local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 50 Pull requests 13 Projects 1 Releases Packages 1 Activity Actions

feature/account_view closes #106 #109

Merged
moritz merged 10 commits from feature/account_view into main 2025-07-24 17:08:34 +02:00
Conversation 1 Commits 10 Files changed 14 +201 -145
6 changed files with 201 additions and 145 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 06574a932d - Show all commits

16
lib/accounts/user.ex
View file

@ -117,6 +117,14 @@ defmodule Mv.Accounts.User do
end end
end end
# Global validations - applied to all relevant actions
validations do
# Password strength policy: minimum 8 characters for all password-related actions
validate string_length(:password, min: 8) do
where action_is([:register_with_password, :admin_set_password])
end
end
attributes do attributes do
uuid_primary_key :id uuid_primary_key :id
@ -134,14 +142,6 @@ defmodule Mv.Accounts.User do
identity :unique_oidc_id, [:oidc_id] identity :unique_oidc_id, [:oidc_id]
end end
# Global validations - applied to all relevant actions
validations do
# Password strength policy: minimum 8 characters for all password-related actions
validate string_length(:password, min: 8) do
where action_is([:register_with_password, :admin_set_password])
end
end
# You can customize this if you wish, but this is a safe default that # You can customize this if you wish, but this is a safe default that
# only allows user data to be interacted with via AshAuthentication. # only allows user data to be interacted with via AshAuthentication.
# policies do # policies do

3
lib/mv_web/live/user_live/form.ex
View file

@ -133,8 +133,6 @@ defmodule MvWeb.UserLive.Form do
{:noreply, socket} {:noreply, socket}
end end
def handle_event("validate", %{"user" => user_params}, socket) do def handle_event("validate", %{"user" => user_params}, socket) do
{:noreply, assign(socket, form: AshPhoenix.Form.validate(socket.assigns.form, user_params))} {:noreply, assign(socket, form: AshPhoenix.Form.validate(socket.assigns.form, user_params))}
end end
@ -167,6 +165,7 @@ defmodule MvWeb.UserLive.Form do
else else
# For new users, use password registration if password fields are shown # For new users, use password registration if password fields are shown
action = if show_password_fields, do: :register_with_password, else: :create_user action = if show_password_fields, do: :register_with_password, else: :create_user
AshPhoenix.Form.for_create(Mv.Accounts.User, action, AshPhoenix.Form.for_create(Mv.Accounts.User, action,
domain: Mv.Accounts, domain: Mv.Accounts,
as: "user" as: "user"

6
lib/mv_web/live/user_live/index.html.heex
View file

@ -8,11 +8,7 @@
</:actions> </:actions>
</.header> </.header>
<.table <.table id="users" rows={@users} row_click={fn user -> JS.navigate(~p"/users/#{user}") end}>
id="users"
rows={@users}
row_click={fn user -> JS.navigate(~p"/users/#{user}") end}
>
<:col <:col
:let={user} :let={user}
label={ label={

53
test/mv_web/user_live/form_test.exs
View file

@ -55,11 +55,13 @@ defmodule MvWeb.UserLive.FormTest do
view |> element("input[name='set_password']") |> render_click() view |> element("input[name='set_password']") |> render_click()
view view
|> form("#user-form", user: %{ |> form("#user-form",
user: %{
email: "passworduser@example.com", email: "passworduser@example.com",
password: "securepassword123", password: "securepassword123",
password_confirmation: "securepassword123" password_confirmation: "securepassword123"
}) }
)
|> render_submit() |> render_submit()
assert_redirected(view, "/users") assert_redirected(view, "/users")
@ -72,10 +74,13 @@ defmodule MvWeb.UserLive.FormTest do
|> form("#user-form", user: %{email: "storetest@example.com"}) |> form("#user-form", user: %{email: "storetest@example.com"})
|> render_submit() |> render_submit()
user = Ash.get!(Mv.Accounts.User, user =
Ash.get!(
Mv.Accounts.User,
[email: Ash.CiString.new("storetest@example.com")], [email: Ash.CiString.new("storetest@example.com")],
domain: Mv.Accounts domain: Mv.Accounts
) )
assert to_string(user.email) == "storetest@example.com" assert to_string(user.email) == "storetest@example.com"
assert is_nil(user.hashed_password) assert is_nil(user.hashed_password)
end end
@ -86,17 +91,22 @@ defmodule MvWeb.UserLive.FormTest do
view |> element("input[name='set_password']") |> render_click() view |> element("input[name='set_password']") |> render_click()
view view
|> form("#user-form", user: %{ |> form("#user-form",
user: %{
email: "passwordstoretest@example.com", email: "passwordstoretest@example.com",
password: "securepassword123", password: "securepassword123",
password_confirmation: "securepassword123" password_confirmation: "securepassword123"
}) }
)
|> render_submit() |> render_submit()
user = Ash.get!(Mv.Accounts.User, user =
Ash.get!(
Mv.Accounts.User,
[email: Ash.CiString.new("passwordstoretest@example.com")], [email: Ash.CiString.new("passwordstoretest@example.com")],
domain: Mv.Accounts domain: Mv.Accounts
) )
assert user.hashed_password != nil assert user.hashed_password != nil
assert String.starts_with?(user.hashed_password, "$2b$") assert String.starts_with?(user.hashed_password, "$2b$")
end end
@ -107,7 +117,8 @@ defmodule MvWeb.UserLive.FormTest do
_existing_user = create_test_user(%{email: "existing@example.com"}) _existing_user = create_test_user(%{email: "existing@example.com"})
{:ok, view, _html} = setup_live_view(conn, "/users/new") {:ok, view, _html} = setup_live_view(conn, "/users/new")
html = view html =
view
|> form("#user-form", user: %{email: "existing@example.com"}) |> form("#user-form", user: %{email: "existing@example.com"})
|> render_submit() |> render_submit()
@ -119,12 +130,15 @@ defmodule MvWeb.UserLive.FormTest do
view |> element("input[name='set_password']") |> render_click() view |> element("input[name='set_password']") |> render_click()
html = view html =
|> form("#user-form", user: %{ view
|> form("#user-form",
user: %{
email: "test@example.com", email: "test@example.com",
password: "123", password: "123",
password_confirmation: "123" password_confirmation: "123"
}) }
)
|> render_submit() |> render_submit()
assert html =~ "length must be greater than or equal to 8" assert html =~ "length must be greater than or equal to 8"
@ -179,10 +193,12 @@ defmodule MvWeb.UserLive.FormTest do
view |> element("input[name='set_password']") |> render_click() view |> element("input[name='set_password']") |> render_click()
view view
|> form("#user-form", user: %{ |> form("#user-form",
user: %{
email: "user@example.com", email: "user@example.com",
password: "newadminpassword123" password: "newadminpassword123"
}) }
)
|> render_submit() |> render_submit()
assert_redirected(view, "/users") assert_redirected(view, "/users")
@ -199,7 +215,8 @@ defmodule MvWeb.UserLive.FormTest do
user_to_edit = create_test_user(%{email: "original@example.com"}) user_to_edit = create_test_user(%{email: "original@example.com"})
{:ok, view, _html} = setup_live_view(conn, "/users/#{user_to_edit.id}/edit") {:ok, view, _html} = setup_live_view(conn, "/users/#{user_to_edit.id}/edit")
html = view html =
view
|> form("#user-form", user: %{email: "taken@example.com"}) |> form("#user-form", user: %{email: "taken@example.com"})
|> render_submit() |> render_submit()
@ -212,16 +229,20 @@ defmodule MvWeb.UserLive.FormTest do
view |> element("input[name='set_password']") |> render_click() view |> element("input[name='set_password']") |> render_click()
result = view result =
|> form("#user-form", user: %{ view
|> form("#user-form",
user: %{
email: "user@example.com", email: "user@example.com",
password: "123" password: "123"
}) }
)
|> render_submit() |> render_submit()
case result do case result do
{:error, {:live_redirect, %{to: "/users"}}} -> {:error, {:live_redirect, %{to: "/users"}}} ->
flunk("Expected validation error but form was submitted successfully") flunk("Expected validation error but form was submitted successfully")
html when is_binary(html) -> html when is_binary(html) ->
assert html =~ "must have length of at least 8" assert html =~ "must have length of at least 8"
end end

75
test/mv_web/user_live/index_test.exs
View file

@ -91,8 +91,11 @@ defmodule MvWeb.UserLive.IndexTest do
mike_pos = html |> :binary.match("mike@example.com") |> elem(0) mike_pos = html |> :binary.match("mike@example.com") |> elem(0)
zulu_pos = html |> :binary.match("zulu@example.com") |> elem(0) zulu_pos = html |> :binary.match("zulu@example.com") |> elem(0)
assert zulu_pos < mike_pos, "zulu@example.com should appear before mike@example.com when sorted desc" assert zulu_pos < mike_pos,
assert mike_pos < alpha_pos, "mike@example.com should appear before alpha@example.com when sorted desc" "zulu@example.com should appear before mike@example.com when sorted desc"
assert mike_pos < alpha_pos,
"mike@example.com should appear before alpha@example.com when sorted desc"
end end
test "toggles back to ascending when clicking sort button twice", %{conn: conn} do test "toggles back to ascending when clicking sort button twice", %{conn: conn} do
@ -164,13 +167,17 @@ defmodule MvWeb.UserLive.IndexTest do
assert view |> element("input[type='checkbox'][name='#{user2.id}']") |> has_element?() assert view |> element("input[type='checkbox'][name='#{user2.id}']") |> has_element?()
# Initially, select_all should not be checked (since no individual items are selected) # Initially, select_all should not be checked (since no individual items are selected)
refute view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() refute view
|> element("input[type='checkbox'][name='select_all'][checked]")
|> has_element?()
# Select first user checkbox # Select first user checkbox
html = view |> element("input[type='checkbox'][name='#{user1.id}']") |> render_click() html = view |> element("input[type='checkbox'][name='#{user1.id}']") |> render_click()
# The select_all checkbox should still not be checked (not all users selected) # The select_all checkbox should still not be checked (not all users selected)
refute view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() refute view
|> element("input[type='checkbox'][name='select_all'][checked]")
|> has_element?()
# Page should still function normally # Page should still function normally
assert html =~ "Email" assert html =~ "Email"
@ -188,7 +195,9 @@ defmodule MvWeb.UserLive.IndexTest do
html = view |> element("input[type='checkbox'][name='#{user1.id}']") |> render_click() html = view |> element("input[type='checkbox'][name='#{user1.id}']") |> render_click()
# Select all should not be checked after deselecting individual user # Select all should not be checked after deselecting individual user
refute view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() refute view
|> element("input[type='checkbox'][name='select_all'][checked]")
|> has_element?()
# Page should still function normally # Page should still function normally
assert html =~ "Email" assert html =~ "Email"
@ -200,15 +209,25 @@ defmodule MvWeb.UserLive.IndexTest do
{:ok, view, _html} = live(conn, "/users") {:ok, view, _html} = live(conn, "/users")
# Initially no checkboxes should be checked # Initially no checkboxes should be checked
refute view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() refute view
refute view |> element("input[type='checkbox'][name='#{user1.id}'][checked]") |> has_element?() |> element("input[type='checkbox'][name='select_all'][checked]")
refute view |> element("input[type='checkbox'][name='#{user2.id}'][checked]") |> has_element?() |> has_element?()
refute view
|> element("input[type='checkbox'][name='#{user1.id}'][checked]")
|> has_element?()
refute view
|> element("input[type='checkbox'][name='#{user2.id}'][checked]")
|> has_element?()
# Click select all # Click select all
html = view |> element("input[type='checkbox'][name='select_all']") |> render_click() html = view |> element("input[type='checkbox'][name='select_all']") |> render_click()
# After selecting all, the select_all checkbox should be checked # After selecting all, the select_all checkbox should be checked
assert view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() assert view
|> element("input[type='checkbox'][name='select_all'][checked]")
|> has_element?()
# Page should still function normally and show all users # Page should still function normally and show all users
assert html =~ "Email" assert html =~ "Email"
@ -224,15 +243,25 @@ defmodule MvWeb.UserLive.IndexTest do
view |> element("input[type='checkbox'][name='select_all']") |> render_click() view |> element("input[type='checkbox'][name='select_all']") |> render_click()
# Verify that select_all is checked # Verify that select_all is checked
assert view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() assert view
|> element("input[type='checkbox'][name='select_all'][checked]")
|> has_element?()
# Then deselect all # Then deselect all
html = view |> element("input[type='checkbox'][name='select_all']") |> render_click() html = view |> element("input[type='checkbox'][name='select_all']") |> render_click()
# After deselecting all, no checkboxes should be checked # After deselecting all, no checkboxes should be checked
refute view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() refute view
refute view |> element("input[type='checkbox'][name='#{user1.id}'][checked]") |> has_element?() |> element("input[type='checkbox'][name='select_all'][checked]")
refute view |> element("input[type='checkbox'][name='#{user2.id}'][checked]") |> has_element?() |> has_element?()
refute view
|> element("input[type='checkbox'][name='#{user1.id}'][checked]")
|> has_element?()
refute view
|> element("input[type='checkbox'][name='#{user2.id}'][checked]")
|> has_element?()
# Page should still function normally # Page should still function normally
assert html =~ "Email" assert html =~ "Email"
@ -240,17 +269,24 @@ defmodule MvWeb.UserLive.IndexTest do
assert html =~ to_string(user2.email) assert html =~ to_string(user2.email)
end end
test "select all automatically checks when all individual users are selected", %{conn: conn, users: [user1, user2]} do test "select all automatically checks when all individual users are selected", %{
conn: conn,
users: [user1, user2]
} do
conn = conn_with_oidc_user(conn) conn = conn_with_oidc_user(conn)
{:ok, view, _html} = live(conn, "/users") {:ok, view, _html} = live(conn, "/users")
# Initially nothing should be checked # Initially nothing should be checked
refute view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() refute view
|> element("input[type='checkbox'][name='select_all'][checked]")
|> has_element?()
# Select first user # Select first user
view |> element("input[type='checkbox'][name='#{user1.id}']") |> render_click() view |> element("input[type='checkbox'][name='#{user1.id}']") |> render_click()
# Select all should still not be checked (only 1 of 2+ users selected) # Select all should still not be checked (only 1 of 2+ users selected)
refute view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() refute view
|> element("input[type='checkbox'][name='select_all'][checked]")
|> has_element?()
# Select second user # Select second user
html = view |> element("input[type='checkbox'][name='#{user2.id}']") |> render_click() html = view |> element("input[type='checkbox'][name='#{user2.id}']") |> render_click()
@ -278,7 +314,8 @@ defmodule MvWeb.UserLive.IndexTest do
# The page should still render (basic functionality test) # The page should still render (basic functionality test)
html = render(view) html = render(view)
assert html =~ "Email" # Table header should still be there # Table header should still be there
assert html =~ "Email"
end end
test "shows delete confirmation", %{conn: conn} do test "shows delete confirmation", %{conn: conn} do
@ -336,7 +373,8 @@ defmodule MvWeb.UserLive.IndexTest do
# Note: English translations might be empty strings by default # Note: English translations might be empty strings by default
# This test would verify the structure is there # This test would verify the structure is there
assert html =~ ~s(aria-label=) # Checking that aria-label attributes exist # Checking that aria-label attributes exist
assert html =~ ~s(aria-label=)
end end
end end
@ -371,5 +409,4 @@ defmodule MvWeb.UserLive.IndexTest do
assert html =~ long_email assert html =~ long_email
end end
end end
end end

7
test/support/conn_case.ex
View file

@ -60,7 +60,8 @@ defmodule MvWeb.ConnCase do
user_attrs = Map.merge(default_attrs, attrs) user_attrs = Map.merge(default_attrs, attrs)
# Handle password/hashed_password # Handle password/hashed_password
final_attrs = cond do final_attrs =
cond do
# If hashed_password is already provided, use it as-is # If hashed_password is already provided, use it as-is
Map.has_key?(user_attrs, :hashed_password) -> Map.has_key?(user_attrs, :hashed_password) ->
user_attrs user_attrs
@ -69,8 +70,10 @@ defmodule MvWeb.ConnCase do
Map.has_key?(user_attrs, :password) -> Map.has_key?(user_attrs, :password) ->
password = Map.get(user_attrs, :password) password = Map.get(user_attrs, :password)
{:ok, hashed_password} = AshAuthentication.BcryptProvider.hash(password) {:ok, hashed_password} = AshAuthentication.BcryptProvider.hash(password)
user_attrs user_attrs
|> Map.delete(:password) # Remove plain password # Remove plain password
|> Map.delete(:password)
|> Map.put(:hashed_password, hashed_password) |> Map.put(:hashed_password, hashed_password)
# Neither provided, use default password # Neither provided, use default password