Add extra tests for full coverage

stubs/default/pest-tests/Feature/Auth/AuthenticationTest.php

@@ -1,6 +1,8 @@
 <?php
 
 use App\Models\User;
+use Illuminate\Auth\Events\Lockout;
+use Illuminate\Support\Facades\Event;
 
 test('login screen can be rendered', function () {
     $response = $this->get('/login');
@@ -39,3 +41,24 @@
     $this->assertGuest();
     $response->assertRedirect('/');
 });
+
+test('users are rate limited after failed login attempts', function () {
+    Event::fake();
+
+    $user = User::factory()->create();
+
+    $responses = [];
+    foreach (range(0, 5) as $ignored) {
+        $responses[] = $this->post('/login', [
+            'email' => $user->email,
+            'password' => 'wrong-password',
+        ]);
+    }
+
+    $lastResponse = end($responses);
+
+    Event::assertDispatched(Lockout::class);
+
+    $lastResponse->assertSessionHasErrors('email', 'Too many login attempts. Please try again in % seconds.');
+    $lastResponse->assertRedirect('/');
+});

stubs/default/pest-tests/Feature/Auth/EmailVerificationTest.php

@@ -2,7 +2,9 @@
 
 use App\Models\User;
 use Illuminate\Auth\Events\Verified;
+use Illuminate\Auth\Notifications\VerifyEmail;
 use Illuminate\Support\Facades\Event;
+use Illuminate\Support\Facades\Notification;
 use Illuminate\Support\Facades\URL;
 
 test('email verification screen can be rendered', function () {
@@ -13,6 +15,37 @@
     $response->assertStatus(200);
 });
 
+test('redirects from email verification screen if user is already verified', function () {
+    $user = User::factory()->create();
+
+    $response = $this->actingAs($user)->get('/verify-email');
+
+    $response->assertRedirect(route('dashboard', absolute: false));
+});
+
+test('email verify notification can be sent', function () {
+    Notification::fake();
+
+    $user = User::factory()->unverified()->create();
+
+    $response = $this->actingAs($user)
+        ->from('/verify-email')
+        ->post('/email/verification-notification');
+
+    $response->assertRedirect('/verify-email');
+    $response->assertSessionHas('status', 'verification-link-sent');
+
+    Notification::assertSentTo($user, VerifyEmail::class);
+});
+
+test('email verify notification is not sent if the user is already verified', function () {
+    $user = User::factory()->create();
+
+    $response = $this->actingAs($user)->post('/email/verification-notification');
+
+    $response->assertRedirect(route('dashboard', absolute: false));
+});
+
 test('email can be verified', function () {
     $user = User::factory()->unverified()->create();
 
@@ -44,3 +77,18 @@
 
     expect($user->fresh()->hasVerifiedEmail())->toBeFalse();
 });
+
+test('redirects to dashboard if user is already verified', function () {
+    $user = User::factory()->create();
+
+    Event::fake();
+
+    $verificationUrl = URL::temporarySignedRoute(
+        'verification.verify',
+        now()->addMinutes(60),
+        ['id' => $user->id, 'hash' => sha1($user->email)]
+    );
+
+    $response = $this->actingAs($user)->get($verificationUrl);
+    $response->assertRedirect(route('dashboard', absolute: false).'?verified=1');
+});

stubs/default/tests/Feature/Auth/AuthenticationTest.php

@@ -3,6 +3,8 @@
 namespace Tests\Feature\Auth;
 
 use App\Models\User;
+use Illuminate\Auth\Events\Lockout;
+use Illuminate\Support\Facades\Event;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Tests\TestCase;
 
@@ -51,4 +53,26 @@ public function test_users_can_logout(): void
         $this->assertGuest();
         $response->assertRedirect('/');
     }
+
+    public function test_users_are_rate_limited_after_failed_login_attempts(): void
+    {
+        Event::fake();
+
+        $user = User::factory()->create();
+
+        $responses = [];
+        foreach (range(0, 5) as $ignored) {
+            $responses[] = $this->post('/login', [
+                'email' => $user->email,
+                'password' => 'wrong-password',
+            ]);
+        }
+
+        $lastResponse = end($responses);
+
+        Event::assertDispatched(Lockout::class);
+
+        $lastResponse->assertSessionHasErrors('email', 'Too many login attempts. Please try again in % seconds.');
+        $lastResponse->assertRedirect('/');
+    }
 }

stubs/default/tests/Feature/Auth/EmailVerificationTest.php

@@ -4,8 +4,10 @@
 
 use App\Models\User;
 use Illuminate\Auth\Events\Verified;
+use Illuminate\Auth\Notifications\VerifyEmail;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Support\Facades\Event;
+use Illuminate\Support\Facades\Notification;
 use Illuminate\Support\Facades\URL;
 use Tests\TestCase;
 
@@ -22,6 +24,31 @@ public function test_email_verification_screen_can_be_rendered(): void
         $response->assertStatus(200);
     }
 
+    public function test_redirects_from_email_verification_screen_if_user_is_already_verified(): void
+    {
+        $user = User::factory()->create();
+
+        $response = $this->actingAs($user)->get('/verify-email');
+
+        $response->assertRedirect(route('dashboard', absolute: false));
+    }
+
+    public function test_email_verify_notification_can_be_sent(): void
+    {
+        Notification::fake();
+
+        $user = User::factory()->unverified()->create();
+
+        $response = $this->actingAs($user)
+            ->from('/verify-email')
+            ->post('/email/verification-notification');
+
+        $response->assertRedirect('/verify-email');
+        $response->assertSessionHas('status', 'verification-link-sent');
+
+        Notification::assertSentTo($user, VerifyEmail::class);
+    }
+
     public function test_email_can_be_verified(): void
     {
         $user = User::factory()->unverified()->create();
@@ -55,4 +82,20 @@ public function test_email_is_not_verified_with_invalid_hash(): void
 
         $this->assertFalse($user->fresh()->hasVerifiedEmail());
     }
+
+    public function test_redirects_to_dashboard_if_user_is_already_verified(): void
+    {
+        $user = User::factory()->create();
+
+        Event::fake();
+
+        $verificationUrl = URL::temporarySignedRoute(
+            'verification.verify',
+            now()->addMinutes(60),
+            ['id' => $user->id, 'hash' => sha1($user->email)]
+        );
+
+        $response = $this->actingAs($user)->get($verificationUrl);
+        $response->assertRedirect(route('dashboard', absolute: false).'?verified=1');
+    }
 }