get('/login'); $response->assertStatus(200); $response->assertViewIs('auth.login'); $response->assertSee('Login'); } public function test_users_can_authenticate_using_the_login_screen(): void { Planner::factory()->create([ 'email' => 'test@example.com', 'password' => bcrypt('password'), ]); $response = $this->post('/login', [ 'email' => 'test@example.com', 'password' => 'password', ]); $this->assertAuthenticated(); $response->assertRedirect('/dashboard'); } public function test_users_can_not_authenticate_with_invalid_password(): void { Planner::factory()->create([ 'email' => 'test@example.com', 'password' => bcrypt('password'), ]); $this->post('/login', [ 'email' => 'test@example.com', 'password' => 'wrong-password', ]); $this->assertGuest(); } public function test_session_is_created_on_login_page(): void { $response = $this->get('/login'); // Check if session was started $this->assertNotNull(session()->getId()); // Check if CSRF token is generated $this->assertNotNull(csrf_token()); // Check session driver $sessionDriver = config('session.driver'); $this->assertNotEquals('array', $sessionDriver, 'Session driver should not be array for authentication'); $response->assertStatus(200); $response->assertSessionHasNoErrors(); } public function test_csrf_token_is_validated_on_login(): void { // Try to post without CSRF token by disabling middleware that auto-adds it $response = $this ->withoutMiddleware(VerifyCsrfToken::class) ->withHeaders([ 'Accept' => 'text/html', ]) ->post('/login', [ 'email' => 'test@example.com', 'password' => 'password', ]); $response->assertStatus(302); } public function test_users_can_logout(): void { $user = Planner::factory()->create(); $response = $this->actingAs($user)->post('/logout'); $response->assertRedirect('/'); $this->assertGuest(); } }