = true;
+        $this->user->save();
+
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('DELETE', '/api/v1/users/' . $this->user->id . '/credentials')
+            ->assertNoContent();
+
+        $this->user->refresh();
+        
+        $this->assertFalse($this->user->preferences['useWebauthnOnly']);
+    }
+
+    /**
+     * @test
+     */
+    public function test_destroy_returns_no_content()
+    {
+        $user = User::factory()->create();
+
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('DELETE', '/api/v1/users/' . $user->id)
+            ->assertNoContent();
+    }
+
+    /**
+     * @test
+     */
+    public function test_destroy_the_only_admin_returns_forbidden()
+    {
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('DELETE', '/api/v1/users/' . $this->admin->id)
+            ->assertForbidden();
+    }
+
+    /**
+     * @test
+     */
+    public function test_update_changes_admin_status(): void
+    {
+        $this->actingAs($this->admin, 'api-guard')
+            ->json('PUT', '/api/v1/users/' . $this->user->id, [
+                'is_admin' => true
+            ])
+            ->assertOk();
+
+        $this->user->refresh();
+        
+        $this->assertTrue($this->user->isAdministrator());
+    }
+
+    /**
+     * @test
+     */
+    public function test_update_returns_UserManagerResource(): void
+    {
+        $path = '/api/v1/users/' . $this->user->id;
+        $request  = Request::create($path, 'PUT');
+
+        $response = $this->actingAs($this->admin, 'api-guard')
+            ->json('PUT', $path, [
+                'is_admin' => true
+            ]);
+
+        $this->user->refresh();
+        $resources = UserManagerResource::make($this->user);
+
+        $response->assertExactJson($resources->response($request)->getData(true));
+    }
+
+
+}

tests/Feature/Http/Auth/UserControllerTest.php

@@ -5,8 +5,6 @@ namespace Tests\Feature\Http\Auth;
 use App\Http\Controllers\Auth\UserController;
 use App\Http\Middleware\RejectIfDemoMode;
 use App\Http\Requests\UserUpdateRequest;
-use App\Models\Group;
-use App\Models\TwoFAccount;
 use App\Models\User;
 use App\Observers\UserObserver;
 use App\Policies\UserPolicy;
@@ -220,43 +218,11 @@ class UserControllerTest extends FeatureTestCase
      */
     public function test_delete_user_returns_success()
     {
-        TwoFAccount::factory()->for($this->user)->create();
-        Group::factory()->for($this->user)->create();
-
-        $admin = User::factory()->administrator()->create();
-        $this->assertDatabaseCount('users', 2);
-
         $this->actingAs($this->user, 'web-guard')
             ->json('DELETE', '/user', [
                 'password' => self::PASSWORD,
             ])
             ->assertNoContent();
-
-        $this->assertDatabaseMissing('users', [
-            'id' => $this->user->id,
-        ]);
-        $this->assertDatabaseHas('users', [
-            'id' => $admin->id,
-        ]);
-        $this->assertDatabaseCount('users', 1);
-        $this->assertDatabaseMissing('twofaccounts', [
-            'user_id' => $this->user->id,
-        ]);
-        $this->assertDatabaseMissing('groups', [
-            'user_id' => $this->user->id,
-        ]);
-        $this->assertDatabaseMissing('webauthn_credentials', [
-            'authenticatable_id' => $this->user->id,
-        ]);
-        $this->assertDatabaseMissing('webauthn_recoveries', [
-            'email' => $this->user->email,
-        ]);
-        $this->assertDatabaseMissing('oauth_access_tokens', [
-            'user_id' => $this->user->id,
-        ]);
-        $this->assertDatabaseMissing('password_resets', [
-            'email' => $this->user->email,
-        ]);
     }
 
     /**

tests/Feature/Models/UserModelTest.php

@@ -2,8 +2,20 @@
 
 namespace Tests\Feature\Models;
 
+use App\Extensions\WebauthnCredentialBroker;
+use App\Models\Group;
+use App\Models\TwoFAccount;
 use App\Models\User;
+use Database\Factories\UserFactory;
+use Illuminate\Auth\Events\PasswordReset;
+use Illuminate\Http\Testing\FileFactory;
+use Illuminate\Support\Carbon;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Event;
+use Illuminate\Support\Facades\Password;
+use Illuminate\Support\Facades\Storage;
 use PHPUnit\Framework\Attributes\CoversClass;
+use Tests\Data\OtpTestData;
 use Tests\FeatureTestCase;
 
 /**
@@ -34,4 +46,149 @@ class UserModelTest extends FeatureTestCase
         $this->assertEquals($admins[0]->name, $firstAdmin->name);
         $this->assertEquals($admins[1]->name, $secondAdmin->name);
     }
+
+    /**
+     * @test
+     */
+    public function test_isAdministrator_returns_correct_state()
+    {
+        $user = User::factory()->create();
+        $admin = User::factory()->administrator()->create();
+
+        $this->assertEquals($user->isAdministrator(), false);
+        $this->assertEquals($admin->isAdministrator(), true);
+    }
+
+    /**
+     * @test
+     */
+    public function test_promoteToAdministrator_sets_administrator_status()
+    {
+        $user = User::factory()->create();
+
+        $user->promoteToAdministrator();
+
+        $this->assertEquals($user->isAdministrator(), true);
+    }
+
+    /**
+     * @test
+     */
+    public function test_promoteToAdministrator_demote_administrator_status()
+    {
+        $user = User::factory()->administrator()->create();
+
+        $user->promoteToAdministrator(false);
+
+        $this->assertEquals($user->isAdministrator(), false);
+    }
+
+    /**
+     * @test
+     */
+    public function test_resetPassword_resets_password_with_success()
+    {
+        $user = User::factory()->create();
+        $oldPassword = $user->password;
+
+        $user->resetPassword();
+
+        $this->assertNotEquals($user->password, $oldPassword);
+    }
+
+    /**
+     * @test
+     */
+    public function test_resetPassword_dispatch_event()
+    {
+        Event::fake();
+        $user = User::factory()->create();
+
+        Event::assertDispatched(
+            PasswordReset::class,
+            $user->resetPassword()
+        );
+    }
+
+    /**
+     * @test
+     */
+    public function test_delete_removes_user_data()
+    {
+        $user = User::factory()->create();
+        TwoFAccount::factory()->for($user)->create();
+        Group::factory()->for($user)->create();
+        
+        DB::table('webauthn_credentials')->insert([
+            'id'                   => '-VOLFKPY-_FuMI_sJ7gMllK76L3VoRUINj6lL_Z3qDg',
+            'authenticatable_type' => \App\Models\User::class,
+            'authenticatable_id'   => $user->id,
+            'user_id'              => 'e8af6f703f8042aa91c30cf72289aa07',
+            'counter'              => 0,
+            'rp_id'                => 'http://localhost',
+            'origin'               => 'http://localhost',
+            'aaguid'               => '00000000-0000-0000-0000-000000000000',
+            'attestation_format'   => 'none',
+            'public_key'           => 'eyJpdiI6Imp0U0NVeFNNbW45KzEvMXpad2p2SUE9PSIsInZhbHVlIjoic0VxZ2I1WnlHM2lJakhkWHVkK2kzMWtibk1IN2ZlaExGT01qOElXMDdRTjhnVlR0TDgwOHk1S0xQUy9BQ1JCWHRLNzRtenNsMml1dVQydWtERjFEU0h0bkJGT2RwUXE1M1JCcVpablE2Y2VGV2YvVEE2RGFIRUE5L0x1K0JIQXhLVE1aNVNmN3AxeHdjRUo2V0hwREZSRTJYaThNNnB1VnozMlVXZEVPajhBL3d3ODlkTVN3bW54RTEwSG0ybzRQZFFNNEFrVytUYThub2IvMFRtUlBZamoyZElWKzR1bStZQ1IwU3FXbkYvSm1FU2FlMTFXYUo0SG9kc1BDME9CNUNKeE9IelE5d2dmNFNJRXBKNUdlVzJ3VHUrQWJZRFluK0hib0xvVTdWQ0ZISjZmOWF3by83aVJES1dxbU9Zd1lhRTlLVmhZSUdlWmlBOUFtcTM2ZVBaRWNKNEFSQUhENk5EaC9hN3REdnVFbm16WkRxekRWOXd4cVcvZFdKa2tlWWJqZWlmZnZLS0F1VEVCZEZQcXJkTExiNWRyQmxsZWtaSDRlT3VVS0ZBSXFBRG1JMjRUMnBKRXZxOUFUa2xxMjg2TEplUzdscVo2UytoVU5SdXk1OE1lcFN6aU05ZkVXTkdIM2tKM3Q5bmx1TGtYb1F5bGxxQVR3K3BVUVlia1VybDFKRm9lZDViNzYraGJRdmtUb2FNTEVGZmZYZ3lYRDRiOUVjRnJpcTVvWVExOHJHSTJpMnVBZ3E0TmljbUlKUUtXY2lSWDh1dE5MVDNRUzVRSkQrTjVJUU8rSGhpeFhRRjJvSEdQYjBoVT0iLCJtYWMiOiI5MTdmNWRkZGE5OTEwNzQ3MjhkYWVhYjRlNjk0MWZlMmI5OTQ4YzlmZWI1M2I4OGVkMjE1MjMxNjUwOWRmZTU2IiwidGFnIjoiIn0=',
+            'updated_at'           => now(),
+            'created_at'           => now(),
+        ]);
+
+        $user->createToken('myToken', []);
+        Password::broker('webauthn')->createToken($user);
+        Password::broker()->createToken($user);
+
+        $user->delete();
+        
+        $this->assertDatabaseMissing('twofaccounts', [
+            'user_id' => $user->id,
+        ]);
+        $this->assertDatabaseMissing('groups', [
+            'user_id' => $user->id,
+        ]);
+        $this->assertDatabaseMissing('webauthn_credentials', [
+            'authenticatable_id' => $user->id,
+        ]);
+        $this->assertDatabaseMissing(config('auth.passwords.webauthn.table'), [
+            'email' => $user->email,
+        ]);
+        $this->assertDatabaseMissing('oauth_access_tokens', [
+            'user_id' => $user->id,
+        ]);
+        $this->assertDatabaseMissing(config('auth.passwords.users.table'), [
+            'email' => $user->email,
+        ]);
+    }
+
+    /**
+     * @test
+     */
+    public function test_delete_flushes_icons_of_user_twofaccounts()
+    {
+        Storage::fake('icons');
+
+        $user = User::factory()->create();
+
+        $twofaccount = TwoFAccount::factory()->for($user)->create();
+        $twofaccount->setIcon(base64_decode(OtpTestData::ICON_PNG_DATA), 'png');
+        $twofaccount->save();
+        Storage::disk('icons')->assertExists($twofaccount->icon);
+
+        $user->delete();
+
+        Storage::disk('icons')->assertMissing($twofaccount->icon);
+    }
+
+    /**
+     * @test
+     */
+    public function test_delete_does_not_delete_the_only_admin()
+    {
+        $admin = User::factory()->administrator()->create();
+        $this->assertEquals(1, User::admins()->count());
+
+        $isDeleted = $admin->delete();
+
+        $this->assertFalse($isDeleted);
+    }
 }

tests/FeatureTestCase.php

@@ -11,7 +11,7 @@ abstract class FeatureTestCase extends BaseTestCase
     use CreatesApplication;
 
     /**
-     * Rollback and execute migrations for each test.
+     * Refresh db only when test is using database transaction.
      */
     use LazilyRefreshDatabase;
 

tests/Unit/Listeners/RegisterOpenIdTest.php

@@ -0,0 +1,45 @@
+<?php
+
+namespace Tests\Unit\Listeners;
+
+use App\Listeners\RegisterOpenId;
+use App\Providers\Socialite\OpenId;
+use Illuminate\Support\Facades\Event;
+use Laravel\Socialite\SocialiteManager;
+use Laravel\Socialite\Contracts\Factory as SocialiteFactory;
+use PHPUnit\Framework\Attributes\CoversClass;
+use SocialiteProviders\Manager\SocialiteWasCalled;
+use Tests\TestCase;
+
+/**
+ * RegisterOpenIdTest test class
+ */
+#[CoversClass(RegisterOpenId::class)]
+class RegisterOpenIdTest extends TestCase
+{
+    /**
+     * @test
+     */
+    public function test_it_registers_openId_driver()
+    {
+        /** @var SocialiteManager $socialite */
+        $socialite = app(SocialiteFactory::class);
+
+        $driver = $socialite->driver('openid');
+
+        $this->assertInstanceOf(OpenId::class, $driver);
+    }
+
+    /**
+     * @test
+     */
+    public function test_RegisterOpenId_listen_to_SocialiteWasCalled_event()
+    {
+        Event::fake();
+
+        Event::assertListening(
+            SocialiteWasCalled::class,
+            RegisterOpenId::class
+        );
+    }
+}