yisroelbaum/TIDE
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

test post and comment controllers

Browse source 
Adds AuthenticatesUsers feature trait that runs the full
signup -> confirm -> login flow and exposes the resulting auth
cookie. Bumps phpunit defaultTimeLimit to 30 seconds so the
multi-bcrypt-per-test feature flow finishes inside the limit.
This commit is contained in:
Yisroel Baum 2026-05-06 22:26:10 +03:00
parent fa63005db7
commit 8614858558
Signed by: yisroelbaum
GPG key ID: 0FA60884F75520A9
4 changed files with 401 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

172
backend/tests/Feature/Comment/CommentFlowTest.php Normal file
View file

@ -0,0 +1,172 @@
<?php
namespace Tests\Feature\Comment;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Tests\Feature\AuthenticatesUsers;
use Tests\TestCase;
class CommentFlowTest extends TestCase
{
use AuthenticatesUsers;
use RefreshDatabase;
private function createPost(string $cookie, string $title): int
{
$response = $this->withCredentials()->withUnencryptedCookie('auth_token', $cookie)
->postJson('/api/posts', [
'title' => $title,
'body' => 'b',
]);
$response->assertStatus(201);
return $response->json('post.id');
}
public function test_anonymous_can_list_comments(): void
{
$alice = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$postId = $this->createPost($alice['cookie'], 'P1');
$response = $this->getJson("/api/posts/{$postId}/comments");
$response->assertStatus(200);
$response->assertJsonPath('comments', []);
}
public function test_authenticated_user_creates_comment(): void
{
$alice = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$postId = $this->createPost($alice['cookie'], 'P1');
$bob = $this->signupAndLogin(
email: 'bob@example.com',
displayName: 'bob',
password: 'longenoughpassword',
);
$response = $this->withCredentials()->withUnencryptedCookie('auth_token', $bob['cookie'])
->postJson("/api/posts/{$postId}/comments", [
'body' => 'nice post',
]);
$response->assertStatus(201);
$response->assertJsonPath('comment.body', 'nice post');
$response->assertJsonPath('comment.authorDisplayName', 'bob');
}
public function test_anonymous_cannot_create_comment(): void
{
$alice = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$postId = $this->createPost($alice['cookie'], 'P1');
$this->resetClientState();
$this->postJson("/api/posts/{$postId}/comments", [
'body' => 'hi',
])->assertStatus(401);
}
public function test_create_on_missing_post_returns_404(): void
{
$alice = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$this->withCredentials()->withUnencryptedCookie('auth_token', $alice['cookie'])
->postJson('/api/posts/9999/comments', [
'body' => 'hi',
])->assertStatus(404);
}
public function test_author_deletes_own_comment(): void
{
$alice = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$postId = $this->createPost($alice['cookie'], 'P1');
$bob = $this->signupAndLogin(
email: 'bob@example.com',
displayName: 'bob',
password: 'longenoughpassword',
);
$createResponse = $this->withCredentials()->withUnencryptedCookie('auth_token', $bob['cookie'])
->postJson("/api/posts/{$postId}/comments", [
'body' => 'nice',
]);
$commentId = $createResponse->json('comment.id');
$this->withCredentials()->withUnencryptedCookie('auth_token', $bob['cookie'])
->deleteJson("/api/comments/{$commentId}")
->assertStatus(204);
}
public function test_other_user_cannot_delete_comment(): void
{
$alice = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$postId = $this->createPost($alice['cookie'], 'P1');
$bob = $this->signupAndLogin(
email: 'bob@example.com',
displayName: 'bob',
password: 'longenoughpassword',
);
$createResponse = $this->withCredentials()->withUnencryptedCookie('auth_token', $bob['cookie'])
->postJson("/api/posts/{$postId}/comments", [
'body' => 'nice',
]);
$commentId = $createResponse->json('comment.id');
$this->withCredentials()->withUnencryptedCookie('auth_token', $alice['cookie'])
->deleteJson("/api/comments/{$commentId}")
->assertStatus(403);
}
public function test_admin_deletes_any_comment(): void
{
$alice = $this->signupAndLogin(
email: 'alice@example.com',
displayName: 'alice',
password: 'longenoughpassword',
);
$postId = $this->createPost($alice['cookie'], 'P1');
$bob = $this->signupAndLogin(
email: 'bob@example.com',
displayName: 'bob',
password: 'longenoughpassword',
);
$createResponse = $this->withCredentials()->withUnencryptedCookie('auth_token', $bob['cookie'])
->postJson("/api/posts/{$postId}/comments", [
'body' => 'nice',
]);
$commentId = $createResponse->json('comment.id');
$this->promoteToAdmin($alice['user']->getId());
$loginResponse = $this->postJson('/api/login', [
'email' => 'alice@example.com',
'password' => 'longenoughpassword',
]);
$aliceCookie = $loginResponse->getCookie('auth_token', false);
$this->withCredentials()->withUnencryptedCookie('auth_token', $aliceCookie->getValue())
->deleteJson("/api/comments/{$commentId}")
->assertStatus(204);
}
}