BookStack Code Mirror - bookstack/blobdiff - tests/Auth/MfaVerificationTest.php

diff --git a/tests/Auth/MfaVerificationTest.php b/tests/Auth/MfaVerificationTest.php

index d007fa49017b108c3f6ed177595b674e9f607bff..ba4c9b983a3feebce56e44c34cb5ca8904030d20 100644 (file)

--- a/tests/Auth/MfaVerificationTest.php

+++ b/tests/Auth/MfaVerificationTest.php

@@ -23,7 +23,7 @@ class MfaVerificationTest extends TestCase

$resp = $this->get('/mfa/verify');

$resp->assertSee('Verify Access');

$resp->assertSee('Enter the code, generated using your mobile app, below:');

- $resp->assertElementExists('form[action$="/mfa/totp/verify"] input[name="code"]');

+ $this->withHtml($resp)->assertElementExists('form[action$="/mfa/totp/verify"] input[name="code"][autofocus]');

$google2fa = new Google2FA();

$resp = $this->post('/mfa/totp/verify', [

@@ -66,7 +66,7 @@ class MfaVerificationTest extends TestCase

$resp->assertSee('Verify Access');

$resp->assertSee('Backup Code');

$resp->assertSee('Enter one of your remaining backup codes below:');

- $resp->assertElementExists('form[action$="/mfa/backup_codes/verify"] input[name="code"]');

+ $this->withHtml($resp)->assertElementExists('form[action$="/mfa/backup_codes/verify"] input[name="code"]');

$resp = $this->post('/mfa/backup_codes/verify', [

'code' => $codes[1],

@@ -149,18 +149,18 @@ class MfaVerificationTest extends TestCase

/** @var TestResponse $mfaView */

$mfaView = $this->followingRedirects()->post('/login', [

- 'email' => $user->email,

+ 'email' => $user->email,

'password' => 'password',

]);

// Totp shown by default

- $mfaView->assertElementExists('form[action$="/mfa/totp/verify"] input[name="code"]');

- $mfaView->assertElementContains('a[href$="/mfa/verify?method=backup_codes"]', 'Verify using a backup code');

+ $this->withHtml($mfaView)->assertElementExists('form[action$="/mfa/totp/verify"] input[name="code"]');

+ $this->withHtml($mfaView)->assertElementContains('a[href$="/mfa/verify?method=backup_codes"]', 'Verify using a backup code');

// Ensure can view backup_codes view

$resp = $this->get('/mfa/verify?method=backup_codes');

- $resp->assertElementExists('form[action$="/mfa/backup_codes/verify"] input[name="code"]');

- $resp->assertElementContains('a[href$="/mfa/verify?method=totp"]', 'Verify using a mobile app');

+ $this->withHtml($resp)->assertElementExists('form[action$="/mfa/backup_codes/verify"] input[name="code"]');

+ $this->withHtml($resp)->assertElementContains('a[href$="/mfa/verify?method=totp"]', 'Verify using a mobile app');

}

public function test_mfa_required_with_no_methods_leads_to_setup()

@@ -179,21 +179,25 @@ class MfaVerificationTest extends TestCase

/** @var TestResponse $resp */

$resp = $this->followingRedirects()->post('/login', [

- 'email' => $user->email,

+ 'email' => $user->email,

'password' => 'password',

]);

$resp->assertSeeText('No Methods Configured');

- $resp->assertElementContains('a[href$="/mfa/setup"]', 'Configure');

+ $this->withHtml($resp)->assertElementContains('a[href$="/mfa/setup"]', 'Configure');

$this->get('/mfa/backup_codes/generate');

- $this->followingRedirects()->post('/mfa/backup_codes/confirm');

+ $resp = $this->post('/mfa/backup_codes/confirm');

+ $resp->assertRedirect('/login');

$this->assertDatabaseHas('mfa_values', [

'user_id' => $user->id,

]);

+ $resp = $this->get('/login');

+ $resp->assertSeeText('Multi-factor method configured, Please now login again using the configured method.');

+

$resp = $this->followingRedirects()->post('/login', [

- 'email' => $user->email,

+ 'email' => $user->email,

'password' => 'password',

]);

$resp->assertSeeText('Enter one of your remaining backup codes below:');

@@ -223,6 +227,7 @@ class MfaVerificationTest extends TestCase

$role = $user->roles->first();

$role->mfa_enforced = true;

$role->save();

+

try {

$loginService->login($user, 'testing');

} catch (StoppedAuthenticationException $e) {

@@ -234,11 +239,20 @@ class MfaVerificationTest extends TestCase

$resp = $this->call($method, $path);

$resp->assertRedirect('/login');

}

+ }

+

+ public function test_login_mfa_interception_does_not_log_error()

+ {

+ $logHandler = $this->withTestLogger();

+ [$user, $secret, $loginResp] = $this->startTotpLogin();

+

+ $loginResp->assertRedirect('/mfa/verify');

+ $this->assertFalse($logHandler->hasErrorRecords());

}

/**

- * @return Array<User, string, TestResponse>

+ * @return array<User, string, TestResponse>

*/

protected function startTotpLogin(): array

{

@@ -248,7 +262,7 @@ class MfaVerificationTest extends TestCase

$user->save();

MfaValue::upsertWithValue($user, MfaValue::METHOD_TOTP, $secret);

$loginResp = $this->post('/login', [

- 'email' => $user->email,

+ 'email' => $user->email,

'password' => 'password',

]);

@@ -256,20 +270,19 @@ class MfaVerificationTest extends TestCase

}

/**

- * @return Array<User, string, TestResponse>

+ * @return array<User, string, TestResponse>

*/

- protected function startBackupCodeLogin($codes = ['kzzu6-1pgll','bzxnf-plygd','bwdsp-ysl51','1vo93-ioy7n','lf7nw-wdyka','xmtrd-oplac']): array

+ protected function startBackupCodeLogin($codes = ['kzzu6-1pgll', 'bzxnf-plygd', 'bwdsp-ysl51', '1vo93-ioy7n', 'lf7nw-wdyka', 'xmtrd-oplac']): array

{

$user = $this->getEditor();

$user->password = Hash::make('password');

$user->save();

MfaValue::upsertWithValue($user, MfaValue::METHOD_BACKUP_CODES, json_encode($codes));

$loginResp = $this->post('/login', [

- 'email' => $user->email,

+ 'email' => $user->email,

'password' => 'password',

]);

return [$user, $codes, $loginResp];

}

-

-}

\ No newline at end of file

+}