For example, there is a login function:

public function login(Request $request) { $user = new User; $rules_login = $user->rules; $rules_login['email'] = ''; $rules_login['roles'] = ''; $rules_login['date_of_birth'] = ''; $rules_login['country_id'] = ''; $rules_login['username'] = 'required|max:255|regex:/^[a-z0-9_]+$/'; $validator = Validator::make($request->all(), $rules_login); if ($validator->fails()) { return $this->jsonResponse(['errors' => $validator->errors()], 400); } else { if ($this->hasTooManyLoginAttempts($request)) { $this->fireLockoutEvent($request); return $this->sendLockoutResponse($request); } if ($request->capcha) { $myCurl = curl_init(); curl_setopt_array($myCurl, array( CURLOPT_URL => 'https://www.google.com/recaptcha/api/siteverify', CURLOPT_RETURNTRANSFER => true, CURLOPT_POST => true, CURLOPT_POSTFIELDS => http_build_query(array( 'secret' => $_ENV['RECAPTCHA_SECRET'], 'response' => $request->capcha )) )); $response = curl_exec($myCurl); curl_close($myCurl); $response = json_decode($response); if ($response->success) { if ($this->attemptLogin($request)) { Session::forget('wrong_password'); return ['success' => 'success']; } } else { return ['show_capcha' => true, 'errors' => [Lang::get('auth.wrong_capcha')]]; } } if ($this->attemptLogin($request)) { Session::forget('wrong_password'); return ['success' => 'success']; } else { $wrong_password = Session::get('wrong_password'); if ($wrong_password) { $wrong_password++; Session::put('wrong_password', $wrong_password); if ($wrong_password > 5) { return ['show_capcha' => true, 'errors' => [Lang::get('auth.wrong_auth')]]; } } else { Session::put('wrong_password', 1); } return ['errors' => [Lang::get('auth.wrong_auth')]]; } } }

As can be seen from the code, if the username field is empty, an error with the status 400 should be returned. There is a route:

 Route::post('login', 'Auth\LoginController@login');

And there is a test:

  public function testLoginEmpty() { $this->post('/login', ['username' => '', 'password' => '1234567890']) ->seeStatusCode(400); $this->post('/login', ['username' => 'qwerty', 'password' => '']) ->seeStatusCode(400); $this->post('/login', ['username' => '', 'password' => '']) ->seeStatusCode(400); }

And here is the test result:

There was 1 failure:

1) LoginTest :: testLoginEmpty Failed asserting that 302 matches expected 400.

C: \ OpenServer \ domains \ fantasyleague \ vendor \ laravel \ framework \ src \ Illuminate \ Foundation \ Testing \ Concerns \ MakesHttpRequests.php: 462 C: \ OpenServer \ domains \ fantasyleague \ tests \ Auth \ LoginTest.php: 17

Fail in the first test, the other two pass. If the first one is removed, then the same result will be for the next one - o will be recorded, and the last one will pass

  • one
    Well, it means that something broke it needs to be solved, what is the problem then? - Naumov
  • Isn't the problem clear? There should be code 400. In the browser and postmen, everything works correctly - Jonny Manowar
  • one
    From where? Where do you have the 302nd redirect work? or maybe just a csrf form csrf is missing, or something else. You at least completely give the code of the login method. - Naumov
  • The form is sent by Ajax. if there is a return, then there should be no further - Jonny Manowar
  • the fact of the matter is that there is no redirect, the standard Laravel functions are redefined - Jonny Manowar

1 answer 1

And it was necessary to make $this->post('logout'); Just in previous tests, the user logged in and therefore was redirect