create(); for ($i = 0; $i < 5; $i++) { $this->post('/login', [ 'email' => $user->email, 'password' => 'wrong-password', ]); } $response = $this->post('/login', [ 'email' => $user->email, 'password' => 'wrong-password', ]); $response->assertSessionHasErrors('email'); Event::assertDispatched(Lockout::class); RateLimiter::clear(\Illuminate\Support\Str::lower($user->email).'|127.0.0.1'); }); it('redirects already-verified users away from the verification prompt', function () { $user = User::factory()->create(); $response = actingAs($user)->get('/verify-email'); $response->assertRedirect(route('dashboard', absolute: false)); }); it('redirects users with a verified email back to the dashboard when re-verifying', function () { $user = User::factory()->create(); $verificationUrl = \Illuminate\Support\Facades\URL::temporarySignedRoute( 'verification.verify', now()->addMinutes(60), ['id' => $user->id, 'hash' => sha1($user->email)] ); $response = actingAs($user)->get($verificationUrl); $response->assertRedirect(route('dashboard', absolute: false).'?verified=1'); }); it('renders the password settings page for an authenticated user', function () { $user = User::factory()->create(); $response = actingAs($user)->get('/settings/password'); $response->assertOk(); }); it('updates the password when the current password is correct', function () { $user = User::factory()->create(); $response = actingAs($user)->put('/settings/password', [ 'current_password' => 'password', 'password' => 'new-secret-pw', 'password_confirmation' => 'new-secret-pw', ]); $response->assertSessionHasNoErrors(); expect(\Illuminate\Support\Facades\Hash::check('new-secret-pw', $user->fresh()->password))->toBeTrue(); });