Do you guys test auth?

Unless you are using a custom auth, I wouldn't necessarily test if the auth works as that's code that you don't own. You will test auth each time you are testing an endpoint that uses the auth middleware anyway. So you will have to have a test which is for an authenticated user trying to access the page, and a guest user trying to access the page, so if the auth works properly the authenticated user will see the result of the page the guest will be redirected to the login page.

If you are doing Dusk tests, then you can test the login page as well.

Here is a good guide to start with for testing Laravel apps

https://jasonmccreary.me/articles/start-testing-laravel/

He also has a course, but there is full Forum using TDD course here on Laracasts as well worth watching :)

I'll put it another way.

When you have authentication and authorization set up, sure test.

But after playing with test, try everything you can think of (Real World) to break into it, do an action not allowed, spoof a user, try changing user id in url and edit a record you are not allowed to, etc.

After all is done, I'd count on the real World results you did.

I look at things like this, which plane would you trust:

• A Plane that was "tested" with computer simulations.
• A plane that was tested many times for real with a test pilot actually flying it.

Choice is yours.

I'm not saying don't play test, but to also do real World test also, especially with security.

Thanks for the input guys. So writing a feature or unit test for the registration and login page, or anything that comes with composer require laravel/ui --dev is kinda useless since the code is already built? I added two database fields on registration and didn't add anything on login.

@nakov , I've watched a few test videos. Struggling on figuring out what I should test and what type of test I should do for a pretty big project.

@jlrdw I agree. I still always do a real world test. I'm totally gonna follow your advice.