In this tutorial we're going to expand on a built in Laravel command I use in almost every project the
php artisan make:auth command.
The make auth command will generate the routes, controllers and views for authentication in your Laravel project.
When you run this command on a new project it will make the login controller, register controller, forgotten password controller and reset password controller. This command makes it very easy to get started with any project.
The thing that's missing from this command is the tests that will make sure that you've implemented it correctly. Therefore in this tutorial we're going to create the missing auth tests for this command.
The forgotten password page is used for users to enter their email into a form to be emailed a link that will allow them to reset their password to login into your application.
The tests that we need to perform are going to be for:
- Show the forgotten password form
- When the user enters their email address an forgotten password is sent to the user.
- Test the application doesn't send the forgotten password email if the user doesn't exist.
- Test the forgotten password form requires an email to be entered.
The login page is used by your users to access a locked down area of your site. It's important to test that only logged in users can access these pages and only correct credentials can log into your account.
The tests will need to perform:
- It shows the login form
- It will log in the user with correct credentials
- It will not log in the user if they have the wrong password
- It will not login the user if the email doesn't exist
- It will allow a user to logout
This page is used by new visitors to register to become a user of your application. Therefore we need to make sure that when the user signs up a new user is created and they can login.
The tests we're going to perform are:
- Test it can register a new user
- Test is validates the user for required information.
- Test is validates the password to make sure the user has confirmed their password.
- Test it makes sure the email address doesn't already exist.
When the user comes back from the forgotten password email they will see the reset password form, this requires a unique valid token to be generated and link to the user email address so that only they can reset the password on their account.
Then tests we're going to perform are:
- It shows the reset password page
- You can reset the password with a valid token
- It doesn't reset the password with an invalid token
- It doesn't update the password if it's empty
- It doesn't update linked user to token with an empty email