<?php
namespace Tests\Feature\Settings;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Laravel\Fortify\Features;
use Livewire\Volt\Volt;
use Tests\TestCase;
class TwoFactorAuthenticationTest extends TestCase
{
use RefreshDatabase;
protected function setUp(): void
{
parent::setUp();
if (! Features::canManageTwoFactorAuthentication()) {
$this->markTestSkipped('Two-factor authentication is not enabled.');
}
Features::twoFactorAuthentication([
'confirm' => true,
'confirmPassword' => true,
]);
}
public function test_two_factor_settings_page_can_be_rendered(): void
{
$user = User::factory()->withoutTwoFactor()->create();
$this->actingAs($user)
->withSession(['auth.password_confirmed_at' => time()])
->get(route('two-factor.show'))
->assertOk()
->assertSee('Two Factor Authentication')
->assertSee('Disabled');
}
public function test_two_factor_settings_page_requires_password_confirmation_when_enabled(): void
{
$user = User::factory()->create();
$response = $this->actingAs($user)
->get(route('two-factor.show'));
$response->assertRedirect(route('password.confirm'));
}
public function test_two_factor_settings_page_returns_forbidden_response_when_two_factor_is_disabled(): void
{
config(['fortify.features' => []]);
$user = User::factory()->create();
$response = $this->actingAs($user)
->withSession(['auth.password_confirmed_at' => time()])
->get(route('two-factor.show'));
$response->assertForbidden();
}
public function test_two_factor_authentication_disabled_when_confirmation_abandoned_between_requests(): void
{
$user = User::factory()->create();
$user->forceFill([
'two_factor_secret' => encrypt('test-secret'),
'two_factor_recovery_codes' => encrypt(json_encode(['code1', 'code2'])),
'two_factor_confirmed_at' => null,
])->save();
$this->actingAs($user);
$component = Volt::test('settings.two-factor');
$component->assertSet('twoFactorEnabled', false);
$this->assertDatabaseHas('users', [
'id' => $user->id,
'two_factor_secret' => null,
'two_factor_recovery_codes' => null,
]);
}
}
