test auth cookies

This commit is contained in:
Yisroel Baum 2026-07-02 01:16:18 +03:00
parent 0d2c44da13
commit db18fae479
Signed by: yisroelbaum
GPG key ID: 0FA60884F75520A9

View file

@ -2,6 +2,7 @@
namespace Tests\Unit\Controllers; namespace Tests\Unit\Controllers;
use App\Auth\AuthCookieSettings;
use App\Auth\UseCases\AuthenticateUser\AuthenticateUser; use App\Auth\UseCases\AuthenticateUser\AuthenticateUser;
use App\Auth\UseCases\CreateSession\CreateSession; use App\Auth\UseCases\CreateSession\CreateSession;
use App\Auth\UseCases\Logout\Logout; use App\Auth\UseCases\Logout\Logout;
@ -60,6 +61,11 @@ class AuthControllerTest extends TestCase
$authenticateUser, $authenticateUser,
$createSession, $createSession,
$logout, $logout,
new AuthCookieSettings(
secure: false,
domain: null,
sameSite: 'lax',
),
); );
} }
@ -104,6 +110,32 @@ class AuthControllerTest extends TestCase
); );
} }
public function testLoginUsesConfiguredCookieSettings(): void
{
$this->controller = $this->controllerWithCookieSettings(
new AuthCookieSettings(
secure: true,
domain: '.example.com',
sameSite: 'none',
)
);
$this->seedStartupUser('user@example.com', 'password');
$request = new Request([
'email' => 'user@example.com',
'password' => 'password',
]);
$response = $this->controller->login($request);
$cookies = $response->headers->getCookies();
$this->assertCount(1, $cookies);
$cookie = $cookies[0];
$this->assertTrue($cookie->isSecure());
$this->assertSame('.example.com', $cookie->getDomain());
$this->assertSame('none', $cookie->getSameSite());
}
public function testLoginReturns400WhenEmailMissing(): void public function testLoginReturns400WhenEmailMissing(): void
{ {
$request = new Request(['password' => 'correctpassword']); $request = new Request(['password' => 'correctpassword']);
@ -160,6 +192,38 @@ class AuthControllerTest extends TestCase
$this->assertSame('', $cookies[0]->getValue()); $this->assertSame('', $cookies[0]->getValue());
} }
public function testLogoutUsesConfiguredCookieSettings(): void
{
$this->controller = $this->controllerWithCookieSettings(
new AuthCookieSettings(
secure: true,
domain: '.example.com',
sameSite: 'none',
)
);
$this->seedStartupUser('user@example.com', 'correctpassword');
$loginRequest = new Request([
'email' => 'user@example.com',
'password' => 'correctpassword',
]);
$this->controller->login($loginRequest);
$logoutRequest = new Request();
$logoutRequest->cookies->set(
AuthMiddleware::COOKIE_NAME,
'session-token-1'
);
$response = $this->controller->logout($logoutRequest);
$cookies = $response->headers->getCookies();
$this->assertCount(1, $cookies);
$cookie = $cookies[0];
$this->assertTrue($cookie->isSecure());
$this->assertSame('.example.com', $cookie->getDomain());
$this->assertSame('none', $cookie->getSameSite());
}
public function testMeReturns200WithUserWhenAuthenticated(): void public function testMeReturns200WithUserWhenAuthenticated(): void
{ {
$email = 'me@example.com'; $email = 'me@example.com';
@ -180,4 +244,26 @@ class AuthControllerTest extends TestCase
$this->assertSame($user->getId(), $body['user']['id']); $this->assertSame($user->getId(), $body['user']['id']);
$this->assertSame($email, $body['user']['email']); $this->assertSame($email, $body['user']['email']);
} }
private function controllerWithCookieSettings(
AuthCookieSettings $cookieSettings,
): AuthController {
$authenticateUser = new AuthenticateUser(
$this->userRepo,
$this->hasher,
);
$createSession = new CreateSession(
$this->sessionRepo,
$this->tokenGenerator,
$this->clock,
);
$logout = new Logout($this->sessionRepo);
return new AuthController(
$authenticateUser,
$createSession,
$logout,
$cookieSettings,
);
}
} }