diff options
Diffstat (limited to 'test')
18 files changed, 1474 insertions, 0 deletions
diff --git a/test/aggiedit/accounts_test.exs b/test/aggiedit/accounts_test.exs new file mode 100644 index 0000000..0c1f38f --- /dev/null +++ b/test/aggiedit/accounts_test.exs @@ -0,0 +1,508 @@ +defmodule Aggiedit.AccountsTest do + use Aggiedit.DataCase + + alias Aggiedit.Accounts + + import Aggiedit.AccountsFixtures + alias Aggiedit.Accounts.{User, UserToken} + + describe "get_user_by_email/1" do + test "does not return the user if the email does not exist" do + refute Accounts.get_user_by_email("unknown@example.com") + end + + test "returns the user if the email exists" do + %{id: id} = user = user_fixture() + assert %User{id: ^id} = Accounts.get_user_by_email(user.email) + end + end + + describe "get_user_by_email_and_password/2" do + test "does not return the user if the email does not exist" do + refute Accounts.get_user_by_email_and_password("unknown@example.com", "hello world!") + end + + test "does not return the user if the password is not valid" do + user = user_fixture() + refute Accounts.get_user_by_email_and_password(user.email, "invalid") + end + + test "returns the user if the email and password are valid" do + %{id: id} = user = user_fixture() + + assert %User{id: ^id} = + Accounts.get_user_by_email_and_password(user.email, valid_user_password()) + end + end + + describe "get_user!/1" do + test "raises if id is invalid" do + assert_raise Ecto.NoResultsError, fn -> + Accounts.get_user!(-1) + end + end + + test "returns the user with the given id" do + %{id: id} = user = user_fixture() + assert %User{id: ^id} = Accounts.get_user!(user.id) + end + end + + describe "register_user/1" do + test "requires email and password to be set" do + {:error, changeset} = Accounts.register_user(%{}) + + assert %{ + password: ["can't be blank"], + email: ["can't be blank"] + } = errors_on(changeset) + end + + test "validates email and password when given" do + {:error, changeset} = Accounts.register_user(%{email: "not valid", password: "not valid"}) + + assert %{ + email: ["must have the @ sign and no spaces"], + password: ["should be at least 12 character(s)"] + } = errors_on(changeset) + end + + test "validates maximum values for email and password for security" do + too_long = String.duplicate("db", 100) + {:error, changeset} = Accounts.register_user(%{email: too_long, password: too_long}) + assert "should be at most 160 character(s)" in errors_on(changeset).email + assert "should be at most 72 character(s)" in errors_on(changeset).password + end + + test "validates email uniqueness" do + %{email: email} = user_fixture() + {:error, changeset} = Accounts.register_user(%{email: email}) + assert "has already been taken" in errors_on(changeset).email + + # Now try with the upper cased email too, to check that email case is ignored. + {:error, changeset} = Accounts.register_user(%{email: String.upcase(email)}) + assert "has already been taken" in errors_on(changeset).email + end + + test "registers users with a hashed password" do + email = unique_user_email() + {:ok, user} = Accounts.register_user(valid_user_attributes(email: email)) + assert user.email == email + assert is_binary(user.hashed_password) + assert is_nil(user.confirmed_at) + assert is_nil(user.password) + end + end + + describe "change_user_registration/2" do + test "returns a changeset" do + assert %Ecto.Changeset{} = changeset = Accounts.change_user_registration(%User{}) + assert changeset.required == [:password, :email] + end + + test "allows fields to be set" do + email = unique_user_email() + password = valid_user_password() + + changeset = + Accounts.change_user_registration( + %User{}, + valid_user_attributes(email: email, password: password) + ) + + assert changeset.valid? + assert get_change(changeset, :email) == email + assert get_change(changeset, :password) == password + assert is_nil(get_change(changeset, :hashed_password)) + end + end + + describe "change_user_email/2" do + test "returns a user changeset" do + assert %Ecto.Changeset{} = changeset = Accounts.change_user_email(%User{}) + assert changeset.required == [:email] + end + end + + describe "apply_user_email/3" do + setup do + %{user: user_fixture()} + end + + test "requires email to change", %{user: user} do + {:error, changeset} = Accounts.apply_user_email(user, valid_user_password(), %{}) + assert %{email: ["did not change"]} = errors_on(changeset) + end + + test "validates email", %{user: user} do + {:error, changeset} = + Accounts.apply_user_email(user, valid_user_password(), %{email: "not valid"}) + + assert %{email: ["must have the @ sign and no spaces"]} = errors_on(changeset) + end + + test "validates maximum value for email for security", %{user: user} do + too_long = String.duplicate("db", 100) + + {:error, changeset} = + Accounts.apply_user_email(user, valid_user_password(), %{email: too_long}) + + assert "should be at most 160 character(s)" in errors_on(changeset).email + end + + test "validates email uniqueness", %{user: user} do + %{email: email} = user_fixture() + + {:error, changeset} = + Accounts.apply_user_email(user, valid_user_password(), %{email: email}) + + assert "has already been taken" in errors_on(changeset).email + end + + test "validates current password", %{user: user} do + {:error, changeset} = + Accounts.apply_user_email(user, "invalid", %{email: unique_user_email()}) + + assert %{current_password: ["is not valid"]} = errors_on(changeset) + end + + test "applies the email without persisting it", %{user: user} do + email = unique_user_email() + {:ok, user} = Accounts.apply_user_email(user, valid_user_password(), %{email: email}) + assert user.email == email + assert Accounts.get_user!(user.id).email != email + end + end + + describe "deliver_update_email_instructions/3" do + setup do + %{user: user_fixture()} + end + + test "sends token through notification", %{user: user} do + token = + extract_user_token(fn url -> + Accounts.deliver_update_email_instructions(user, "current@example.com", url) + end) + + {:ok, token} = Base.url_decode64(token, padding: false) + assert user_token = Repo.get_by(UserToken, token: :crypto.hash(:sha256, token)) + assert user_token.user_id == user.id + assert user_token.sent_to == user.email + assert user_token.context == "change:current@example.com" + end + end + + describe "update_user_email/2" do + setup do + user = user_fixture() + email = unique_user_email() + + token = + extract_user_token(fn url -> + Accounts.deliver_update_email_instructions(%{user | email: email}, user.email, url) + end) + + %{user: user, token: token, email: email} + end + + test "updates the email with a valid token", %{user: user, token: token, email: email} do + assert Accounts.update_user_email(user, token) == :ok + changed_user = Repo.get!(User, user.id) + assert changed_user.email != user.email + assert changed_user.email == email + assert changed_user.confirmed_at + assert changed_user.confirmed_at != user.confirmed_at + refute Repo.get_by(UserToken, user_id: user.id) + end + + test "does not update email with invalid token", %{user: user} do + assert Accounts.update_user_email(user, "oops") == :error + assert Repo.get!(User, user.id).email == user.email + assert Repo.get_by(UserToken, user_id: user.id) + end + + test "does not update email if user email changed", %{user: user, token: token} do + assert Accounts.update_user_email(%{user | email: "current@example.com"}, token) == :error + assert Repo.get!(User, user.id).email == user.email + assert Repo.get_by(UserToken, user_id: user.id) + end + + test "does not update email if token expired", %{user: user, token: token} do + {1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]]) + assert Accounts.update_user_email(user, token) == :error + assert Repo.get!(User, user.id).email == user.email + assert Repo.get_by(UserToken, user_id: user.id) + end + end + + describe "change_user_password/2" do + test "returns a user changeset" do + assert %Ecto.Changeset{} = changeset = Accounts.change_user_password(%User{}) + assert changeset.required == [:password] + end + + test "allows fields to be set" do + changeset = + Accounts.change_user_password(%User{}, %{ + "password" => "new valid password" + }) + + assert changeset.valid? + assert get_change(changeset, :password) == "new valid password" + assert is_nil(get_change(changeset, :hashed_password)) + end + end + + describe "update_user_password/3" do + setup do + %{user: user_fixture()} + end + + test "validates password", %{user: user} do + {:error, changeset} = + Accounts.update_user_password(user, valid_user_password(), %{ + password: "not valid", + password_confirmation: "another" + }) + + assert %{ + password: ["should be at least 12 character(s)"], + password_confirmation: ["does not match password"] + } = errors_on(changeset) + end + + test "validates maximum values for password for security", %{user: user} do + too_long = String.duplicate("db", 100) + + {:error, changeset} = + Accounts.update_user_password(user, valid_user_password(), %{password: too_long}) + + assert "should be at most 72 character(s)" in errors_on(changeset).password + end + + test "validates current password", %{user: user} do + {:error, changeset} = + Accounts.update_user_password(user, "invalid", %{password: valid_user_password()}) + + assert %{current_password: ["is not valid"]} = errors_on(changeset) + end + + test "updates the password", %{user: user} do + {:ok, user} = + Accounts.update_user_password(user, valid_user_password(), %{ + password: "new valid password" + }) + + assert is_nil(user.password) + assert Accounts.get_user_by_email_and_password(user.email, "new valid password") + end + + test "deletes all tokens for the given user", %{user: user} do + _ = Accounts.generate_user_session_token(user) + + {:ok, _} = + Accounts.update_user_password(user, valid_user_password(), %{ + password: "new valid password" + }) + + refute Repo.get_by(UserToken, user_id: user.id) + end + end + + describe "generate_user_session_token/1" do + setup do + %{user: user_fixture()} + end + + test "generates a token", %{user: user} do + token = Accounts.generate_user_session_token(user) + assert user_token = Repo.get_by(UserToken, token: token) + assert user_token.context == "session" + + # Creating the same token for another user should fail + assert_raise Ecto.ConstraintError, fn -> + Repo.insert!(%UserToken{ + token: user_token.token, + user_id: user_fixture().id, + context: "session" + }) + end + end + end + + describe "get_user_by_session_token/1" do + setup do + user = user_fixture() + token = Accounts.generate_user_session_token(user) + %{user: user, token: token} + end + + test "returns user by token", %{user: user, token: token} do + assert session_user = Accounts.get_user_by_session_token(token) + assert session_user.id == user.id + end + + test "does not return user for invalid token" do + refute Accounts.get_user_by_session_token("oops") + end + + test "does not return user for expired token", %{token: token} do + {1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]]) + refute Accounts.get_user_by_session_token(token) + end + end + + describe "delete_session_token/1" do + test "deletes the token" do + user = user_fixture() + token = Accounts.generate_user_session_token(user) + assert Accounts.delete_session_token(token) == :ok + refute Accounts.get_user_by_session_token(token) + end + end + + describe "deliver_user_confirmation_instructions/2" do + setup do + %{user: user_fixture()} + end + + test "sends token through notification", %{user: user} do + token = + extract_user_token(fn url -> + Accounts.deliver_user_confirmation_instructions(user, url) + end) + + {:ok, token} = Base.url_decode64(token, padding: false) + assert user_token = Repo.get_by(UserToken, token: :crypto.hash(:sha256, token)) + assert user_token.user_id == user.id + assert user_token.sent_to == user.email + assert user_token.context == "confirm" + end + end + + describe "confirm_user/1" do + setup do + user = user_fixture() + + token = + extract_user_token(fn url -> + Accounts.deliver_user_confirmation_instructions(user, url) + end) + + %{user: user, token: token} + end + + test "confirms the email with a valid token", %{user: user, token: token} do + assert {:ok, confirmed_user} = Accounts.confirm_user(token) + assert confirmed_user.confirmed_at + assert confirmed_user.confirmed_at != user.confirmed_at + assert Repo.get!(User, user.id).confirmed_at + refute Repo.get_by(UserToken, user_id: user.id) + end + + test "does not confirm with invalid token", %{user: user} do + assert Accounts.confirm_user("oops") == :error + refute Repo.get!(User, user.id).confirmed_at + assert Repo.get_by(UserToken, user_id: user.id) + end + + test "does not confirm email if token expired", %{user: user, token: token} do + {1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]]) + assert Accounts.confirm_user(token) == :error + refute Repo.get!(User, user.id).confirmed_at + assert Repo.get_by(UserToken, user_id: user.id) + end + end + + describe "deliver_user_reset_password_instructions/2" do + setup do + %{user: user_fixture()} + end + + test "sends token through notification", %{user: user} do + token = + extract_user_token(fn url -> + Accounts.deliver_user_reset_password_instructions(user, url) + end) + + {:ok, token} = Base.url_decode64(token, padding: false) + assert user_token = Repo.get_by(UserToken, token: :crypto.hash(:sha256, token)) + assert user_token.user_id == user.id + assert user_token.sent_to == user.email + assert user_token.context == "reset_password" + end + end + + describe "get_user_by_reset_password_token/1" do + setup do + user = user_fixture() + + token = + extract_user_token(fn url -> + Accounts.deliver_user_reset_password_instructions(user, url) + end) + + %{user: user, token: token} + end + + test "returns the user with valid token", %{user: %{id: id}, token: token} do + assert %User{id: ^id} = Accounts.get_user_by_reset_password_token(token) + assert Repo.get_by(UserToken, user_id: id) + end + + test "does not return the user with invalid token", %{user: user} do + refute Accounts.get_user_by_reset_password_token("oops") + assert Repo.get_by(UserToken, user_id: user.id) + end + + test "does not return the user if token expired", %{user: user, token: token} do + {1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]]) + refute Accounts.get_user_by_reset_password_token(token) + assert Repo.get_by(UserToken, user_id: user.id) + end + end + + describe "reset_user_password/2" do + setup do + %{user: user_fixture()} + end + + test "validates password", %{user: user} do + {:error, changeset} = + Accounts.reset_user_password(user, %{ + password: "not valid", + password_confirmation: "another" + }) + + assert %{ + password: ["should be at least 12 character(s)"], + password_confirmation: ["does not match password"] + } = errors_on(changeset) + end + + test "validates maximum values for password for security", %{user: user} do + too_long = String.duplicate("db", 100) + {:error, changeset} = Accounts.reset_user_password(user, %{password: too_long}) + assert "should be at most 72 character(s)" in errors_on(changeset).password + end + + test "updates the password", %{user: user} do + {:ok, updated_user} = Accounts.reset_user_password(user, %{password: "new valid password"}) + assert is_nil(updated_user.password) + assert Accounts.get_user_by_email_and_password(user.email, "new valid password") + end + + test "deletes all tokens for the given user", %{user: user} do + _ = Accounts.generate_user_session_token(user) + {:ok, _} = Accounts.reset_user_password(user, %{password: "new valid password"}) + refute Repo.get_by(UserToken, user_id: user.id) + end + end + + describe "inspect/2" do + test "does not include password" do + refute inspect(%User{password: "123456"}) =~ "password: \"123456\"" + end + end +end diff --git a/test/aggiedit/rooms_test.exs b/test/aggiedit/rooms_test.exs new file mode 100644 index 0000000..2a270e6 --- /dev/null +++ b/test/aggiedit/rooms_test.exs @@ -0,0 +1,59 @@ +defmodule Aggiedit.RoomsTest do + use Aggiedit.DataCase + + alias Aggiedit.Rooms + + describe "rooms" do + alias Aggiedit.Rooms.Room + + import Aggiedit.RoomsFixtures + + @invalid_attrs %{domain: nil} + + test "list_rooms/0 returns all rooms" do + room = room_fixture() + assert Rooms.list_rooms() == [room] + end + + test "get_room!/1 returns the room with given id" do + room = room_fixture() + assert Rooms.get_room!(room.id) == room + end + + test "create_room/1 with valid data creates a room" do + valid_attrs = %{domain: "some domain"} + + assert {:ok, %Room{} = room} = Rooms.create_room(valid_attrs) + assert room.domain == "some domain" + end + + test "create_room/1 with invalid data returns error changeset" do + assert {:error, %Ecto.Changeset{}} = Rooms.create_room(@invalid_attrs) + end + + test "update_room/2 with valid data updates the room" do + room = room_fixture() + update_attrs = %{domain: "some updated domain"} + + assert {:ok, %Room{} = room} = Rooms.update_room(room, update_attrs) + assert room.domain == "some updated domain" + end + + test "update_room/2 with invalid data returns error changeset" do + room = room_fixture() + assert {:error, %Ecto.Changeset{}} = Rooms.update_room(room, @invalid_attrs) + assert room == Rooms.get_room!(room.id) + end + + test "delete_room/1 deletes the room" do + room = room_fixture() + assert {:ok, %Room{}} = Rooms.delete_room(room) + assert_raise Ecto.NoResultsError, fn -> Rooms.get_room!(room.id) end + end + + test "change_room/1 returns a room changeset" do + room = room_fixture() + assert %Ecto.Changeset{} = Rooms.change_room(room) + end + end +end diff --git a/test/aggiedit_web/controllers/page_controller_test.exs b/test/aggiedit_web/controllers/page_controller_test.exs new file mode 100644 index 0000000..4819f82 --- /dev/null +++ b/test/aggiedit_web/controllers/page_controller_test.exs @@ -0,0 +1,8 @@ +defmodule AggieditWeb.PageControllerTest do + use AggieditWeb.ConnCase + + test "GET /", %{conn: conn} do + conn = get(conn, "/") + assert html_response(conn, 200) =~ "Welcome to Phoenix!" + end +end diff --git a/test/aggiedit_web/controllers/user_auth_test.exs b/test/aggiedit_web/controllers/user_auth_test.exs new file mode 100644 index 0000000..6b3748e --- /dev/null +++ b/test/aggiedit_web/controllers/user_auth_test.exs @@ -0,0 +1,170 @@ +defmodule AggieditWeb.UserAuthTest do + use AggieditWeb.ConnCase, async: true + + alias Aggiedit.Accounts + alias AggieditWeb.UserAuth + import Aggiedit.AccountsFixtures + + @remember_me_cookie "_aggiedit_web_user_remember_me" + + setup %{conn: conn} do + conn = + conn + |> Map.replace!(:secret_key_base, AggieditWeb.Endpoint.config(:secret_key_base)) + |> init_test_session(%{}) + + %{user: user_fixture(), conn: conn} + end + + describe "log_in_user/3" do + test "stores the user token in the session", %{conn: conn, user: user} do + conn = UserAuth.log_in_user(conn, user) + assert token = get_session(conn, :user_token) + assert get_session(conn, :live_socket_id) == "users_sessions:#{Base.url_encode64(token)}" + assert redirected_to(conn) == "/" + assert Accounts.get_user_by_session_token(token) + end + + test "clears everything previously stored in the session", %{conn: conn, user: user} do + conn = conn |> put_session(:to_be_removed, "value") |> UserAuth.log_in_user(user) + refute get_session(conn, :to_be_removed) + end + + test "redirects to the configured path", %{conn: conn, user: user} do + conn = conn |> put_session(:user_return_to, "/hello") |> UserAuth.log_in_user(user) + assert redirected_to(conn) == "/hello" + end + + test "writes a cookie if remember_me is configured", %{conn: conn, user: user} do + conn = conn |> fetch_cookies() |> UserAuth.log_in_user(user, %{"remember_me" => "true"}) + assert get_session(conn, :user_token) == conn.cookies[@remember_me_cookie] + + assert %{value: signed_token, max_age: max_age} = conn.resp_cookies[@remember_me_cookie] + assert signed_token != get_session(conn, :user_token) + assert max_age == 5_184_000 + end + end + + describe "logout_user/1" do + test "erases session and cookies", %{conn: conn, user: user} do + user_token = Accounts.generate_user_session_token(user) + + conn = + conn + |> put_session(:user_token, user_token) + |> put_req_cookie(@remember_me_cookie, user_token) + |> fetch_cookies() + |> UserAuth.log_out_user() + + refute get_session(conn, :user_token) + refute conn.cookies[@remember_me_cookie] + assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie] + assert redirected_to(conn) == "/" + refute Accounts.get_user_by_session_token(user_token) + end + + test "broadcasts to the given live_socket_id", %{conn: conn} do + live_socket_id = "users_sessions:abcdef-token" + AggieditWeb.Endpoint.subscribe(live_socket_id) + + conn + |> put_session(:live_socket_id, live_socket_id) + |> UserAuth.log_out_user() + + assert_receive %Phoenix.Socket.Broadcast{event: "disconnect", topic: ^live_socket_id} + end + + test "works even if user is already logged out", %{conn: conn} do + conn = conn |> fetch_cookies() |> UserAuth.log_out_user() + refute get_session(conn, :user_token) + assert %{max_age: 0} = conn.resp_cookies[@remember_me_cookie] + assert redirected_to(conn) == "/" + end + end + + describe "fetch_current_user/2" do + test "authenticates user from session", %{conn: conn, user: user} do + user_token = Accounts.generate_user_session_token(user) + conn = conn |> put_session(:user_token, user_token) |> UserAuth.fetch_current_user([]) + assert conn.assigns.current_user.id == user.id + end + + test "authenticates user from cookies", %{conn: conn, user: user} do + logged_in_conn = + conn |> fetch_cookies() |> UserAuth.log_in_user(user, %{"remember_me" => "true"}) + + user_token = logged_in_conn.cookies[@remember_me_cookie] + %{value: signed_token} = logged_in_conn.resp_cookies[@remember_me_cookie] + + conn = + conn + |> put_req_cookie(@remember_me_cookie, signed_token) + |> UserAuth.fetch_current_user([]) + + assert get_session(conn, :user_token) == user_token + assert conn.assigns.current_user.id == user.id + end + + test "does not authenticate if data is missing", %{conn: conn, user: user} do + _ = Accounts.generate_user_session_token(user) + conn = UserAuth.fetch_current_user(conn, []) + refute get_session(conn, :user_token) + refute conn.assigns.current_user + end + end + + describe "redirect_if_user_is_authenticated/2" do + test "redirects if user is authenticated", %{conn: conn, user: user} do + conn = conn |> assign(:current_user, user) |> UserAuth.redirect_if_user_is_authenticated([]) + assert conn.halted + assert redirected_to(conn) == "/" + end + + test "does not redirect if user is not authenticated", %{conn: conn} do + conn = UserAuth.redirect_if_user_is_authenticated(conn, []) + refute conn.halted + refute conn.status + end + end + + describe "require_authenticated_user/2" do + test "redirects if user is not authenticated", %{conn: conn} do + conn = conn |> fetch_flash() |> UserAuth.require_authenticated_user([]) + assert conn.halted + assert redirected_to(conn) == Routes.user_session_path(conn, :new) + assert get_flash(conn, :error) == "You must log in to access this page." + end + + test "stores the path to redirect to on GET", %{conn: conn} do + halted_conn = + %{conn | path_info: ["foo"], query_string: ""} + |> fetch_flash() + |> UserAuth.require_authenticated_user([]) + + assert halted_conn.halted + assert get_session(halted_conn, :user_return_to) == "/foo" + + halted_conn = + %{conn | path_info: ["foo"], query_string: "bar=baz"} + |> fetch_flash() + |> UserAuth.require_authenticated_user([]) + + assert halted_conn.halted + assert get_session(halted_conn, :user_return_to) == "/foo?bar=baz" + + halted_conn = + %{conn | path_info: ["foo"], query_string: "bar", method: "POST"} + |> fetch_flash() + |> UserAuth.require_authenticated_user([]) + + assert halted_conn.halted + refute get_session(halted_conn, :user_return_to) + end + + test "does not redirect if user is authenticated", %{conn: conn, user: user} do + conn = conn |> assign(:current_user, user) |> UserAuth.require_authenticated_user([]) + refute conn.halted + refute conn.status + end + end +end diff --git a/test/aggiedit_web/controllers/user_confirmation_controller_test.exs b/test/aggiedit_web/controllers/user_confirmation_controller_test.exs new file mode 100644 index 0000000..4209ca1 --- /dev/null +++ b/test/aggiedit_web/controllers/user_confirmation_controller_test.exs @@ -0,0 +1,105 @@ +defmodule AggieditWeb.UserConfirmationControllerTest do + use AggieditWeb.ConnCase, async: true + + alias Aggiedit.Accounts + alias Aggiedit.Repo + import Aggiedit.AccountsFixtures + + setup do + %{user: user_fixture()} + end + + describe "GET /users/confirm" do + test "renders the resend confirmation page", %{conn: conn} do + conn = get(conn, Routes.user_confirmation_path(conn, :new)) + response = html_response(conn, 200) + assert response =~ "<h1>Resend confirmation instructions</h1>" + end + end + + describe "POST /users/confirm" do + @tag :capture_log + test "sends a new confirmation token", %{conn: conn, user: user} do + conn = + post(conn, Routes.user_confirmation_path(conn, :create), %{ + "user" => %{"email" => user.email} + }) + + assert redirected_to(conn) == "/" + assert get_flash(conn, :info) =~ "If your email is in our system" + assert Repo.get_by!(Accounts.UserToken, user_id: user.id).context == "confirm" + end + + test "does not send confirmation token if User is confirmed", %{conn: conn, user: user} do + Repo.update!(Accounts.User.confirm_changeset(user)) + + conn = + post(conn, Routes.user_confirmation_path(conn, :create), %{ + "user" => %{"email" => user.email} + }) + + assert redirected_to(conn) == "/" + assert get_flash(conn, :info) =~ "If your email is in our system" + refute Repo.get_by(Accounts.UserToken, user_id: user.id) + end + + test "does not send confirmation token if email is invalid", %{conn: conn} do + conn = + post(conn, Routes.user_confirmation_path(conn, :create), %{ + "user" => %{"email" => "unknown@example.com"} + }) + + assert redirected_to(conn) == "/" + assert get_flash(conn, :info) =~ "If your email is in our system" + assert Repo.all(Accounts.UserToken) == [] + end + end + + describe "GET /users/confirm/:token" do + test "renders the confirmation page", %{conn: conn} do + conn = get(conn, Routes.user_confirmation_path(conn, :edit, "some-token")) + response = html_response(conn, 200) + assert response =~ "<h1>Confirm account</h1>" + + form_action = Routes.user_confirmation_path(conn, :update, "some-token") + assert response =~ "action=\"#{form_action}\"" + end + end + + describe "POST /users/confirm/:token" do + test "confirms the given token once", %{conn: conn, user: user} do + token = + extract_user_token(fn url -> + Accounts.deliver_user_confirmation_instructions(user, url) + end) + + conn = post(conn, Routes.user_confirmation_path(conn, :update, token)) + assert redirected_to(conn) == "/" + assert get_flash(conn, :info) =~ "User confirmed successfully" + assert Accounts.get_user!(user.id).confirmed_at + refute get_session(conn, :user_token) + assert Repo.all(Accounts.UserToken) == [] + + # When not logged in + conn = post(conn, Routes.user_confirmation_path(conn, :update, token)) + assert redirected_to(conn) == "/" + assert get_flash(conn, :error) =~ "User confirmation link is invalid or it has expired" + + # When logged in + conn = + build_conn() + |> log_in_user(user) + |> post(Routes.user_confirmation_path(conn, :update, token)) + + assert redirected_to(conn) == "/" + refute get_flash(conn, :error) + end + + test "does not confirm email with invalid token", %{conn: conn, user: user} do + conn = post(conn, Routes.user_confirmation_path(conn, :update, "oops")) + assert redirected_to(conn) == "/" + assert get_flash(conn, :error) =~ "User confirmation link is invalid or it has expired" + refute Accounts.get_user!(user.id).confirmed_at + end + end +end diff --git a/test/aggiedit_web/controllers/user_registration_controller_test.exs b/test/aggiedit_web/controllers/user_registration_controller_test.exs new file mode 100644 index 0000000..d323828 --- /dev/null +++ b/test/aggiedit_web/controllers/user_registration_controller_test.exs @@ -0,0 +1,54 @@ +defmodule AggieditWeb.UserRegistrationControllerTest do + use AggieditWeb.ConnCase, async: true + + import Aggiedit.AccountsFixtures + + describe "GET /users/register" do + test "renders registration page", %{conn: conn} do + conn = get(conn, Routes.user_registration_path(conn, :new)) + response = html_response(conn, 200) + assert response =~ "<h1>Register</h1>" + assert response =~ "Log in</a>" + assert response =~ "Register</a>" + end + + test "redirects if already logged in", %{conn: conn} do + conn = conn |> log_in_user(user_fixture()) |> get(Routes.user_registration_path(conn, :new)) + assert redirected_to(conn) == "/" + end + end + + describe "POST /users/register" do + @tag :capture_log + test "creates account and logs the user in", %{conn: conn} do + email = unique_user_email() + + conn = + post(conn, Routes.user_registration_path(conn, :create), %{ + "user" => valid_user_attributes(email: email) + }) + + assert get_session(conn, :user_token) + assert redirected_to(conn) == "/" + + # Now do a logged in request and assert on the menu + conn = get(conn, "/") + response = html_response(conn, 200) + assert response =~ email + assert response =~ "Settings</a>" + assert response =~ "Log out</a>" + end + + test "render errors for invalid data", %{conn: conn} do + conn = + post(conn, Routes.user_registration_path(conn, :create), %{ + "user" => %{"email" => "with spaces", "password" => "too short"} + }) + + response = html_response(conn, 200) + assert response =~ "<h1>Register</h1>" + assert response =~ "must have the @ sign and no spaces" + assert response =~ "should be at least 12 character" + end + end +end diff --git a/test/aggiedit_web/controllers/user_reset_password_controller_test.exs b/test/aggiedit_web/controllers/user_reset_password_controller_test.exs new file mode 100644 index 0000000..ca57896 --- /dev/null +++ b/test/aggiedit_web/controllers/user_reset_password_controller_test.exs @@ -0,0 +1,113 @@ +defmodule AggieditWeb.UserResetPasswordControllerTest do + use AggieditWeb.ConnCase, async: true + + alias Aggiedit.Accounts + alias Aggiedit.Repo + import Aggiedit.AccountsFixtures + + setup do + %{user: user_fixture()} + end + + describe "GET /users/reset_password" do + test "renders the reset password page", %{conn: conn} do + conn = get(conn, Routes.user_reset_password_path(conn, :new)) + response = html_response(conn, 200) + assert response =~ "<h1>Forgot your password?</h1>" + end + end + + describe "POST /users/reset_password" do + @tag :capture_log + test "sends a new reset password token", %{conn: conn, user: user} do + conn = + post(conn, Routes.user_reset_password_path(conn, :create), %{ + "user" => %{"email" => user.email} + }) + + assert redirected_to(conn) == "/" + assert get_flash(conn, :info) =~ "If your email is in our system" + assert Repo.get_by!(Accounts.UserToken, user_id: user.id).context == "reset_password" + end + + test "does not send reset password token if email is invalid", %{conn: conn} do + conn = + post(conn, Routes.user_reset_password_path(conn, :create), %{ + "user" => %{"email" => "unknown@example.com"} + }) + + assert redirected_to(conn) == "/" + assert get_flash(conn, :info) =~ "If your email is in our system" + assert Repo.all(Accounts.UserToken) == [] + end + end + + describe "GET /users/reset_password/:token" do + setup %{user: user} do + token = + extract_user_token(fn url -> + Accounts.deliver_user_reset_password_instructions(user, url) + end) + + %{token: token} + end + + test "renders reset password", %{conn: conn, token: token} do + conn = get(conn, Routes.user_reset_password_path(conn, :edit, token)) + assert html_response(conn, 200) =~ "<h1>Reset password</h1>" + end + + test "does not render reset password with invalid token", %{conn: conn} do + conn = get(conn, Routes.user_reset_password_path(conn, :edit, "oops")) + assert redirected_to(conn) == "/" + assert get_flash(conn, :error) =~ "Reset password link is invalid or it has expired" + end + end + + describe "PUT /users/reset_password/:token" do + setup %{user: user} do + token = + extract_user_token(fn url -> + Accounts.deliver_user_reset_password_instructions(user, url) + end) + + %{token: token} + end + + test "resets password once", %{conn: conn, user: user, token: token} do + conn = + put(conn, Routes.user_reset_password_path(conn, :update, token), %{ + "user" => %{ + "password" => "new valid password", + "password_confirmation" => "new valid password" + } + }) + + assert redirected_to(conn) == Routes.user_session_path(conn, :new) + refute get_session(conn, :user_token) + assert get_flash(conn, :info) =~ "Password reset successfully" + assert Accounts.get_user_by_email_and_password(user.email, "new valid password") + end + + test "does not reset password on invalid data", %{conn: conn, token: token} do + conn = + put(conn, Routes.user_reset_password_path(conn, :update, token), %{ + "user" => %{ + "password" => "too short", + "password_confirmation" => "does not match" + } + }) + + response = html_response(conn, 200) + assert response =~ "<h1>Reset password</h1>" + assert response =~ "should be at least 12 character(s)" + assert response =~ "does not match password" + end + + test "does not reset password with invalid token", %{conn: conn} do + conn = put(conn, Routes.user_reset_password_path(conn, :update, "oops")) + assert redirected_to(conn) == "/" + assert get_flash(conn, :error) =~ "Reset password link is invalid or it has expired" + end + end +end diff --git a/test/aggiedit_web/controllers/user_session_controller_test.exs b/test/aggiedit_web/controllers/user_session_controller_test.exs new file mode 100644 index 0000000..5e3f7da --- /dev/null +++ b/test/aggiedit_web/controllers/user_session_controller_test.exs @@ -0,0 +1,98 @@ +defmodule AggieditWeb.UserSessionControllerTest do + use AggieditWeb.ConnCase, async: true + + import Aggiedit.AccountsFixtures + + setup do + %{user: user_fixture()} + end + + describe "GET /users/log_in" do + test "renders log in page", %{conn: conn} do + conn = get(conn, Routes.user_session_path(conn, :new)) + response = html_response(conn, 200) + assert response =~ "<h1>Log in</h1>" + assert response =~ "Register</a>" + assert response =~ "Forgot your password?</a>" + end + + test "redirects if already logged in", %{conn: conn, user: user} do + conn = conn |> log_in_user(user) |> get(Routes.user_session_path(conn, :new)) + assert redirected_to(conn) == "/" + end + end + + describe "POST /users/log_in" do + test "logs the user in", %{conn: conn, user: user} do + conn = + post(conn, Routes.user_session_path(conn, :create), %{ + "user" => %{"email" => user.email, "password" => valid_user_password()} + }) + + assert get_session(conn, :user_token) + assert redirected_to(conn) == "/" + + # Now do a logged in request and assert on the menu + conn = get(conn, "/") + response = html_response(conn, 200) + assert response =~ user.email + assert response =~ "Settings</a>" + assert response =~ "Log out</a>" + end + + test "logs the user in with remember me", %{conn: conn, user: user} do + conn = + post(conn, Routes.user_session_path(conn, :create), %{ + "user" => %{ + "email" => user.email, + "password" => valid_user_password(), + "remember_me" => "true" + } + }) + + assert conn.resp_cookies["_aggiedit_web_user_remember_me"] + assert redirected_to(conn) == "/" + end + + test "logs the user in with return to", %{conn: conn, user: user} do + conn = + conn + |> init_test_session(user_return_to: "/foo/bar") + |> post(Routes.user_session_path(conn, :create), %{ + "user" => %{ + "email" => user.email, + "password" => valid_user_password() + } + }) + + assert redirected_to(conn) == "/foo/bar" + end + + test "emits error message with invalid credentials", %{conn: conn, user: user} do + conn = + post(conn, Routes.user_session_path(conn, :create), %{ + "user" => %{"email" => user.email, "password" => "invalid_password"} + }) + + response = html_response(conn, 200) + assert response =~ "<h1>Log in</h1>" + assert response =~ "Invalid email or password" + end + end + + describe "DELETE /users/log_out" do + test "logs the user out", %{conn: conn, user: user} do + conn = conn |> log_in_user(user) |> delete(Routes.user_session_path(conn, :delete)) + assert redirected_to(conn) == "/" + refute get_session(conn, :user_token) + assert get_flash(conn, :info) =~ "Logged out successfully" + end + + test "succeeds even if the user is not logged in", %{conn: conn} do + conn = delete(conn, Routes.user_session_path(conn, :delete)) + assert redirected_to(conn) == "/" + refute get_session(conn, :user_token) + assert get_flash(conn, :info) =~ "Logged out successfully" + end + end +end diff --git a/test/aggiedit_web/controllers/user_settings_controller_test.exs b/test/aggiedit_web/controllers/user_settings_controller_test.exs new file mode 100644 index 0000000..f5d4bdc --- /dev/null +++ b/test/aggiedit_web/controllers/user_settings_controller_test.exs @@ -0,0 +1,129 @@ +defmodule AggieditWeb.UserSettingsControllerTest do + use AggieditWeb.ConnCase, async: true + + alias Aggiedit.Accounts + import Aggiedit.AccountsFixtures + + setup :register_and_log_in_user + + describe "GET /users/settings" do + test "renders settings page", %{conn: conn} do + conn = get(conn, Routes.user_settings_path(conn, :edit)) + response = html_response(conn, 200) + assert response =~ "<h1>Settings</h1>" + end + + test "redirects if user is not logged in" do + conn = build_conn() + conn = get(conn, Routes.user_settings_path(conn, :edit)) + assert redirected_to(conn) == Routes.user_session_path(conn, :new) + end + end + + describe "PUT /users/settings (change password form)" do + test "updates the user password and resets tokens", %{conn: conn, user: user} do + new_password_conn = + put(conn, Routes.user_settings_path(conn, :update), %{ + "action" => "update_password", + "current_password" => valid_user_password(), + "user" => %{ + "password" => "new valid password", + "password_confirmation" => "new valid password" + } + }) + + assert redirected_to(new_password_conn) == Routes.user_settings_path(conn, :edit) + assert get_session(new_password_conn, :user_token) != get_session(conn, :user_token) + assert get_flash(new_password_conn, :info) =~ "Password updated successfully" + assert Accounts.get_user_by_email_and_password(user.email, "new valid password") + end + + test "does not update password on invalid data", %{conn: conn} do + old_password_conn = + put(conn, Routes.user_settings_path(conn, :update), %{ + "action" => "update_password", + "current_password" => "invalid", + "user" => %{ + "password" => "too short", + "password_confirmation" => "does not match" + } + }) + + response = html_response(old_password_conn, 200) + assert response =~ "<h1>Settings</h1>" + assert response =~ "should be at least 12 character(s)" + assert response =~ "does not match password" + assert response =~ "is not valid" + + assert get_session(old_password_conn, :user_token) == get_session(conn, :user_token) + end + end + + describe "PUT /users/settings (change email form)" do + @tag :capture_log + test "updates the user email", %{conn: conn, user: user} do + conn = + put(conn, Routes.user_settings_path(conn, :update), %{ + "action" => "update_email", + "current_password" => valid_user_password(), + "user" => %{"email" => unique_user_email()} + }) + + assert redirected_to(conn) == Routes.user_settings_path(conn, :edit) + assert get_flash(conn, :info) =~ "A link to confirm your email" + assert Accounts.get_user_by_email(user.email) + end + + test "does not update email on invalid data", %{conn: conn} do + conn = + put(conn, Routes.user_settings_path(conn, :update), %{ + "action" => "update_email", + "current_password" => "invalid", + "user" => %{"email" => "with spaces"} + }) + + response = html_response(conn, 200) + assert response =~ "<h1>Settings</h1>" + assert response =~ "must have the @ sign and no spaces" + assert response =~ "is not valid" + end + end + + describe "GET /users/settings/confirm_email/:token" do + setup %{user: user} do + email = unique_user_email() + + token = + extract_user_token(fn url -> + Accounts.deliver_update_email_instructions(%{user | email: email}, user.email, url) + end) + + %{token: token, email: email} + end + + test "updates the user email once", %{conn: conn, user: user, token: token, email: email} do + conn = get(conn, Routes.user_settings_path(conn, :confirm_email, token)) + assert redirected_to(conn) == Routes.user_settings_path(conn, :edit) + assert get_flash(conn, :info) =~ "Email changed successfully" + refute Accounts.get_user_by_email(user.email) + assert Accounts.get_user_by_email(email) + + conn = get(conn, Routes.user_settings_path(conn, :confirm_email, token)) + assert redirected_to(conn) == Routes.user_settings_path(conn, :edit) + assert get_flash(conn, :error) =~ "Email change link is invalid or it has expired" + end + + test "does not update email with invalid token", %{conn: conn, user: user} do + conn = get(conn, Routes.user_settings_path(conn, :confirm_email, "oops")) + assert redirected_to(conn) == Routes.user_settings_path(conn, :edit) + assert get_flash(conn, :error) =~ "Email change link is invalid or it has expired" + assert Accounts.get_user_by_email(user.email) + end + + test "redirects if user is not logged in", %{token: token} do + conn = build_conn() + conn = get(conn, Routes.user_settings_path(conn, :confirm_email, token)) + assert redirected_to(conn) == Routes.user_session_path(conn, :new) + end + end +end diff --git a/test/aggiedit_web/views/error_view_test.exs b/test/aggiedit_web/views/error_view_test.exs new file mode 100644 index 0000000..32ef690 --- /dev/null +++ b/test/aggiedit_web/views/error_view_test.exs @@ -0,0 +1,14 @@ +defmodule AggieditWeb.ErrorViewTest do + use AggieditWeb.ConnCase, async: true + + # Bring render/3 and render_to_string/3 for testing custom views + import Phoenix.View + + test "renders 404.html" do + assert render_to_string(AggieditWeb.ErrorView, "404.html", []) == "Not Found" + end + + test "renders 500.html" do + assert render_to_string(AggieditWeb.ErrorView, "500.html", []) == "Internal Server Error" + end +end diff --git a/test/aggiedit_web/views/layout_view_test.exs b/test/aggiedit_web/views/layout_view_test.exs new file mode 100644 index 0000000..0311580 --- /dev/null +++ b/test/aggiedit_web/views/layout_view_test.exs @@ -0,0 +1,8 @@ +defmodule AggieditWeb.LayoutViewTest do + use AggieditWeb.ConnCase, async: true + + # When testing helpers, you may want to import Phoenix.HTML and + # use functions such as safe_to_string() to convert the helper + # result into an HTML string. + # import Phoenix.HTML +end diff --git a/test/aggiedit_web/views/page_view_test.exs b/test/aggiedit_web/views/page_view_test.exs new file mode 100644 index 0000000..0c63680 --- /dev/null +++ b/test/aggiedit_web/views/page_view_test.exs @@ -0,0 +1,3 @@ +defmodule AggieditWeb.PageViewTest do + use AggieditWeb.ConnCase, async: true +end diff --git a/test/support/channel_case.ex b/test/support/channel_case.ex new file mode 100644 index 0000000..3afe09b --- /dev/null +++ b/test/support/channel_case.ex @@ -0,0 +1,36 @@ +defmodule AggieditWeb.ChannelCase do + @moduledoc """ + This module defines the test case to be used by + channel tests. + + Such tests rely on `Phoenix.ChannelTest` and also + import other functionality to make it easier + to build common data structures and query the data layer. + + Finally, if the test case interacts with the database, + we enable the SQL sandbox, so changes done to the database + are reverted at the end of every test. If you are using + PostgreSQL, you can even run database tests asynchronously + by setting `use AggieditWeb.ChannelCase, async: true`, although + this option is not recommended for other databases. + """ + + use ExUnit.CaseTemplate + + using do + quote do + # Import conveniences for testing with channels + import Phoenix.ChannelTest + import AggieditWeb.ChannelCase + + # The default endpoint for testing + @endpoint AggieditWeb.Endpoint + end + end + + setup tags do + pid = Ecto.Adapters.SQL.Sandbox.start_owner!(Aggiedit.Repo, shared: not tags[:async]) + on_exit(fn -> Ecto.Adapters.SQL.Sandbox.stop_owner(pid) end) + :ok + end +end diff --git a/test/support/conn_case.ex b/test/support/conn_case.ex new file mode 100644 index 0000000..03f5170 --- /dev/null +++ b/test/support/conn_case.ex @@ -0,0 +1,65 @@ +defmodule AggieditWeb.ConnCase do + @moduledoc """ + This module defines the test case to be used by + tests that require setting up a connection. + + Such tests rely on `Phoenix.ConnTest` and also + import other functionality to make it easier + to build common data structures and query the data layer. + + Finally, if the test case interacts with the database, + we enable the SQL sandbox, so changes done to the database + are reverted at the end of every test. If you are using + PostgreSQL, you can even run database tests asynchronously + by setting `use AggieditWeb.ConnCase, async: true`, although + this option is not recommended for other databases. + """ + + use ExUnit.CaseTemplate + + using do + quote do + # Import conveniences for testing with connections + import Plug.Conn + import Phoenix.ConnTest + import AggieditWeb.ConnCase + + alias AggieditWeb.Router.Helpers, as: Routes + + # The default endpoint for testing + @endpoint AggieditWeb.Endpoint + end + end + + setup tags do + pid = Ecto.Adapters.SQL.Sandbox.start_owner!(Aggiedit.Repo, shared: not tags[:async]) + on_exit(fn -> Ecto.Adapters.SQL.Sandbox.stop_owner(pid) end) + {:ok, conn: Phoenix.ConnTest.build_conn()} + end + + @doc """ + Setup helper that registers and logs in users. + + setup :register_and_log_in_user + + It stores an updated connection and a registered user in the + test context. + """ + def register_and_log_in_user(%{conn: conn}) do + user = Aggiedit.AccountsFixtures.user_fixture() + %{conn: log_in_user(conn, user), user: user} + end + + @doc """ + Logs the given `user` into the `conn`. + + It returns an updated `conn`. + """ + def log_in_user(conn, user) do + token = Aggiedit.Accounts.generate_user_session_token(user) + + conn + |> Phoenix.ConnTest.init_test_session(%{}) + |> Plug.Conn.put_session(:user_token, token) + end +end diff --git a/test/support/data_case.ex b/test/support/data_case.ex new file mode 100644 index 0000000..7718d18 --- /dev/null +++ b/test/support/data_case.ex @@ -0,0 +1,51 @@ +defmodule Aggiedit.DataCase do + @moduledoc """ + This module defines the setup for tests requiring + access to the application's data layer. + + You may define functions here to be used as helpers in + your tests. + + Finally, if the test case interacts with the database, + we enable the SQL sandbox, so changes done to the database + are reverted at the end of every test. If you are using + PostgreSQL, you can even run database tests asynchronously + by setting `use Aggiedit.DataCase, async: true`, although + this option is not recommended for other databases. + """ + + use ExUnit.CaseTemplate + + using do + quote do + alias Aggiedit.Repo + + import Ecto + import Ecto.Changeset + import Ecto.Query + import Aggiedit.DataCase + end + end + + setup tags do + pid = Ecto.Adapters.SQL.Sandbox.start_owner!(Aggiedit.Repo, shared: not tags[:async]) + on_exit(fn -> Ecto.Adapters.SQL.Sandbox.stop_owner(pid) end) + :ok + end + + @doc """ + A helper that transforms changeset errors into a map of messages. + + assert {:error, changeset} = Accounts.create_user(%{password: "short"}) + assert "password is too short" in errors_on(changeset).password + assert %{password: ["password is too short"]} = errors_on(changeset) + + """ + def errors_on(changeset) do + Ecto.Changeset.traverse_errors(changeset, fn {message, opts} -> + Regex.replace(~r"%{(\w+)}", message, fn _, key -> + opts |> Keyword.get(String.to_existing_atom(key), key) |> to_string() + end) + end) + end +end diff --git a/test/support/fixtures/accounts_fixtures.ex b/test/support/fixtures/accounts_fixtures.ex new file mode 100644 index 0000000..0ce0fdf --- /dev/null +++ b/test/support/fixtures/accounts_fixtures.ex @@ -0,0 +1,31 @@ +defmodule Aggiedit.AccountsFixtures do + @moduledoc """ + This module defines test helpers for creating + entities via the `Aggiedit.Accounts` context. + """ + + def unique_user_email, do: "user#{System.unique_integer()}@example.com" + def valid_user_password, do: "hello world!" + + def valid_user_attributes(attrs \\ %{}) do + Enum.into(attrs, %{ + email: unique_user_email(), + password: valid_user_password() + }) + end + + def user_fixture(attrs \\ %{}) do + {:ok, user} = + attrs + |> valid_user_attributes() + |> Aggiedit.Accounts.register_user() + + user + end + + def extract_user_token(fun) do + {:ok, captured_email} = fun.(&"[TOKEN]#{&1}[TOKEN]") + [_, token | _] = String.split(captured_email.text_body, "[TOKEN]") + token + end +end diff --git a/test/support/fixtures/rooms_fixtures.ex b/test/support/fixtures/rooms_fixtures.ex new file mode 100644 index 0000000..fd5671e --- /dev/null +++ b/test/support/fixtures/rooms_fixtures.ex @@ -0,0 +1,20 @@ +defmodule Aggiedit.RoomsFixtures do + @moduledoc """ + This module defines test helpers for creating + entities via the `Aggiedit.Rooms` context. + """ + + @doc """ + Generate a room. + """ + def room_fixture(attrs \\ %{}) do + {:ok, room} = + attrs + |> Enum.into(%{ + domain: "some domain" + }) + |> Aggiedit.Rooms.create_room() + + room + end +end diff --git a/test/test_helper.exs b/test/test_helper.exs new file mode 100644 index 0000000..0321594 --- /dev/null +++ b/test/test_helper.exs @@ -0,0 +1,2 @@ +ExUnit.start() +Ecto.Adapters.SQL.Sandbox.mode(Aggiedit.Repo, :manual) |