✅ add tests for password reset (#2734)

tests/Feature/Frontend/AuthTest.php → tests/Feature/Frontend/Auth/LoginTest.php

@@ -1,13 +1,13 @@
 <?php
 
-namespace Tests\Feature\Frontend;
+namespace Tests\Feature\Frontend\Auth;
 
 use App\Models\User;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Support\Facades\Hash;
 use Tests\FeatureTestCase;
 
-class AuthTest extends FeatureTestCase
+class LoginTest extends FeatureTestCase
 {
     use RefreshDatabase;
 
@@ -53,20 +53,4 @@ public function testTooManyLoginAttempts(): void {
         $response->assertSessionHasErrors('login');
         $this->assertGuest();
     }
-
-    public function testSuccessfulRegistration(): void {
-        $this->assertGuest();
-        $this->assertDatabaseMissing('users', ['username' => 'alice123']);
-        $response = $this->followingRedirects()
-                         ->post(route('register', [
-                             'username'              => 'alice123',
-                             'name'                  => 'Alice',
-                             'email'                 => '[email protected]',
-                             'password'              => 'password',
-                             'password_confirmation' => 'password',
-                         ]));
-        $response->assertOk();
-        $response->assertViewIs('legal.privacy-interception');
-        $this->assertDatabaseHas('users', ['username' => 'alice123']);
-    }
 }

tests/Feature/Frontend/Auth/PasswordResetTest.php

@@ -0,0 +1,77 @@
+<?php
+
+namespace Tests\Feature\Frontend\Auth;
+
+use App\Models\User;
+use Illuminate\Auth\Notifications\ResetPassword;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Illuminate\Support\Facades\DB;
+use Illuminate\Support\Facades\Notification;
+use Tests\FeatureTestCase;
+
+class PasswordResetTest extends FeatureTestCase
+{
+    use RefreshDatabase;
+
+    public function testPasswordReset(): void {
+        $this->assertGuest();
+        Notification::fake();
+
+        $user     = User::factory()->create();
+        $response = $this->followingRedirects()
+                         ->post(route('password.email'), [
+                             'email' => $user->email,
+                         ]);
+        $response->assertOk();
+
+        Notification::assertSentTo($user, ResetPassword::class);
+    }
+
+    public function testPasswordResetWithWrongEmail(): void {
+        $this->assertGuest();
+        Notification::fake();
+        $response = $this->post(route('password.email'), [
+            'email' => '[email protected]'
+        ]);
+        $response->assertSessionHasErrors('email');
+        Notification::assertNothingSent();
+    }
+
+    public function testPasswordResetWithCorrectToken(): void {
+        $this->assertGuest();
+
+        $user = User::factory()->create();
+        Notification::fake();
+        $response = $this->followingRedirects()
+                         ->post(route('password.email'), [
+                             'email' => $user->email,
+                         ]);
+        $response->assertOk();
+        Notification::assertSentTo($user, ResetPassword::class);
+
+        $newToken = 'some random token, because we cannot access the real token';
+        $token    = hash('sha256', $newToken);
+        DB::table('password_resets')->where('email', $user->email)->update(['token' => $token]);
+
+        $response = $this->get(route('password.reset', ['token' => $token]));
+        $response->assertOk();
+
+        $response = $this->followingRedirects()
+                         ->post(route('password.update'), [
+                             'token'                 => 'wrong token',
+                             'email'                 => $user->email,
+                             'password'              => 'GoodPassword123!',
+                             'password_confirmation' => 'GoodPassword123!',
+                         ]);
+        $response->assertSeeText('This password reset token is invalid.');
+
+        $response = $this->followingRedirects()
+                         ->post(route('password.update'), [
+                             'token'                 => $newToken,
+                             'email'                 => $user->email,
+                             'password'              => 'GoodPassword123!',
+                             'password_confirmation' => 'GoodPassword123!',
+                         ]);
+        $response->assertOk();
+    }
+}

tests/Feature/Frontend/Auth/RegisterTest.php

@@ -0,0 +1,27 @@
+<?php
+
+namespace Tests\Feature\Frontend\Auth;
+
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Tests\FeatureTestCase;
+
+class RegisterTest extends FeatureTestCase
+{
+    use RefreshDatabase;
+
+    public function testSuccessfulRegistration(): void {
+        $this->assertGuest();
+        $this->assertDatabaseMissing('users', ['username' => 'alice123']);
+        $response = $this->followingRedirects()
+                         ->post(route('register', [
+                             'username'              => 'alice123',
+                             'name'                  => 'Alice',
+                             'email'                 => '[email protected]',
+                             'password'              => 'password',
+                             'password_confirmation' => 'password',
+                         ]));
+        $response->assertOk();
+        $response->assertViewIs('legal.privacy-interception');
+        $this->assertDatabaseHas('users', ['username' => 'alice123']);
+    }
+}