chore: cleanup

Author: JoeyMckenzie

bootstrap/app.php

@@ -15,7 +15,7 @@
         commands: __DIR__.'/../routes/console.php',
         health: '/up',
     )
-    ->withMiddleware(function (Middleware $middleware) {
+    ->withMiddleware(function (Middleware $middleware): void {
         $middleware->encryptCookies(except: ['appearance', 'sidebar_state']);
 
         $middleware->web(append: [
@@ -24,6 +24,6 @@
             AddLinkHeadersForPreloadedAssets::class,
         ]);
     })
-    ->withExceptions(function (Exceptions $exceptions) {
+    ->withExceptions(function (Exceptions $exceptions): void {
         //
     })->create();

composer.json

@@ -88,10 +88,7 @@
         "test:ci": "vendor/bin/pest --mutate --min=100 --parallel --ci",
         "test": [
             "@php artisan config:clear --ansi",
-            "@test:unit"
-        ],
-        "test:all": [
-            "@test",
+            "@test:unit",
             "@test:types",
             "@test:coverage"
         ],
@@ -115,7 +112,7 @@
             "@lint",
             "@fmt:test",
             "@refactor:test",
-            "@test:all",
+            "@test",
             "@typos"
         ],
         "transform": "php artisan typescript:transform --format",

pint.json

@@ -1,5 +1,8 @@
 {
     "preset": "laravel",
+    "notPath": [
+        "tests/TestCase.php"
+    ],
     "rules": {
         "array_push": true,
         "backtick_to_shell_exec": true,

rector.php

@@ -3,6 +3,7 @@
 declare(strict_types=1);
 
 use Rector\Config\RectorConfig;
+use Rector\Php83\Rector\ClassMethod\AddOverrideAttributeToOverriddenMethodsRector;
 use Rector\Privatization\Rector\ClassMethod\PrivatizeFinalClassMethodRector;
 
 return RectorConfig::configure()
@@ -12,13 +13,21 @@
         __DIR__.'/config',
         __DIR__.'/database',
         __DIR__.'/routes',
+        __DIR__.'/bootstrap/app.php',
+        __DIR__.'/public/index.php',
     ])
-    ->withPhpSets(php84: true)
+    ->withPhpSets()
     ->withSkip([
+        AddOverrideAttributeToOverriddenMethodsRector::class,
         PrivatizeFinalClassMethodRector::class => [
             __DIR__.'/app/Models/*.php',
         ],
     ])
-    ->withTypeCoverageLevel(10)
-    ->withDeadCodeLevel(10)
-    ->withCodeQualityLevel(10);
+    ->withPreparedSets(
+        deadCode: true,
+        codeQuality: true,
+        typeDeclarations: true,
+        privatization: true,
+        earlyReturn: true,
+        strictBooleans: true,
+    );

tests/Feature/Auth/AuthenticationTest.php

@@ -6,40 +6,65 @@
 
 use App\Models\User;
 
-it('can render the login screen', function (): void {
-    $response = $this->get('/login');
+describe('Authentication', function (): void {
+    it('can render the login screen', function (): void {
+        $response = $this->get('/login');
 
-    $response->assertStatus(200);
-});
+        $response->assertStatus(200);
+    });
 
-it('can authenticate users using the login screen', function (): void {
-    $user = User::factory()->create();
+    it('can authenticate users using the login screen', function (): void {
+        $user = User::factory()->create();
 
-    $response = $this->post('/login', [
-        'email' => $user->email,
-        'password' => 'password',
-    ]);
+        $response = $this->post('/login', [
+            'email' => $user->email,
+            'password' => 'password',
+        ]);
 
-    $this->assertAuthenticated();
-    $response->assertRedirect(route('dashboard', absolute: false));
-});
+        $this->assertAuthenticated();
+        $response->assertRedirect(route('dashboard', absolute: false));
+    });
 
-it('cannot authenticate users with invalid password', function (): void {
-    $user = User::factory()->create();
+    it('cannot authenticate users with invalid password', function (): void {
+        $user = User::factory()->create();
 
-    $this->post('/login', [
-        'email' => $user->email,
-        'password' => 'wrong-password',
-    ]);
+        $this->post('/login', [
+            'email' => $user->email,
+            'password' => 'wrong-password',
+        ]);
 
-    $this->assertGuest();
-});
+        $this->assertGuest();
+    });
+
+    it('throttles login attempts after too many failed attempts', function (): void {
+        $user = User::factory()->create();
+
+        // Attempt to login with wrong password multiple times to trigger rate limiting
+        collect(range(1, 5))
+            ->each(fn () => $this->post('/login', [
+                'email' => $user->email,
+                'password' => 'wrong-password',
+            ]));
+
+        // The next attempt should be throttled
+        $response = $this->post('/login', [
+            'email' => $user->email,
+            'password' => 'wrong-password',
+        ]);
+
+        $response->assertSessionHasErrors('email');
+        $this->assertStringContainsString(
+            'Too many login attempts',
+            collect($response->exception->errors())->flatten()->first()
+        );
+    });
 
-it('allows users to logout', function (): void {
-    $user = User::factory()->create();
+    it('allows users to logout', function (): void {
+        $user = User::factory()->create();
 
-    $response = $this->actingAs($user)->post('/logout');
+        $response = $this->actingAs($user)->post('/logout');
 
-    $this->assertGuest();
-    $response->assertRedirect('/');
+        $this->assertGuest();
+        $response->assertRedirect('/');
+    });
 });

tests/Feature/Auth/EmailVerificationTest.php

@@ -9,42 +9,85 @@
 use Illuminate\Support\Facades\Event;
 use Illuminate\Support\Facades\URL;
 
-it('can render the email verification screen', function (): void {
-    $user = User::factory()->unverified()->create();
+describe('Email verification', function (): void {
+    it('can render the email verification screen', function (): void {
+        $user = User::factory()->unverified()->create();
 
-    $response = $this->actingAs($user)->get('/verify-email');
+        $response = $this->actingAs($user)->get('/verify-email');
 
-    $response->assertStatus(200);
-});
+        $response->assertStatus(200);
+    });
 
-it('can verify email', function (): void {
-    $user = User::factory()->unverified()->create();
+    it('can verify email', function (): void {
+        $user = User::factory()->unverified()->create();
 
-    Event::fake();
+        Event::fake();
 
-    $verificationUrl = URL::temporarySignedRoute(
-        'verification.verify',
-        now()->addMinutes(60),
-        ['id' => $user->id, 'hash' => sha1((string) $user->email)]
-    );
+        $verificationUrl = URL::temporarySignedRoute(
+            'verification.verify',
+            now()->addMinutes(60),
+            ['id' => $user->id, 'hash' => sha1((string) $user->email)]
+        );
 
-    $response = $this->actingAs($user)->get($verificationUrl);
+        $response = $this->actingAs($user)->get($verificationUrl);
 
-    Event::assertDispatched(Verified::class);
-    $this->assertTrue($user->fresh()->hasVerifiedEmail());
-    $response->assertRedirect(route('dashboard', absolute: false).'?verified=1');
-});
+        Event::assertDispatched(Verified::class);
+        $this->assertTrue($user->fresh()->hasVerifiedEmail());
+        $response->assertRedirect(route('dashboard', absolute: false).'?verified=1');
+    });
+
+    it('does not verify email with invalid hash', function (): void {
+        $user = User::factory()->unverified()->create();
+
+        $verificationUrl = URL::temporarySignedRoute(
+            'verification.verify',
+            now()->addMinutes(60),
+            ['id' => $user->id, 'hash' => sha1('wrong-email')]
+        );
+
+        $this->actingAs($user)->get($verificationUrl);
+
+        $this->assertFalse($user->fresh()->hasVerifiedEmail());
+    });
+
+    it('can resend verification notification', function (): void {
+        $user = User::factory()->unverified()->create();
+
+        $response = $this->actingAs($user)
+            ->post('/email/verification-notification');
+
+        $response->assertSessionHas('status', 'verification-link-sent');
+    });
+
+    it('redirects to dashboard if email already verified when requesting verification notification', function (): void {
+        $user = User::factory()->create();
+
+        $response = $this->actingAs($user)
+            ->post('/email/verification-notification');
+
+        $response->assertRedirect(route('dashboard', absolute: false));
+    });
+
+    it('redirects to dashboard if email already verified when visiting verification prompt', function (): void {
+        $user = User::factory()->create();
+
+        $response = $this->actingAs($user)
+            ->get('/verify-email');
+
+        $response->assertRedirect(route('dashboard', absolute: false));
+    });
 
-it('does not verify email with invalid hash', function (): void {
-    $user = User::factory()->unverified()->create();
+    it('redirects to dashboard if email already verified when verifying email', function (): void {
+        $user = User::factory()->create();
 
-    $verificationUrl = URL::temporarySignedRoute(
-        'verification.verify',
-        now()->addMinutes(60),
-        ['id' => $user->id, 'hash' => sha1('wrong-email')]
-    );
+        $verificationUrl = URL::temporarySignedRoute(
+            'verification.verify',
+            now()->addMinutes(60),
+            ['id' => $user->id, 'hash' => sha1((string) $user->email)]
+        );
 
-    $this->actingAs($user)->get($verificationUrl);
+        $response = $this->actingAs($user)->get($verificationUrl);
 
-    $this->assertFalse($user->fresh()->hasVerifiedEmail());
+        $response->assertRedirect(route('dashboard', absolute: false).'?verified=1');
+    });
 });

tests/Feature/Auth/PasswordConfirmationTest.php

@@ -6,31 +6,33 @@
 
 use App\Models\User;
 
-it('can render the confirm password screen', function (): void {
-    $user = User::factory()->create();
+describe('Password confirmation', function (): void {
+    it('can render the confirm password screen', function (): void {
+        $user = User::factory()->create();
 
-    $response = $this->actingAs($user)->get('/confirm-password');
+        $response = $this->actingAs($user)->get('/confirm-password');
 
-    $response->assertStatus(200);
-});
+        $response->assertStatus(200);
+    });
 
-it('can confirm password', function (): void {
-    $user = User::factory()->create();
+    it('can confirm password', function (): void {
+        $user = User::factory()->create();
 
-    $response = $this->actingAs($user)->post('/confirm-password', [
-        'password' => 'password',
-    ]);
+        $response = $this->actingAs($user)->post('/confirm-password', [
+            'password' => 'password',
+        ]);
 
-    $response->assertRedirect();
-    $response->assertSessionHasNoErrors();
-});
+        $response->assertRedirect();
+        $response->assertSessionHasNoErrors();
+    });
 
-it('does not confirm with invalid password', function (): void {
-    $user = User::factory()->create();
+    it('does not confirm with invalid password', function (): void {
+        $user = User::factory()->create();
 
-    $response = $this->actingAs($user)->post('/confirm-password', [
-        'password' => 'wrong-password',
-    ]);
+        $response = $this->actingAs($user)->post('/confirm-password', [
+            'password' => 'wrong-password',
+        ]);
 
-    $response->assertSessionHasErrors();
+        $response->assertSessionHasErrors();
+    });
 });