I want to write a unit test that should check if an unauthenticated user can view the user list (which he shouldnt be able to).
My routes
Route::group(array('prefix' => 'admin'), function() {
Route::get('login', function() {
return View::make('auth.login');
});
Route::post('login', function() {
Auth::attempt( array('email' => Input::get('email'), 'password' => Input::get('password')) );
return Redirect::intended('admin');
});
Route::get('logout', 'AuthController@logout');
Route::group(array('before' => 'auth'), function() {
Route::get('/', function() {
return Redirect::to('admin/users');
});
Route::resource('users', 'UsersController');
});
});
My test
public function testUnauthenticatedUserIndexAccess() {
$response = $this->call('GET', 'admin/users');
$this->assertRedirectedTo('admin/login');
}
My filter
Route::filter('auth', function() {
if (Auth::guest()) return Redirect::guest('admin/login');
});
Result
Failed asserting that Illuminate\Http\Response Object (...) is an instance of class "Illuminate\Http\RedirectResponse".
If i log the $response from the test, it shows the full user list like if an admin was logged in during testing.
If i browse to admin/users using a browser without logging in I'm redirected to login like i should, so the auth filter is indeed working.
Questions
- Is there something in Laravel that logs in the first user during testing for you by default? Or is Auth::guest() always false by default during testing?
- If so, how do i become "logged out" during unit testing? I tried $this->be(null) but got an error saying the object passed must implement UserInterface.
