chore: Add PR's requested changes

matiasperrone-exo · matiasperrone-exo · commit f4fd63d59aa3 · 2026-05-21T18:05:05.000Z
Add tests changes with suggestion
diff --git a/app/libs/Auth/AuthService.php b/app/libs/Auth/AuthService.php
@@ -19,6 +19,7 @@
 use App\Services\Auth\IUserService as IAuthUserService;
 use Auth\Exceptions\AuthenticationException;
 use Auth\Exceptions\AuthenticationLockedUserLoginAttempt;
+use Auth\Exceptions\UnverifiedEmailMemberException;
 use Auth\Repositories\IUserRepository;
 use Exception;
 use Illuminate\Support\Facades\Auth;
@@ -429,12 +430,16 @@ public function validateCredentials(string $username, string $password): User
     {
         Log::debug("AuthService::validateCredentials");
 
-        /**
-         * @var User|null $user
-         */
-        $user = Auth::getProvider()->retrieveByCredentials(['username' => $username, 'password' => $password]);
-        if (!$user) {
-            throw new AuthenticationException();
+        try {
+            /**
+             * @var User|null $user
+             */
+            $user = Auth::getProvider()->retrieveByCredentials(['username' => $username, 'password' => $password]);
+            if (!$user instanceof User || !$user->canLogin()) {
+                throw new AuthenticationException("We are sorry, your username or password does not match an existing record.");
+            }
+        } catch (UnverifiedEmailMemberException $ex) {
+            throw new AuthenticationException($ex->getMessage());
         }
 
         return $user;
diff --git a/tests/unit/AuthServiceValidateCredentialsTest.php b/tests/unit/AuthServiceValidateCredentialsTest.php
@@ -16,6 +16,7 @@
 use Auth\AuthService;
 use Auth\CustomAuthProvider;
 use Auth\Exceptions\AuthenticationException;
+use Auth\Exceptions\UnverifiedEmailMemberException;
 use Auth\Repositories\IUserRepository;
 use Mockery;
 use Mockery\Adapter\Phpunit\MockeryPHPUnitIntegration;
@@ -91,6 +92,7 @@ public function testValidCredentials_returnsUser_withoutEstablishingSession(): v
         $password = 'Str0ng!Pass';
 
         $resolved_user = Mockery::mock('Auth\User');
+        $resolved_user->shouldReceive('canLogin')->once()->andReturn(true);
 
         $provider_mock = Mockery::mock(CustomAuthProvider::class);
         $provider_mock->shouldReceive('retrieveByCredentials')
@@ -179,4 +181,54 @@ public function testLoginUser_throwsException_whenIsNotActive(): void
         $this->service->loginUser($user, true);
     }
 
+    /**
+     * UnverifiedEmailMemberException from the provider must be caught and
+     * re-thrown as AuthenticationException (contract: @throws AuthenticationException only).
+     */
+    public function testUnverifiedUser_throwsAuthenticationException(): void
+    {
+        $username = 'unverified@example.com';
+        $password = 'any';
+
+        $provider_mock = Mockery::mock(CustomAuthProvider::class);
+        $provider_mock->shouldReceive('retrieveByCredentials')
+            ->once()
+            ->with(['username' => $username, 'password' => $password])
+            ->andThrow(new UnverifiedEmailMemberException('Email not verified.'));
+
+        $this->auth_mock->shouldReceive('getProvider')->once()->andReturn($provider_mock);
+        $this->auth_mock->shouldNotReceive('login');
+
+        $this->expectException(AuthenticationException::class);
+        $this->expectExceptionMessage('Email not verified.');
+
+        $this->service->validateCredentials($username, $password);
+    }
+
+    /**
+     * Provider returns a valid User but canLogin() is false (locked/inactive):
+     * must throw AuthenticationException — not silently return the user.
+     */
+    public function testUserCannotLogin_throwsAuthenticationException(): void
+    {
+        $username = 'locked@example.com';
+        $password = 'any';
+
+        $locked_user = Mockery::mock('Auth\User');
+        $locked_user->shouldReceive('canLogin')->once()->andReturn(false);
+
+        $provider_mock = Mockery::mock(CustomAuthProvider::class);
+        $provider_mock->shouldReceive('retrieveByCredentials')
+            ->once()
+            ->with(['username' => $username, 'password' => $password])
+            ->andReturn($locked_user);
+
+        $this->auth_mock->shouldReceive('getProvider')->once()->andReturn($provider_mock);
+        $this->auth_mock->shouldNotReceive('login');
+
+        $this->expectException(AuthenticationException::class);
+
+        $this->service->validateCredentials($username, $password);
+    }
+
 }
