einundzwanzig/einundzwanzig-app
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-app.git synced 2026-05-18 20:34:52 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
308cd8a611baa0a35744f53df50356c72322740f
einundzwanzig-app/tests/Feature/Auth/LnurlAuthTest.php
T
HolgerHatGarKeineNode bf9654de87 🔄 **Refactor and extend meetup membership-based authorization** 
- Updated `authorizeAccess` to restrict `meetups.edit` views and updates to users in "My-Meetups".
- Attached creators to `meetup_user` pivot for default membership.
- Adjusted related tests to validate membership-based edit permissions.

📱 **Improve sidebar and mobile navigation accessibility**
- Added `aria-labels` to improve screen reader support for sidebar and mobile header elements.
- Updated desktop and mobile user menus alignment for consistency.

 **Enhance Lightning login flow**
- Introduced `lightningLoginInProgress` for smoother polling synchronization with the redirect flow.
- Updated logic to dispatch `lightning-login-ready` event instead of immediate redirect, avoiding race conditions.
2026-05-17 17:28:17 +02:00

158 lines
5.1 KiB
PHP
Raw Blame History

<?php
use App\Models\LoginKey;
use App\Models\User;
use Livewire\Livewire;
it('returns invalid request parameters when k1 is missing', function () {
$this->get('/api/lnurl-auth-callback')
->assertStatus(400)
->assertJson([
'status' => 'ERROR',
'reason' => 'Invalid request parameters',
]);
});
it('returns invalid request parameters when k1 is the wrong length', function () {
$this->getJson('/api/lnurl-auth-callback?'.http_build_query([
'k1' => 'tooshort',
'sig' => str_repeat('a', 128),
'key' => str_repeat('a', 64),
]))
->assertStatus(400)
->assertJson(['status' => 'ERROR']);
});
it('returns invalid request parameters when k1 is not hex', function () {
$this->getJson('/api/lnurl-auth-callback?'.http_build_query([
'k1' => str_repeat('Z', 64),
'sig' => str_repeat('a', 128),
'key' => str_repeat('a', 64),
]))
->assertStatus(400)
->assertJson(['status' => 'ERROR']);
});
it('returns no error from /api/check-auth-error when k1 is missing', function () {
$this->postJson('/api/check-auth-error', [])
->assertSuccessful()
->assertJson(['error' => null]);
});
it('returns no error from /api/check-auth-error when a recent LoginKey exists', function () {
$user = User::factory()->create();
$loginKey = LoginKey::factory()->create([
'user_id' => $user->id,
'created_at' => now(),
]);
$this->postJson('/api/check-auth-error', ['k1' => $loginKey->k1])
->assertSuccessful()
->assertJson(['error' => null]);
});
it('returns a session-expired error when no LoginKey exists and elapsed_seconds exceeds 300', function () {
$this->postJson('/api/check-auth-error', [
'k1' => str_repeat('a', 64),
'elapsed_seconds' => 400,
])
->assertSuccessful()
->assertJson(['error' => 'Session expired. Please try again.']);
});
it('completes a Lightning login and redirects to the dashboard when a recent LoginKey exists', function () {
$user = User::factory()->create();
$k1 = bin2hex(random_bytes(32));
LoginKey::factory()->create([
'user_id' => $user->id,
'k1' => $k1,
'created_at' => now(),
]);
$response = $this->withSession(['lang_country' => 'de-DE', 'locale' => 'de'])
->get(route('auth.ln.complete', ['k1' => $k1]));
$response->assertRedirect(route('dashboard', ['country' => 'de']));
$this->assertAuthenticatedAs($user);
});
it('redirects to login when the LoginKey is older than 5 minutes', function () {
$user = User::factory()->create();
$k1 = bin2hex(random_bytes(32));
LoginKey::factory()->create([
'user_id' => $user->id,
'k1' => $k1,
'created_at' => now()->subMinutes(10),
]);
$this->get(route('auth.ln.complete', ['k1' => $k1]))
->assertRedirect(route('login'));
$this->assertGuest();
});
it('redirects to login when no LoginKey exists for the k1', function () {
$k1 = bin2hex(random_bytes(32));
$this->get(route('auth.ln.complete', ['k1' => $k1]))
->assertRedirect(route('login'));
$this->assertGuest();
});
it('returns 404 when the k1 path parameter is malformed', function () {
$this->get('/auth/complete-lightning/not-hex-string-not-64-chars')
->assertNotFound();
});
it('dispatches lightning-login-ready from auth.login checkAuth() without rotating the session', function () {
$user = User::factory()->create();
$k1 = bin2hex(random_bytes(32));
LoginKey::factory()->create([
'user_id' => $user->id,
'k1' => $k1,
'created_at' => now(),
]);
Livewire::test('auth.login')
->set('k1', $k1)
->call('checkAuth')
->assertDispatched('lightning-login-ready', url: route('auth.ln.complete', ['k1' => $k1]));
// The poll handler must NOT log the user in directly — that's the
// controller's job. Logging in here would rotate the session id and
// CSRF token mid-poll, producing 419s on any in-flight Livewire request.
// It also must NOT return a server-side redirect: emitting an event lets
// Alpine pause wire:poll via lightningLoginInProgress before navigating,
// which avoids the "request loop without redirect" symptom in production.
expect(auth()->check())->toBeFalse();
});
it('does not dispatch lightning-login-ready when no LoginKey exists', function () {
$k1 = bin2hex(random_bytes(32));
Livewire::test('auth.login')
->set('k1', $k1)
->call('checkAuth')
->assertNotDispatched('lightning-login-ready');
expect(auth()->check())->toBeFalse();
});
it('does not dispatch lightning-login-ready when the LoginKey is older than 5 minutes', function () {
$user = User::factory()->create();
$k1 = bin2hex(random_bytes(32));
LoginKey::factory()->create([
'user_id' => $user->id,
'k1' => $k1,
'created_at' => now()->subMinutes(10),
]);
Livewire::test('auth.login')
->set('k1', $k1)
->call('checkAuth')
->assertNotDispatched('lightning-login-ready');
expect(auth()->check())->toBeFalse();
});
Reference in New Issue View Git Blame Copy Permalink