defmodule Bones73k.AccountsTest do use Bones73k.DataCase alias Bones73k.Accounts import Bones73k.AccountsFixtures alias Bones73k.Accounts.{User, UserToken} describe "get_user_by_email/1" do test "does not return the user if the email does not exist" do refute Accounts.get_user_by_email("unknown@example.com") end test "returns the user if the email exists" do %{id: id} = user = user_fixture() assert %User{id: ^id} = Accounts.get_user_by_email(user.email) end end describe "get_user_by_email_and_password/2" do test "does not return the user if the email does not exist" do refute Accounts.get_user_by_email_and_password("unknown@example.com", "hello world!") end test "does not return the user if the password is not valid" do user = user_fixture() refute Accounts.get_user_by_email_and_password(user.email, "invalid") end test "returns the user if the email and password are valid" do %{id: id} = user = user_fixture() assert %User{id: ^id} = Accounts.get_user_by_email_and_password(user.email, valid_user_password()) end end describe "get_user!/1" do test "raises if id is invalid" do assert_raise Ecto.NoResultsError, fn -> Ecto.UUID.generate() |> Accounts.get_user!() end end test "returns the user with the given id" do %{id: id} = user = user_fixture() assert %User{id: ^id} = Accounts.get_user!(user.id) end end describe "register_user/1" do test "requires email and password to be set" do {:error, changeset} = Accounts.register_user(%{}) assert %{ password: ["can't be blank"], email: ["can't be blank"] } = errors_on(changeset) end test "validates email and password when given" do {:error, changeset} = Accounts.register_user(%{email: "not valid", password: "2shrt"}) pw_err = "should be at least #{User.min_password()} character(s)" assert "must be a valid email address" in errors_on(changeset).email assert pw_err in errors_on(changeset).password end test "validates maximum values for email and password for security" do too_long = "#{String.duplicate("db", 300)}@example.com" {:error, changeset} = Accounts.register_user(%{email: too_long, password: too_long}) em_err = "should be at most #{User.max_email()} character(s)" pw_err = "should be at most #{User.max_password()} character(s)" assert em_err in errors_on(changeset).email assert pw_err in errors_on(changeset).password end test "validates email uniqueness" do %{email: email} = user_fixture() {:error, changeset} = Accounts.register_user(%{email: email}) assert "has already been taken" in errors_on(changeset).email # Now try with the upper cased email too, to check that email case is ignored. {:error, changeset} = Accounts.register_user(%{email: String.upcase(email)}) assert "has already been taken" in errors_on(changeset).email end test "registers users with a hashed password and sets role to :user" do email = unique_user_email() {:ok, user} = Accounts.register_user(%{email: email, password: valid_user_password()}) assert user.email == email assert is_binary(user.hashed_password) assert is_nil(user.confirmed_at) assert is_nil(user.password) assert user.role == :user end test "registers different role :manager and sets role to :manager" do email = unique_user_email() attrs = %{email: email, role: :manager, password: valid_user_password()} {:ok, user} = Accounts.register_user(attrs) assert user.email == email assert is_binary(user.hashed_password) assert is_nil(user.confirmed_at) assert is_nil(user.password) assert user.role == :manager end test "registers different role :admin and sets role to :admin" do email = unique_user_email() attrs = %{email: email, role: :admin, password: valid_user_password()} {:ok, user} = Accounts.register_user(attrs) assert user.role == :admin end end describe "change_user_registration/2" do test "returns a changeset" do assert %Ecto.Changeset{} = changeset = Accounts.change_user_registration(%User{}) assert changeset.required == [:password, :email, :role] end end describe "change_user_email/2" do test "returns a user changeset" do assert %Ecto.Changeset{} = changeset = Accounts.change_user_email(%User{}) assert changeset.required == [:email] end end describe "apply_user_email/3" do setup do %{user: user_fixture()} end test "requires email to change", %{user: user} do attrs = %{"current_password" => valid_user_password()} {:error, changeset} = Accounts.apply_user_email(user, attrs) assert %{email: ["did not change"]} = errors_on(changeset) end test "validates email", %{user: user} do attrs = %{"current_password" => valid_user_password(), "email" => "not valid"} {:error, changeset} = Accounts.apply_user_email(user, attrs) assert %{email: ["must be a valid email address"]} = errors_on(changeset) end test "validates maximum value for email for security", %{user: user} do too_long = "#{String.duplicate("db", 300)}@example.com" attrs = %{"current_password" => valid_user_password(), "email" => too_long} {:error, changeset} = Accounts.apply_user_email(user, attrs) em_err = "should be at most #{User.max_email()} character(s)" assert em_err in errors_on(changeset).email end test "validates email uniqueness", %{user: user} do %{email: email} = user_fixture() attrs = %{"current_password" => valid_user_password(), "email" => email} {:error, changeset} = Accounts.apply_user_email(user, attrs) assert "has already been taken" in errors_on(changeset).email end test "validates current password", %{user: user} do attrs = %{"current_password" => "invalid", "email" => unique_user_email()} {:error, changeset} = Accounts.apply_user_email(user, attrs) assert %{current_password: ["is not valid"]} = errors_on(changeset) end test "applies the email without persisting it", %{user: user} do email = unique_user_email() attrs = %{"current_password" => valid_user_password(), "email" => email} {:ok, user} = Accounts.apply_user_email(user, attrs) assert user.email == email assert Accounts.get_user!(user.id).email != email end end describe "deliver_update_email_instructions/3" do setup do %{user: user_fixture()} end test "sends token through notification", %{user: user} do token = extract_user_token(fn url -> Accounts.deliver_update_email_instructions(user, "current@example.com", url) end) {:ok, token} = Base.url_decode64(token, padding: false) assert user_token = Repo.get_by(UserToken, token: :crypto.hash(:sha256, token)) assert user_token.user_id == user.id assert user_token.sent_to == user.email assert user_token.context == "change:current@example.com" end end describe "update_user_email/2" do setup do user = user_fixture() email = unique_user_email() token = extract_user_token(fn url -> Accounts.deliver_update_email_instructions(%{user | email: email}, user.email, url) end) %{user: user, token: token, email: email} end test "updates the email with a valid token", %{user: user, token: token, email: email} do assert Accounts.update_user_email(user, token) == :ok changed_user = Repo.get!(User, user.id) assert changed_user.email != user.email assert changed_user.email == email assert changed_user.confirmed_at assert changed_user.confirmed_at != user.confirmed_at refute Repo.get_by(UserToken, user_id: user.id) end test "does not update email with invalid token", %{user: user} do assert Accounts.update_user_email(user, "oops") == :error assert Repo.get!(User, user.id).email == user.email assert Repo.get_by(UserToken, user_id: user.id) end test "does not update email if user email changed", %{user: user, token: token} do assert Accounts.update_user_email(%{user | email: "current@example.com"}, token) == :error assert Repo.get!(User, user.id).email == user.email assert Repo.get_by(UserToken, user_id: user.id) end test "does not update email if token expired", %{user: user, token: token} do {1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]]) assert Accounts.update_user_email(user, token) == :error assert Repo.get!(User, user.id).email == user.email assert Repo.get_by(UserToken, user_id: user.id) end end describe "change_user_password/2" do test "returns a user changeset" do assert %Ecto.Changeset{} = changeset = Accounts.change_user_password(%User{}) assert changeset.required == [:password] end end describe "update_user_password/3" do setup do %{user: user_fixture()} end test "validates password", %{user: user} do attrs = %{ "current_password" => valid_user_password(), "password" => "2shrt", "password_confirmation" => "another" } {:error, changeset} = Accounts.update_user_password(user, attrs) pw_err = "should be at least #{User.min_password()} character(s)" conf_err = "does not match password" assert pw_err in errors_on(changeset).password assert conf_err in errors_on(changeset).password_confirmation end test "validates maximum values for password for security", %{user: user} do attrs = %{ "current_password" => valid_user_password(), "password" => String.duplicate("db", 100) } {:error, changeset} = Accounts.update_user_password(user, attrs) pw_err = "should be at most #{User.max_password()} character(s)" assert pw_err in errors_on(changeset).password end test "validates current password", %{user: user} do attrs = %{"current_password" => "invalid", "password" => valid_user_password()} {:error, changeset} = Accounts.update_user_password(user, attrs) assert %{current_password: ["is not valid"]} = errors_on(changeset) end test "updates the password", %{user: user} do attrs = %{"current_password" => valid_user_password(), "password" => "NewValidP420"} {:ok, user} = Accounts.update_user_password(user, attrs) assert is_nil(user.password) assert Accounts.get_user_by_email_and_password(user.email, "NewValidP420") end test "deletes all tokens for the given user", %{user: user} do _ = Accounts.generate_user_session_token(user) attrs = %{"current_password" => valid_user_password(), "password" => "NewValidP420"} {:ok, _} = Accounts.update_user_password(user, attrs) refute Repo.get_by(UserToken, user_id: user.id) end end describe "generate_user_session_token/1" do setup do %{user: user_fixture()} end test "generates a token", %{user: user} do token = Accounts.generate_user_session_token(user) assert user_token = Repo.get_by(UserToken, token: token) assert user_token.context == "session" # Creating the same token for another user should fail assert_raise Ecto.ConstraintError, fn -> Repo.insert!(%UserToken{ token: user_token.token, user_id: user_fixture().id, context: "session" }) end end end describe "get_user_by_session_token/1" do setup do user = user_fixture() token = Accounts.generate_user_session_token(user) %{user: user, token: token} end test "returns user by token", %{user: user, token: token} do assert session_user = Accounts.get_user_by_session_token(token) assert session_user.id == user.id end test "does not return user for invalid token" do refute Accounts.get_user_by_session_token("oops") end test "does not return user for expired token", %{token: token} do {1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]]) refute Accounts.get_user_by_session_token(token) end end describe "delete_session_token/1" do test "deletes the token" do user = user_fixture() token = Accounts.generate_user_session_token(user) assert Accounts.delete_session_token(token) == :ok refute Accounts.get_user_by_session_token(token) end end describe "deliver_user_confirmation_instructions/2" do setup do %{user: user_fixture()} end test "sends token through notification", %{user: user} do token = extract_user_token(fn url -> Accounts.deliver_user_confirmation_instructions(user, url) end) {:ok, token} = Base.url_decode64(token, padding: false) assert user_token = Repo.get_by(UserToken, token: :crypto.hash(:sha256, token)) assert user_token.user_id == user.id assert user_token.sent_to == user.email assert user_token.context == "confirm" end end describe "confirm_user/2" do setup do user = user_fixture() token = extract_user_token(fn url -> Accounts.deliver_user_confirmation_instructions(user, url) end) %{user: user, token: token} end test "confirms the email with a valid token", %{user: user, token: token} do assert {:ok, confirmed_user} = Accounts.confirm_user(token) assert confirmed_user.confirmed_at assert confirmed_user.confirmed_at != user.confirmed_at assert Repo.get!(User, user.id).confirmed_at refute Repo.get_by(UserToken, user_id: user.id) end test "does not confirm with invalid token", %{user: user} do assert Accounts.confirm_user("oops") == :error refute Repo.get!(User, user.id).confirmed_at assert Repo.get_by(UserToken, user_id: user.id) end test "does not confirm email if token expired", %{user: user, token: token} do {1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]]) assert Accounts.confirm_user(token) == :error refute Repo.get!(User, user.id).confirmed_at assert Repo.get_by(UserToken, user_id: user.id) end end describe "deliver_user_reset_password_instructions/2" do setup do %{user: user_fixture()} end test "sends token through notification", %{user: user} do token = extract_user_token(fn url -> Accounts.deliver_user_reset_password_instructions(user, url) end) {:ok, token} = Base.url_decode64(token, padding: false) assert user_token = Repo.get_by(UserToken, token: :crypto.hash(:sha256, token)) assert user_token.user_id == user.id assert user_token.sent_to == user.email assert user_token.context == "reset_password" end end describe "get_user_by_reset_password_token/1" do setup do user = user_fixture() token = extract_user_token(fn url -> Accounts.deliver_user_reset_password_instructions(user, url) end) %{user: user, token: token} end test "returns the user with valid token", %{user: %{id: id}, token: token} do assert %User{id: ^id} = Accounts.get_user_by_reset_password_token(token) assert Repo.get_by(UserToken, user_id: id) end test "does not return the user with invalid token", %{user: user} do refute Accounts.get_user_by_reset_password_token("oops") assert Repo.get_by(UserToken, user_id: user.id) end test "does not return the user if token expired", %{user: user, token: token} do {1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]]) refute Accounts.get_user_by_reset_password_token(token) assert Repo.get_by(UserToken, user_id: user.id) end end describe "reset_user_password/2" do setup do %{user: user_fixture()} end test "validates password", %{user: user} do {:error, changeset} = Accounts.reset_user_password(user, %{ password: "2shrt", password_confirmation: "another" }) pw_err = "should be at least #{User.min_password()} character(s)" assert pw_err in errors_on(changeset).password assert "does not match password" in errors_on(changeset).password_confirmation end test "validates maximum values for password for security", %{user: user} do too_long = String.duplicate("db", 100) {:error, changeset} = Accounts.reset_user_password(user, %{password: too_long}) assert "should be at most 80 character(s)" in errors_on(changeset).password end test "updates the password", %{user: user} do {:ok, updated_user} = Accounts.reset_user_password(user, %{password: "NewValidP420"}) assert is_nil(updated_user.password) assert Accounts.get_user_by_email_and_password(user.email, "NewValidP420") end test "deletes all tokens for the given user", %{user: user} do _ = Accounts.generate_user_session_token(user) {:ok, _} = Accounts.reset_user_password(user, %{password: "NewValidP420"}) refute Repo.get_by(UserToken, user_id: user.id) end end describe "inspect/2" do test "does not include password" do refute inspect(%User{password: "123456"}) =~ "password: \"123456\"" end end end