Hello,
I'm wondering what's the difference between $this->actingAs($user) and Auth::login($user) in tests.
I want to test if Laravel shows a 404 page if a user is not allowed to see a resource. When I use Auth::login($user) it works:
/**
* @test
*/
public function show_displays_404()
{
$tenant = Tenant::factory()->create();
$tenant2 = Tenant::factory()->create();
$report = Report::factory()->create(['tenant_id' => $tenant->id]);
$user = User::factory()->create(['tenant_id' => $tenant2->id]);
Auth::login($user);
$response = $this->get(route('reports.show', $report));
$response->assertNotFound();
}
But when I use $this->actingAs($user) the test fails ("Response status code [200] is not a not found status code."), meaning the user can see the ressource he's no allowed to:
/**
* @test
*/
public function show_displays_404()
{
$tenant = Tenant::factory()->create();
$tenant2 = Tenant::factory()->create();
$report = Report::factory()->create(['tenant_id' => $tenant->id]);
$user = User::factory()->create(['tenant_id' => $tenant2->id]);
$response = $this->actingAs($user)->get(route('reports.show', $report));
$response->assertNotFound();
}
So what's exactly the difference here? I expected $this->actingAs($user) to be working the same way as Auth::login($user).
Thanks!