client = static::createClient(); $container = static::getContainer(); $em = $container->get('doctrine.orm.entity_manager'); $userRepository = $em->getRepository(::class); // Remove any existing users from the test database foreach ($userRepository->findAll() as $user) { $em->remove($user); } $em->flush(); // Create a fixture /** @var UserPasswordHasherInterface $passwordHasher */ $passwordHasher = $container->get('security.user_password_hasher'); $user = (new ())->setEmail('email@example.com'); $user->setPassword($passwordHasher->hashPassword($user, 'password')); $em->persist($user); $em->flush(); } public function testLogin(): void { // Denied - Can't login with invalid email address. $this->client->request('GET', '/login'); self::assertResponseIsSuccessful(); $this->client->submitForm('Sign in', [ '_username' => 'doesNotExist@example.com', '_password' => 'password', ]); self::assertResponseRedirects('/login'); $this->client->followRedirect(); // Ensure we do not reveal if the user exists or not. self::assertSelectorTextContains('.alert-danger', 'Invalid credentials.'); // Denied - Can't login with invalid password. $this->client->request('GET', '/login'); self::assertResponseIsSuccessful(); $this->client->submitForm('Sign in', [ '_username' => 'email@example.com', '_password' => 'bad-password', ]); self::assertResponseRedirects('/login'); $this->client->followRedirect(); // Ensure we do not reveal the user exists but the password is wrong. self::assertSelectorTextContains('.alert-danger', 'Invalid credentials.'); // Success - Login with valid credentials is allowed. $this->client->submitForm('Sign in', [ '_username' => 'email@example.com', '_password' => 'password', ]); self::assertResponseRedirects('/'); $this->client->followRedirect(); self::assertSelectorNotExists('.alert-danger'); self::assertResponseIsSuccessful(); } }