How to test live views with ash authentication plugs

I’m trying to find out how to test live views that are protected by Ash Authentication.

A straight forward way is to just fill in username and password and hit submit when visiting a protected page.

In my normal live view code I have this function in my conn_case.ex

  def log_in_user(conn, user) do
    token = ActivityPlanner.Accounts.generate_user_session_token(user)

    conn
    |> Phoenix.ConnTest.init_test_session(%{})
    |> Plug.Conn.put_session(:user_token, token)
  end

But this is using the custom auth stuff generated from gen.auth.

How can make something similar for Ash Authentication ? I think that’s maybe one of the problems with opaque code. Oh and yes I could probably peer into the source code, but currently I’m just whipping out some code and tries to avoid rabbit holes :slight_smile:

the ash project im working on is this GitHub - jarlah/ash-activity-planner and the original project I worked on previously with normal live views is this one GitHub - jarlah/activity-planner: An example Phoenix application with foreign key multi tenancy

Both of which are hobby projects with sole purpose to grind my way into getting familiar with all of Elixir :wink:

1 Like

I really struggle with this. Because of the opaqueness of ash authentication phoenix I cant use the same form(“#my-form-name”, %{username: “foo”, password: “bar”}) strategy for filling the form fields and submitting with render_submit(). Anyone used ash authentication before and know how to either 1) mock the session in the test, or 2) how to fill in the SignInLive form fields in ash authentication phoenix ?

I haven’t personally tested live views protected with AshAuthentication unfortunately. @jimsynz will probably be able to provide some more info after the weekend. You may have some luck looking at the test suite for AshAuthenticationPhoenix?

2 Likes

Hi there.

You can rewrite the log_in_user/2 function to use AshAuthentication in a few ways. Here I am assuming that your user resource is called User - if it is something else you will need to change current_user to current_X.

If your application is using retrieve_from_session/2 (possibly via AshAuthentication.Phoenix.Plug.load_from_session/2) and has require_token_presence_for_authentication? set:

def log_in_user(conn, user) do
  {:ok, token, _} = AshAuthentication.Jwt.token_for_user(user)

  conn
  |> Phoenix.ConnTest.init_test_session(%{})
  |> Plug.Conn.put_session("current_user_token", token)
end

If your application is using retrieve_from_session/2 and doesn’t have require_token_presence_for_authentication? set:

def log_in_user(conn, user) do
  subject = AshAuthentication.user_to_subject(user)

  conn
  |> Phoenix.ConnTest.init_test_session(%{})
  |> Plug.Conn.put_session("current_user", subject)
end

Lastly, if you’re using retrieve_from_bearer/2 (possibly via AshAuthentication.Phoenix.Plug.load_from_bearer/2) you can do:

def log_in_user(conn, user) do
  {:ok, token, _} = AshAuthentication.Jwt.token_for_user(user)

  conn
  |> Plug.Conn.put_req_header("authorization", "Bearer #{token}")
end

All of this information is introspectable via AshAuthentication.Info - so I would welcome a PR that adds some test helpers to AshAuthentication.

Links:

  1. AshAuthentication.Plug.Helpers.retrieve_from_session/2
  2. AshAuthentication.Phoenix.Plug.load_from_session/2
  3. authentication.tokens.require_token_presence_for_authentication?
  4. AshAuthentication.Jwt.token_for_user/3
  5. AshAuthentication.user_to_subject/1
  6. AshAuthentication.Plug.Helpers.retrieve_from_bearer/2
  7. AshAuthentication.Phoenix.Plug.load_from_bearer/2
  8. AshAuthentication.Info
2 Likes

A test helper like that sounds like an excellent addition to AshAuthentication! Good idea.

1 Like

after a lot of trial and error, and inspecting the connection after login, I saw that a “user” was stored in the session in the form of

      "user" => "user?id=ef6f74a3-3795-4f0d-be4f-622db62f8c01"

so I made it all work in the tests by doing this:

  setup %{conn: conn} do
    user =
      AshActivityPlanner.Accounts.User
      |> Ash.Changeset.for_create(:register_with_password, %{
        email: "test@user.com",
        password: "password",
        password_confirmation: "password"
      })
      |> AshActivityPlanner.Accounts.create!()

    {:ok, %{conn: log_in_user_as_subject(conn, user)}}
  end

  # SNIP ...

  defp log_in_user_as_subject(conn, user) do
    subject = AshAuthentication.user_to_subject(user)

    conn
    |> Phoenix.ConnTest.init_test_session(%{})
    |> Plug.Conn.put_session("user", subject)
  end
3 Likes

however this will likely change when I alter how signin is configured so its not a good longterm solution.

Thank you @jarlah this was perfect help. I made my own variant using describe setup blocks which I include below in case others might find it useful (or suggest improvements).

defmodule TvpNgWeb.UserDashboardLiveTest do
  @moduledoc """
  Test the user dashboard
  """
  use TvpNgWeb.ConnCase, async: true
  import Phoenix.ConnTest
  import Phoenix.LiveViewTest

  describe "user IS logged in" do
    setup [:create_test_user, :log_user_in]

    test "and the user dashboard has a title", %{conn: conn} do
      {:ok, view, _html} = live(conn, "/dashboard")
      assert view |> has_element?("#dashboard_title", "WYL")
      # open_browser(view)
    end
  end

  describe "user is NOT logged in" do
    test "so you have to sign in to get to the dashboard", %{conn: conn} do
      assert {:error, {:redirect, %{to: "/sign-in"}}} = live(conn, "/dashboard")
    end
  end

  defp create_test_user(%{conn: conn}) do
    user =
      TvpNg.Accounts.User
      |> Ash.Changeset.for_create(:register_with_password, %{
        email: "test@user.com",
        password: "password",
        password_confirmation: "password"
      })
      |> TvpNg.Accounts.create!()

    %{user: user, conn: conn}
  end

  defp log_user_in(%{user: user, conn: conn}) do
    subject = AshAuthentication.user_to_subject(user)

    %{conn:
     conn
     |> Phoenix.ConnTest.init_test_session(%{})
     |> Plug.Conn.put_session("user", subject)}
  end
end

2 Likes

Just saying this is what worked for me. Maybe mark this as the “answer”?

Thanks a lot for the investigation you went through, this saved me a bunch of time.

Hi :wave: !

I have a slightly different implementation for my log_in_user:

    strategy = AshAuthentication.Info.strategy!(User, :password)

    assert {:ok, %User{} = user} =
             AshAuthentication.Strategy.action(strategy, :sign_in, %{
               email: email,
               password: password
             })

    conn
    |> Phoenix.ConnTest.init_test_session(%{})
    |> store_in_session(user)

I am leveraging the strategy so that I will be detecting any change in the resource if any, and also I am using the store_in_session function coming from AshAuthentication.Plug.Helpers, which will protect me from any eventual future change in the api.

Do you see any counterargument for such an implementation ?

Thanks :slight_smile:

1 Like

I think it’s fine.

1 Like