Callback ueberauth tests

config.exs

config :ueberauth, Ueberauth,
  providers: [
    auth0: {Ueberauth.Strategy.Auth0, [ignores_csrf_attack: true]}
  ],
  json_library: Poison

controller.ex

defmodule RunaWeb.Auth.Controller do
  @moduledoc """
  This controller handles authentication.

  It provides a `logout` action to log the user out and a `callback` action
  that is called by the Ueberauth library after the user has authenticated.

  The `callback` action will either create a new user or log in an existing user
  and then redirect the user to the home page.

  If the authentication fails, the `callback` action will redirect the user to the
  home page with an error message.
  """
  use RunaWeb, :controller
  use RunaWeb, :verified_routes

  require Logger

  plug Ueberauth

  def logout(conn, _params) do
    conn
    |> put_flash(:info, "You have been logged out!")
    |> configure_session(drop: true)
    |> redirect(to: ~p"/")
  end

  def callback(%{assigns: %{ueberauth_failure: _fails}} = conn, _params) do
    conn
    |> put_flash(:error, "Failed to authenticate.")
    |> redirect(to: ~p"/")
  end

  def callback(%{assigns: %{ueberauth_auth: auth}} = conn, _params) do
    case Runa.Auth.find_or_create(auth) do
      {:ok, user} ->
        conn
        |> put_flash(:info, "Successfully authenticated as " <> user.name <> ".")
        |> put_session(:current_user, user)
        |> redirect(to: ~p"/")

      {:error, reason} ->
        conn
        |> put_flash(:error, reason)
        |> redirect(to: ~p"/")
    end
  end
end

controller_test.exs

defmodule RunaWeb.Auth.Controller.Test do
  use RunaWeb.ConnCase

  @session_opts Plug.Session.init(
                  store: :cookie,
                  key: "_session",
                  encryption_salt: "encrypted cookie salt",
                  signing_salt: "signing salt",
                  secret_key_base: String.duplicate("abcdef0123456789", 8),
                  same_site: "Lax"
                )
  @user_opts %{id: "1", name: "John Doe"}

  setup %{conn: conn} = ctx do
    conn =
      conn
      |> Plug.Session.call(@session_opts)
      |> fetch_session

    {:ok, %{ctx | conn: conn}}
  end

  describe "callback action" do
    test "logs in user on success", %{conn: conn} do
      auth = %Ueberauth.Auth{
        provider: :auth0,
        info: %{
          first_name: "John",
          last_name: "Doe",
          email: "[email protected]",
          image: "https://example.com/image.jpg"
        }
      }

      conn =
        conn
        |> assign(:ueberauth_auth, auth)
        |> get(~p"/auth/auth0/callback")

      assert get_flash(conn, :info) == "Successfully authenticated as John Doe."
      assert redirected_to(conn) == ~p"/"

      conn = conn |> get(~p"/")

      assert conn |> get_session(:current_user) == %{id: "123", name: "John Doe"}
    end
  end

  describe "logout action" do
    test "logs out user and redirects to home page", %{conn: conn} do
      conn =
        conn
        |> put_session(:current_user, %{id: "123", name: "John Doe"})
        |> get(~p"/logout")

      assert get_flash(conn, :info) == "You have been logged out!"
      assert redirected_to(conn) == ~p"/"

      conn = conn |> get(~p"/")

      refute conn |> get_session(:current_user)
    end
  end
end

logs

02:02:54.235 request_id=F8LqzOw2_BJfEDcAAADF [error] Failed to authenticate.
02:02:54.241 request_id=F8LqzOw2_BJfEDcAAADF [error] %Ueberauth.Failure{provider: :auth0, strategy: Ueberauth.Strategy.Auth0, errors: [%Ueberauth.Failure.Error{message_key: "csrf_attack", message: "Cross-Site Request Forgery attack"}]}

runtime.exs

config :ueberauth, Ueberauth.Strategy.Auth0.OAuth,
  domain: System.get_env("AUTH0_DOMAIN"),
  client_id: System.get_env("AUTH0_CLIENT_ID"),
  client_secret: System.get_env("AUTH0_CLIENT_SECRET"),
  redirect_uri: System.get_env("AUTH0_REDIRECT_URI")