summaryrefslogtreecommitdiff
path: root/test/aggiedit_web
diff options
context:
space:
mode:
authorLogan Hunt <loganhunt@simponic.xyz>2022-04-06 12:13:54 -0600
committerLogan Hunt <loganhunt@simponic.xyz>2022-04-06 12:13:54 -0600
commit2055742911201258e6f755b3eb4031a1b09407f1 (patch)
treea8e0471cab55329e2e00b5d3e2011d37bb67fdb6 /test/aggiedit_web
downloadaggiedit-2055742911201258e6f755b3eb4031a1b09407f1.tar.gz
aggiedit-2055742911201258e6f755b3eb4031a1b09407f1.zip
Initial commit; generate auth code with phx.gen.auth; added room model and association; generate room model on domain of user emails; allow users to change their email
Diffstat (limited to 'test/aggiedit_web')
-rw-r--r--test/aggiedit_web/controllers/page_controller_test.exs8
-rw-r--r--test/aggiedit_web/controllers/user_auth_test.exs170
-rw-r--r--test/aggiedit_web/controllers/user_confirmation_controller_test.exs105
-rw-r--r--test/aggiedit_web/controllers/user_registration_controller_test.exs54
-rw-r--r--test/aggiedit_web/controllers/user_reset_password_controller_test.exs113
-rw-r--r--test/aggiedit_web/controllers/user_session_controller_test.exs98
-rw-r--r--test/aggiedit_web/controllers/user_settings_controller_test.exs129
-rw-r--r--test/aggiedit_web/views/error_view_test.exs14
-rw-r--r--test/aggiedit_web/views/layout_view_test.exs8
-rw-r--r--test/aggiedit_web/views/page_view_test.exs3
10 files changed, 702 insertions, 0 deletions
diff --git a/test/aggiedit_web/controllers/page_controller_test.exs b/test/aggiedit_web/controllers/page_controller_test.exs
new file mode 100644
index 0000000..4819f82
--- /dev/null
+++ b/test/aggiedit_web/controllers/page_controller_test.exs
@@ -0,0 +1,8 @@
+defmodule AggieditWeb.PageControllerTest do
+ use AggieditWeb.ConnCase
+
+ test "GET /", %{conn: conn} do
+ conn = get(conn, "/")
+ assert html_response(conn, 200) =~ "Welcome to Phoenix!"
+ end
+end
diff --git a/test/aggiedit_web/controllers/user_auth_test.exs b/test/aggiedit_web/controllers/user_auth_test.exs
new file mode 100644
index 0000000..6b3748e
--- /dev/null
+++ b/test/aggiedit_web/controllers/user_auth_test.exs
@@ -0,0 +1,170 @@
+defmodule AggieditWeb.UserAuthTest do
+ use AggieditWeb.ConnCase, async: true
+
+ alias Aggiedit.Accounts
+ alias AggieditWeb.UserAuth
+ import Aggiedit.AccountsFixtures
+
+ @remember_me_cookie "_aggiedit_web_user_remember_me"
+
+ setup %{conn: conn} do
+ conn =
+ conn
+ |> Map.replace!(:secret_key_base, AggieditWeb.Endpoint.config(:secret_key_base))
+ |> init_test_session(%{})
+
+ %{user: user_fixture(), conn: conn}
+ end
+
+ describe "log_in_user/3" do
+ test "stores the user token in the session", %{conn: conn, user: user} do
+ conn = UserAuth.log_in_user(conn, user)
+ assert token = get_session(conn, :user_token)
+ assert get_session(conn, :live_socket_id) == "users_sessions:#{Base.url_encode64(token)}"
+ assert redirected_to(conn) == "/"
+ assert Accounts.get_user_by_session_token(token)
+ end
+
+ test "clears everything previously stored in the session", %{conn: conn, user: user} do
+ conn = conn |> put_session(:to_be_removed, "value") |> UserAuth.log_in_user(user)
+ refute get_session(conn, :to_be_removed)
+ end
+
+ test "redirects to the configured path", %{conn: conn, user: user} do
+ conn = conn |> put_session(:user_return_to, "/hello") |> UserAuth.log_in_user(user)
+ assert redirected_to(conn) == "/hello"
+ end
+
+ test "writes a cookie if remember_me is configured", %{conn: conn, user: user} do
+ conn = conn |> fetch_cookies() |> UserAuth.log_in_user(user, %{"remember_me" => "true"})
+ assert get_session(conn, :user_token) == conn.cookies[@remember_me_cookie]
+
+ assert %{value: signed_token, max_age: max_age} = conn.resp_cookies[@remember_me_cookie]
+ assert signed_token != get_session(conn, :user_token)
+ assert max_age == 5_184_000
+ end
+ end
+
+ describe "logout_user/1" do
+ test "erases session and cookies", %{conn: conn, user: user} do
+ user_token = Accounts.generate_user_session_token(user)
+
+ conn =
+ conn
+ |> put_session(:user_token, user_token)
+ |> put_req_cookie(@remember_me_cookie, user_token)
+ |> fetch_cookies()
+ |> UserAuth.log_out_user()
+
+ refute get_session(conn, :user_token)
+ refute conn.cookies[@remember_me_cookie]
+ assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie]
+ assert redirected_to(conn) == "/"
+ refute Accounts.get_user_by_session_token(user_token)
+ end
+
+ test "broadcasts to the given live_socket_id", %{conn: conn} do
+ live_socket_id = "users_sessions:abcdef-token"
+ AggieditWeb.Endpoint.subscribe(live_socket_id)
+
+ conn
+ |> put_session(:live_socket_id, live_socket_id)
+ |> UserAuth.log_out_user()
+
+ assert_receive %Phoenix.Socket.Broadcast{event: "disconnect", topic: ^live_socket_id}
+ end
+
+ test "works even if user is already logged out", %{conn: conn} do
+ conn = conn |> fetch_cookies() |> UserAuth.log_out_user()
+ refute get_session(conn, :user_token)
+ assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie]
+ assert redirected_to(conn) == "/"
+ end
+ end
+
+ describe "fetch_current_user/2" do
+ test "authenticates user from session", %{conn: conn, user: user} do
+ user_token = Accounts.generate_user_session_token(user)
+ conn = conn |> put_session(:user_token, user_token) |> UserAuth.fetch_current_user([])
+ assert conn.assigns.current_user.id == user.id
+ end
+
+ test "authenticates user from cookies", %{conn: conn, user: user} do
+ logged_in_conn =
+ conn |> fetch_cookies() |> UserAuth.log_in_user(user, %{"remember_me" => "true"})
+
+ user_token = logged_in_conn.cookies[@remember_me_cookie]
+ %{value: signed_token} = logged_in_conn.resp_cookies[@remember_me_cookie]
+
+ conn =
+ conn
+ |> put_req_cookie(@remember_me_cookie, signed_token)
+ |> UserAuth.fetch_current_user([])
+
+ assert get_session(conn, :user_token) == user_token
+ assert conn.assigns.current_user.id == user.id
+ end
+
+ test "does not authenticate if data is missing", %{conn: conn, user: user} do
+ _ = Accounts.generate_user_session_token(user)
+ conn = UserAuth.fetch_current_user(conn, [])
+ refute get_session(conn, :user_token)
+ refute conn.assigns.current_user
+ end
+ end
+
+ describe "redirect_if_user_is_authenticated/2" do
+ test "redirects if user is authenticated", %{conn: conn, user: user} do
+ conn = conn |> assign(:current_user, user) |> UserAuth.redirect_if_user_is_authenticated([])
+ assert conn.halted
+ assert redirected_to(conn) == "/"
+ end
+
+ test "does not redirect if user is not authenticated", %{conn: conn} do
+ conn = UserAuth.redirect_if_user_is_authenticated(conn, [])
+ refute conn.halted
+ refute conn.status
+ end
+ end
+
+ describe "require_authenticated_user/2" do
+ test "redirects if user is not authenticated", %{conn: conn} do
+ conn = conn |> fetch_flash() |> UserAuth.require_authenticated_user([])
+ assert conn.halted
+ assert redirected_to(conn) == Routes.user_session_path(conn, :new)
+ assert get_flash(conn, :error) == "You must log in to access this page."
+ end
+
+ test "stores the path to redirect to on GET", %{conn: conn} do
+ halted_conn =
+ %{conn | path_info: ["foo"], query_string: ""}
+ |> fetch_flash()
+ |> UserAuth.require_authenticated_user([])
+
+ assert halted_conn.halted
+ assert get_session(halted_conn, :user_return_to) == "/foo"
+
+ halted_conn =
+ %{conn | path_info: ["foo"], query_string: "bar=baz"}
+ |> fetch_flash()
+ |> UserAuth.require_authenticated_user([])
+
+ assert halted_conn.halted
+ assert get_session(halted_conn, :user_return_to) == "/foo?bar=baz"
+
+ halted_conn =
+ %{conn | path_info: ["foo"], query_string: "bar", method: "POST"}
+ |> fetch_flash()
+ |> UserAuth.require_authenticated_user([])
+
+ assert halted_conn.halted
+ refute get_session(halted_conn, :user_return_to)
+ end
+
+ test "does not redirect if user is authenticated", %{conn: conn, user: user} do
+ conn = conn |> assign(:current_user, user) |> UserAuth.require_authenticated_user([])
+ refute conn.halted
+ refute conn.status
+ end
+ end
+end
diff --git a/test/aggiedit_web/controllers/user_confirmation_controller_test.exs b/test/aggiedit_web/controllers/user_confirmation_controller_test.exs
new file mode 100644
index 0000000..4209ca1
--- /dev/null
+++ b/test/aggiedit_web/controllers/user_confirmation_controller_test.exs
@@ -0,0 +1,105 @@
+defmodule AggieditWeb.UserConfirmationControllerTest do
+ use AggieditWeb.ConnCase, async: true
+
+ alias Aggiedit.Accounts
+ alias Aggiedit.Repo
+ import Aggiedit.AccountsFixtures
+
+ setup do
+ %{user: user_fixture()}
+ end
+
+ describe "GET /users/confirm" do
+ test "renders the resend confirmation page", %{conn: conn} do
+ conn = get(conn, Routes.user_confirmation_path(conn, :new))
+ response = html_response(conn, 200)
+ assert response =~ "<h1>Resend confirmation instructions</h1>"
+ end
+ end
+
+ describe "POST /users/confirm" do
+ @tag :capture_log
+ test "sends a new confirmation token", %{conn: conn, user: user} do
+ conn =
+ post(conn, Routes.user_confirmation_path(conn, :create), %{
+ "user" => %{"email" => user.email}
+ })
+
+ assert redirected_to(conn) == "/"
+ assert get_flash(conn, :info) =~ "If your email is in our system"
+ assert Repo.get_by!(Accounts.UserToken, user_id: user.id).context == "confirm"
+ end
+
+ test "does not send confirmation token if User is confirmed", %{conn: conn, user: user} do
+ Repo.update!(Accounts.User.confirm_changeset(user))
+
+ conn =
+ post(conn, Routes.user_confirmation_path(conn, :create), %{
+ "user" => %{"email" => user.email}
+ })
+
+ assert redirected_to(conn) == "/"
+ assert get_flash(conn, :info) =~ "If your email is in our system"
+ refute Repo.get_by(Accounts.UserToken, user_id: user.id)
+ end
+
+ test "does not send confirmation token if email is invalid", %{conn: conn} do
+ conn =
+ post(conn, Routes.user_confirmation_path(conn, :create), %{
+ "user" => %{"email" => "unknown@example.com"}
+ })
+
+ assert redirected_to(conn) == "/"
+ assert get_flash(conn, :info) =~ "If your email is in our system"
+ assert Repo.all(Accounts.UserToken) == []
+ end
+ end
+
+ describe "GET /users/confirm/:token" do
+ test "renders the confirmation page", %{conn: conn} do
+ conn = get(conn, Routes.user_confirmation_path(conn, :edit, "some-token"))
+ response = html_response(conn, 200)
+ assert response =~ "<h1>Confirm account</h1>"
+
+ form_action = Routes.user_confirmation_path(conn, :update, "some-token")
+ assert response =~ "action=\"#{form_action}\""
+ end
+ end
+
+ describe "POST /users/confirm/:token" do
+ test "confirms the given token once", %{conn: conn, user: user} do
+ token =
+ extract_user_token(fn url ->
+ Accounts.deliver_user_confirmation_instructions(user, url)
+ end)
+
+ conn = post(conn, Routes.user_confirmation_path(conn, :update, token))
+ assert redirected_to(conn) == "/"
+ assert get_flash(conn, :info) =~ "User confirmed successfully"
+ assert Accounts.get_user!(user.id).confirmed_at
+ refute get_session(conn, :user_token)
+ assert Repo.all(Accounts.UserToken) == []
+
+ # When not logged in
+ conn = post(conn, Routes.user_confirmation_path(conn, :update, token))
+ assert redirected_to(conn) == "/"
+ assert get_flash(conn, :error) =~ "User confirmation link is invalid or it has expired"
+
+ # When logged in
+ conn =
+ build_conn()
+ |> log_in_user(user)
+ |> post(Routes.user_confirmation_path(conn, :update, token))
+
+ assert redirected_to(conn) == "/"
+ refute get_flash(conn, :error)
+ end
+
+ test "does not confirm email with invalid token", %{conn: conn, user: user} do
+ conn = post(conn, Routes.user_confirmation_path(conn, :update, "oops"))
+ assert redirected_to(conn) == "/"
+ assert get_flash(conn, :error) =~ "User confirmation link is invalid or it has expired"
+ refute Accounts.get_user!(user.id).confirmed_at
+ end
+ end
+end
diff --git a/test/aggiedit_web/controllers/user_registration_controller_test.exs b/test/aggiedit_web/controllers/user_registration_controller_test.exs
new file mode 100644
index 0000000..d323828
--- /dev/null
+++ b/test/aggiedit_web/controllers/user_registration_controller_test.exs
@@ -0,0 +1,54 @@
+defmodule AggieditWeb.UserRegistrationControllerTest do
+ use AggieditWeb.ConnCase, async: true
+
+ import Aggiedit.AccountsFixtures
+
+ describe "GET /users/register" do
+ test "renders registration page", %{conn: conn} do
+ conn = get(conn, Routes.user_registration_path(conn, :new))
+ response = html_response(conn, 200)
+ assert response =~ "<h1>Register</h1>"
+ assert response =~ "Log in</a>"
+ assert response =~ "Register</a>"
+ end
+
+ test "redirects if already logged in", %{conn: conn} do
+ conn = conn |> log_in_user(user_fixture()) |> get(Routes.user_registration_path(conn, :new))
+ assert redirected_to(conn) == "/"
+ end
+ end
+
+ describe "POST /users/register" do
+ @tag :capture_log
+ test "creates account and logs the user in", %{conn: conn} do
+ email = unique_user_email()
+
+ conn =
+ post(conn, Routes.user_registration_path(conn, :create), %{
+ "user" => valid_user_attributes(email: email)
+ })
+
+ assert get_session(conn, :user_token)
+ assert redirected_to(conn) == "/"
+
+ # Now do a logged in request and assert on the menu
+ conn = get(conn, "/")
+ response = html_response(conn, 200)
+ assert response =~ email
+ assert response =~ "Settings</a>"
+ assert response =~ "Log out</a>"
+ end
+
+ test "render errors for invalid data", %{conn: conn} do
+ conn =
+ post(conn, Routes.user_registration_path(conn, :create), %{
+ "user" => %{"email" => "with spaces", "password" => "too short"}
+ })
+
+ response = html_response(conn, 200)
+ assert response =~ "<h1>Register</h1>"
+ assert response =~ "must have the @ sign and no spaces"
+ assert response =~ "should be at least 12 character"
+ end
+ end
+end
diff --git a/test/aggiedit_web/controllers/user_reset_password_controller_test.exs b/test/aggiedit_web/controllers/user_reset_password_controller_test.exs
new file mode 100644
index 0000000..ca57896
--- /dev/null
+++ b/test/aggiedit_web/controllers/user_reset_password_controller_test.exs
@@ -0,0 +1,113 @@
+defmodule AggieditWeb.UserResetPasswordControllerTest do
+ use AggieditWeb.ConnCase, async: true
+
+ alias Aggiedit.Accounts
+ alias Aggiedit.Repo
+ import Aggiedit.AccountsFixtures
+
+ setup do
+ %{user: user_fixture()}
+ end
+
+ describe "GET /users/reset_password" do
+ test "renders the reset password page", %{conn: conn} do
+ conn = get(conn, Routes.user_reset_password_path(conn, :new))
+ response = html_response(conn, 200)
+ assert response =~ "<h1>Forgot your password?</h1>"
+ end
+ end
+
+ describe "POST /users/reset_password" do
+ @tag :capture_log
+ test "sends a new reset password token", %{conn: conn, user: user} do
+ conn =
+ post(conn, Routes.user_reset_password_path(conn, :create), %{
+ "user" => %{"email" => user.email}
+ })
+
+ assert redirected_to(conn) == "/"
+ assert get_flash(conn, :info) =~ "If your email is in our system"
+ assert Repo.get_by!(Accounts.UserToken, user_id: user.id).context == "reset_password"
+ end
+
+ test "does not send reset password token if email is invalid", %{conn: conn} do
+ conn =
+ post(conn, Routes.user_reset_password_path(conn, :create), %{
+ "user" => %{"email" => "unknown@example.com"}
+ })
+
+ assert redirected_to(conn) == "/"
+ assert get_flash(conn, :info) =~ "If your email is in our system"
+ assert Repo.all(Accounts.UserToken) == []
+ end
+ end
+
+ describe "GET /users/reset_password/:token" do
+ setup %{user: user} do
+ token =
+ extract_user_token(fn url ->
+ Accounts.deliver_user_reset_password_instructions(user, url)
+ end)
+
+ %{token: token}
+ end
+
+ test "renders reset password", %{conn: conn, token: token} do
+ conn = get(conn, Routes.user_reset_password_path(conn, :edit, token))
+ assert html_response(conn, 200) =~ "<h1>Reset password</h1>"
+ end
+
+ test "does not render reset password with invalid token", %{conn: conn} do
+ conn = get(conn, Routes.user_reset_password_path(conn, :edit, "oops"))
+ assert redirected_to(conn) == "/"
+ assert get_flash(conn, :error) =~ "Reset password link is invalid or it has expired"
+ end
+ end
+
+ describe "PUT /users/reset_password/:token" do
+ setup %{user: user} do
+ token =
+ extract_user_token(fn url ->
+ Accounts.deliver_user_reset_password_instructions(user, url)
+ end)
+
+ %{token: token}
+ end
+
+ test "resets password once", %{conn: conn, user: user, token: token} do
+ conn =
+ put(conn, Routes.user_reset_password_path(conn, :update, token), %{
+ "user" => %{
+ "password" => "new valid password",
+ "password_confirmation" => "new valid password"
+ }
+ })
+
+ assert redirected_to(conn) == Routes.user_session_path(conn, :new)
+ refute get_session(conn, :user_token)
+ assert get_flash(conn, :info) =~ "Password reset successfully"
+ assert Accounts.get_user_by_email_and_password(user.email, "new valid password")
+ end
+
+ test "does not reset password on invalid data", %{conn: conn, token: token} do
+ conn =
+ put(conn, Routes.user_reset_password_path(conn, :update, token), %{
+ "user" => %{
+ "password" => "too short",
+ "password_confirmation" => "does not match"
+ }
+ })
+
+ response = html_response(conn, 200)
+ assert response =~ "<h1>Reset password</h1>"
+ assert response =~ "should be at least 12 character(s)"
+ assert response =~ "does not match password"
+ end
+
+ test "does not reset password with invalid token", %{conn: conn} do
+ conn = put(conn, Routes.user_reset_password_path(conn, :update, "oops"))
+ assert redirected_to(conn) == "/"
+ assert get_flash(conn, :error) =~ "Reset password link is invalid or it has expired"
+ end
+ end
+end
diff --git a/test/aggiedit_web/controllers/user_session_controller_test.exs b/test/aggiedit_web/controllers/user_session_controller_test.exs
new file mode 100644
index 0000000..5e3f7da
--- /dev/null
+++ b/test/aggiedit_web/controllers/user_session_controller_test.exs
@@ -0,0 +1,98 @@
+defmodule AggieditWeb.UserSessionControllerTest do
+ use AggieditWeb.ConnCase, async: true
+
+ import Aggiedit.AccountsFixtures
+
+ setup do
+ %{user: user_fixture()}
+ end
+
+ describe "GET /users/log_in" do
+ test "renders log in page", %{conn: conn} do
+ conn = get(conn, Routes.user_session_path(conn, :new))
+ response = html_response(conn, 200)
+ assert response =~ "<h1>Log in</h1>"
+ assert response =~ "Register</a>"
+ assert response =~ "Forgot your password?</a>"
+ end
+
+ test "redirects if already logged in", %{conn: conn, user: user} do
+ conn = conn |> log_in_user(user) |> get(Routes.user_session_path(conn, :new))
+ assert redirected_to(conn) == "/"
+ end
+ end
+
+ describe "POST /users/log_in" do
+ test "logs the user in", %{conn: conn, user: user} do
+ conn =
+ post(conn, Routes.user_session_path(conn, :create), %{
+ "user" => %{"email" => user.email, "password" => valid_user_password()}
+ })
+
+ assert get_session(conn, :user_token)
+ assert redirected_to(conn) == "/"
+
+ # Now do a logged in request and assert on the menu
+ conn = get(conn, "/")
+ response = html_response(conn, 200)
+ assert response =~ user.email
+ assert response =~ "Settings</a>"
+ assert response =~ "Log out</a>"
+ end
+
+ test "logs the user in with remember me", %{conn: conn, user: user} do
+ conn =
+ post(conn, Routes.user_session_path(conn, :create), %{
+ "user" => %{
+ "email" => user.email,
+ "password" => valid_user_password(),
+ "remember_me" => "true"
+ }
+ })
+
+ assert conn.resp_cookies["_aggiedit_web_user_remember_me"]
+ assert redirected_to(conn) == "/"
+ end
+
+ test "logs the user in with return to", %{conn: conn, user: user} do
+ conn =
+ conn
+ |> init_test_session(user_return_to: "/foo/bar")
+ |> post(Routes.user_session_path(conn, :create), %{
+ "user" => %{
+ "email" => user.email,
+ "password" => valid_user_password()
+ }
+ })
+
+ assert redirected_to(conn) == "/foo/bar"
+ end
+
+ test "emits error message with invalid credentials", %{conn: conn, user: user} do
+ conn =
+ post(conn, Routes.user_session_path(conn, :create), %{
+ "user" => %{"email" => user.email, "password" => "invalid_password"}
+ })
+
+ response = html_response(conn, 200)
+ assert response =~ "<h1>Log in</h1>"
+ assert response =~ "Invalid email or password"
+ end
+ end
+
+ describe "DELETE /users/log_out" do
+ test "logs the user out", %{conn: conn, user: user} do
+ conn = conn |> log_in_user(user) |> delete(Routes.user_session_path(conn, :delete))
+ assert redirected_to(conn) == "/"
+ refute get_session(conn, :user_token)
+ assert get_flash(conn, :info) =~ "Logged out successfully"
+ end
+
+ test "succeeds even if the user is not logged in", %{conn: conn} do
+ conn = delete(conn, Routes.user_session_path(conn, :delete))
+ assert redirected_to(conn) == "/"
+ refute get_session(conn, :user_token)
+ assert get_flash(conn, :info) =~ "Logged out successfully"
+ end
+ end
+end
diff --git a/test/aggiedit_web/controllers/user_settings_controller_test.exs b/test/aggiedit_web/controllers/user_settings_controller_test.exs
new file mode 100644
index 0000000..f5d4bdc
--- /dev/null
+++ b/test/aggiedit_web/controllers/user_settings_controller_test.exs
@@ -0,0 +1,129 @@
+defmodule AggieditWeb.UserSettingsControllerTest do
+ use AggieditWeb.ConnCase, async: true
+
+ alias Aggiedit.Accounts
+ import Aggiedit.AccountsFixtures
+
+ setup :register_and_log_in_user
+
+ describe "GET /users/settings" do
+ test "renders settings page", %{conn: conn} do
+ conn = get(conn, Routes.user_settings_path(conn, :edit))
+ response = html_response(conn, 200)
+ assert response =~ "<h1>Settings</h1>"
+ end
+
+ test "redirects if user is not logged in" do
+ conn = build_conn()
+ conn = get(conn, Routes.user_settings_path(conn, :edit))
+ assert redirected_to(conn) == Routes.user_session_path(conn, :new)
+ end
+ end
+
+ describe "PUT /users/settings (change password form)" do
+ test "updates the user password and resets tokens", %{conn: conn, user: user} do
+ new_password_conn =
+ put(conn, Routes.user_settings_path(conn, :update), %{
+ "action" => "update_password",
+ "current_password" => valid_user_password(),
+ "user" => %{
+ "password" => "new valid password",
+ "password_confirmation" => "new valid password"
+ }
+ })
+
+ assert redirected_to(new_password_conn) == Routes.user_settings_path(conn, :edit)
+ assert get_session(new_password_conn, :user_token) != get_session(conn, :user_token)
+ assert get_flash(new_password_conn, :info) =~ "Password updated successfully"
+ assert Accounts.get_user_by_email_and_password(user.email, "new valid password")
+ end
+
+ test "does not update password on invalid data", %{conn: conn} do
+ old_password_conn =
+ put(conn, Routes.user_settings_path(conn, :update), %{
+ "action" => "update_password",
+ "current_password" => "invalid",
+ "user" => %{
+ "password" => "too short",
+ "password_confirmation" => "does not match"
+ }
+ })
+
+ response = html_response(old_password_conn, 200)
+ assert response =~ "<h1>Settings</h1>"
+ assert response =~ "should be at least 12 character(s)"
+ assert response =~ "does not match password"
+ assert response =~ "is not valid"
+
+ assert get_session(old_password_conn, :user_token) == get_session(conn, :user_token)
+ end
+ end
+
+ describe "PUT /users/settings (change email form)" do
+ @tag :capture_log
+ test "updates the user email", %{conn: conn, user: user} do
+ conn =
+ put(conn, Routes.user_settings_path(conn, :update), %{
+ "action" => "update_email",
+ "current_password" => valid_user_password(),
+ "user" => %{"email" => unique_user_email()}
+ })
+
+ assert redirected_to(conn) == Routes.user_settings_path(conn, :edit)
+ assert get_flash(conn, :info) =~ "A link to confirm your email"
+ assert Accounts.get_user_by_email(user.email)
+ end
+
+ test "does not update email on invalid data", %{conn: conn} do
+ conn =
+ put(conn, Routes.user_settings_path(conn, :update), %{
+ "action" => "update_email",
+ "current_password" => "invalid",
+ "user" => %{"email" => "with spaces"}
+ })
+
+ response = html_response(conn, 200)
+ assert response =~ "<h1>Settings</h1>"
+ assert response =~ "must have the @ sign and no spaces"
+ assert response =~ "is not valid"
+ end
+ end
+
+ describe "GET /users/settings/confirm_email/:token" do
+ setup %{user: user} do
+ email = unique_user_email()
+
+ token =
+ extract_user_token(fn url ->
+ Accounts.deliver_update_email_instructions(%{user | email: email}, user.email, url)
+ end)
+
+ %{token: token, email: email}
+ end
+
+ test "updates the user email once", %{conn: conn, user: user, token: token, email: email} do
+ conn = get(conn, Routes.user_settings_path(conn, :confirm_email, token))
+ assert redirected_to(conn) == Routes.user_settings_path(conn, :edit)
+ assert get_flash(conn, :info) =~ "Email changed successfully"
+ refute Accounts.get_user_by_email(user.email)
+ assert Accounts.get_user_by_email(email)
+
+ conn = get(conn, Routes.user_settings_path(conn, :confirm_email, token))
+ assert redirected_to(conn) == Routes.user_settings_path(conn, :edit)
+ assert get_flash(conn, :error) =~ "Email change link is invalid or it has expired"
+ end
+
+ test "does not update email with invalid token", %{conn: conn, user: user} do
+ conn = get(conn, Routes.user_settings_path(conn, :confirm_email, "oops"))
+ assert redirected_to(conn) == Routes.user_settings_path(conn, :edit)
+ assert get_flash(conn, :error) =~ "Email change link is invalid or it has expired"
+ assert Accounts.get_user_by_email(user.email)
+ end
+
+ test "redirects if user is not logged in", %{token: token} do
+ conn = build_conn()
+ conn = get(conn, Routes.user_settings_path(conn, :confirm_email, token))
+ assert redirected_to(conn) == Routes.user_session_path(conn, :new)
+ end
+ end
+end
diff --git a/test/aggiedit_web/views/error_view_test.exs b/test/aggiedit_web/views/error_view_test.exs
new file mode 100644
index 0000000..32ef690
--- /dev/null
+++ b/test/aggiedit_web/views/error_view_test.exs
@@ -0,0 +1,14 @@
+defmodule AggieditWeb.ErrorViewTest do
+ use AggieditWeb.ConnCase, async: true
+
+ # Bring render/3 and render_to_string/3 for testing custom views
+ import Phoenix.View
+
+ test "renders 404.html" do
+ assert render_to_string(AggieditWeb.ErrorView, "404.html", []) == "Not Found"
+ end
+
+ test "renders 500.html" do
+ assert render_to_string(AggieditWeb.ErrorView, "500.html", []) == "Internal Server Error"
+ end
+end
diff --git a/test/aggiedit_web/views/layout_view_test.exs b/test/aggiedit_web/views/layout_view_test.exs
new file mode 100644
index 0000000..0311580
--- /dev/null
+++ b/test/aggiedit_web/views/layout_view_test.exs
@@ -0,0 +1,8 @@
+defmodule AggieditWeb.LayoutViewTest do
+ use AggieditWeb.ConnCase, async: true
+
+ # When testing helpers, you may want to import Phoenix.HTML and
+ # use functions such as safe_to_string() to convert the helper
+ # result into an HTML string.
+ # import Phoenix.HTML
+end
diff --git a/test/aggiedit_web/views/page_view_test.exs b/test/aggiedit_web/views/page_view_test.exs
new file mode 100644
index 0000000..0c63680
--- /dev/null
+++ b/test/aggiedit_web/views/page_view_test.exs
@@ -0,0 +1,3 @@
+defmodule AggieditWeb.PageViewTest do
+ use AggieditWeb.ConnCase, async: true
+end
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-09-22 01:01:53 +0000