test(AshAuthentication): updated tests for signed in user and added test for authcontroller

2025-07-02 11:32:48 +02:00 · 2025-07-02 11:32:48 +02:00 · f08e773d86
commit f08e773d86
parent b1f5e09eaf
8 changed files with 116 additions and 2 deletions
--- a/config/dev.exs
+++ b/config/dev.exs
@ -95,3 +95,8 @@ config :mv, :rauthy,
  base_url: "http://localhost:8080/auth/v1",
  client_secret: System.get_env("OIDC_CLIENT_SECRET"),
  redirect_uri: "http://localhost:4000/auth/user/rauthy/callback"
+
+# AshAuthentication development configuration
+config :mv, :session_identifier, nil
+
+config :mv, :require_token_presence_for_authentication, true
--- a/config/runtime.exs
+++ b/config/runtime.exs
@ -55,6 +55,11 @@ if config_env() == :prod do

  config :mv, :rauthy, redirect_uri: "http://localhost:4000/auth/user/rauthy/callback"

+  # AshAuthentication production configuration
+  config :mv, :session_identifier, nil
+
+  config :mv, :require_token_presence_for_authentication, true
+
  config :mv, MvWeb.Endpoint,
    url: [host: host, port: 443, scheme: "https"],
    http: [
--- a/config/test.exs
+++ b/config/test.exs
@ -36,3 +36,12 @@ config :phoenix, :plug_init_mode, :runtime
 # Enable helpful, but potentially expensive runtime checks
 config :phoenix_live_view,
  enable_expensive_runtime_checks: true
+
+# Token signing secret for AshAuthentication tests
+config :mv, :token_signing_secret, "test_secret_key_for_ash_authentication_tokens"
+
+# AshAuthentication test-specific configuration
+# In Tests we don't need token presence, but in other envs its recommended
+config :mv, :session_identifier, :unsafe
+
+config :mv, :require_token_presence_for_authentication, false
--- a/lib/accounts/user.ex
+++ b/lib/accounts/user.ex
@ -19,10 +19,17 @@ defmodule Mv.Accounts.User do
  Currently password and SSO with Rauthy as OIDC provider
  """
  authentication do
+    session_identifier Application.get_env(:mv, :session_identifier)
+
    tokens do
      enabled? true
      token_resource Mv.Accounts.Token
-      require_token_presence_for_authentication? true
+
+      require_token_presence_for_authentication? Application.get_env(
+                                                   :mv,
+                                                   :require_token_presence_for_authentication
+                                                 )
+
      store_all_tokens? true

      # signing_algorithm "EdDSA" -> https://git.local-it.org/local-it/mitgliederverwaltung/issues/87
--- a/test/mv_web/controllers/auth_controller_test.exs
+++ b/test/mv_web/controllers/auth_controller_test.exs
@ -0,0 +1,48 @@
+defmodule MvWeb.AuthControllerTest do
+  use MvWeb.ConnCase, async: true
+
+  test "GET /sign-in shows sign in form", %{conn: conn} do
+    conn = get(conn, ~p"/sign-in")
+    assert html_response(conn, 200) =~ "Sign in"
+  end
+
+  test "POST /sign-in with valid credentials redirects to home", %{conn: conn} do
+    # Create a test user first
+    conn = conn_with_oidc_user(conn)
+    conn = get(conn, ~p"/sign-in")
+
+    assert redirected_to(conn) == ~p"/"
+  end
+
+  test "POST /sign-in with invalid credentials shows error", %{conn: conn} do
+    conn =
+      post(conn, ~p"/auth/sign_in", %{
+        "user" => %{
+          "email" => "wrong@example.com",
+          "password" => "wrongpassword"
+        }
+      })
+
+    assert conn.status == 404
+  end
+
+  test "GET /sign-out redirects to home", %{conn: conn} do
+    # First sign in a user
+    conn = conn_with_oidc_user(conn)
+
+    # Then sign out
+    conn = get(conn, ~p"/sign-out")
+    assert redirected_to(conn) == ~p"/"
+  end
+
+  test "unauthenticated user accessing protected route gets redirected to sign-in", %{conn: conn} do
+    conn = get(conn, ~p"/members")
+    assert redirected_to(conn) == ~p"/sign-in"
+  end
+
+  test "authenticated user can access protected route", %{conn: conn} do
+    conn = conn_with_oidc_user(conn)
+    conn = get(conn, ~p"/members")
+    assert conn.status == 200
+  end
+end
--- a/test/mv_web/controllers/page_controller_test.exs
+++ b/test/mv_web/controllers/page_controller_test.exs
@ -2,7 +2,9 @@ defmodule MvWeb.PageControllerTest do
  use MvWeb.ConnCase

  test "GET /", %{conn: conn} do
+    conn = conn_with_oidc_user(conn)
+
    conn = get(conn, ~p"/")
-    assert html_response(conn, 200) =~ "Peace of mind from prototype to production"
+    assert html_response(conn, 200) =~ "Mitgliederverwaltung"
  end
 end
--- a/test/mv_web/member_live/index_test.exs
+++ b/test/mv_web/member_live/index_test.exs
@ -3,6 +3,7 @@ defmodule MvWeb.MemberLive.IndexTest do
  import Phoenix.LiveViewTest

  test "shows translated title in German", %{conn: conn} do
+    conn = conn_with_oidc_user(conn)
    conn = Plug.Test.init_test_session(conn, locale: "de")
    {:ok, _view, html} = live(conn, "/members")
    # Expected German title
@ -10,6 +11,7 @@ defmodule MvWeb.MemberLive.IndexTest do
  end

  test "shows translated title in English", %{conn: conn} do
+    conn = conn_with_oidc_user(conn)
    Gettext.put_locale(MvWeb.Gettext, "en")
    {:ok, _view, html} = live(conn, "/members")
    # Expected English title
@ -17,18 +19,21 @@ defmodule MvWeb.MemberLive.IndexTest do
  end

  test "shows translated button text in German", %{conn: conn} do
+    conn = conn_with_oidc_user(conn)
    conn = Plug.Test.init_test_session(conn, locale: "de")
    {:ok, _view, html} = live(conn, "/members/new")
    assert html =~ "Speichern"
  end

  test "shows translated button text in English", %{conn: conn} do
+    conn = conn_with_oidc_user(conn)
    Gettext.put_locale(MvWeb.Gettext, "en")
    {:ok, _view, html} = live(conn, "/members/new")
    assert html =~ "Save"
  end

  test "shows translated flash message after creating a member in German", %{conn: conn} do
+    conn = conn_with_oidc_user(conn)
    conn = Plug.Test.init_test_session(conn, locale: "de")
    {:ok, view, _html} = live(conn, "/members")
    view |> element("a", "Neues Mitglied") |> render_click()
@ -44,6 +49,7 @@ defmodule MvWeb.MemberLive.IndexTest do
  end

  test "shows translated flash message after creating a member in English", %{conn: conn} do
+    conn = conn_with_oidc_user(conn)
    conn = Plug.Test.init_test_session(conn, locale: "en")
    {:ok, view, _html} = live(conn, "/members")
    view |> element("a", "New Member") |> render_click()
--- a/test/support/conn_case.ex
+++ b/test/support/conn_case.ex
@ -31,6 +31,38 @@ defmodule MvWeb.ConnCase do
    end
  end

+  @doc """
+  Creates a test user and returns the user struct.
+  """
+  def create_test_user(attrs \\ %{}) do
+    email = "user@example.com"
+    password = "password"
+    {:ok, hashed_password} = AshAuthentication.BcryptProvider.hash(password)
+
+    Ash.Seed.seed!(Mv.Accounts.User, %{
+      email: email,
+      hashed_password: hashed_password
+    })
+  end
+
+  @doc """
+  Signs in a user via OIDC for testing by creating a session with the user's token.
+  """
+  def sign_in_user_via_oidc(conn, user) do
+    # Mock OIDC sign-in by creating a token directly
+    conn
+    |> Phoenix.ConnTest.init_test_session(%{})
+    |> AshAuthentication.Plug.Helpers.store_in_session(user)
+  end
+
+  @doc """
+  Signs in a user via OIDC and returns a connection with the user authenticated.
+  """
+  def conn_with_oidc_user(conn, user_attrs \\ %{}) do
+    user = create_test_user(user_attrs)
+    sign_in_user_via_oidc(conn, user)
+  end
+
  setup tags do
    Mv.DataCase.setup_sandbox(tags)
    {:ok, conn: Phoenix.ConnTest.build_conn()}