cjd/ai-web
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
e30c6a9f140eeb4b9b177c23a605eec280aa27f5
ai-web/tests/Feature/AdminAuthTest.php

74 lines
2.0 KiB
PHP
Raw Normal View History

init
2026-02-11 17:28:36 +08:00
<?php
declare(strict_types=1);
namespace Tests\Feature;
use Illuminate\Support\Facades\RateLimiter;
use Tests\TestCase;
class AdminAuthTest extends TestCase
{
public function test_admin_login_page_and_captcha_are_accessible(): void
{
$this->get('/admin/login')->assertOk();
$this->get('/admin/captcha')
->assertOk()
->assertHeader('Content-Type', 'image/png');
}
public function test_admin_can_login_with_valid_captcha_and_credentials(): void
{
config([
'app.admin_user' => 'admin',
'app.admin_password' => 'secret-pass',
]);
$captcha = 'ABCD1';
$response = $this
->withSession(['admin_captcha_hash' => hash('sha256', strtolower($captcha))])
->post('/admin/login', [
'username' => 'admin',
'password' => 'secret-pass',
'captcha' => $captcha,
]);
$response->assertRedirect(route('admin.dashboard'));
$this->assertTrue((bool) session('admin_authenticated'));
$this->assertSame('admin', session('admin_username'));
}
public function test_admin_login_is_rate_limited_when_too_many_attempts(): void
{
config([
'app.admin_user' => 'admin',
'app.admin_password' => 'secret-pass',
]);
$key = 'admin|127.0.0.1';
RateLimiter::clear($key);
for ($attempt = 0; $attempt < 5; $attempt++) {
RateLimiter::hit($key, 120);
}
$response = $this
->withServerVariables(['REMOTE_ADDR' => '127.0.0.1'])
->withSession(['admin_captcha_hash' => hash('sha256', 'abcde')])
->from('/admin/login')
->post('/admin/login', [
'username' => 'admin',
'password' => 'wrong',
'captcha' => 'ABCDE',
]);
$response->assertRedirect('/admin/login');
$response->assertSessionHasErrors(['username']);
RateLimiter::clear($key);
}
}
Reference in New Issue Copy Permalink