Maybe/test/controllers/sessions_controller_test.rb

require "test_helper"

class SessionsControllerTest < ActionDispatch::IntegrationTest
  setup do
    @user = users(:family_admin)
  end

  test "login page" do
    get new_session_url
    assert_response :success
  end

  test "can sign in" do
    sign_in @user
    assert_redirected_to root_url
    assert Session.exists?(user_id: @user.id)

    get root_url
    assert_response :success
  end

  test "fails to sign in with bad password" do
    post sessions_url, params: { email: @user.email, password: "bad" }
    assert_response :unprocessable_entity
    assert_equal "Invalid email or password.", flash[:alert]
  end

  test "can sign out" do
    sign_in @user
    session_record = @user.sessions.last

    delete session_url(session_record)
    assert_redirected_to new_session_path
    assert_equal "You have signed out successfully.", flash[:notice]

    # Verify session is destroyed
    assert_nil Session.find_by(id: session_record.id)
  end

  test "redirects to MFA verification when MFA enabled" do
    @user.setup_mfa!
    @user.enable_mfa!
    @user.sessions.destroy_all # Clean up any existing sessions

    post sessions_path, params: { email: @user.email, password: user_password_test }

    assert_redirected_to verify_mfa_path
    assert_equal @user.id, session[:mfa_user_id]
    assert_not Session.exists?(user_id: @user.id)
  end
end
Set last_login_at only at login instead of every single action (#1017) 2024-07-22 15:37:03 +02:00			`require "test_helper"`

			`class SessionsControllerTest < ActionDispatch::IntegrationTest`
			`setup do`
			`@user = users(:family_admin)`
			`end`

Use DB for auth sessions (#1233) * DB sessions * Validations for profile image 2024-10-03 14:42:22 -04:00			`test "login page" do`
			`get new_session_url`
			`assert_response :success`
			`end`

Set last_login_at only at login instead of every single action (#1017) 2024-07-22 15:37:03 +02:00			`test "can sign in" do`
Use DB for auth sessions (#1233) * DB sessions * Validations for profile image 2024-10-03 14:42:22 -04:00			`sign_in @user`
Set last_login_at only at login instead of every single action (#1017) 2024-07-22 15:37:03 +02:00			`assert_redirected_to root_url`
Multi-factor authentication (#1817) * Initial pass * Tests for MFA and locale cleanup * Brakeman * Update two-factor authentication status styling * Update app/models/user.rb Co-authored-by: Zach Gollwitzer <zach@maybe.co> Signed-off-by: Josh Pigford <josh@joshpigford.com> * Refactor MFA verification and session handling in tests --------- Signed-off-by: Josh Pigford <josh@joshpigford.com> Co-authored-by: Zach Gollwitzer <zach@maybe.co> 2025-02-06 14:16:53 -06:00			`assert Session.exists?(user_id: @user.id)`
Use DB for auth sessions (#1233) * DB sessions * Validations for profile image 2024-10-03 14:42:22 -04:00
			`get root_url`
			`assert_response :success`
Set last_login_at only at login instead of every single action (#1017) 2024-07-22 15:37:03 +02:00			`end`

Use DB for auth sessions (#1233) * DB sessions * Validations for profile image 2024-10-03 14:42:22 -04:00			`test "fails to sign in with bad password" do`
			`post sessions_url, params: { email: @user.email, password: "bad" }`
			`assert_response :unprocessable_entity`
			`assert_equal "Invalid email or password.", flash[:alert]`
			`end`

			`test "can sign out" do`
			`sign_in @user`
Multi-factor authentication (#1817) * Initial pass * Tests for MFA and locale cleanup * Brakeman * Update two-factor authentication status styling * Update app/models/user.rb Co-authored-by: Zach Gollwitzer <zach@maybe.co> Signed-off-by: Josh Pigford <josh@joshpigford.com> * Refactor MFA verification and session handling in tests --------- Signed-off-by: Josh Pigford <josh@joshpigford.com> Co-authored-by: Zach Gollwitzer <zach@maybe.co> 2025-02-06 14:16:53 -06:00			`session_record = @user.sessions.last`
Use DB for auth sessions (#1233) * DB sessions * Validations for profile image 2024-10-03 14:42:22 -04:00
Multi-factor authentication (#1817) * Initial pass * Tests for MFA and locale cleanup * Brakeman * Update two-factor authentication status styling * Update app/models/user.rb Co-authored-by: Zach Gollwitzer <zach@maybe.co> Signed-off-by: Josh Pigford <josh@joshpigford.com> * Refactor MFA verification and session handling in tests --------- Signed-off-by: Josh Pigford <josh@joshpigford.com> Co-authored-by: Zach Gollwitzer <zach@maybe.co> 2025-02-06 14:16:53 -06:00			`delete session_url(session_record)`
User Onboarding + Bug Fixes (#1352) * Bump min supported date to 20 years * Add basic onboarding * User onboarding * Complete onboarding flow * Cleanup, add user profile update test 2024-10-23 11:20:55 -04:00			`assert_redirected_to new_session_path`
Use DB for auth sessions (#1233) * DB sessions * Validations for profile image 2024-10-03 14:42:22 -04:00			`assert_equal "You have signed out successfully.", flash[:notice]`
Multi-factor authentication (#1817) * Initial pass * Tests for MFA and locale cleanup * Brakeman * Update two-factor authentication status styling * Update app/models/user.rb Co-authored-by: Zach Gollwitzer <zach@maybe.co> Signed-off-by: Josh Pigford <josh@joshpigford.com> * Refactor MFA verification and session handling in tests --------- Signed-off-by: Josh Pigford <josh@joshpigford.com> Co-authored-by: Zach Gollwitzer <zach@maybe.co> 2025-02-06 14:16:53 -06:00
			`# Verify session is destroyed`
			`assert_nil Session.find_by(id: session_record.id)`
Set last_login_at only at login instead of every single action (#1017) 2024-07-22 15:37:03 +02:00			`end`
Add back good job dashboard with auth (#1364) 2024-10-24 17:28:29 -04:00
Multi-factor authentication (#1817) * Initial pass * Tests for MFA and locale cleanup * Brakeman * Update two-factor authentication status styling * Update app/models/user.rb Co-authored-by: Zach Gollwitzer <zach@maybe.co> Signed-off-by: Josh Pigford <josh@joshpigford.com> * Refactor MFA verification and session handling in tests --------- Signed-off-by: Josh Pigford <josh@joshpigford.com> Co-authored-by: Zach Gollwitzer <zach@maybe.co> 2025-02-06 14:16:53 -06:00			`test "redirects to MFA verification when MFA enabled" do`
			`@user.setup_mfa!`
			`@user.enable_mfa!`
			`@user.sessions.destroy_all # Clean up any existing sessions`

Chromium E2E test fixes (#2108) * Change test password to avoid chromium conflicts * Update integration tests * Centralize all test password references * Remove unrelated schema changes 2025-04-14 08:41:49 -04:00			`post sessions_path, params: { email: @user.email, password: user_password_test }`
Multi-factor authentication (#1817) * Initial pass * Tests for MFA and locale cleanup * Brakeman * Update two-factor authentication status styling * Update app/models/user.rb Co-authored-by: Zach Gollwitzer <zach@maybe.co> Signed-off-by: Josh Pigford <josh@joshpigford.com> * Refactor MFA verification and session handling in tests --------- Signed-off-by: Josh Pigford <josh@joshpigford.com> Co-authored-by: Zach Gollwitzer <zach@maybe.co> 2025-02-06 14:16:53 -06:00
			`assert_redirected_to verify_mfa_path`
			`assert_equal @user.id, session[:mfa_user_id]`
			`assert_not Session.exists?(user_id: @user.id)`
			`end`
Set last_login_at only at login instead of every single action (#1017) 2024-07-22 15:37:03 +02:00			`end`