feat: add AuthController, protect routes, move API to web middleware

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
GuavaPopper
2026-06-02 19:22:46 +07:00
parent 4b43f7617f
commit 42e8932482
4 changed files with 132 additions and 19 deletions
+59
View File
@@ -46,4 +46,63 @@ class AuthTest extends TestCase
$this->assertNotNull($user);
$this->assertTrue($user->hasRole('administrator'));
}
public function test_login_page_is_accessible(): void
{
$response = $this->get('/login');
$response->assertStatus(200);
$response->assertViewIs('auth.login');
}
public function test_login_with_valid_credentials_redirects_to_map(): void
{
$this->artisan('db:seed', ['--class' => 'RolesAndAdminSeeder']);
$response = $this->post('/login', [
'email' => 'admin@webgis.local',
'password' => 'admin123',
]);
$response->assertRedirect('/map');
}
public function test_login_with_invalid_credentials_returns_error(): void
{
$response = $this->post('/login', [
'email' => 'wrong@email.com',
'password' => 'wrongpass',
]);
$response->assertSessionHasErrors('email');
}
public function test_logout_redirects_to_login(): void
{
$this->artisan('db:seed', ['--class' => 'RolesAndAdminSeeder']);
$user = User::where('email', 'admin@webgis.local')->first();
$response = $this->actingAs($user)->post('/logout');
$response->assertRedirect('/login');
}
public function test_unauthenticated_user_cannot_access_map(): void
{
$response = $this->get('/map');
$response->assertRedirect('/login');
}
public function test_pemangku_kebijakan_cannot_delete_ibadah(): void
{
$this->artisan('db:seed', ['--class' => 'RolesAndAdminSeeder']);
$viewer = User::firstOrCreate(
['email' => 'viewer@test.com'],
['name' => 'Viewer', 'password' => bcrypt('password')]
);
$viewer->syncRoles(['pemangku_kebijakan']);
$response = $this->actingAs($viewer)->delete('/api/ibadah/999');
$response->assertStatus(403);
}
}