Initial commit; generate auth code with phx.gen.auth; added room model and association; generate room model on domain of user emails; allow users to change their email

18 files changed, 1474 insertions, 0 deletions

diff --git a/test/aggiedit/accounts_test.exs b/test/aggiedit/accounts_test.exs
new file mode 100644
index 0000000..0c1f38f
--- /dev/null
+++ b/test/aggiedit/accounts_test.exs
@@ -0,0 +1,508 @@
+defmodule Aggiedit.AccountsTest do
+  use Aggiedit.DataCase
+
+  alias Aggiedit.Accounts
+
+  import Aggiedit.AccountsFixtures
+  alias Aggiedit.Accounts.{User, UserToken}
+
+  describe "get_user_by_email/1" do
+    test "does not return the user if the email does not exist" do
+      refute Accounts.get_user_by_email("unknown@example.com")
+    end
+
+    test "returns the user if the email exists" do
+      %{id: id} = user = user_fixture()
+      assert %User{id: ^id} = Accounts.get_user_by_email(user.email)
+    end
+  end
+
+  describe "get_user_by_email_and_password/2" do
+    test "does not return the user if the email does not exist" do
+      refute Accounts.get_user_by_email_and_password("unknown@example.com", "hello world!")
+    end
+
+    test "does not return the user if the password is not valid" do
+      user = user_fixture()
+      refute Accounts.get_user_by_email_and_password(user.email, "invalid")
+    end
+
+    test "returns the user if the email and password are valid" do
+      %{id: id} = user = user_fixture()
+
+      assert %User{id: ^id} =
+               Accounts.get_user_by_email_and_password(user.email, valid_user_password())
+    end
+  end
+
+  describe "get_user!/1" do
+    test "raises if id is invalid" do
+      assert_raise Ecto.NoResultsError, fn ->
+        Accounts.get_user!(-1)
+      end
+    end
+
+    test "returns the user with the given id" do
+      %{id: id} = user = user_fixture()
+      assert %User{id: ^id} = Accounts.get_user!(user.id)
+    end
+  end
+
+  describe "register_user/1" do
+    test "requires email and password to be set" do
+      {:error, changeset} = Accounts.register_user(%{})
+
+      assert %{
+               password: ["can't be blank"],
+               email: ["can't be blank"]
+             } = errors_on(changeset)
+    end
+
+    test "validates email and password when given" do
+      {:error, changeset} = Accounts.register_user(%{email: "not valid", password: "not valid"})
+
+      assert %{
+               email: ["must have the @ sign and no spaces"],
+               password: ["should be at least 12 character(s)"]
+             } = errors_on(changeset)
+    end
+
+    test "validates maximum values for email and password for security" do
+      too_long = String.duplicate("db", 100)
+      {:error, changeset} = Accounts.register_user(%{email: too_long, password: too_long})
+      assert "should be at most 160 character(s)" in errors_on(changeset).email
+      assert "should be at most 72 character(s)" in errors_on(changeset).password
+    end
+
+    test "validates email uniqueness" do
+      %{email: email} = user_fixture()
+      {:error, changeset} = Accounts.register_user(%{email: email})
+      assert "has already been taken" in errors_on(changeset).email
+
+      # Now try with the upper cased email too, to check that email case is ignored.
+      {:error, changeset} = Accounts.register_user(%{email: String.upcase(email)})
+      assert "has already been taken" in errors_on(changeset).email
+    end
+
+    test "registers users with a hashed password" do
+      email = unique_user_email()
+      {:ok, user} = Accounts.register_user(valid_user_attributes(email: email))
+      assert user.email == email
+      assert is_binary(user.hashed_password)
+      assert is_nil(user.confirmed_at)
+      assert is_nil(user.password)
+    end
+  end
+
+  describe "change_user_registration/2" do
+    test "returns a changeset" do
+      assert %Ecto.Changeset{} = changeset = Accounts.change_user_registration(%User{})
+      assert changeset.required == [:password, :email]
+    end
+
+    test "allows fields to be set" do
+      email = unique_user_email()
+      password = valid_user_password()
+
+      changeset =
+        Accounts.change_user_registration(
+          %User{},
+          valid_user_attributes(email: email, password: password)
+        )
+
+      assert changeset.valid?
+      assert get_change(changeset, :email) == email
+      assert get_change(changeset, :password) == password
+      assert is_nil(get_change(changeset, :hashed_password))
+    end
+  end
+
+  describe "change_user_email/2" do
+    test "returns a user changeset" do
+      assert %Ecto.Changeset{} = changeset = Accounts.change_user_email(%User{})
+      assert changeset.required == [:email]
+    end
+  end
+
+  describe "apply_user_email/3" do
+    setup do
+      %{user: user_fixture()}
+    end
+
+    test "requires email to change", %{user: user} do
+      {:error, changeset} = Accounts.apply_user_email(user, valid_user_password(), %{})
+      assert %{email: ["did not change"]} = errors_on(changeset)
+    end
+
+    test "validates email", %{user: user} do
+      {:error, changeset} =
+        Accounts.apply_user_email(user, valid_user_password(), %{email: "not valid"})
+
+      assert %{email: ["must have the @ sign and no spaces"]} = errors_on(changeset)
+    end
+
+    test "validates maximum value for email for security", %{user: user} do
+      too_long = String.duplicate("db", 100)
+
+      {:error, changeset} =
+        Accounts.apply_user_email(user, valid_user_password(), %{email: too_long})
+
+      assert "should be at most 160 character(s)" in errors_on(changeset).email
+    end
+
+    test "validates email uniqueness", %{user: user} do
+      %{email: email} = user_fixture()
+
+      {:error, changeset} =
+        Accounts.apply_user_email(user, valid_user_password(), %{email: email})
+
+      assert "has already been taken" in errors_on(changeset).email
+    end
+
+    test "validates current password", %{user: user} do
+      {:error, changeset} =
+        Accounts.apply_user_email(user, "invalid", %{email: unique_user_email()})
+
+      assert %{current_password: ["is not valid"]} = errors_on(changeset)
+    end
+
+    test "applies the email without persisting it", %{user: user} do
+      email = unique_user_email()
+      {:ok, user} = Accounts.apply_user_email(user, valid_user_password(), %{email: email})
+      assert user.email == email
+      assert Accounts.get_user!(user.id).email != email
+    end
+  end
+
+  describe "deliver_update_email_instructions/3" do
+    setup do
+      %{user: user_fixture()}
+    end
+
+    test "sends token through notification", %{user: user} do
+      token =
+        extract_user_token(fn url ->
+          Accounts.deliver_update_email_instructions(user, "current@example.com", url)
+        end)
+
+      {:ok, token} = Base.url_decode64(token, padding: false)
+      assert user_token = Repo.get_by(UserToken, token: :crypto.hash(:sha256, token))
+      assert user_token.user_id == user.id
+      assert user_token.sent_to == user.email
+      assert user_token.context == "change:current@example.com"
+    end
+  end
+
+  describe "update_user_email/2" do
+    setup do
+      user = user_fixture()
+      email = unique_user_email()
+
+      token =
+        extract_user_token(fn url ->
+          Accounts.deliver_update_email_instructions(%{user | email: email}, user.email, url)
+        end)
+
+      %{user: user, token: token, email: email}
+    end
+
+    test "updates the email with a valid token", %{user: user, token: token, email: email} do
+      assert Accounts.update_user_email(user, token) == :ok
+      changed_user = Repo.get!(User, user.id)
+      assert changed_user.email != user.email
+      assert changed_user.email == email
+      assert changed_user.confirmed_at
+      assert changed_user.confirmed_at != user.confirmed_at
+      refute Repo.get_by(UserToken, user_id: user.id)
+    end
+
+    test "does not update email with invalid token", %{user: user} do
+      assert Accounts.update_user_email(user, "oops") == :error
+      assert Repo.get!(User, user.id).email == user.email
+      assert Repo.get_by(UserToken, user_id: user.id)
+    end
+
+    test "does not update email if user email changed", %{user: user, token: token} do
+      assert Accounts.update_user_email(%{user | email: "current@example.com"}, token) == :error
+      assert Repo.get!(User, user.id).email == user.email
+      assert Repo.get_by(UserToken, user_id: user.id)
+    end
+
+    test "does not update email if token expired", %{user: user, token: token} do
+      {1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]])
+      assert Accounts.update_user_email(user, token) == :error
+      assert Repo.get!(User, user.id).email == user.email
+      assert Repo.get_by(UserToken, user_id: user.id)
+    end
+  end
+
+  describe "change_user_password/2" do
+    test "returns a user changeset" do
+      assert %Ecto.Changeset{} = changeset = Accounts.change_user_password(%User{})
+      assert changeset.required == [:password]
+    end
+
+    test "allows fields to be set" do
+      changeset =
+        Accounts.change_user_password(%User{}, %{
+          "password" => "new valid password"
+        })
+
+      assert changeset.valid?
+      assert get_change(changeset, :password) == "new valid password"
+      assert is_nil(get_change(changeset, :hashed_password))
+    end
+  end
+
+  describe "update_user_password/3" do
+    setup do
+      %{user: user_fixture()}
+    end
+
+    test "validates password", %{user: user} do
+      {:error, changeset} =
+        Accounts.update_user_password(user, valid_user_password(), %{
+          password: "not valid",
+          password_confirmation: "another"
+        })
+
+      assert %{
+               password: ["should be at least 12 character(s)"],
+               password_confirmation: ["does not match password"]
+             } = errors_on(changeset)
+    end
+
+    test "validates maximum values for password for security", %{user: user} do
+      too_long = String.duplicate("db", 100)
+
+      {:error, changeset} =
+        Accounts.update_user_password(user, valid_user_password(), %{password: too_long})
+
+      assert "should be at most 72 character(s)" in errors_on(changeset).password
+    end
+
+    test "validates current password", %{user: user} do
+      {:error, changeset} =
+        Accounts.update_user_password(user, "invalid", %{password: valid_user_password()})
+
+      assert %{current_password: ["is not valid"]} = errors_on(changeset)
+    end
+
+    test "updates the password", %{user: user} do
+      {:ok, user} =
+        Accounts.update_user_password(user, valid_user_password(), %{
+          password: "new valid password"
+        })
+
+      assert is_nil(user.password)
+      assert Accounts.get_user_by_email_and_password(user.email, "new valid password")
+    end
+
+    test "deletes all tokens for the given user", %{user: user} do
+      _ = Accounts.generate_user_session_token(user)
+
+      {:ok, _} =
+        Accounts.update_user_password(user, valid_user_password(), %{
+          password: "new valid password"
+        })
+
+      refute Repo.get_by(UserToken, user_id: user.id)
+    end
+  end
+
+  describe "generate_user_session_token/1" do
+    setup do
+      %{user: user_fixture()}
+    end
+
+    test "generates a token", %{user: user} do
+      token = Accounts.generate_user_session_token(user)
+      assert user_token = Repo.get_by(UserToken, token: token)
+      assert user_token.context == "session"
+
+      # Creating the same token for another user should fail
+      assert_raise Ecto.ConstraintError, fn ->
+        Repo.insert!(%UserToken{
+          token: user_token.token,
+          user_id: user_fixture().id,
+          context: "session"
+        })
+      end
+    end
+  end
+
+  describe "get_user_by_session_token/1" do
+    setup do
+      user = user_fixture()
+      token = Accounts.generate_user_session_token(user)
+      %{user: user, token: token}
+    end
+
+    test "returns user by token", %{user: user, token: token} do
+      assert session_user = Accounts.get_user_by_session_token(token)
+      assert session_user.id == user.id
+    end
+
+    test "does not return user for invalid token" do
+      refute Accounts.get_user_by_session_token("oops")
+    end
+
+    test "does not return user for expired token", %{token: token} do
+      {1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]])
+      refute Accounts.get_user_by_session_token(token)
+    end
+  end
+
+  describe "delete_session_token/1" do
+    test "deletes the token" do
+      user = user_fixture()
+      token = Accounts.generate_user_session_token(user)
+      assert Accounts.delete_session_token(token) == :ok
+      refute Accounts.get_user_by_session_token(token)
+    end
+  end
+
+  describe "deliver_user_confirmation_instructions/2" do
+    setup do
+      %{user: user_fixture()}
+    end
+
+    test "sends token through notification", %{user: user} do
+      token =
+        extract_user_token(fn url ->
+          Accounts.deliver_user_confirmation_instructions(user, url)
+        end)
+
+      {:ok, token} = Base.url_decode64(token, padding: false)
+      assert user_token = Repo.get_by(UserToken, token: :crypto.hash(:sha256, token))
+      assert user_token.user_id == user.id
+      assert user_token.sent_to == user.email
+      assert user_token.context == "confirm"
+    end
+  end
+
+  describe "confirm_user/1" do
+    setup do
+      user = user_fixture()
+
+      token =
+        extract_user_token(fn url ->
+          Accounts.deliver_user_confirmation_instructions(user, url)
+        end)
+
+      %{user: user, token: token}
+    end
+
+    test "confirms the email with a valid token", %{user: user, token: token} do
+      assert {:ok, confirmed_user} = Accounts.confirm_user(token)
+      assert confirmed_user.confirmed_at
+      assert confirmed_user.confirmed_at != user.confirmed_at
+      assert Repo.get!(User, user.id).confirmed_at
+      refute Repo.get_by(UserToken, user_id: user.id)
+    end
+
+    test "does not confirm with invalid token", %{user: user} do
+      assert Accounts.confirm_user("oops") == :error
+      refute Repo.get!(User, user.id).confirmed_at
+      assert Repo.get_by(UserToken, user_id: user.id)
+    end
+
+    test "does not confirm email if token expired", %{user: user, token: token} do
+      {1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]])
+      assert Accounts.confirm_user(token) == :error
+      refute Repo.get!(User, user.id).confirmed_at
+      assert Repo.get_by(UserToken, user_id: user.id)
+    end
+  end
+
+  describe "deliver_user_reset_password_instructions/2" do
+    setup do
+      %{user: user_fixture()}
+    end
+
+    test "sends token through notification", %{user: user} do
+      token =
+        extract_user_token(fn url ->
+          Accounts.deliver_user_reset_password_instructions(user, url)
+        end)
+
+      {:ok, token} = Base.url_decode64(token, padding: false)
+      assert user_token = Repo.get_by(UserToken, token: :crypto.hash(:sha256, token))
+      assert user_token.user_id == user.id
+      assert user_token.sent_to == user.email
+      assert user_token.context == "reset_password"
+    end
+  end
+
+  describe "get_user_by_reset_password_token/1" do
+    setup do
+      user = user_fixture()
+
+      token =
+        extract_user_token(fn url ->
+          Accounts.deliver_user_reset_password_instructions(user, url)
+        end)
+
+      %{user: user, token: token}
+    end
+
+    test "returns the user with valid token", %{user: %{id: id}, token: token} do
+      assert %User{id: ^id} = Accounts.get_user_by_reset_password_token(token)
+      assert Repo.get_by(UserToken, user_id: id)
+    end
+
+    test "does not return the user with invalid token", %{user: user} do
+      refute Accounts.get_user_by_reset_password_token("oops")
+      assert Repo.get_by(UserToken, user_id: user.id)
+    end
+
+    test "does not return the user if token expired", %{user: user, token: token} do
+      {1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]])
+      refute Accounts.get_user_by_reset_password_token(token)
+      assert Repo.get_by(UserToken, user_id: user.id)
+    end
+  end
+
+  describe "reset_user_password/2" do
+    setup do
+      %{user: user_fixture()}
+    end
+
+    test "validates password", %{user: user} do
+      {:error, changeset} =
+        Accounts.reset_user_password(user, %{
+          password: "not valid",
+          password_confirmation: "another"
+        })
+
+      assert %{
+               password: ["should be at least 12 character(s)"],
+               password_confirmation: ["does not match password"]
+             } = errors_on(changeset)
+    end
+
+    test "validates maximum values for password for security", %{user: user} do
+      too_long = String.duplicate("db", 100)
+      {:error, changeset} = Accounts.reset_user_password(user, %{password: too_long})
+      assert "should be at most 72 character(s)" in errors_on(changeset).password
+    end
+
+    test "updates the password", %{user: user} do
+      {:ok, updated_user} = Accounts.reset_user_password(user, %{password: "new valid password"})
+      assert is_nil(updated_user.password)
+      assert Accounts.get_user_by_email_and_password(user.email, "new valid password")
+    end
+
+    test "deletes all tokens for the given user", %{user: user} do
+      _ = Accounts.generate_user_session_token(user)
+      {:ok, _} = Accounts.reset_user_password(user, %{password: "new valid password"})
+      refute Repo.get_by(UserToken, user_id: user.id)
+    end
+  end
+
+  describe "inspect/2" do
+    test "does not include password" do
+      refute inspect(%User{password: "123456"}) =~ "password: \"123456\""
+    end
+  end
+end
diff --git a/test/aggiedit/rooms_test.exs b/test/aggiedit/rooms_test.exs
new file mode 100644
index 0000000..2a270e6
--- /dev/null
+++ b/test/aggiedit/rooms_test.exs
@@ -0,0 +1,59 @@
+defmodule Aggiedit.RoomsTest do
+  use Aggiedit.DataCase
+
+  alias Aggiedit.Rooms
+
+  describe "rooms" do
+    alias Aggiedit.Rooms.Room
+
+    import Aggiedit.RoomsFixtures
+
+    @invalid_attrs %{domain: nil}
+
+    test "list_rooms/0 returns all rooms" do
+      room = room_fixture()
+      assert Rooms.list_rooms() == [room]
+    end
+
+    test "get_room!/1 returns the room with given id" do
+      room = room_fixture()
+      assert Rooms.get_room!(room.id) == room
+    end
+
+    test "create_room/1 with valid data creates a room" do
+      valid_attrs = %{domain: "some domain"}
+
+      assert {:ok, %Room{} = room} = Rooms.create_room(valid_attrs)
+      assert room.domain == "some domain"
+    end
+
+    test "create_room/1 with invalid data returns error changeset" do
+      assert {:error, %Ecto.Changeset{}} = Rooms.create_room(@invalid_attrs)
+    end
+
+    test "update_room/2 with valid data updates the room" do
+      room = room_fixture()
+      update_attrs = %{domain: "some updated domain"}
+
+      assert {:ok, %Room{} = room} = Rooms.update_room(room, update_attrs)
+      assert room.domain == "some updated domain"
+    end
+
+    test "update_room/2 with invalid data returns error changeset" do
+      room = room_fixture()
+      assert {:error, %Ecto.Changeset{}} = Rooms.update_room(room, @invalid_attrs)
+      assert room == Rooms.get_room!(room.id)
+    end
+
+    test "delete_room/1 deletes the room" do
+      room = room_fixture()
+      assert {:ok, %Room{}} = Rooms.delete_room(room)
+      assert_raise Ecto.NoResultsError, fn -> Rooms.get_room!(room.id) end
+    end
+
+    test "change_room/1 returns a room changeset" do
+      room = room_fixture()
+      assert %Ecto.Changeset{} = Rooms.change_room(room)
+    end
+  end
+end
diff --git a/test/aggiedit_web/controllers/page_controller_test.exs b/test/aggiedit_web/controllers/page_controller_test.exs
new file mode 100644
index 0000000..4819f82
--- /dev/null
+++ b/test/aggiedit_web/controllers/page_controller_test.exs
@@ -0,0 +1,8 @@
+defmodule AggieditWeb.PageControllerTest do
+  use AggieditWeb.ConnCase
+
+  test "GET /", %{conn: conn} do
+    conn = get(conn, "/")
+    assert html_response(conn, 200) =~ "Welcome to Phoenix!"
+  end
+end
diff --git a/test/aggiedit_web/controllers/user_auth_test.exs b/test/aggiedit_web/controllers/user_auth_test.exs
new file mode 100644
index 0000000..6b3748e
--- /dev/null
+++ b/test/aggiedit_web/controllers/user_auth_test.exs
@@ -0,0 +1,170 @@
+defmodule AggieditWeb.UserAuthTest do
+  use AggieditWeb.ConnCase, async: true
+
+  alias Aggiedit.Accounts
+  alias AggieditWeb.UserAuth
+  import Aggiedit.AccountsFixtures
+
+  @remember_me_cookie "_aggiedit_web_user_remember_me"
+
+  setup %{conn: conn} do
+    conn =
+      conn
+      |> Map.replace!(:secret_key_base, AggieditWeb.Endpoint.config(:secret_key_base))
+      |> init_test_session(%{})
+
+    %{user: user_fixture(), conn: conn}
+  end
+
+  describe "log_in_user/3" do
+    test "stores the user token in the session", %{conn: conn, user: user} do
+      conn = UserAuth.log_in_user(conn, user)
+      assert token = get_session(conn, :user_token)
+      assert get_session(conn, :live_socket_id) == "users_sessions:#{Base.url_encode64(token)}"
+      assert redirected_to(conn) == "/"
+      assert Accounts.get_user_by_session_token(token)
+    end
+
+    test "clears everything previously stored in the session", %{conn: conn, user: user} do
+      conn = conn |> put_session(:to_be_removed, "value") |> UserAuth.log_in_user(user)
+      refute get_session(conn, :to_be_removed)
+    end
+
+    test "redirects to the configured path", %{conn: conn, user: user} do
+      conn = conn |> put_session(:user_return_to, "/hello") |> UserAuth.log_in_user(user)
+      assert redirected_to(conn) == "/hello"
+    end
+
+    test "writes a cookie if remember_me is configured", %{conn: conn, user: user} do
+      conn = conn |> fetch_cookies() |> UserAuth.log_in_user(user, %{"remember_me" => "true"})
+      assert get_session(conn, :user_token) == conn.cookies[@remember_me_cookie]
+
+      assert %{value: signed_token, max_age: max_age} = conn.resp_cookies[@remember_me_cookie]
+      assert signed_token != get_session(conn, :user_token)
+      assert max_age == 5_184_000
+    end
+  end
+
+  describe "logout_user/1" do
+    test "erases session and cookies", %{conn: conn, user: user} do
+      user_token = Accounts.generate_user_session_token(user)
+
+      conn =
+        conn
+        |> put_session(:user_token, user_token)
+        |> put_req_cookie(@remember_me_cookie, user_token)
+        |> fetch_cookies()
+        |> UserAuth.log_out_user()
+
+      refute get_session(conn, :user_token)
+      refute conn.cookies[@remember_me_cookie]
+      assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie]
+      assert redirected_to(conn) == "/"
+      refute Accounts.get_user_by_session_token(user_token)
+    end
+
+    test "broadcasts to the given live_socket_id", %{conn: conn} do
+      live_socket_id = "users_sessions:abcdef-token"
+      AggieditWeb.Endpoint.subscribe(live_socket_id)
+
+      conn
+      |> put_session(:live_socket_id, live_socket_id)
+      |> UserAuth.log_out_user()
+
+      assert_receive %Phoenix.Socket.Broadcast{event: "disconnect", topic: ^live_socket_id}
+    end
+
+    test "works even if user is already logged out", %{conn: conn} do
+      conn = conn |> fetch_cookies() |> UserAuth.log_out_user()
+      refute get_session(conn, :user_token)
+      assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie]
+      assert redirected_to(conn) == "/"
+    end
+  end
+
+  describe "fetch_current_user/2" do
+    test "authenticates user from session", %{conn: conn, user: user} do
+      user_token = Accounts.generate_user_session_token(user)
+      conn = conn |> put_session(:user_token, user_token) |> UserAuth.fetch_current_user([])
+      assert conn.assigns.current_user.id == user.id
+    end
+
+    test "authenticates user from cookies", %{conn: conn, user: user} do
+      logged_in_conn =
+        conn |> fetch_cookies() |> UserAuth.log_in_user(user, %{"remember_me" => "true"})
+
+      user_token = logged_in_conn.cookies[@remember_me_cookie]
+      %{value: signed_token} = logged_in_conn.resp_cookies[@remember_me_cookie]
+
+      conn =
+        conn
+        |> put_req_cookie(@remember_me_cookie, signed_token)
+        |> UserAuth.fetch_current_user([])
+
+      assert get_session(conn, :user_token) == user_token
+      assert conn.assigns.current_user.id == user.id
+    end
+
+    test "does not authenticate if data is missing", %{conn: conn, user: user} do
+      _ = Accounts.generate_user_session_token(user)
+      conn = UserAuth.fetch_current_user(conn, [])
+      refute get_session(conn, :user_token)
+      refute conn.assigns.current_user
+    end
+  end
+
+  describe "redirect_if_user_is_authenticated/2" do
+    test "redirects if user is authenticated", %{conn: conn, user: user} do
+      conn = conn |> assign(:current_user, user) |> UserAuth.redirect_if_user_is_authenticated([])
+      assert conn.halted
+      assert redirected_to(conn) == "/"
+    end
+
+    test "does not redirect if user is not authenticated", %{conn: conn} do
+      conn = UserAuth.redirect_if_user_is_authenticated(conn, [])
+      refute conn.halted
+      refute conn.status
+    end
+  end
+
+  describe "require_authenticated_user/2" do
+    test "redirects if user is not authenticated", %{conn: conn} do
+      conn = conn |> fetch_flash() |> UserAuth.require_authenticated_user([])
+      assert conn.halted
+      assert redirected_to(conn) == Routes.user_session_path(conn, :new)
+      assert get_flash(conn, :error) == "You must log in to access this page."
+    end
+
+    test "stores the path to redirect to on GET", %{conn: conn} do
+      halted_conn =
+        %{conn | path_info: ["foo"], query_string: ""}
+        |> fetch_flash()
+        |> UserAuth.require_authenticated_user([])
+
+      assert halted_conn.halted
+      assert get_session(halted_conn, :user_return_to) == "/foo"
+
+      halted_conn =
+        %{conn | path_info: ["foo"], query_string: "bar=baz"}
+        |> fetch_flash()
+        |> UserAuth.require_authenticated_user([])
+
+      assert halted_conn.halted
+      assert get_session(halted_conn, :user_return_to) == "/foo?bar=baz"
+
+      halted_conn =
+        %{conn | path_info: ["foo"], query_string: "bar", method: "POST"}
+        |> fetch_flash()
+        |> UserAuth.require_authenticated_user([])
+
+      assert halted_conn.halted
+      refute get_session(halted_conn, :user_return_to)
+    end
+
+    test "does not redirect if user is authenticated", %{conn: conn, user: user} do
+      conn = conn |> assign(:current_user, user) |> UserAuth.require_authenticated_user([])
+      refute conn.halted
+      refute conn.status
+    end
+  end
+end
diff --git a/test/aggiedit_web/controllers/user_confirmation_controller_test.exs b/test/aggiedit_web/controllers/user_confirmation_controller_test.exs
new file mode 100644
index 0000000..4209ca1
--- /dev/null
+++ b/test/aggiedit_web/controllers/user_confirmation_controller_test.exs
@@ -0,0 +1,105 @@
+defmodule AggieditWeb.UserConfirmationControllerTest do
+  use AggieditWeb.ConnCase, async: true
+
+  alias Aggiedit.Accounts
+  alias Aggiedit.Repo
+  import Aggiedit.AccountsFixtures
+
+  setup do
+    %{user: user_fixture()}
+  end
+
+  describe "GET /users/confirm" do
+    test "renders the resend confirmation page", %{conn: conn} do
+      conn = get(conn, Routes.user_confirmation_path(conn, :new))
+      response = html_response(conn, 200)
+      assert response =~ "<h1>Resend confirmation instructions</h1>"
+    end
+  end
+
+  describe "POST /users/confirm" do
+    @tag :capture_log
+    test "sends a new confirmation token", %{conn: conn, user: user} do
+      conn =
+        post(conn, Routes.user_confirmation_path(conn, :create), %{
+          "user" => %{"email" => user.email}
+        })
+
+      assert redirected_to(conn) == "/"
+      assert get_flash(conn, :info) =~ "If your email is in our system"
+      assert Repo.get_by!(Accounts.UserToken, user_id: user.id).context == "confirm"
+    end
+
+    test "does not send confirmation token if User is confirmed", %{conn: conn, user: user} do
+      Repo.update!(Accounts.User.confirm_changeset(user))
+
+      conn =
+        post(conn, Routes.user_confirmation_path(conn, :create), %{
+          "user" => %{"email" => user.email}
+        })
+
+      assert redirected_to(conn) == "/"
+      assert get_flash(conn, :info) =~ "If your email is in our system"
+      refute Repo.get_by(Accounts.UserToken, user_id: user.id)
+    end
+
+    test "does not send confirmation token if email is invalid", %{conn: conn} do
+      conn =
+        post(conn, Routes.user_confirmation_path(conn, :create), %{
+          "user" => %{"email" => "unknown@example.com"}
+        })
+
+      assert redirected_to(conn) == "/"
+      assert get_flash(conn, :info) =~ "If your email is in our system"
+      assert Repo.all(Accounts.UserToken) == []
+    end
+  end
+
+  describe "GET /users/confirm/:token" do
+    test "renders the confirmation page", %{conn: conn} do
+      conn = get(conn, Routes.user_confirmation_path(conn, :edit, "some-token"))
+      response = html_response(conn, 200)
+      assert response =~ "<h1>Confirm account</h1>"
+
+      form_action = Routes.user_confirmation_path(conn, :update, "some-token")
+      assert response =~ "action=\"#{form_action}\""
+    end
+  end
+
+  describe "POST /users/confirm/:token" do
+    test "confirms the given token once", %{conn: conn, user: user} do
+      token =
+        extract_user_token(fn url ->
+          Accounts.deliver_user_confirmation_instructions(user, url)
+        end)
+
+      conn = post(conn, Routes.user_confirmation_path(conn, :update, token))
+      assert redirected_to(conn) == "/"
+      assert get_flash(conn, :info) =~ "User confirmed successfully"
+      assert Accounts.get_user!(user.id).confirmed_at
+      refute get_session(conn, :user_token)
+      assert Repo.all(Accounts.UserToken) == []
+
+      # When not logged in
+      conn = post(conn, Routes.user_confirmation_path(conn, :update, token))
+      assert redirected_to(conn) == "/"
+      assert get_flash(conn, :error) =~ "User confirmation link is invalid or it has expired"
+
+      # When logged in
+      conn =
+        build_conn()
+        |> log_in_user(user)
+        |> post(Routes.user_confirmation_path(conn, :update, token))
+
+      assert redirected_to(conn) == "/"
+      refute get_flash(conn, :error)
+    end
+
+    test "does not confirm email with invalid token", %{conn: conn, user: user} do
+      conn = post(conn, Routes.user_confirmation_path(conn, :update, "oops"))
+      assert redirected_to(conn) == "/"
+      assert get_flash(conn, :error) =~ "User confirmation link is invalid or it has expired"
+      refute Accounts.get_user!(user.id).confirmed_at
+    end
+  end
+end
diff --git a/test/aggiedit_web/controllers/user_registration_controller_test.exs b/test/aggiedit_web/controllers/user_registration_controller_test.exs
new file mode 100644
index 0000000..d323828
--- /dev/null
+++ b/test/aggiedit_web/controllers/user_registration_controller_test.exs
@@ -0,0 +1,54 @@
+defmodule AggieditWeb.UserRegistrationControllerTest do
+  use AggieditWeb.ConnCase, async: true
+
+  import Aggiedit.AccountsFixtures
+
+  describe "GET /users/register" do
+    test "renders registration page", %{conn: conn} do
+      conn = get(conn, Routes.user_registration_path(conn, :new))
+      response = html_response(conn, 200)
+      assert response =~ "<h1>Register</h1>"
+      assert response =~ "Log in</a>"
+      assert response =~ "Register</a>"
+    end
+
+    test "redirects if already logged in", %{conn: conn} do
+      conn = conn |> log_in_user(user_fixture()) |> get(Routes.user_registration_path(conn, :new))
+      assert redirected_to(conn) == "/"
+    end
+  end
+
+  describe "POST /users/register" do
+    @tag :capture_log
+    test "creates account and logs the user in", %{conn: conn} do
+      email = unique_user_email()
+
+      conn =
+        post(conn, Routes.user_registration_path(conn, :create), %{
+          "user" => valid_user_attributes(email: email)
+        })
+
+      assert get_session(conn, :user_token)
+      assert redirected_to(conn) == "/"
+
+      # Now do a logged in request and assert on the menu
+      conn = get(conn, "/")
+      response = html_response(conn, 200)
+      assert response =~ email
+      assert response =~ "Settings</a>"
+      assert response =~ "Log out</a>"
+    end
+
+    test "render errors for invalid data", %{conn: conn} do
+      conn =
+        post(conn, Routes.user_registration_path(conn, :create), %{
+          "user" => %{"email" => "with spaces", "password" => "too short"}
+        })
+
+      response = html_response(conn, 200)
+      assert response =~ "<h1>Register</h1>"
+      assert response =~ "must have the @ sign and no spaces"
+      assert response =~ "should be at least 12 character"
+    end
+  end
+end
diff --git a/test/aggiedit_web/controllers/user_reset_password_controller_test.exs b/test/aggiedit_web/controllers/user_reset_password_controller_test.exs
new file mode 100644
index 0000000..ca57896
--- /dev/null
+++ b/test/aggiedit_web/controllers/user_reset_password_controller_test.exs
@@ -0,0 +1,113 @@
+defmodule AggieditWeb.UserResetPasswordControllerTest do
+  use AggieditWeb.ConnCase, async: true
+
+  alias Aggiedit.Accounts
+  alias Aggiedit.Repo
+  import Aggiedit.AccountsFixtures
+
+  setup do
+    %{user: user_fixture()}
+  end
+
+  describe "GET /users/reset_password" do
+    test "renders the reset password page", %{conn: conn} do
+      conn = get(conn, Routes.user_reset_password_path(conn, :new))
+      response = html_response(conn, 200)
+      assert response =~ "<h1>Forgot your password?</h1>"
+    end
+  end
+
+  describe "POST /users/reset_password" do
+    @tag :capture_log
+    test "sends a new reset password token", %{conn: conn, user: user} do
+      conn =
+        post(conn, Routes.user_reset_password_path(conn, :create), %{
+          "user" => %{"email" => user.email}
+        })
+
+      assert redirected_to(conn) == "/"
+      assert get_flash(conn, :info) =~ "If your email is in our system"
+      assert Repo.get_by!(Accounts.UserToken, user_id: user.id).context == "reset_password"
+    end
+
+    test "does not send reset password token if email is invalid", %{conn: conn} do
+      conn =
+        post(conn, Routes.user_reset_password_path(conn, :create), %{
+          "user" => %{"email" => "unknown@example.com"}
+        })
+
+      assert redirected_to(conn) == "/"
+      assert get_flash(conn, :info) =~ "If your email is in our system"
+      assert Repo.all(Accounts.UserToken) == []
+    end
+  end
+
+  describe "GET /users/reset_password/:token" do
+    setup %{user: user} do
+      token =
+        extract_user_token(fn url ->
+          Accounts.deliver_user_reset_password_instructions(user, url)
+        end)
+
+      %{token: token}
+    end
+
+    test "renders reset password", %{conn: conn, token: token} do
+      conn = get(conn, Routes.user_reset_password_path(conn, :edit, token))
+      assert html_response(conn, 200) =~ "<h1>Reset password</h1>"
+    end
+
+    test "does not render reset password with invalid token", %{conn: conn} do
+      conn = get(conn, Routes.user_reset_password_path(conn, :edit, "oops"))
+      assert redirected_to(conn) == "/"
+      assert get_flash(conn, :error) =~ "Reset password link is invalid or it has expired"
+    end
+  end
+
+  describe "PUT /users/reset_password/:token" do
+    setup %{user: user} do
+      token =
+        extract_user_token(fn url ->
+          Accounts.deliver_user_reset_password_instructions(user, url)
+        end)
+
+      %{token: token}
+    end
+
+    test "resets password once", %{conn: conn, user: user, token: token} do
+      conn =
+        put(conn, Routes.user_reset_password_path(conn, :update, token), %{
+          "user" => %{
+            "password" => "new valid password",
+            "password_confirmation" => "new valid password"
+          }
+        })
+
+      assert redirected_to(conn) == Routes.user_session_path(conn, :new)
+      refute get_session(conn, :user_token)
+      assert get_flash(conn, :info) =~ "Password reset successfully"
+      assert Accounts.get_user_by_email_and_password(user.email, "new valid password")
+    end
+
+    test "does not reset password on invalid data", %{conn: conn, token: token} do
+      conn =
+        put(conn, Routes.user_reset_password_path(conn, :update, token), %{
+          "user" => %{
+            "password" => "too short",
+            "password_confirmation" => "does not match"
+          }
+        })
+
+      response = html_response(conn, 200)
+      assert response =~ "<h1>Reset password</h1>"
+      assert response =~ "should be at least 12 character(s)"
+      assert response =~ "does not match password"
+    end
+
+    test "does not reset password with invalid token", %{conn: conn} do
+      conn = put(conn, Routes.user_reset_password_path(conn, :update, "oops"))
+      assert redirected_to(conn) == "/"
+      assert get_flash(conn, :error) =~ "Reset password link is invalid or it has expired"
+    end
+  end
+end
diff --git a/test/aggiedit_web/controllers/user_session_controller_test.exs b/test/aggiedit_web/controllers/user_session_controller_test.exs
new file mode 100644
index 0000000..5e3f7da
--- /dev/null
+++ b/test/aggiedit_web/controllers/user_session_controller_test.exs
@@ -0,0 +1,98 @@
+defmodule AggieditWeb.UserSessionControllerTest do
+  use AggieditWeb.ConnCase, async: true
+
+  import Aggiedit.AccountsFixtures
+
+  setup do
+    %{user: user_fixture()}
+  end
+
+  describe "GET /users/log_in" do
+    test "renders log in page", %{conn: conn} do
+      conn = get(conn, Routes.user_session_path(conn, :new))
+      response = html_response(conn, 200)
+      assert response =~ "<h1>Log in</h1>"
+      assert response =~ "Register</a>"
+      assert response =~ "Forgot your password?</a>"
+    end
+
+    test "redirects if already logged in", %{conn: conn, user: user} do
+      conn = conn |> log_in_user(user) |> get(Routes.user_session_path(conn, :new))
+      assert redirected_to(conn) == "/"
+    end
+  end
+
+  describe "POST /users/log_in" do
+    test "logs the user in", %{conn: conn, user: user} do
+      conn =
+        post(conn, Routes.user_session_path(conn, :create), %{
+          "user" => %{"email" => user.email, "password" => valid_user_password()}
+        })
+
+      assert get_session(conn, :user_token)
+      assert redirected_to(conn) == "/"
+
+      # Now do a logged in request and assert on the menu
+      conn = get(conn, "/")
+      response = html_response(conn, 200)
+      assert response =~ user.email
+      assert response =~ "Settings</a>"
+      assert response =~ "Log out</a>"
+    end
+
+    test "logs the user in with remember me", %{conn: conn, user: user} do
+      conn =
+        post(conn, Routes.user_session_path(conn, :create), %{
+          "user" => %{
+            "email" => user.email,
+            "password" => valid_user_password(),
+            "remember_me" => "true"
+          }
+        })
+
+      assert conn.resp_cookies["_aggiedit_web_user_remember_me"]
+      assert redirected_to(conn) == "/"
+    end
+
+    test "logs the user in with return to", %{conn: conn, user: user} do
+      conn =
+        conn
+        |> init_test_session(user_return_to: "/foo/bar")
+        |> post(Routes.user_session_path(conn, :create), %{
+          "user" => %{
+            "email" => user.email,
+            "password" => valid_user_password()
+          }
+        })
+
+      assert redirected_to(conn) == "/foo/bar"
+    end
+
+    test "emits error message with invalid credentials", %{conn: conn, user: user} do
+      conn =
+        post(conn, Routes.user_session_path(conn, :create), %{
+          "user" => %{"email" => user.email, "password" => "invalid_password"}
+        })
+
+      response = html_response(conn, 200)
+      assert response =~ "<h1>Log in</h1>"
+      assert response =~ "Invalid email or password"
+    end
+  end
+
+  describe "DELETE /users/log_out" do
+    test "logs the user out", %{conn: conn, user: user} do
+      conn = conn |> log_in_user(user) |> delete(Routes.user_session_path(conn, :delete))
+      assert redirected_to(conn) == "/"
+      refute get_session(conn, :user_token)
+      assert get_flash(conn, :info) =~ "Logged out successfully"
+    end
+
+    test "succeeds even if the user is not logged in", %{conn: conn} do
+      conn = delete(conn, Routes.user_session_path(conn, :delete))
+      assert redirected_to(conn) == "/"
+      refute get_session(conn, :user_token)
+      assert get_flash(conn, :info) =~ "Logged out successfully"
+    end
+  end
+end
diff --git a/test/aggiedit_web/controllers/user_settings_controller_test.exs b/test/aggiedit_web/controllers/user_settings_controller_test.exs
new file mode 100644
index 0000000..f5d4bdc
--- /dev/null
+++ b/test/aggiedit_web/controllers/user_settings_controller_test.exs
@@ -0,0 +1,129 @@
+defmodule AggieditWeb.UserSettingsControllerTest do
+  use AggieditWeb.ConnCase, async: true
+
+  alias Aggiedit.Accounts
+  import Aggiedit.AccountsFixtures
+
+  setup :register_and_log_in_user
+
+  describe "GET /users/settings" do
+    test "renders settings page", %{conn: conn} do
+      conn = get(conn, Routes.user_settings_path(conn, :edit))
+      response = html_response(conn, 200)
+      assert response =~ "<h1>Settings</h1>"
+    end
+
+    test "redirects if user is not logged in" do
+      conn = build_conn()
+      conn = get(conn, Routes.user_settings_path(conn, :edit))
+      assert redirected_to(conn) == Routes.user_session_path(conn, :new)
+    end
+  end
+
+  describe "PUT /users/settings (change password form)" do
+    test "updates the user password and resets tokens", %{conn: conn, user: user} do
+      new_password_conn =
+        put(conn, Routes.user_settings_path(conn, :update), %{
+          "action" => "update_password",
+          "current_password" => valid_user_password(),
+          "user" => %{
+            "password" => "new valid password",
+            "password_confirmation" => "new valid password"
+          }
+        })
+
+      assert redirected_to(new_password_conn) == Routes.user_settings_path(conn, :edit)
+      assert get_session(new_password_conn, :user_token) != get_session(conn, :user_token)
+      assert get_flash(new_password_conn, :info) =~ "Password updated successfully"
+      assert Accounts.get_user_by_email_and_password(user.email, "new valid password")
+    end
+
+    test "does not update password on invalid data", %{conn: conn} do
+      old_password_conn =
+        put(conn, Routes.user_settings_path(conn, :update), %{
+          "action" => "update_password",
+          "current_password" => "invalid",
+          "user" => %{
+            "password" => "too short",
+            "password_confirmation" => "does not match"
+          }
+        })
+
+      response = html_response(old_password_conn, 200)
+      assert response =~ "<h1>Settings</h1>"
+      assert response =~ "should be at least 12 character(s)"
+      assert response =~ "does not match password"
+      assert response =~ "is not valid"
+
+      assert get_session(old_password_conn, :user_token) == get_session(conn, :user_token)
+    end
+  end
+
+  describe "PUT /users/settings (change email form)" do
+    @tag :capture_log
+    test "updates the user email", %{conn: conn, user: user} do
+      conn =
+        put(conn, Routes.user_settings_path(conn, :update), %{
+          "action" => "update_email",
+          "current_password" => valid_user_password(),
+          "user" => %{"email" => unique_user_email()}
+        })
+
+      assert redirected_to(conn) == Routes.user_settings_path(conn, :edit)
+      assert get_flash(conn, :info) =~ "A link to confirm your email"
+      assert Accounts.get_user_by_email(user.email)
+    end
+
+    test "does not update email on invalid data", %{conn: conn} do
+      conn =
+        put(conn, Routes.user_settings_path(conn, :update), %{
+          "action" => "update_email",
+          "current_password" => "invalid",
+          "user" => %{"email" => "with spaces"}
+        })
+
+      response = html_response(conn, 200)
+      assert response =~ "<h1>Settings</h1>"
+      assert response =~ "must have the @ sign and no spaces"
+      assert response =~ "is not valid"
+    end
+  end
+
+  describe "GET /users/settings/confirm_email/:token" do
+    setup %{user: user} do
+      email = unique_user_email()
+
+      token =
+        extract_user_token(fn url ->
+          Accounts.deliver_update_email_instructions(%{user | email: email}, user.email, url)
+        end)
+
+      %{token: token, email: email}
+    end
+
+    test "updates the user email once", %{conn: conn, user: user, token: token, email: email} do
+      conn = get(conn, Routes.user_settings_path(conn, :confirm_email, token))
+      assert redirected_to(conn) == Routes.user_settings_path(conn, :edit)
+      assert get_flash(conn, :info) =~ "Email changed successfully"
+      refute Accounts.get_user_by_email(user.email)
+      assert Accounts.get_user_by_email(email)
+
+      conn = get(conn, Routes.user_settings_path(conn, :confirm_email, token))
+      assert redirected_to(conn) == Routes.user_settings_path(conn, :edit)
+      assert get_flash(conn, :error) =~ "Email change link is invalid or it has expired"
+    end
+
+    test "does not update email with invalid token", %{conn: conn, user: user} do
+      conn = get(conn, Routes.user_settings_path(conn, :confirm_email, "oops"))
+      assert redirected_to(conn) == Routes.user_settings_path(conn, :edit)
+      assert get_flash(conn, :error) =~ "Email change link is invalid or it has expired"
+      assert Accounts.get_user_by_email(user.email)
+    end
+
+    test "redirects if user is not logged in", %{token: token} do
+      conn = build_conn()
+      conn = get(conn, Routes.user_settings_path(conn, :confirm_email, token))
+      assert redirected_to(conn) == Routes.user_session_path(conn, :new)
+    end
+  end
+end
diff --git a/test/aggiedit_web/views/error_view_test.exs b/test/aggiedit_web/views/error_view_test.exs
new file mode 100644
index 0000000..32ef690
--- /dev/null
+++ b/test/aggiedit_web/views/error_view_test.exs
@@ -0,0 +1,14 @@
+defmodule AggieditWeb.ErrorViewTest do
+  use AggieditWeb.ConnCase, async: true
+
+  # Bring render/3 and render_to_string/3 for testing custom views
+  import Phoenix.View
+
+  test "renders 404.html" do
+    assert render_to_string(AggieditWeb.ErrorView, "404.html", []) == "Not Found"
+  end
+
+  test "renders 500.html" do
+    assert render_to_string(AggieditWeb.ErrorView, "500.html", []) == "Internal Server Error"
+  end
+end
diff --git a/test/aggiedit_web/views/layout_view_test.exs b/test/aggiedit_web/views/layout_view_test.exs
new file mode 100644
index 0000000..0311580
--- /dev/null
+++ b/test/aggiedit_web/views/layout_view_test.exs
@@ -0,0 +1,8 @@
+defmodule AggieditWeb.LayoutViewTest do
+  use AggieditWeb.ConnCase, async: true
+
+  # When testing helpers, you may want to import Phoenix.HTML and
+  # use functions such as safe_to_string() to convert the helper
+  # result into an HTML string.
+  # import Phoenix.HTML
+end
diff --git a/test/aggiedit_web/views/page_view_test.exs b/test/aggiedit_web/views/page_view_test.exs
new file mode 100644
index 0000000..0c63680
--- /dev/null
+++ b/test/aggiedit_web/views/page_view_test.exs
@@ -0,0 +1,3 @@
+defmodule AggieditWeb.PageViewTest do
+  use AggieditWeb.ConnCase, async: true
+end
diff --git a/test/support/channel_case.ex b/test/support/channel_case.ex
new file mode 100644
index 0000000..3afe09b
--- /dev/null
+++ b/test/support/channel_case.ex
@@ -0,0 +1,36 @@
+defmodule AggieditWeb.ChannelCase do
+  @moduledoc """
+  This module defines the test case to be used by
+  channel tests.
+
+  Such tests rely on `Phoenix.ChannelTest` and also
+  import other functionality to make it easier
+  to build common data structures and query the data layer.
+
+  Finally, if the test case interacts with the database,
+  we enable the SQL sandbox, so changes done to the database
+  are reverted at the end of every test. If you are using
+  PostgreSQL, you can even run database tests asynchronously
+  by setting `use AggieditWeb.ChannelCase, async: true`, although
+  this option is not recommended for other databases.
+  """
+
+  use ExUnit.CaseTemplate
+
+  using do
+    quote do
+      # Import conveniences for testing with channels
+      import Phoenix.ChannelTest
+      import AggieditWeb.ChannelCase
+
+      # The default endpoint for testing
+      @endpoint AggieditWeb.Endpoint
+    end
+  end
+
+  setup tags do
+    pid = Ecto.Adapters.SQL.Sandbox.start_owner!(Aggiedit.Repo, shared: not tags[:async])
+    on_exit(fn -> Ecto.Adapters.SQL.Sandbox.stop_owner(pid) end)
+    :ok
+  end
+end
diff --git a/test/support/conn_case.ex b/test/support/conn_case.ex
new file mode 100644
index 0000000..03f5170
--- /dev/null
+++ b/test/support/conn_case.ex
@@ -0,0 +1,65 @@
+defmodule AggieditWeb.ConnCase do
+  @moduledoc """
+  This module defines the test case to be used by
+  tests that require setting up a connection.
+
+  Such tests rely on `Phoenix.ConnTest` and also
+  import other functionality to make it easier
+  to build common data structures and query the data layer.
+
+  Finally, if the test case interacts with the database,
+  we enable the SQL sandbox, so changes done to the database
+  are reverted at the end of every test. If you are using
+  PostgreSQL, you can even run database tests asynchronously
+  by setting `use AggieditWeb.ConnCase, async: true`, although
+  this option is not recommended for other databases.
+  """
+
+  use ExUnit.CaseTemplate
+
+  using do
+    quote do
+      # Import conveniences for testing with connections
+      import Plug.Conn
+      import Phoenix.ConnTest
+      import AggieditWeb.ConnCase
+
+      alias AggieditWeb.Router.Helpers, as: Routes
+
+      # The default endpoint for testing
+      @endpoint AggieditWeb.Endpoint
+    end
+  end
+
+  setup tags do
+    pid = Ecto.Adapters.SQL.Sandbox.start_owner!(Aggiedit.Repo, shared: not tags[:async])
+    on_exit(fn -> Ecto.Adapters.SQL.Sandbox.stop_owner(pid) end)
+    {:ok, conn: Phoenix.ConnTest.build_conn()}
+  end
+
+  @doc """
+  Setup helper that registers and logs in users.
+
+      setup :register_and_log_in_user
+
+  It stores an updated connection and a registered user in the
+  test context.
+  """
+  def register_and_log_in_user(%{conn: conn}) do
+    user = Aggiedit.AccountsFixtures.user_fixture()
+    %{conn: log_in_user(conn, user), user: user}
+  end
+
+  @doc """
+  Logs the given `user` into the `conn`.
+
+  It returns an updated `conn`.
+  """
+  def log_in_user(conn, user) do
+    token = Aggiedit.Accounts.generate_user_session_token(user)
+
+    conn
+    |> Phoenix.ConnTest.init_test_session(%{})
+    |> Plug.Conn.put_session(:user_token, token)
+  end
+end
diff --git a/test/support/data_case.ex b/test/support/data_case.ex
new file mode 100644
index 0000000..7718d18
--- /dev/null
+++ b/test/support/data_case.ex
@@ -0,0 +1,51 @@
+defmodule Aggiedit.DataCase do
+  @moduledoc """
+  This module defines the setup for tests requiring
+  access to the application's data layer.
+
+  You may define functions here to be used as helpers in
+  your tests.
+
+  Finally, if the test case interacts with the database,
+  we enable the SQL sandbox, so changes done to the database
+  are reverted at the end of every test. If you are using
+  PostgreSQL, you can even run database tests asynchronously
+  by setting `use Aggiedit.DataCase, async: true`, although
+  this option is not recommended for other databases.
+  """
+
+  use ExUnit.CaseTemplate
+
+  using do
+    quote do
+      alias Aggiedit.Repo
+
+      import Ecto
+      import Ecto.Changeset
+      import Ecto.Query
+      import Aggiedit.DataCase
+    end
+  end
+
+  setup tags do
+    pid = Ecto.Adapters.SQL.Sandbox.start_owner!(Aggiedit.Repo, shared: not tags[:async])
+    on_exit(fn -> Ecto.Adapters.SQL.Sandbox.stop_owner(pid) end)
+    :ok
+  end
+
+  @doc """
+  A helper that transforms changeset errors into a map of messages.
+
+      assert {:error, changeset} = Accounts.create_user(%{password: "short"})
+      assert "password is too short" in errors_on(changeset).password
+      assert %{password: ["password is too short"]} = errors_on(changeset)
+
+  """
+  def errors_on(changeset) do
+    Ecto.Changeset.traverse_errors(changeset, fn {message, opts} ->
+      Regex.replace(~r"%{(\w+)}", message, fn _, key ->
+        opts |> Keyword.get(String.to_existing_atom(key), key) |> to_string()
+      end)
+    end)
+  end
+end
diff --git a/test/support/fixtures/accounts_fixtures.ex b/test/support/fixtures/accounts_fixtures.ex
new file mode 100644
index 0000000..0ce0fdf
--- /dev/null
+++ b/test/support/fixtures/accounts_fixtures.ex
@@ -0,0 +1,31 @@
+defmodule Aggiedit.AccountsFixtures do
+  @moduledoc """
+  This module defines test helpers for creating
+  entities via the `Aggiedit.Accounts` context.
+  """
+
+  def unique_user_email, do: "user#{System.unique_integer()}@example.com"
+  def valid_user_password, do: "hello world!"
+
+  def valid_user_attributes(attrs \\ %{}) do
+    Enum.into(attrs, %{
+      email: unique_user_email(),
+      password: valid_user_password()
+    })
+  end
+
+  def user_fixture(attrs \\ %{}) do
+    {:ok, user} =
+      attrs
+      |> valid_user_attributes()
+      |> Aggiedit.Accounts.register_user()
+
+    user
+  end
+
+  def extract_user_token(fun) do
+    {:ok, captured_email} = fun.(&"[TOKEN]#{&1}[TOKEN]")
+    [_, token | _] = String.split(captured_email.text_body, "[TOKEN]")
+    token
+  end
+end
diff --git a/test/support/fixtures/rooms_fixtures.ex b/test/support/fixtures/rooms_fixtures.ex
new file mode 100644
index 0000000..fd5671e
--- /dev/null
+++ b/test/support/fixtures/rooms_fixtures.ex
@@ -0,0 +1,20 @@
+defmodule Aggiedit.RoomsFixtures do
+  @moduledoc """
+  This module defines test helpers for creating
+  entities via the `Aggiedit.Rooms` context.
+  """
+
+  @doc """
+  Generate a room.
+  """
+  def room_fixture(attrs \\ %{}) do
+    {:ok, room} =
+      attrs
+      |> Enum.into(%{
+        domain: "some domain"
+      })
+      |> Aggiedit.Rooms.create_room()
+
+    room
+  end
+end
diff --git a/test/test_helper.exs b/test/test_helper.exs
new file mode 100644
index 0000000..0321594
--- /dev/null
+++ b/test/test_helper.exs
@@ -0,0 +1,2 @@
+ExUnit.start()
+Ecto.Adapters.SQL.Sandbox.mode(Aggiedit.Repo, :manual)