yisroelbaum/TIDE
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test post and comment controllers

Browse source 
Adds AuthenticatesUsers feature trait that runs the full
signup -> confirm -> login flow and exposes the resulting auth
cookie. Bumps phpunit defaultTimeLimit to 30 seconds so the
multi-bcrypt-per-test feature flow finishes inside the limit.
This commit is contained in:
Yisroel Baum 2026-05-06 22:26:10 +03:00
parent fa63005db7
commit 8614858558
Signed by: yisroelbaum
GPG key ID: 0FA60884F75520A9
4 changed files with 401 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
backend/phpunit.xml
View file

@ -4,6 +4,7 @@
bootstrap="vendor/autoload.php"
colors="true"
enforceTimeLimit="true"
defaultTimeLimit="30"
>
<testsuites>
<testsuite name="Unit">

72
backend/tests/Feature/AuthenticatesUsers.php Normal file
View file

@ -0,0 +1,72 @@
<?php
namespace Tests\Feature;
use App\Email\EmailConfirmationToken\EmailConfirmationTokenRepository;
use App\Shared\ValueObject\EmailAddress;
use App\User\User;
use App\User\UserRepository;
trait AuthenticatesUsers
{
/**
* @return array{user: User, cookie: string}
*/
private function signupAndLogin(
string $email,
string $displayName,
string $password,
): array {
$this->postJson('/api/signup', [
'email' => $email,
'displayName' => $displayName,
])->assertStatus(201);
$userRepo = $this->app->make(UserRepository::class);
$user = $userRepo->findByEmail(new EmailAddress($email));
$tokenRepo = $this->app->make(
EmailConfirmationTokenRepository::class,
);
$token = $tokenRepo->findByUser($user);
$this->postJson('/api/confirm-email', [
'token' => $token->getToken(),
'password' => $password,
])->assertStatus(200);
$loginResponse = $this->postJson('/api/login', [
'email' => $email,
'password' => $password,
]);
$loginResponse->assertStatus(200);
$cookie = $loginResponse->getCookie('auth_token', false);
$reloaded = $userRepo->findByEmail(new EmailAddress($email));
return [
'user' => $reloaded,
'cookie' => $cookie->getValue(),
];
}
private function resetClientState(): void
{
$this->defaultCookies = [];
$this->unencryptedCookies = [];
$this->withCredentials = false;
}
private function promoteToAdmin(int $userId): void
{
$userRepo = $this->app->make(UserRepository::class);
$user = $userRepo->find($userId);
$userRepo->update(new User(
id: $user->getId(),
email: $user->getEmail(),
displayName: $user->getDisplayName(),
passwordHash: $user->getPasswordHash(),
isAdmin: true,
emailConfirmedAt: $user->getEmailConfirmedAt(),
));
}
}

172
backend/tests/Feature/Comment/CommentFlowTest.php Normal file
View file

@ -0,0 +1,172 @@
<?php
namespace Tests\Feature\Comment;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\Feature\AuthenticatesUsers;
use Tests\TestCase;
class CommentFlowTest extends TestCase
{
use AuthenticatesUsers;
use RefreshDatabase;
private function createPost(string $cookie, string $title): int
{
$response = $this->withCredentials()->withUnencryptedCookie('auth_token', $cookie)
->postJson('/api/posts', [
'title' => $title,
'body' => 'b',
]);
$response->assertStatus(201);
return $response->json('post.id');
}
public function test_anonymous_can_list_comments(): void
{
$alice = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$postId = $this->createPost($alice['cookie'], 'P1');
$response = $this->getJson("/api/posts/{$postId}/comments");
$response->assertStatus(200);
$response->assertJsonPath('comments', []);
}
public function test_authenticated_user_creates_comment(): void
{
$alice = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$postId = $this->createPost($alice['cookie'], 'P1');
$bob = $this->signupAndLogin(
email: 'bob@example.com',
displayName: 'bob',
password: 'longenoughpassword',
);
$response = $this->withCredentials()->withUnencryptedCookie('auth_token', $bob['cookie'])
->postJson("/api/posts/{$postId}/comments", [
'body' => 'nice post',
]);
$response->assertStatus(201);
$response->assertJsonPath('comment.body', 'nice post');
$response->assertJsonPath('comment.authorDisplayName', 'bob');
}
public function test_anonymous_cannot_create_comment(): void
{
$alice = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$postId = $this->createPost($alice['cookie'], 'P1');
$this->resetClientState();
$this->postJson("/api/posts/{$postId}/comments", [
'body' => 'hi',
])->assertStatus(401);
}
public function test_create_on_missing_post_returns_404(): void
{
$alice = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$this->withCredentials()->withUnencryptedCookie('auth_token', $alice['cookie'])
->postJson('/api/posts/9999/comments', [
'body' => 'hi',
])->assertStatus(404);
}
public function test_author_deletes_own_comment(): void
{
$alice = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$postId = $this->createPost($alice['cookie'], 'P1');
$bob = $this->signupAndLogin(
email: 'bob@example.com',
displayName: 'bob',
password: 'longenoughpassword',
);
$createResponse = $this->withCredentials()->withUnencryptedCookie('auth_token', $bob['cookie'])
->postJson("/api/posts/{$postId}/comments", [
'body' => 'nice',
]);
$commentId = $createResponse->json('comment.id');
$this->withCredentials()->withUnencryptedCookie('auth_token', $bob['cookie'])
->deleteJson("/api/comments/{$commentId}")
->assertStatus(204);
}
public function test_other_user_cannot_delete_comment(): void
{
$alice = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$postId = $this->createPost($alice['cookie'], 'P1');
$bob = $this->signupAndLogin(
email: 'bob@example.com',
displayName: 'bob',
password: 'longenoughpassword',
);
$createResponse = $this->withCredentials()->withUnencryptedCookie('auth_token', $bob['cookie'])
->postJson("/api/posts/{$postId}/comments", [
'body' => 'nice',
]);
$commentId = $createResponse->json('comment.id');
$this->withCredentials()->withUnencryptedCookie('auth_token', $alice['cookie'])
->deleteJson("/api/comments/{$commentId}")
->assertStatus(403);
}
public function test_admin_deletes_any_comment(): void
{
$alice = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$postId = $this->createPost($alice['cookie'], 'P1');
$bob = $this->signupAndLogin(
email: 'bob@example.com',
displayName: 'bob',
password: 'longenoughpassword',
);
$createResponse = $this->withCredentials()->withUnencryptedCookie('auth_token', $bob['cookie'])
->postJson("/api/posts/{$postId}/comments", [
'body' => 'nice',
]);
$commentId = $createResponse->json('comment.id');
$this->promoteToAdmin($alice['user']->getId());
$loginResponse = $this->postJson('/api/login', [
'email' => 'alice@example.com',
'password' => 'longenoughpassword',
]);
$aliceCookie = $loginResponse->getCookie('auth_token', false);
$this->withCredentials()->withUnencryptedCookie('auth_token', $aliceCookie->getValue())
->deleteJson("/api/comments/{$commentId}")
->assertStatus(204);
}
}

156
backend/tests/Feature/Post/PostFlowTest.php Normal file
View file

@ -0,0 +1,156 @@
<?php
namespace Tests\Feature\Post;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\Feature\AuthenticatesUsers;
use Tests\TestCase;
class PostFlowTest extends TestCase
{
use AuthenticatesUsers;
use RefreshDatabase;
public function test_authenticated_user_creates_post(): void
{
$session = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$response = $this->withCredentials()->withUnencryptedCookie('auth_token', $session['cookie'])
->postJson('/api/posts', [
'title' => 'My Post',
'body' => 'Hello world',
]);
$response->assertStatus(201);
$response->assertJsonPath('post.title', 'My Post');
$response->assertJsonPath('post.authorDisplayName', 'alice');
}
public function test_anonymous_create_post_returns_401(): void
{
$this->postJson('/api/posts', [
'title' => 'My Post',
'body' => 'Hello world',
])->assertStatus(401);
}
public function test_recent_posts_are_public(): void
{
$session = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$this->withCredentials()->withUnencryptedCookie('auth_token', $session['cookie'])
->postJson('/api/posts', [
'title' => 'P1',
'body' => 'B1',
])->assertStatus(201);
$response = $this->getJson('/api/posts');
$response->assertStatus(200);
$response->assertJsonPath('posts.0.title', 'P1');
}
public function test_show_returns_404_when_missing(): void
{
$this->getJson('/api/posts/9999')->assertStatus(404);
}
public function test_user_posts_listed_by_display_name(): void
{
$session = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$this->withCredentials()->withUnencryptedCookie('auth_token', $session['cookie'])
->postJson('/api/posts', [
'title' => 'A1',
'body' => 'b',
])->assertStatus(201);
$response = $this->getJson('/api/users/alice/posts');
$response->assertStatus(200);
$response->assertJsonPath('user.displayName', 'alice');
$response->assertJsonPath('posts.0.title', 'A1');
}
public function test_other_user_cannot_delete_post(): void
{
$alice = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$createResponse = $this->withCredentials()->withUnencryptedCookie('auth_token', $alice['cookie'])
->postJson('/api/posts', [
'title' => 'A1',
'body' => 'b',
]);
$postId = $createResponse->json('post.id');
$bob = $this->signupAndLogin(
email: 'bob@example.com',
displayName: 'bob',
password: 'longenoughpassword',
);
$this->withCredentials()->withUnencryptedCookie('auth_token', $bob['cookie'])
->deleteJson("/api/posts/{$postId}")
->assertStatus(403);
}
public function test_author_deletes_own_post(): void
{
$alice = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$createResponse = $this->withCredentials()->withUnencryptedCookie('auth_token', $alice['cookie'])
->postJson('/api/posts', [
'title' => 'A1',
'body' => 'b',
]);
$postId = $createResponse->json('post.id');
$this->withCredentials()->withUnencryptedCookie('auth_token', $alice['cookie'])
->deleteJson("/api/posts/{$postId}")
->assertStatus(204);
}
public function test_admin_deletes_anyones_post(): void
{
$alice = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$createResponse = $this->withCredentials()->withUnencryptedCookie('auth_token', $alice['cookie'])
->postJson('/api/posts', [
'title' => 'A1',
'body' => 'b',
]);
$postId = $createResponse->json('post.id');
$bob = $this->signupAndLogin(
email: 'bob@example.com',
displayName: 'bob',
password: 'longenoughpassword',
);
$this->promoteToAdmin($bob['user']->getId());
// Re-login bob to get a fresh cookie/payload
$loginResponse = $this->postJson('/api/login', [
'email' => 'bob@example.com',
'password' => 'longenoughpassword',
]);
$bobCookie = $loginResponse->getCookie('auth_token', false);
$this->withCredentials()->withUnencryptedCookie('auth_token', $bobCookie->getValue())
->deleteJson("/api/posts/{$postId}")
->assertStatus(204);
}
}