The final Controller that we didn't finalize is AuthController. In fact, it's pretty small and doesn't need many changes—only a few small ones.
app/Http/Controllers/Api/AuthController.php
use App\Models\User; class AuthController extends ApiController{ public function login(LoginUserRequest $request) { $request->validated($request->all()); $credentials = $request->only('email', 'password'); if (! Auth::attempt($credentials)) { throw ValidationException::withMessages([ 'email' => ['The provided credentials are incorrect.'], 'password' => ['The provided credentials are incorrect.'], ]); } $user = User::firstWhere('email', $request->email); $token = $user?->createToken('authToken', Abilities::getAbilities($user), now()->addHours(8))->plainTextToken; $user = auth()->user(); $token = $user->createToken('authToken', Abilities::getAbilities($user), now()->addHours(8))->plainTextToken; return $this->responseSuccess( 'Authenticated', [ // 'user' => $user, 'token' => $token, ], ); return $this->responseSuccess('Authenticated', ['token' => $token]); } public function logout(Request $request) { $request->user()->currentAccessToken()->delete(); return $this->responseSuccess('Logged out'); }}What I've changed here:
- Removed the line
$request->validated($request->all());- what did that even mean?.. - Removed the DB call to
User::firstWhere()- by this time, the User would be logged in already, so we can callauth()->user() - Simplify the
responseSucces()to fit in one line for readability
TESTS (Yup, Again!)
And yes, surprise, surprise - the login/logout mechanism also didn't have any tests either. Let's fix this!
php artisan make:test AuthTesttests/Feature/AuthTest.php
namespace Tests\Feature; use App\Models\User;use App\Permissions\V1\Abilities;use Illuminate\Foundation\Testing\RefreshDatabase;use Tests\TestCase; class AuthTest extends TestCase{ use RefreshDatabase; public function test_user_can_login_with_correct_credentials() { $user = User::factory()->create([ 'password' => bcrypt('password123'), ]); $response = $this ->postJson('/api/login', [ 'password' => 'password123', ]); $response->assertStatus(200) ->assertJsonStructure([ 'message', 'data' => [ 'token' ] ]); } public function test_user_cannot_login_with_incorrect_credentials() { $user = User::factory()->create([ 'password' => bcrypt('password123'), ]); $response = $this ->postJson('/api/login', [ 'password' => 'wrongpassword', ]); $response->assertStatus(422) ->assertJsonValidationErrors(['email', 'password']); } public function test_login_validation_requires_email_and_password() { $response = $this ->postJson('/api/login', [ 'email' => '', 'password' => '', ]); $response->assertStatus(422) ->assertJsonValidationErrors(['email', 'password']); } public function test_user_can_logout() { $user = User::factory()->create(); $token = $user->createToken('authToken', Abilities::getAbilities($user), now()->addHours(8))->plainTextToken; $response = $this ->withHeader('Authorization', 'Bearer ' . $token) ->postJson('/api/logout'); $response->assertStatus(200) ->assertJson([ 'message' => 'Logged out' ]); }}Our final test suite consists of 22 tests now. All green!
Here's the...
I really enjoyed this type of course based on a real-world code example. It was very helpful. While in-depth courses on specific topics are incredibly useful when focused on a matching feature, these "real-life" courses provide a valuable insight into the reality we face, where it's not always a "feature playground."
Thanks for the nice words! Motivation for me to continue similar "real-life" reviews in the future.
To write good code, you sometimes have to write bad code :)
Thanks for sharing your approach!