use BookStack\Actions\ActivityType;
use BookStack\Auth\Access\Mfa\MfaValue;
+use BookStack\Auth\Role;
use BookStack\Auth\User;
use PragmaRX\Google2FA\Google2FA;
use Tests\TestCase;
$resp->assertSee('The provided code is not valid or has expired.');
$revisitSvg = $resp->getElementHtml('#main-content .card svg');
$this->assertTrue($svg === $revisitSvg);
+ $secret = decrypt(session()->get('mfa-setup-totp-secret'));
+
+ $resp->assertSee(htmlentities("?secret={$secret}&issuer=BookStack&algorithm=SHA1&digits=6&period=30"));
// Successful confirmation
$google2fa = new Google2FA();
- $secret = decrypt(session()->get('mfa-setup-totp-secret'));
$otp = $google2fa->getCurrentOtp($secret);
$resp = $this->post('/mfa/totp/confirm', [
'code' => $otp,
$this->assertActivityExists(ActivityType::MFA_REMOVE_METHOD);
$this->assertEquals(0, $admin->mfaValues()->count());
}
+
+ public function test_totp_setup_url_shows_correct_user_when_setup_forced_upon_login()
+ {
+ $admin = $this->getAdmin();
+ /** @var Role $role */
+ $role = $admin->roles()->first();
+ $role->mfa_enforced = true;
+ $role->save();
+
+ $resp = $this->post('/login', ['email' => $admin->email, 'password' => 'password']);
+ $this->assertFalse(auth()->check());
+ $resp->assertRedirect('/mfa/verify');
+
+ $resp = $this->get('/mfa/totp/generate');
+ $resp->assertSeeText('Mobile App Setup');
+ $resp->assertDontSee('otpauth://totp/BookStack:guest%40example.com');
+ $resp->assertSee('otpauth://totp/BookStack:admin%40admin.com');
+ }
}
projects / bookstack / blobdiff