Resources
--
-
- - Guides & Docs - -
- - Source - -
- - v1.5 Changelog - -
<%= get_flash(@conn, :info) %>
<%= get_flash(@conn, :error) %>
diff --git a/lib/planner_web/templates/page/index.html.eex b/lib/planner_web/templates/page/index.html.eex index 716caea..e305cbe 100644 --- a/lib/planner_web/templates/page/index.html.eex +++ b/lib/planner_web/templates/page/index.html.eex @@ -1,38 +1 @@ -<%= gettext "Welcome to %{name}!", name: "Phoenix" %>
-Peace-of-mind from prototype to production
-Help
--
-
- - Forum - -
- - #elixir-lang on Freenode IRC - -
- - Twitter @elixirphoenix - -
- - Elixir on Slack - -
Planner
diff --git a/lib/planner_web/templates/user_reset_password/edit.html.eex b/lib/planner_web/templates/user_reset_password/edit.html.eex new file mode 100644 index 0000000..62e562c --- /dev/null +++ b/lib/planner_web/templates/user_reset_password/edit.html.eex @@ -0,0 +1,25 @@ +Reset password
+ +<%= form_for @changeset, Routes.user_reset_password_path(@conn, :update, @token), fn f -> %> + <%= if @changeset.action do %> +
+
+ <% end %>
+
+ <%= label f, :password, "New password" %>
+ <%= password_input f, :password, required: true %>
+ <%= error_tag f, :password %>
+
+ <%= label f, :password_confirmation, "Confirm new password" %>
+ <%= password_input f, :password_confirmation, required: true %>
+ <%= error_tag f, :password_confirmation %>
+
+ Oops, something went wrong! Please check the errors below.
+
+ <%= submit "Reset password" %>
+
+<% end %>
+
++ <%= link "Login", to: Routes.user_session_path(@conn, :new) %> +
diff --git a/lib/planner_web/templates/user_reset_password/new.html.eex b/lib/planner_web/templates/user_reset_password/new.html.eex new file mode 100644 index 0000000..ab60a29 --- /dev/null +++ b/lib/planner_web/templates/user_reset_password/new.html.eex @@ -0,0 +1,14 @@ +Forgot your password?
+ +<%= form_for :user, Routes.user_reset_password_path(@conn, :create), fn f -> %> + <%= label f, :email %> + <%= text_input f, :email, required: true %> + +
+ <%= submit "Send instructions to reset password" %>
+
+<% end %>
+
++ <%= link "Login", to: Routes.user_session_path(@conn, :new) %> +
diff --git a/lib/planner_web/templates/user_session/new.html.eex b/lib/planner_web/templates/user_session/new.html.eex new file mode 100644 index 0000000..57c69a9 --- /dev/null +++ b/lib/planner_web/templates/user_session/new.html.eex @@ -0,0 +1,26 @@ +Login
+ +<%= form_for @conn, Routes.user_session_path(@conn, :create), [as: :user], fn f -> %> + <%= if @error_message do %> +
+
+ <% end %>
+
+ <%= label f, :email %>
+ <%= text_input f, :email, required: true %>
+
+ <%= label f, :password %>
+ <%= password_input f, :password, required: true %>
+
+ <%= label f, :remember_me, "Keep me logged in for 60 days" %>
+ <%= checkbox f, :remember_me %>
+
+ <%= @error_message %>
+
+ <%= submit "Login" %>
+
+<% end %>
+
++ <%= link "Forgot your password?", to: Routes.user_reset_password_path(@conn, :new) %> +
diff --git a/lib/planner_web/templates/user_settings/edit.html.eex b/lib/planner_web/templates/user_settings/edit.html.eex new file mode 100644 index 0000000..f4dc065 --- /dev/null +++ b/lib/planner_web/templates/user_settings/edit.html.eex @@ -0,0 +1,49 @@ +Settings
+ +Change e-mail
+ +<%= form_for @email_changeset, Routes.user_settings_path(@conn, :update_email), fn f -> %> + <%= if @email_changeset.action do %> +
+
+ <% end %>
+
+ <%= label f, :email %>
+ <%= text_input f, :email, required: true %>
+ <%= error_tag f, :email %>
+
+ <%= label f, :current_password, for: "current_password_for_email" %>
+ <%= password_input f, :current_password, required: true, name: "current_password", id: "current_password_for_email" %>
+ <%= error_tag f, :current_password %>
+
+ Oops, something went wrong! Please check the errors below.
+
+ <%= submit "Change e-mail" %>
+
+<% end %>
+
+Change password
+ +<%= form_for @password_changeset, Routes.user_settings_path(@conn, :update_password), fn f -> %> + <%= if @password_changeset.action do %> +
+
+ <% end %>
+
+ <%= label f, :password, "New password" %>
+ <%= password_input f, :password, required: true %>
+ <%= error_tag f, :password %>
+
+ <%= label f, :password_confirmation, "Confirm new password" %>
+ <%= password_input f, :password_confirmation, required: true %>
+ <%= error_tag f, :password_confirmation %>
+
+ <%= label f, :current_password, for: "current_password_for_password" %>
+ <%= password_input f, :current_password, required: true, name: "current_password", id: "current_password_for_password" %>
+ <%= error_tag f, :current_password %>
+
+ Oops, something went wrong! Please check the errors below.
+
+ <%= submit "Change password" %>
+
+<% end %>
diff --git a/lib/planner_web/views/user_confirmation_view.ex b/lib/planner_web/views/user_confirmation_view.ex
new file mode 100644
index 0000000..8dd5d4a
--- /dev/null
+++ b/lib/planner_web/views/user_confirmation_view.ex
@@ -0,0 +1,3 @@
+defmodule PlannerWeb.UserConfirmationView do
+ use PlannerWeb, :view
+end
diff --git a/lib/planner_web/views/user_registration_view.ex b/lib/planner_web/views/user_registration_view.ex
new file mode 100644
index 0000000..9e07d98
--- /dev/null
+++ b/lib/planner_web/views/user_registration_view.ex
@@ -0,0 +1,3 @@
+defmodule PlannerWeb.UserRegistrationView do
+ use PlannerWeb, :view
+end
diff --git a/lib/planner_web/views/user_reset_password_view.ex b/lib/planner_web/views/user_reset_password_view.ex
new file mode 100644
index 0000000..1a7242d
--- /dev/null
+++ b/lib/planner_web/views/user_reset_password_view.ex
@@ -0,0 +1,3 @@
+defmodule PlannerWeb.UserResetPasswordView do
+ use PlannerWeb, :view
+end
diff --git a/lib/planner_web/views/user_session_view.ex b/lib/planner_web/views/user_session_view.ex
new file mode 100644
index 0000000..5740775
--- /dev/null
+++ b/lib/planner_web/views/user_session_view.ex
@@ -0,0 +1,3 @@
+defmodule PlannerWeb.UserSessionView do
+ use PlannerWeb, :view
+end
diff --git a/lib/planner_web/views/user_settings_view.ex b/lib/planner_web/views/user_settings_view.ex
new file mode 100644
index 0000000..81cc19c
--- /dev/null
+++ b/lib/planner_web/views/user_settings_view.ex
@@ -0,0 +1,3 @@
+defmodule PlannerWeb.UserSettingsView do
+ use PlannerWeb, :view
+end
diff --git a/mix.exs b/mix.exs
index 6666fc7..db1e78f 100644
--- a/mix.exs
+++ b/mix.exs
@@ -33,6 +33,7 @@ defmodule Planner.MixProject do
# Type `mix help deps` for examples and options.
defp deps do
[
+ {:bcrypt_elixir, "~> 2.0"},
{:phoenix, "~> 1.5.1"},
{:phoenix_ecto, "~> 4.1"},
{:ecto_sql, "~> 3.4"},
@@ -40,6 +41,7 @@ defmodule Planner.MixProject do
{:phoenix_html, "~> 2.11"},
{:phoenix_live_reload, "~> 1.2", only: :dev},
{:phoenix_live_dashboard, "~> 0.2.0"},
+ {:phx_gen_auth, "~> 0.3.0", only: [:dev], runtime: false},
{:telemetry_metrics, "~> 0.4"},
{:telemetry_poller, "~> 0.4"},
{:gettext, "~> 0.11"},
diff --git a/mix.lock b/mix.lock
index 691bb70..52d4c89 100644
--- a/mix.lock
+++ b/mix.lock
@@ -1,4 +1,6 @@
%{
+ "bcrypt_elixir": {:hex, :bcrypt_elixir, "2.2.0", "3df902b81ce7fa8867a2ae30d20a1da6877a2c056bfb116fd0bc8a5f0190cea4", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "762be3fcb779f08207531bc6612cca480a338e4b4357abb49f5ce00240a77d1e"},
+ "comeonin": {:hex, :comeonin, "5.3.1", "7fe612b739c78c9c1a75186ef2d322ce4d25032d119823269d0aa1e2f1e20025", [:mix], [], "hexpm", "d6222483060c17f0977fad1b7401ef0c5863c985a64352755f366aee3799c245"},
"connection": {:hex, :connection, "1.0.4", "a1cae72211f0eef17705aaededacac3eb30e6625b04a6117c1b2db6ace7d5976", [:mix], [], "hexpm", "4a0850c9be22a43af9920a71ab17c051f5f7d45c209e40269a1938832510e4d9"},
"cowboy": {:hex, :cowboy, "2.8.0", "f3dc62e35797ecd9ac1b50db74611193c29815401e53bac9a5c0577bd7bc667d", [:rebar3], [{:cowlib, "~> 2.9.1", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "~> 1.7.1", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "4643e4fba74ac96d4d152c75803de6fad0b3fa5df354c71afdd6cbeeb15fac8a"},
"cowlib": {:hex, :cowlib, "2.9.1", "61a6c7c50cf07fdd24b2f45b89500bb93b6686579b069a89f88cb211e1125c78", [:rebar3], [], "hexpm", "e4175dc240a70d996156160891e1c62238ede1729e45740bdd38064dad476170"},
@@ -6,6 +8,7 @@
"decimal": {:hex, :decimal, "1.8.1", "a4ef3f5f3428bdbc0d35374029ffcf4ede8533536fa79896dd450168d9acdf3c", [:mix], [], "hexpm", "3cb154b00225ac687f6cbd4acc4b7960027c757a5152b369923ead9ddbca7aec"},
"ecto": {:hex, :ecto, "3.4.4", "a2c881e80dc756d648197ae0d936216c0308370332c5e77a2325a10293eef845", [:mix], [{:decimal, "~> 1.6 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "cc4bd3ad62abc3b21fb629f0f7a3dab23a192fca837d257dd08449fba7373561"},
"ecto_sql": {:hex, :ecto_sql, "3.4.4", "d28bac2d420f708993baed522054870086fd45016a9d09bb2cd521b9c48d32ea", [:mix], [{:db_connection, "~> 2.2", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.4.3", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.3.0 or ~> 0.4.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.15.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.0", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "edb49af715dd72f213b66adfd0f668a43c17ed510b5d9ac7528569b23af57fe8"},
+ "elixir_make": {:hex, :elixir_make, "0.6.0", "38349f3e29aff4864352084fc736fa7fa0f2995a819a737554f7ebd28b85aaab", [:mix], [], "hexpm", "d522695b93b7f0b4c0fcb2dfe73a6b905b1c301226a5a55cb42e5b14d509e050"},
"file_system": {:hex, :file_system, "0.2.8", "f632bd287927a1eed2b718f22af727c5aeaccc9a98d8c2bd7bff709e851dc986", [:mix], [], "hexpm", "97a3b6f8d63ef53bd0113070102db2ce05352ecf0d25390eb8d747c2bde98bca"},
"gettext": {:hex, :gettext, "0.18.0", "406d6b9e0e3278162c2ae1de0a60270452c553536772167e2d701f028116f870", [:mix], [], "hexpm", "c3f850be6367ebe1a08616c2158affe4a23231c70391050bf359d5f92f66a571"},
"jason": {:hex, :jason, "1.2.1", "12b22825e22f468c02eb3e4b9985f3d0cb8dc40b9bd704730efa11abd2708c44", [:mix], [{:decimal, "~> 1.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "b659b8571deedf60f79c5a608e15414085fa141344e2716fbd6988a084b5f993"},
@@ -17,6 +20,7 @@
"phoenix_live_reload": {:hex, :phoenix_live_reload, "1.2.4", "940c0344b1d66a2e46eef02af3a70e0c5bb45a4db0bf47917add271b76cd3914", [:mix], [{:file_system, "~> 0.2.1 or ~> 0.3", [hex: :file_system, repo: "hexpm", optional: false]}, {:phoenix, "~> 1.4", [hex: :phoenix, repo: "hexpm", optional: false]}], "hexpm", "38f9308357dea4cc77f247e216da99fcb0224e05ada1469167520bed4cb8cccd"},
"phoenix_live_view": {:hex, :phoenix_live_view, "0.13.3", "2186c55cc7c54ca45b97c6f28cfd267d1c61b5f205f3c83533704cd991bdfdec", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:phoenix, "~> 1.4.17 or ~> 1.5.2", [hex: :phoenix, repo: "hexpm", optional: false]}, {:phoenix_html, "~> 2.14", [hex: :phoenix_html, repo: "hexpm", optional: false]}], "hexpm", "c6309a7da2e779cb9cdf2fb603d75f38f49ef324bedc7a81825998bd1744ff8a"},
"phoenix_pubsub": {:hex, :phoenix_pubsub, "2.0.0", "a1ae76717bb168cdeb10ec9d92d1480fec99e3080f011402c0a2d68d47395ffb", [:mix], [], "hexpm", "c52d948c4f261577b9c6fa804be91884b381a7f8f18450c5045975435350f771"},
+ "phx_gen_auth": {:hex, :phx_gen_auth, "0.3.0", "3d1f1943d7f6ecccec9a540422eec2b764d89a866e77367bc100f07f625091ef", [:mix], [{:phoenix, "~> 1.5.2", [hex: :phoenix, repo: "hexpm", optional: false]}], "hexpm", "98d5a0a8fc34fed40c6ea9db4f57ebad6c1c50cdc0ba3aa8bc4716a5e8285990"},
"plug": {:hex, :plug, "1.10.3", "c9cebe917637d8db0e759039cc106adca069874e1a9034fd6e3fdd427fd3c283", [:mix], [{:mime, "~> 1.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.1.1 or ~> 1.2", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "01f9037a2a1de1d633b5a881101e6a444bcabb1d386ca1e00bb273a1f1d9d939"},
"plug_cowboy": {:hex, :plug_cowboy, "2.3.0", "149a50e05cb73c12aad6506a371cd75750c0b19a32f81866e1a323dda9e0e99d", [:mix], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:plug, "~> 1.7", [hex: :plug, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "bc595a1870cef13f9c1e03df56d96804db7f702175e4ccacdb8fc75c02a7b97e"},
"plug_crypto": {:hex, :plug_crypto, "1.1.2", "bdd187572cc26dbd95b87136290425f2b580a116d3fb1f564216918c9730d227", [:mix], [], "hexpm", "6b8b608f895b6ffcfad49c37c7883e8df98ae19c6a28113b02aa1e9c5b22d6b5"},
diff --git a/priv/repo/migrations/20200613231040_create_users_auth_tables.exs b/priv/repo/migrations/20200613231040_create_users_auth_tables.exs
new file mode 100644
index 0000000..621888b
--- /dev/null
+++ b/priv/repo/migrations/20200613231040_create_users_auth_tables.exs
@@ -0,0 +1,27 @@
+defmodule Planner.Repo.Migrations.CreateUsersAuthTables do
+ use Ecto.Migration
+
+ def change do
+ execute "CREATE EXTENSION IF NOT EXISTS citext", ""
+
+ create table(:users) do
+ add :email, :citext, null: false
+ add :hashed_password, :string, null: false
+ add :confirmed_at, :naive_datetime
+ timestamps()
+ end
+
+ create unique_index(:users, [:email])
+
+ create table(:users_tokens) do
+ add :user_id, references(:users, on_delete: :delete_all), null: false
+ add :token, :binary, null: false
+ add :context, :string, null: false
+ add :sent_to, :string
+ timestamps(updated_at: false)
+ end
+
+ create index(:users_tokens, [:user_id])
+ create unique_index(:users_tokens, [:context, :token])
+ end
+end
diff --git a/test/planner/accounts_test.exs b/test/planner/accounts_test.exs
new file mode 100644
index 0000000..dd0fe8c
--- /dev/null
+++ b/test/planner/accounts_test.exs
@@ -0,0 +1,429 @@
+defmodule Planner.AccountsTest do
+ use Planner.DataCase
+
+ alias Planner.Accounts
+ import Planner.AccountsFixtures
+ alias Planner.Accounts.{User, UserToken}
+
+ describe "get_user_by_email/1" do
+ test "does not return the user if the email does not exist" do
+ refute Accounts.get_user_by_email("unknown@example.com")
+ end
+
+ test "returns the user if the email exists" do
+ %{id: id} = user = user_fixture()
+ assert %User{id: ^id} = Accounts.get_user_by_email(user.email)
+ end
+ end
+
+ describe "get_user_by_email_and_password/1" do
+ test "does not return the user if the email does not exist" do
+ refute Accounts.get_user_by_email_and_password("unknown@example.com", "hello world!")
+ end
+
+ test "does not return the user if the password is not valid" do
+ user = user_fixture()
+ refute Accounts.get_user_by_email_and_password(user.email, "invalid")
+ end
+
+ test "returns the user if the email and password are valid" do
+ %{id: id} = user = user_fixture()
+
+ assert %User{id: ^id} =
+ Accounts.get_user_by_email_and_password(user.email, valid_user_password())
+ end
+ end
+
+ describe "get_user!/1" do
+ test "raises if id is invalid" do
+ assert_raise Ecto.NoResultsError, fn ->
+ Accounts.get_user!(-1)
+ end
+ end
+
+ test "returns the user with the given id" do
+ %{id: id} = user = user_fixture()
+ assert %User{id: ^id} = Accounts.get_user!(user.id)
+ end
+ end
+
+ describe "register_user/1" do
+ test "requires email and password to be set" do
+ {:error, changeset} = Accounts.register_user(%{})
+
+ assert %{
+ password: ["can't be blank"],
+ email: ["can't be blank"]
+ } = errors_on(changeset)
+ end
+
+ test "validates email and password when given" do
+ {:error, changeset} = Accounts.register_user(%{email: "not valid", password: "nt vld"})
+
+ assert %{
+ email: ["must have the @ sign and no spaces"],
+ password: ["should be at least 8 character(s)"]
+ } = errors_on(changeset)
+ end
+
+ test "validates maximum values for e-mail and password for security" do
+ too_long = String.duplicate("db", 100)
+ {:error, changeset} = Accounts.register_user(%{email: too_long, password: too_long})
+ assert "should be at most 160 character(s)" in errors_on(changeset).email
+ assert "should be at most 80 character(s)" in errors_on(changeset).password
+ end
+
+ test "validates e-mail uniqueness" do
+ %{email: email} = user_fixture()
+ {:error, changeset} = Accounts.register_user(%{email: email})
+ assert "has already been taken" in errors_on(changeset).email
+
+ # Now try with the upper cased e-mail too, to check that email case is ignored.
+ {:error, changeset} = Accounts.register_user(%{email: String.upcase(email)})
+ assert "has already been taken" in errors_on(changeset).email
+ end
+
+ test "registers users with a hashed password" do
+ email = unique_user_email()
+ {:ok, user} = Accounts.register_user(%{email: email, password: valid_user_password()})
+ assert user.email == email
+ assert is_binary(user.hashed_password)
+ # assert is_nil(user.confirmed_at)
+ assert is_nil(user.password)
+ end
+ end
+
+ describe "change_user_email/2" do
+ test "returns a user changeset" do
+ assert %Ecto.Changeset{} = changeset = Accounts.change_user_email(%User{})
+ assert changeset.required == [:email]
+ end
+ end
+
+ describe "apply_user_email/3" do
+ setup do
+ %{user: user_fixture()}
+ end
+
+ test "requires email to change", %{user: user} do
+ {:error, changeset} = Accounts.apply_user_email(user, valid_user_password(), %{})
+ assert %{email: ["did not change"]} = errors_on(changeset)
+ end
+
+ test "validates email", %{user: user} do
+ {:error, changeset} =
+ Accounts.apply_user_email(user, valid_user_password(), %{email: "not valid"})
+
+ assert %{email: ["must have the @ sign and no spaces"]} = errors_on(changeset)
+ end
+
+ test "validates maximum value for e-mail for security", %{user: user} do
+ too_long = String.duplicate("db", 100)
+
+ {:error, changeset} =
+ Accounts.apply_user_email(user, valid_user_password(), %{email: too_long})
+
+ assert "should be at most 160 character(s)" in errors_on(changeset).email
+ end
+
+ test "validates e-mail uniqueness", %{user: user} do
+ %{email: email} = user_fixture()
+
+ {:error, changeset} =
+ Accounts.apply_user_email(user, valid_user_password(), %{email: email})
+
+ assert "has already been taken" in errors_on(changeset).email
+ end
+
+ test "validates current password", %{user: user} do
+ {:error, changeset} =
+ Accounts.apply_user_email(user, "invalid", %{email: unique_user_email()})
+
+ assert %{current_password: ["is not valid"]} = errors_on(changeset)
+ end
+
+ test "applies the e-mail without persisting it", %{user: user} do
+ email = unique_user_email()
+ {:ok, user} = Accounts.apply_user_email(user, valid_user_password(), %{email: email})
+ assert user.email == email
+ assert Accounts.get_user!(user.id).email != email
+ end
+ end
+
+ describe "deliver_update_email_instructions/3" do
+ setup do
+ %{user: user_fixture()}
+ end
+
+ test "sends token through notification", %{user: user} do
+ token =
+ extract_user_token(fn url ->
+ Accounts.deliver_update_email_instructions(user, "current@example.com", url)
+ end)
+
+ {:ok, token} = Base.url_decode64(token, padding: false)
+ assert user_token = Repo.get_by(UserToken, token: :crypto.hash(:sha256, token))
+ assert user_token.user_id == user.id
+ assert user_token.sent_to == user.email
+ assert user_token.context == "change:current@example.com"
+ end
+ end
+
+ describe "update_user_email/2" do
+ setup do
+ user = user_fixture()
+ email = unique_user_email()
+
+ token =
+ extract_user_token(fn url ->
+ Accounts.deliver_update_email_instructions(%{user | email: email}, user.email, url)
+ end)
+
+ %{user: user, token: token, email: email}
+ end
+
+ test "does not update e-mail with invalid token", %{user: user} do
+ assert Accounts.update_user_email(user, "oops") == :error
+ assert Repo.get!(User, user.id).email == user.email
+ assert Repo.get_by(UserToken, user_id: user.id)
+ end
+
+ test "does not update e-mail if user e-mail changed", %{user: user, token: token} do
+ assert Accounts.update_user_email(%{user | email: "current@example.com"}, token) == :error
+ assert Repo.get!(User, user.id).email == user.email
+ assert Repo.get_by(UserToken, user_id: user.id)
+ end
+
+ test "does not update e-mail if token expired", %{user: user, token: token} do
+ {1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]])
+ assert Accounts.update_user_email(user, token) == :error
+ assert Repo.get!(User, user.id).email == user.email
+ assert Repo.get_by(UserToken, user_id: user.id)
+ end
+ end
+
+ describe "change_user_password/2" do
+ test "returns a user changeset" do
+ assert %Ecto.Changeset{} = changeset = Accounts.change_user_password(%User{})
+ assert changeset.required == [:password]
+ end
+ end
+
+ describe "update_user_password/3" do
+ setup do
+ %{user: user_fixture()}
+ end
+
+ test "validates password", %{user: user} do
+ {:error, changeset} =
+ Accounts.update_user_password(user, valid_user_password(), %{
+ password: "nt vld",
+ password_confirmation: "another"
+ })
+
+ assert %{
+ password: ["should be at least 8 character(s)"],
+ password_confirmation: ["does not match password"]
+ } = errors_on(changeset)
+ end
+
+ test "validates maximum values for password for security", %{user: user} do
+ too_long = String.duplicate("db", 100)
+
+ {:error, changeset} =
+ Accounts.update_user_password(user, valid_user_password(), %{password: too_long})
+
+ assert "should be at most 80 character(s)" in errors_on(changeset).password
+ end
+
+ test "validates current password", %{user: user} do
+ {:error, changeset} =
+ Accounts.update_user_password(user, "invalid", %{password: valid_user_password()})
+
+ assert %{current_password: ["is not valid"]} = errors_on(changeset)
+ end
+
+ test "updates the password", %{user: user} do
+ {:ok, user} =
+ Accounts.update_user_password(user, valid_user_password(), %{
+ password: "new valid password"
+ })
+
+ assert is_nil(user.password)
+ assert Accounts.get_user_by_email_and_password(user.email, "new valid password")
+ end
+
+ test "deletes all tokens for the given user", %{user: user} do
+ _ = Accounts.generate_user_session_token(user)
+
+ {:ok, _} =
+ Accounts.update_user_password(user, valid_user_password(), %{
+ password: "new valid password"
+ })
+
+ refute Repo.get_by(UserToken, user_id: user.id)
+ end
+ end
+
+ describe "generate_user_session_token/1" do
+ setup do
+ %{user: user_fixture()}
+ end
+
+ test "generates a token", %{user: user} do
+ token = Accounts.generate_user_session_token(user)
+ assert user_token = Repo.get_by(UserToken, token: token)
+ assert user_token.context == "session"
+
+ # Creating the same token for another user should fail
+ assert_raise Ecto.ConstraintError, fn ->
+ Repo.insert!(%UserToken{
+ token: user_token.token,
+ user_id: user_fixture().id,
+ context: "session"
+ })
+ end
+ end
+ end
+
+ describe "get_user_by_session_token/1" do
+ setup do
+ user = user_fixture()
+ token = Accounts.generate_user_session_token(user)
+ %{user: user, token: token}
+ end
+
+ test "returns user by token", %{user: user, token: token} do
+ assert session_user = Accounts.get_user_by_session_token(token)
+ assert session_user.id == user.id
+ end
+
+ test "does not return user for invalid token" do
+ refute Accounts.get_user_by_session_token("oops")
+ end
+
+ test "does not return user for expired token", %{token: token} do
+ {1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]])
+ refute Accounts.get_user_by_session_token(token)
+ end
+ end
+
+ describe "delete_session_token/1" do
+ test "deletes the token" do
+ user = user_fixture()
+ token = Accounts.generate_user_session_token(user)
+ assert Accounts.delete_session_token(token) == :ok
+ refute Accounts.get_user_by_session_token(token)
+ end
+ end
+
+ describe "deliver_user_confirmation_instructions/2" do
+ setup do
+ %{user: user_fixture()}
+ end
+ end
+
+ describe "confirm_user/2" do
+ setup do
+ user = user_fixture()
+
+ token =
+ extract_user_token(fn url ->
+ Accounts.deliver_user_confirmation_instructions(user, url)
+ end)
+
+ %{user: user, token: token}
+ end
+ end
+
+ describe "deliver_user_reset_password_instructions/2" do
+ setup do
+ %{user: user_fixture()}
+ end
+
+ test "sends token through notification", %{user: user} do
+ token =
+ extract_user_token(fn url ->
+ Accounts.deliver_user_reset_password_instructions(user, url)
+ end)
+
+ {:ok, token} = Base.url_decode64(token, padding: false)
+ assert user_token = Repo.get_by(UserToken, token: :crypto.hash(:sha256, token))
+ assert user_token.user_id == user.id
+ assert user_token.sent_to == user.email
+ assert user_token.context == "reset_password"
+ end
+ end
+
+ describe "get_user_by_reset_password_token/2" do
+ setup do
+ user = user_fixture()
+
+ token =
+ extract_user_token(fn url ->
+ Accounts.deliver_user_reset_password_instructions(user, url)
+ end)
+
+ %{user: user, token: token}
+ end
+
+ test "returns the user with valid token", %{user: %{id: id}, token: token} do
+ assert %User{id: ^id} = Accounts.get_user_by_reset_password_token(token)
+ assert Repo.get_by(UserToken, user_id: id)
+ end
+
+ test "does not return the user with invalid token", %{user: user} do
+ refute Accounts.get_user_by_reset_password_token("oops")
+ assert Repo.get_by(UserToken, user_id: user.id)
+ end
+
+ test "does not return the user if token expired", %{user: user, token: token} do
+ {1, nil} = Repo.update_all(UserToken, set: [inserted_at: ~N[2020-01-01 00:00:00]])
+ refute Accounts.get_user_by_reset_password_token(token)
+ assert Repo.get_by(UserToken, user_id: user.id)
+ end
+ end
+
+ describe "reset_user_password/3" do
+ setup do
+ %{user: user_fixture()}
+ end
+
+ test "validates password", %{user: user} do
+ {:error, changeset} =
+ Accounts.reset_user_password(user, %{
+ password: "nt vld",
+ password_confirmation: "another"
+ })
+
+ assert %{
+ password: ["should be at least 8 character(s)"],
+ password_confirmation: ["does not match password"]
+ } = errors_on(changeset)
+ end
+
+ test "validates maximum values for password for security", %{user: user} do
+ too_long = String.duplicate("db", 100)
+ {:error, changeset} = Accounts.reset_user_password(user, %{password: too_long})
+ assert "should be at most 80 character(s)" in errors_on(changeset).password
+ end
+
+ test "updates the password", %{user: user} do
+ {:ok, updated_user} = Accounts.reset_user_password(user, %{password: "new valid password"})
+ assert is_nil(updated_user.password)
+ assert Accounts.get_user_by_email_and_password(user.email, "new valid password")
+ end
+
+ test "deletes all tokens for the given user", %{user: user} do
+ _ = Accounts.generate_user_session_token(user)
+ {:ok, _} = Accounts.reset_user_password(user, %{password: "new valid password"})
+ refute Repo.get_by(UserToken, user_id: user.id)
+ end
+ end
+
+ describe "inspect/2" do
+ test "does not include password" do
+ refute inspect(%User{password: "123456"}) =~ "password: \"123456\""
+ end
+ end
+end
diff --git a/test/planner_web/controllers/page_controller_test.exs b/test/planner_web/controllers/page_controller_test.exs
deleted file mode 100644
index 94686f3..0000000
--- a/test/planner_web/controllers/page_controller_test.exs
+++ /dev/null
@@ -1,8 +0,0 @@
-defmodule PlannerWeb.PageControllerTest do
- use PlannerWeb.ConnCase
-
- test "GET /", %{conn: conn} do
- conn = get(conn, "/")
- assert html_response(conn, 200) =~ "Welcome to Phoenix!"
- end
-end
diff --git a/test/support/conn_case.ex b/test/support/conn_case.ex
index 9bdb931..1fb15ff 100644
--- a/test/support/conn_case.ex
+++ b/test/support/conn_case.ex
@@ -40,4 +40,30 @@ defmodule PlannerWeb.ConnCase do
{:ok, conn: Phoenix.ConnTest.build_conn()}
end
+
+ @doc """
+ Setup helper that registers and logs in users.
+
+ setup :register_and_login_user
+
+ It stores an updated connection and a registered user in the
+ test context.
+ """
+ def register_and_login_user(%{conn: conn}) do
+ user = Planner.AccountsFixtures.user_fixture()
+ %{conn: login_user(conn, user), user: user}
+ end
+
+ @doc """
+ Logs the given `user` into the `conn`.
+
+ It returns an updated `conn`.
+ """
+ def login_user(conn, user) do
+ token = Planner.Accounts.generate_user_session_token(user)
+
+ conn
+ |> Phoenix.ConnTest.init_test_session(%{})
+ |> Plug.Conn.put_session(:user_token, token)
+ end
end
diff --git a/test/support/fixtures/accounts_fixtures.ex b/test/support/fixtures/accounts_fixtures.ex
new file mode 100644
index 0000000..a36c88e
--- /dev/null
+++ b/test/support/fixtures/accounts_fixtures.ex
@@ -0,0 +1,27 @@
+defmodule Planner.AccountsFixtures do
+ @moduledoc """
+ This module defines test helpers for creating
+ entities via the `Planner.Accounts` context.
+ """
+
+ def unique_user_email, do: "user#{System.unique_integer()}@example.com"
+ def valid_user_password, do: "hello world!"
+
+ def user_fixture(attrs \\ %{}) do
+ {:ok, user} =
+ attrs
+ |> Enum.into(%{
+ email: unique_user_email(),
+ password: valid_user_password()
+ })
+ |> Planner.Accounts.register_user()
+
+ user
+ end
+
+ def extract_user_token(fun) do
+ {:ok, captured} = fun.(&"[TOKEN]#{&1}[TOKEN]")
+ [_, token, _] = String.split(captured.body, "[TOKEN]")
+ token
+ end
+end