BookStack Code Mirror - bookstack/blobdiff

index a0de7f803505860647964c68a917c2d49833cf0d..657728c175e712e8d075ed2436483b1e6c2dacd9 100644 (file)

--- a/tests/Auth/AuthTest.php

+++ b/tests/Auth/AuthTest.php

@@ -1,5 +1,8 @@

-<?php namespace Tests\Auth;

+<?php

+namespace Tests\Auth;

+use BookStack\Auth\Access\Mfa\MfaSession;

use BookStack\Auth\Role;

use BookStack\Auth\User;

use BookStack\Entities\Models\Page;

use BookStack\Auth\Role;

use BookStack\Auth\User;

use BookStack\Entities\Models\Page;

@@ -9,11 +12,11 @@ use BookStack\Settings\SettingService;

use DB;

use Hash;

use Illuminate\Support\Facades\Notification;

use DB;

use Hash;

use Illuminate\Support\Facades\Notification;

+use Illuminate\Support\Str;

use Tests\BrowserKitTest;

class AuthTest extends BrowserKitTest

{

use Tests\BrowserKitTest;

class AuthTest extends BrowserKitTest

{

public function test_auth_working()

{

$this->visit('/')

public function test_auth_working()

{

$this->visit('/')

@@ -129,15 +132,16 @@ class AuthTest extends BrowserKitTest

->seePageIs('/register/confirm/awaiting')

->see('Resend')

->visit('/books')

->seePageIs('/register/confirm/awaiting')

->see('Resend')

->visit('/books')

- ->seePageIs('/register/confirm/awaiting')

+ ->seePageIs('/login')

+ ->visit('/register/confirm/awaiting')

->press('Resend Confirmation Email');

// Get confirmation and confirm notification matches

$emailConfirmation = DB::table('email_confirmations')->where('user_id', '=', $dbUser->id)->first();

->press('Resend Confirmation Email');

// Get confirmation and confirm notification matches

$emailConfirmation = DB::table('email_confirmations')->where('user_id', '=', $dbUser->id)->first();

- Notification::assertSentTo($dbUser, ConfirmEmail::class, function($notification, $channels) use ($emailConfirmation) {

+ Notification::assertSentTo($dbUser, ConfirmEmail::class, function ($notification, $channels) use ($emailConfirmation) {

return $notification->token === $emailConfirmation->token;

});

return $notification->token === $emailConfirmation->token;

});

// Check confirmation email confirmation activation.

$this->visit('/register/confirm/' . $emailConfirmation->token)

->seePageIs('/')

// Check confirmation email confirmation activation.

$this->visit('/register/confirm/' . $emailConfirmation->token)

->seePageIs('/')

@@ -170,10 +174,7 @@ class AuthTest extends BrowserKitTest

->seePageIs('/register/confirm')

->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);

->seePageIs('/register/confirm')

->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);

- $this->visit('/')

- ->seePageIs('/register/confirm/awaiting');

- auth()->logout();

+ $this->assertNull(auth()->user());

$this->visit('/')->seePageIs('/login')

->type($user->email, '#email')

$this->visit('/')->seePageIs('/login')

->type($user->email, '#email')

@@ -207,10 +208,8 @@ class AuthTest extends BrowserKitTest

->seePageIs('/register/confirm')

->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);

->seePageIs('/register/confirm')

->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);

- $this->visit('/')

- ->seePageIs('/register/confirm/awaiting');

+ $this->assertNull(auth()->user());

- auth()->logout();

$this->visit('/')->seePageIs('/login')

->type($user->email, '#email')

->type($user->password, '#password')

$this->visit('/')->seePageIs('/login')

->type($user->email, '#email')

->type($user->password, '#password')

@@ -221,6 +220,7 @@ class AuthTest extends BrowserKitTest

public function test_user_creation()

{

public function test_user_creation()

{

+ /** @var User $user */

$user = factory(User::class)->make();

$adminRole = Role::getRole('admin');

$user = factory(User::class)->make();

$adminRole = Role::getRole('admin');

@@ -234,8 +234,11 @@ class AuthTest extends BrowserKitTest

->type($user->password, '#password-confirm')

->press('Save')

->seePageIs('/settings/users')

->type($user->password, '#password-confirm')

->press('Save')

->seePageIs('/settings/users')

- ->seeInDatabase('users', $user->toArray())

+ ->seeInDatabase('users', $user->only(['name', 'email']))

->see($user->name);

+ $user->refresh();

+ $this->assertStringStartsWith(Str::slug($user->name), $user->slug);

}

public function test_user_updating()

}

public function test_user_updating()

@@ -252,6 +255,9 @@ class AuthTest extends BrowserKitTest

->seePageIs('/settings/users')

->seeInDatabase('users', ['id' => $user->id, 'name' => 'Barry Scott', 'password' => $password])

->notSeeInDatabase('users', ['name' => $user->name]);

->seePageIs('/settings/users')

->seeInDatabase('users', ['id' => $user->id, 'name' => 'Barry Scott', 'password' => $password])

->notSeeInDatabase('users', ['name' => $user->name]);

+ $user->refresh();

+ $this->assertStringStartsWith(Str::slug($user->name), $user->slug);

}

public function test_user_password_update()

}

public function test_user_password_update()

@@ -270,8 +276,8 @@ class AuthTest extends BrowserKitTest

->press('Save')

->seePageIs('/settings/users');

->press('Save')

->seePageIs('/settings/users');

- $userPassword = User::find($user->id)->password;

- $this->assertTrue(Hash::check('newpassword', $userPassword));

+ $userPassword = User::find($user->id)->password;

+ $this->assertTrue(Hash::check('newpassword', $userPassword));

}

public function test_user_deletion()

}

public function test_user_deletion()

@@ -321,6 +327,18 @@ class AuthTest extends BrowserKitTest

->seePageIs('/login');

}

->seePageIs('/login');

}

+ public function test_mfa_session_cleared_on_logout()

+ {

+ $user = $this->getEditor();

+ $mfaSession = $this->app->make(MfaSession::class);

+ $mfaSession->markVerifiedForUser($user);

+ $this->assertTrue($mfaSession->isVerifiedForUser($user));

+ $this->asAdmin()->visit('/logout');

+ $this->assertFalse($mfaSession->isVerifiedForUser($user));

+ }

public function test_reset_password_flow()

{

Notification::fake();

public function test_reset_password_flow()

{

Notification::fake();

@@ -332,7 +350,7 @@ class AuthTest extends BrowserKitTest

->see('A password reset link will be sent to [email protected] if that email address is found in the system.');

$this->seeInDatabase('password_resets', [

->see('A password reset link will be sent to [email protected] if that email address is found in the system.');

$this->seeInDatabase('password_resets', [

- 'email' => '[email protected]'

+ 'email' => '[email protected]',

]);

$user = User::where('email', '=', '[email protected]')->first();

]);

$user = User::where('email', '=', '[email protected]')->first();

@@ -343,9 +361,9 @@ class AuthTest extends BrowserKitTest

$this->visit('/password/reset/' . $n->first()->token)

->see('Reset Password')

->submitForm('Reset Password', [

$this->visit('/password/reset/' . $n->first()->token)

->see('Reset Password')

->submitForm('Reset Password', [

- 'email' => '[email protected]',

- 'password' => 'randompass',

- 'password_confirmation' => 'randompass'

+ 'email' => '[email protected]',

+ 'password' => 'randompass',

+ 'password_confirmation' => 'randompass',

])->seePageIs('/')

->see('Your password has been successfully reset');

}

])->seePageIs('/')

->see('Your password has been successfully reset');

}

@@ -359,13 +377,12 @@ class AuthTest extends BrowserKitTest

->see('A password reset link will be sent to [email protected] if that email address is found in the system.')

->dontSee('We can\'t find a user');

->see('A password reset link will be sent to [email protected] if that email address is found in the system.')

->dontSee('We can\'t find a user');

$this->visit('/password/reset/arandometokenvalue')

->see('Reset Password')

->submitForm('Reset Password', [

$this->visit('/password/reset/arandometokenvalue')

->see('Reset Password')

->submitForm('Reset Password', [

- 'email' => '[email protected]',

- 'password' => 'randompass',

- 'password_confirmation' => 'randompass'

+ 'email' => '[email protected]',

+ 'password' => 'randompass',

+ 'password_confirmation' => 'randompass',

])->followRedirects()

->seePageIs('/password/reset/arandometokenvalue')

->dontSee('We can\'t find a user')

])->followRedirects()

->seePageIs('/password/reset/arandometokenvalue')

->dontSee('We can\'t find a user')

@@ -402,6 +419,14 @@ class AuthTest extends BrowserKitTest

$login->assertRedirectedTo('http://localhost');

}

$login->assertRedirectedTo('http://localhost');

}

+ public function test_login_intended_redirect_does_not_factor_mfa_routes()

+ {

+ $this->get('/books')->assertRedirectedTo('/login');

+ $this->get('/mfa/setup')->assertRedirectedTo('/login');

+ $login = $this->post('/login', ['email' => '[email protected]', 'password' => 'password']);

+ $login->assertRedirectedTo('/books');

+ }

public function test_login_authenticates_admins_on_all_guards()

{

$this->post('/login', ['email' => '[email protected]', 'password' => 'password']);

public function test_login_authenticates_admins_on_all_guards()

{

$this->post('/login', ['email' => '[email protected]', 'password' => 'password']);

@@ -435,7 +460,7 @@ class AuthTest extends BrowserKitTest

}

/**

}

/**

- * Perform a login

+ * Perform a login.

protected function login(string $email, string $password): AuthTest

{

protected function login(string $email, string $password): AuthTest

{