Testing authenticated routes in Live View

Hello guys, i was coding my new project and something curious happened to me. Gust giving a bit of context, i’ve been using Phoenix and Elixir for a while but not LiveView, which i’m getting more a little more comfortable now. But here’s the “problem”, i’m gonna provide a simplified example:

In my routes i have a “/” homepage path, which have a button to navigate to a protected route “/protected”, consider that in this project i’m managing authentication through phx.gen.auth (MyAppWeb.UserAuth module), when i tried to test this flow it continues to redirect me for /protected even when i’m not logged in, i’ll leave some snippets below:

router.ex

    live_session :require_authenticated_user,
      on_mount: [{EurekaWeb.UserAuth, :ensure_authenticated}] do
      live "/users/settings", UserSettingsLive, :edit
      live "/users/settings/confirm_email/:token", UserSettingsLive, :confirm_email
      live "/protected_page", AuthenticatedPageLive # The protected page
    end

And the failing test snippet:

    test "opens guest user sign in modal when user is not signed in", %{conn: conn} do
      {:ok, view, html} = live(conn, ~p"/")

      html = view |> element("a", "Create a new room") |> render_click()
      assert_redirect(view, ~p"/users/guest/log_in")
    end

But when i execute the test here’s the output

 ** (ArgumentError) expected EurekaWeb.PageLive.Home
 to redirect to "/users/guest/log_in", but got a redirect to "/protected_page"

Can someone explain me why in test scenario live view for some reason do not redirect to login modal such as when i’m interacting through web?

Please leave me a feedback if for some reason the questions isn’t clear enough, thanks guys! :handshake:

Hard to say without knowing the rest of your codebase, but here are some gotchas that have caught me:

  1. Incorrect test isolation, such that the user on that test connection is signed in (can happen in a number of ways if you’re trying to be too clever)
  2. You’ve overridden some behavior in ensure_authentication that isn’t protecting the page correctly.
  3. Defining the route higher up without authentication.

Have you verified it works outside the test?