postJson('/api/auth/register', [ 'name' => 'Léon', 'email' => 'leon@example.com', 'password' => 'password', ]) ->assertCreated() ->assertJsonPath('user.email', 'leon@example.com') ->assertJsonPath('user.emailVerified', false); $user = User::where('email', 'leon@example.com')->firstOrFail(); expect($user->hasVerifiedEmail())->toBeFalse(); Notification::assertSentTo($user, VerifyEmail::class); }); it('uses the custom account verification mailable', function () { $user = User::factory()->unverified()->create(); $mailable = (new VerifyEmail)->toMail($user); expect($mailable)->toBeInstanceOf(VerifyAccount::class); $mailable ->assertSeeInHtml('Vérifier mon compte') ->assertSeeInHtml($user->name); }); it('verifies a user from a signed email link', function () { $user = User::factory()->unverified()->create(); $url = URL::temporarySignedRoute('verification.verify', now()->addMinutes(60), [ 'id' => $user->getKey(), 'hash' => sha1($user->email), ]); $this->getJson($url) ->assertOk() ->assertJsonPath('message', 'Compte vérifié avec succès.') ->assertJsonPath('user.emailVerified', true); expect($user->fresh()->hasVerifiedEmail())->toBeTrue(); }); it('rejects signed verification links with an invalid hash', function () { $user = User::factory()->unverified()->create(); $url = URL::temporarySignedRoute('verification.verify', now()->addMinutes(60), [ 'id' => $user->getKey(), 'hash' => sha1('wrong-address@example.com'), ]); $this->getJson($url)->assertForbidden(); expect($user->fresh()->hasVerifiedEmail())->toBeFalse(); }); it('blocks login for unverified users', function () { $user = User::factory()->unverified()->create([ 'password' => 'password', ]); $this->postJson('/api/auth/login', [ 'email' => $user->email, 'password' => 'password', ]) ->assertForbidden() ->assertJsonPath('message', 'Vérifie ton adresse email avant de te connecter.') ->assertCookieMissing('token'); $this->assertDatabaseMissing('personal_access_tokens', [ 'tokenable_id' => $user->getKey(), ]); }); it('allows login for verified users', function () { $user = User::factory()->create([ 'password' => 'password', ]); $this->postJson('/api/auth/login', [ 'email' => $user->email, 'password' => 'password', ]) ->assertOk() ->assertJsonPath('user.email', $user->email) ->assertJsonPath('user.emailVerified', true) ->assertCookie('token'); }); it('resends a verification email for an authenticated unverified user', function () { Notification::fake(); $user = User::factory()->unverified()->create(); Sanctum::actingAs($user); $this->postJson('/api/auth/email/verification-notification') ->assertOk() ->assertJsonPath('message', 'Email de vérification envoyé.'); Notification::assertSentTo($user, VerifyEmail::class); }); it('blocks verified routes for unverified users', function () { $user = User::factory()->unverified()->create(); Sanctum::actingAs($user); $this->getJson('/api/meal-posts')->assertForbidden(); });