local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 50 Pull requests 13 Projects 1 Releases Packages 1 Activity Actions

feature/account_view closes #106 #109

Merged
moritz merged 10 commits from feature/account_view into main 2025-07-24 17:08:34 +02:00
Conversation 1 Commits 10 Files changed 14 +201 -145
6 changed files with 201 additions and 145 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 06574a932d - Show all commits

16
lib/accounts/user.ex
View file

@ -117,6 +117,14 @@ defmodule Mv.Accounts.User do
end end
end end
# Global validations - applied to all relevant actions
validations do
# Password strength policy: minimum 8 characters for all password-related actions
validate string_length(:password, min: 8) do
where action_is([:register_with_password, :admin_set_password])
end
end
attributes do attributes do
uuid_primary_key :id uuid_primary_key :id
@ -134,14 +142,6 @@ defmodule Mv.Accounts.User do
identity :unique_oidc_id, [:oidc_id] identity :unique_oidc_id, [:oidc_id]
end end
# Global validations - applied to all relevant actions
validations do
# Password strength policy: minimum 8 characters for all password-related actions
validate string_length(:password, min: 8) do
where action_is([:register_with_password, :admin_set_password])
end
end
# You can customize this if you wish, but this is a safe default that # You can customize this if you wish, but this is a safe default that
# only allows user data to be interacted with via AshAuthentication. # only allows user data to be interacted with via AshAuthentication.
# policies do # policies do

7
lib/mv_web/live/user_live/form.ex
View file

@ -13,7 +13,7 @@ defmodule MvWeb.UserLive.Form do
<.form for={@form} id="user-form" phx-change="validate" phx-submit="save"> <.form for={@form} id="user-form" phx-change="validate" phx-submit="save">
<.input field={@form[:email]} label={gettext("Email")} required type="email" /> <.input field={@form[:email]} label={gettext("Email")} required type="email" />
<!-- Password Section --> <!-- Password Section -->
<div class="mt-6"> <div class="mt-6">
<label class="flex items-center space-x-2"> <label class="flex items-center space-x-2">
<input <input
@ -38,7 +38,7 @@ defmodule MvWeb.UserLive.Form do
autocomplete="new-password" autocomplete="new-password"
/> />
<!-- Only show password confirmation for new users (register_with_password) --> <!-- Only show password confirmation for new users (register_with_password) -->
<%= if !@user do %> <%= if !@user do %>
<.input <.input
field={@form[:password_confirmation]} field={@form[:password_confirmation]}
@ -133,8 +133,6 @@ defmodule MvWeb.UserLive.Form do
{:noreply, socket} {:noreply, socket}
end end
def handle_event("validate", %{"user" => user_params}, socket) do def handle_event("validate", %{"user" => user_params}, socket) do
{:noreply, assign(socket, form: AshPhoenix.Form.validate(socket.assigns.form, user_params))} {:noreply, assign(socket, form: AshPhoenix.Form.validate(socket.assigns.form, user_params))}
end end
@ -167,6 +165,7 @@ defmodule MvWeb.UserLive.Form do
else else
# For new users, use password registration if password fields are shown # For new users, use password registration if password fields are shown
action = if show_password_fields, do: :register_with_password, else: :create_user action = if show_password_fields, do: :register_with_password, else: :create_user
AshPhoenix.Form.for_create(Mv.Accounts.User, action, AshPhoenix.Form.for_create(Mv.Accounts.User, action,
domain: Mv.Accounts, domain: Mv.Accounts,
as: "user" as: "user"

6
lib/mv_web/live/user_live/index.html.heex
View file

@ -8,11 +8,7 @@
</:actions> </:actions>
</.header> </.header>
<.table <.table id="users" rows={@users} row_click={fn user -> JS.navigate(~p"/users/#{user}") end}>
id="users"
rows={@users}
row_click={fn user -> JS.navigate(~p"/users/#{user}") end}
>
<:col <:col
:let={user} :let={user}
label={ label={

103
test/mv_web/user_live/form_test.exs
View file

@ -55,11 +55,13 @@ defmodule MvWeb.UserLive.FormTest do
view |> element("input[name='set_password']") |> render_click() view |> element("input[name='set_password']") |> render_click()
view view
|> form("#user-form", user: %{ |> form("#user-form",
email: "passworduser@example.com", user: %{
password: "securepassword123", email: "passworduser@example.com",
password_confirmation: "securepassword123" password: "securepassword123",
}) password_confirmation: "securepassword123"
}
)
|> render_submit() |> render_submit()
assert_redirected(view, "/users") assert_redirected(view, "/users")
@ -72,10 +74,13 @@ defmodule MvWeb.UserLive.FormTest do
|> form("#user-form", user: %{email: "storetest@example.com"}) |> form("#user-form", user: %{email: "storetest@example.com"})
|> render_submit() |> render_submit()
user = Ash.get!(Mv.Accounts.User, user =
[email: Ash.CiString.new("storetest@example.com")], Ash.get!(
domain: Mv.Accounts Mv.Accounts.User,
) [email: Ash.CiString.new("storetest@example.com")],
domain: Mv.Accounts
)
assert to_string(user.email) == "storetest@example.com" assert to_string(user.email) == "storetest@example.com"
assert is_nil(user.hashed_password) assert is_nil(user.hashed_password)
end end
@ -86,17 +91,22 @@ defmodule MvWeb.UserLive.FormTest do
view |> element("input[name='set_password']") |> render_click() view |> element("input[name='set_password']") |> render_click()
view view
|> form("#user-form", user: %{ |> form("#user-form",
email: "passwordstoretest@example.com", user: %{
password: "securepassword123", email: "passwordstoretest@example.com",
password_confirmation: "securepassword123" password: "securepassword123",
}) password_confirmation: "securepassword123"
}
)
|> render_submit() |> render_submit()
user = Ash.get!(Mv.Accounts.User, user =
[email: Ash.CiString.new("passwordstoretest@example.com")], Ash.get!(
domain: Mv.Accounts Mv.Accounts.User,
) [email: Ash.CiString.new("passwordstoretest@example.com")],
domain: Mv.Accounts
)
assert user.hashed_password != nil assert user.hashed_password != nil
assert String.starts_with?(user.hashed_password, "$2b$") assert String.starts_with?(user.hashed_password, "$2b$")
end end
@ -107,9 +117,10 @@ defmodule MvWeb.UserLive.FormTest do
_existing_user = create_test_user(%{email: "existing@example.com"}) _existing_user = create_test_user(%{email: "existing@example.com"})
{:ok, view, _html} = setup_live_view(conn, "/users/new") {:ok, view, _html} = setup_live_view(conn, "/users/new")
html = view html =
|> form("#user-form", user: %{email: "existing@example.com"}) view
|> render_submit() |> form("#user-form", user: %{email: "existing@example.com"})
|> render_submit()
assert html =~ "has already been taken" assert html =~ "has already been taken"
end end
@ -119,13 +130,16 @@ defmodule MvWeb.UserLive.FormTest do
view |> element("input[name='set_password']") |> render_click() view |> element("input[name='set_password']") |> render_click()
html = view html =
|> form("#user-form", user: %{ view
email: "test@example.com", |> form("#user-form",
password: "123", user: %{
password_confirmation: "123" email: "test@example.com",
}) password: "123",
|> render_submit() password_confirmation: "123"
}
)
|> render_submit()
assert html =~ "length must be greater than or equal to 8" assert html =~ "length must be greater than or equal to 8"
end end
@ -179,10 +193,12 @@ defmodule MvWeb.UserLive.FormTest do
view |> element("input[name='set_password']") |> render_click() view |> element("input[name='set_password']") |> render_click()
view view
|> form("#user-form", user: %{ |> form("#user-form",
email: "user@example.com", user: %{
password: "newadminpassword123" email: "user@example.com",
}) password: "newadminpassword123"
}
)
|> render_submit() |> render_submit()
assert_redirected(view, "/users") assert_redirected(view, "/users")
@ -199,9 +215,10 @@ defmodule MvWeb.UserLive.FormTest do
user_to_edit = create_test_user(%{email: "original@example.com"}) user_to_edit = create_test_user(%{email: "original@example.com"})
{:ok, view, _html} = setup_live_view(conn, "/users/#{user_to_edit.id}/edit") {:ok, view, _html} = setup_live_view(conn, "/users/#{user_to_edit.id}/edit")
html = view html =
|> form("#user-form", user: %{email: "taken@example.com"}) view
|> render_submit() |> form("#user-form", user: %{email: "taken@example.com"})
|> render_submit()
assert html =~ "has already been taken" assert html =~ "has already been taken"
end end
@ -212,16 +229,20 @@ defmodule MvWeb.UserLive.FormTest do
view |> element("input[name='set_password']") |> render_click() view |> element("input[name='set_password']") |> render_click()
result = view result =
|> form("#user-form", user: %{ view
email: "user@example.com", |> form("#user-form",
password: "123" user: %{
}) email: "user@example.com",
|> render_submit() password: "123"
}
)
|> render_submit()
case result do case result do
{:error, {:live_redirect, %{to: "/users"}}} -> {:error, {:live_redirect, %{to: "/users"}}} ->
flunk("Expected validation error but form was submitted successfully") flunk("Expected validation error but form was submitted successfully")
html when is_binary(html) -> html when is_binary(html) ->
assert html =~ "must have length of at least 8" assert html =~ "must have length of at least 8"
end end

75
test/mv_web/user_live/index_test.exs
View file

@ -91,8 +91,11 @@ defmodule MvWeb.UserLive.IndexTest do
mike_pos = html |> :binary.match("mike@example.com") |> elem(0) mike_pos = html |> :binary.match("mike@example.com") |> elem(0)
zulu_pos = html |> :binary.match("zulu@example.com") |> elem(0) zulu_pos = html |> :binary.match("zulu@example.com") |> elem(0)
assert zulu_pos < mike_pos, "zulu@example.com should appear before mike@example.com when sorted desc" assert zulu_pos < mike_pos,
assert mike_pos < alpha_pos, "mike@example.com should appear before alpha@example.com when sorted desc" "zulu@example.com should appear before mike@example.com when sorted desc"
assert mike_pos < alpha_pos,
"mike@example.com should appear before alpha@example.com when sorted desc"
end end
test "toggles back to ascending when clicking sort button twice", %{conn: conn} do test "toggles back to ascending when clicking sort button twice", %{conn: conn} do
@ -164,13 +167,17 @@ defmodule MvWeb.UserLive.IndexTest do
assert view |> element("input[type='checkbox'][name='#{user2.id}']") |> has_element?() assert view |> element("input[type='checkbox'][name='#{user2.id}']") |> has_element?()
# Initially, select_all should not be checked (since no individual items are selected) # Initially, select_all should not be checked (since no individual items are selected)
refute view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() refute view
|> element("input[type='checkbox'][name='select_all'][checked]")
|> has_element?()
# Select first user checkbox # Select first user checkbox
html = view |> element("input[type='checkbox'][name='#{user1.id}']") |> render_click() html = view |> element("input[type='checkbox'][name='#{user1.id}']") |> render_click()
# The select_all checkbox should still not be checked (not all users selected) # The select_all checkbox should still not be checked (not all users selected)
refute view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() refute view
|> element("input[type='checkbox'][name='select_all'][checked]")
|> has_element?()
# Page should still function normally # Page should still function normally
assert html =~ "Email" assert html =~ "Email"
@ -188,7 +195,9 @@ defmodule MvWeb.UserLive.IndexTest do
html = view |> element("input[type='checkbox'][name='#{user1.id}']") |> render_click() html = view |> element("input[type='checkbox'][name='#{user1.id}']") |> render_click()
# Select all should not be checked after deselecting individual user # Select all should not be checked after deselecting individual user
refute view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() refute view
|> element("input[type='checkbox'][name='select_all'][checked]")
|> has_element?()
# Page should still function normally # Page should still function normally
assert html =~ "Email" assert html =~ "Email"
@ -200,15 +209,25 @@ defmodule MvWeb.UserLive.IndexTest do
{:ok, view, _html} = live(conn, "/users") {:ok, view, _html} = live(conn, "/users")
# Initially no checkboxes should be checked # Initially no checkboxes should be checked
refute view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() refute view
refute view |> element("input[type='checkbox'][name='#{user1.id}'][checked]") |> has_element?() |> element("input[type='checkbox'][name='select_all'][checked]")
refute view |> element("input[type='checkbox'][name='#{user2.id}'][checked]") |> has_element?() |> has_element?()
refute view
|> element("input[type='checkbox'][name='#{user1.id}'][checked]")
|> has_element?()
refute view
|> element("input[type='checkbox'][name='#{user2.id}'][checked]")
|> has_element?()
# Click select all # Click select all
html = view |> element("input[type='checkbox'][name='select_all']") |> render_click() html = view |> element("input[type='checkbox'][name='select_all']") |> render_click()
# After selecting all, the select_all checkbox should be checked # After selecting all, the select_all checkbox should be checked
assert view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() assert view
|> element("input[type='checkbox'][name='select_all'][checked]")
|> has_element?()
# Page should still function normally and show all users # Page should still function normally and show all users
assert html =~ "Email" assert html =~ "Email"
@ -224,15 +243,25 @@ defmodule MvWeb.UserLive.IndexTest do
view |> element("input[type='checkbox'][name='select_all']") |> render_click() view |> element("input[type='checkbox'][name='select_all']") |> render_click()
# Verify that select_all is checked # Verify that select_all is checked
assert view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() assert view
|> element("input[type='checkbox'][name='select_all'][checked]")
|> has_element?()
# Then deselect all # Then deselect all
html = view |> element("input[type='checkbox'][name='select_all']") |> render_click() html = view |> element("input[type='checkbox'][name='select_all']") |> render_click()
# After deselecting all, no checkboxes should be checked # After deselecting all, no checkboxes should be checked
refute view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() refute view
refute view |> element("input[type='checkbox'][name='#{user1.id}'][checked]") |> has_element?() |> element("input[type='checkbox'][name='select_all'][checked]")
refute view |> element("input[type='checkbox'][name='#{user2.id}'][checked]") |> has_element?() |> has_element?()
refute view
|> element("input[type='checkbox'][name='#{user1.id}'][checked]")
|> has_element?()
refute view
|> element("input[type='checkbox'][name='#{user2.id}'][checked]")
|> has_element?()
# Page should still function normally # Page should still function normally
assert html =~ "Email" assert html =~ "Email"
@ -240,17 +269,24 @@ defmodule MvWeb.UserLive.IndexTest do
assert html =~ to_string(user2.email) assert html =~ to_string(user2.email)
end end
test "select all automatically checks when all individual users are selected", %{conn: conn, users: [user1, user2]} do test "select all automatically checks when all individual users are selected", %{
conn: conn,
users: [user1, user2]
} do
conn = conn_with_oidc_user(conn) conn = conn_with_oidc_user(conn)
{:ok, view, _html} = live(conn, "/users") {:ok, view, _html} = live(conn, "/users")
# Initially nothing should be checked # Initially nothing should be checked
refute view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() refute view
|> element("input[type='checkbox'][name='select_all'][checked]")
|> has_element?()
# Select first user # Select first user
view |> element("input[type='checkbox'][name='#{user1.id}']") |> render_click() view |> element("input[type='checkbox'][name='#{user1.id}']") |> render_click()
# Select all should still not be checked (only 1 of 2+ users selected) # Select all should still not be checked (only 1 of 2+ users selected)
refute view |> element("input[type='checkbox'][name='select_all'][checked]") |> has_element?() refute view
|> element("input[type='checkbox'][name='select_all'][checked]")
|> has_element?()
# Select second user # Select second user
html = view |> element("input[type='checkbox'][name='#{user2.id}']") |> render_click() html = view |> element("input[type='checkbox'][name='#{user2.id}']") |> render_click()
@ -278,7 +314,8 @@ defmodule MvWeb.UserLive.IndexTest do
# The page should still render (basic functionality test) # The page should still render (basic functionality test)
html = render(view) html = render(view)
assert html =~ "Email" # Table header should still be there # Table header should still be there
assert html =~ "Email"
end end
test "shows delete confirmation", %{conn: conn} do test "shows delete confirmation", %{conn: conn} do
@ -336,7 +373,8 @@ defmodule MvWeb.UserLive.IndexTest do
# Note: English translations might be empty strings by default # Note: English translations might be empty strings by default
# This test would verify the structure is there # This test would verify the structure is there
assert html =~ ~s(aria-label=) # Checking that aria-label attributes exist # Checking that aria-label attributes exist
assert html =~ ~s(aria-label=)
end end
end end
@ -371,5 +409,4 @@ defmodule MvWeb.UserLive.IndexTest do
assert html =~ long_email assert html =~ long_email
end end
end end
end end

37
test/support/conn_case.ex
View file

@ -60,25 +60,28 @@ defmodule MvWeb.ConnCase do
user_attrs = Map.merge(default_attrs, attrs) user_attrs = Map.merge(default_attrs, attrs)
# Handle password/hashed_password # Handle password/hashed_password
final_attrs = cond do final_attrs =
# If hashed_password is already provided, use it as-is cond do
Map.has_key?(user_attrs, :hashed_password) -> # If hashed_password is already provided, use it as-is
user_attrs Map.has_key?(user_attrs, :hashed_password) ->
user_attrs
# If password is provided, hash it # If password is provided, hash it
Map.has_key?(user_attrs, :password) -> Map.has_key?(user_attrs, :password) ->
password = Map.get(user_attrs, :password) password = Map.get(user_attrs, :password)
{:ok, hashed_password} = AshAuthentication.BcryptProvider.hash(password) {:ok, hashed_password} = AshAuthentication.BcryptProvider.hash(password)
user_attrs
|> Map.delete(:password) # Remove plain password
|> Map.put(:hashed_password, hashed_password)
# Neither provided, use default password user_attrs
true -> # Remove plain password
password = "password" |> Map.delete(:password)
{:ok, hashed_password} = AshAuthentication.BcryptProvider.hash(password) |> Map.put(:hashed_password, hashed_password)
Map.put(user_attrs, :hashed_password, hashed_password)
end # Neither provided, use default password
true ->
password = "password"
{:ok, hashed_password} = AshAuthentication.BcryptProvider.hash(password)
Map.put(user_attrs, :hashed_password, hashed_password)
end
Ash.Seed.seed!(Mv.Accounts.User, final_attrs) Ash.Seed.seed!(Mv.Accounts.User, final_attrs)
end end