0ct0pu5
/
2FAuth


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184
							<?php

namespace Tests\Feature\Auth;

use App\Models\User;
use Tests\FeatureTestCase;

class LoginTest extends FeatureTestCase
{
    /**
     * @var \App\Models\User
     */
    protected $user;

    private const PASSWORD = 'password';
    private const WRONG_PASSWORD = 'wrong_password';

    /**
     * @test
     */
    public function setUp(): void
    {
        parent::setUp();

        $this->user = User::factory()->create();
    }


    /**
     * @test
     */
    public function test_user_login_returns_success()
    {
        $response = $this->json('POST', '/user/login', [
            'email' => $this->user->email,
            'password' => self::PASSWORD
        ])
        ->assertOk()
        ->assertExactJson([
            'message' => 'authenticated',
            'name' => $this->user->name,
        ]);
    }


    /**
     * @test
     */
    public function test_user_login_already_authenticated_returns_bad_request()
    {
        $response = $this->json('POST', '/user/login', [
            'email' => $this->user->email,
            'password' => self::PASSWORD
        ]);

        $response = $this->actingAs($this->user, 'web-guard')
            ->json('POST', '/user/login', [
                'email' => $this->user->email,
                'password' => self::PASSWORD
            ])
            ->assertStatus(400)
            ->assertJson([
                'message' => __('auth.already_authenticated')
            ]);
    }


    /**
     * @test
     */
    public function test_user_login_with_missing_data_returns_validation_error()
    {
        $response = $this->json('POST', '/user/login', [
            'email' => '',
            'password' => ''
        ])
        ->assertStatus(422)
        ->assertJsonValidationErrors([
            'email',
            'password'
        ]);
    }


    /**
     * @test
     */
    public function test_user_login_with_invalid_credentials_returns_validation_error()
    {
        $response = $this->json('POST', '/user/login', [
            'email' => $this->user->email,
            'password' => self::WRONG_PASSWORD
        ])
        ->assertStatus(401)
        ->assertJson([
            'message' => 'unauthorised'
        ]);
    }


    /**
     * @test
     */
    public function test_too_many_login_attempts_with_invalid_credentials_returns_too_many_request_error()
    {
        $response = $this->json('POST', '/user/login', [
            'email' => $this->user->email,
            'password' => self::WRONG_PASSWORD
        ]);

        $response = $this->json('POST', '/user/login', [
            'email' => $this->user->email,
            'password' => self::WRONG_PASSWORD
        ]);

        $response = $this->json('POST', '/user/login', [
            'email' => $this->user->email,
            'password' => self::WRONG_PASSWORD
        ]);

        $response = $this->json('POST', '/user/login', [
            'email' => $this->user->email,
            'password' => self::WRONG_PASSWORD
        ]);

        $response = $this->json('POST', '/user/login', [
            'email' => $this->user->email,
            'password' => self::WRONG_PASSWORD
        ]);

        $response = $this->json('POST', '/user/login', [
            'email' => $this->user->email,
            'password' => self::WRONG_PASSWORD
        ]);

        $response->assertStatus(429);
    }


    /**
     * @test
     */
    public function test_user_logout_returns_validation_success()
    {
        $response = $this->json('POST', '/user/login', [
            'email' => $this->user->email,
            'password' => self::PASSWORD
        ]);

        $response = $this->actingAs($this->user, 'web-guard')
            ->json('GET', '/user/logout')
            ->assertOk()
            ->assertExactJson([
                'message' => 'signed out',
            ]);
    }


    /**
     * @test
     */
    public function test_user_logout_after_inactivity_returns_unauthorized()
    {
        // Set the autolock period to 1 minute
        $settingService = resolve('App\Services\SettingService');
        $settingService->set('kickUserAfter', 1);

        $response = $this->json('POST', '/user/login', [
            'email' => $this->user->email,
            'password' => self::PASSWORD
        ]);

        // Ping a protected endpoint to log last_seen_at time
        $response = $this->actingAs($this->user, 'api-guard')
            ->json('GET', '/api/v1/twofaccounts');

        sleep(61);

        $response = $this->actingAs($this->user, 'api-guard')
            ->json('GET', '/api/v1/twofaccounts')
            ->assertUnauthorized();
    }

}