From db18fae479ce994f97ea0947d62644ff539825c8 Mon Sep 17 00:00:00 2001 From: Yisroel Baum Date: Thu, 2 Jul 2026 01:16:18 +0300 Subject: [PATCH] test auth cookies --- .../Unit/Controllers/AuthControllerTest.php | 86 +++++++++++++++++++ 1 file changed, 86 insertions(+) diff --git a/backend/tests/Unit/Controllers/AuthControllerTest.php b/backend/tests/Unit/Controllers/AuthControllerTest.php index 29ce7de..4104b53 100644 --- a/backend/tests/Unit/Controllers/AuthControllerTest.php +++ b/backend/tests/Unit/Controllers/AuthControllerTest.php @@ -2,6 +2,7 @@ namespace Tests\Unit\Controllers; +use App\Auth\AuthCookieSettings; use App\Auth\UseCases\AuthenticateUser\AuthenticateUser; use App\Auth\UseCases\CreateSession\CreateSession; use App\Auth\UseCases\Logout\Logout; @@ -60,6 +61,11 @@ class AuthControllerTest extends TestCase $authenticateUser, $createSession, $logout, + new AuthCookieSettings( + secure: false, + domain: null, + sameSite: 'lax', + ), ); } @@ -104,6 +110,32 @@ class AuthControllerTest extends TestCase ); } + public function testLoginUsesConfiguredCookieSettings(): void + { + $this->controller = $this->controllerWithCookieSettings( + new AuthCookieSettings( + secure: true, + domain: '.example.com', + sameSite: 'none', + ) + ); + $this->seedStartupUser('user@example.com', 'password'); + + $request = new Request([ + 'email' => 'user@example.com', + 'password' => 'password', + ]); + $response = $this->controller->login($request); + + $cookies = $response->headers->getCookies(); + $this->assertCount(1, $cookies); + $cookie = $cookies[0]; + + $this->assertTrue($cookie->isSecure()); + $this->assertSame('.example.com', $cookie->getDomain()); + $this->assertSame('none', $cookie->getSameSite()); + } + public function testLoginReturns400WhenEmailMissing(): void { $request = new Request(['password' => 'correctpassword']); @@ -160,6 +192,38 @@ class AuthControllerTest extends TestCase $this->assertSame('', $cookies[0]->getValue()); } + public function testLogoutUsesConfiguredCookieSettings(): void + { + $this->controller = $this->controllerWithCookieSettings( + new AuthCookieSettings( + secure: true, + domain: '.example.com', + sameSite: 'none', + ) + ); + $this->seedStartupUser('user@example.com', 'correctpassword'); + $loginRequest = new Request([ + 'email' => 'user@example.com', + 'password' => 'correctpassword', + ]); + $this->controller->login($loginRequest); + + $logoutRequest = new Request(); + $logoutRequest->cookies->set( + AuthMiddleware::COOKIE_NAME, + 'session-token-1' + ); + $response = $this->controller->logout($logoutRequest); + + $cookies = $response->headers->getCookies(); + $this->assertCount(1, $cookies); + $cookie = $cookies[0]; + + $this->assertTrue($cookie->isSecure()); + $this->assertSame('.example.com', $cookie->getDomain()); + $this->assertSame('none', $cookie->getSameSite()); + } + public function testMeReturns200WithUserWhenAuthenticated(): void { $email = 'me@example.com'; @@ -180,4 +244,26 @@ class AuthControllerTest extends TestCase $this->assertSame($user->getId(), $body['user']['id']); $this->assertSame($email, $body['user']['email']); } + + private function controllerWithCookieSettings( + AuthCookieSettings $cookieSettings, + ): AuthController { + $authenticateUser = new AuthenticateUser( + $this->userRepo, + $this->hasher, + ); + $createSession = new CreateSession( + $this->sessionRepo, + $this->tokenGenerator, + $this->clock, + ); + $logout = new Logout($this->sessionRepo); + + return new AuthController( + $authenticateUser, + $createSession, + $logout, + $cookieSettings, + ); + } }