BookStack Code Mirror - bookstack/blobdiff

-<?php

+<?php namespace Tests\Auth;

+use BookStack\Auth\Role;

+use BookStack\Auth\User;

+use BookStack\Entities\Page;

use BookStack\Notifications\ConfirmEmail;

+use BookStack\Notifications\ResetPassword;

+use BookStack\Settings\SettingService;

+use DB;

+use Hash;

use Illuminate\Support\Facades\Notification;

+use Tests\BrowserKitTest;

-class AuthTest extends TestCase

+class AuthTest extends BrowserKitTest

{

public function test_auth_working()

{

public function test_auth_working()

public function test_public_viewing()

{

public function test_public_viewing()

{

- $settings = app('BookStack\Services\SettingService');

+ $settings = app(SettingService::class);

$settings->put('app-public', 'true');

$this->visit('/')

->seePageIs('/')

$settings->put('app-public', 'true');

$this->visit('/')

->seePageIs('/')

- ->see('Sign In');

+ ->see('Log In');

}

public function test_registration_showing()

}

public function test_registration_showing()

{

// Set settings and get user instance

$this->setSettings(['registration-enabled' => 'true']);

{

// Set settings and get user instance

$this->setSettings(['registration-enabled' => 'true']);

- $user = factory(\BookStack\User::class)->make();

+ $user = factory(User::class)->make();

// Test form and ensure user is created

$this->visit('/register')

// Test form and ensure user is created

$this->visit('/register')

->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email]);

}

->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email]);

}

+ public function test_empty_registration_redirects_back_with_errors()

+ {

+ // Set settings and get user instance

+ $this->setSettings(['registration-enabled' => 'true']);

+

+ // Test form and ensure user is created

+ $this->visit('/register')

+ ->press('Create Account')

+ ->see('The name field is required')

+ ->seePageIs('/register');

+ }

+

+ public function test_registration_validation()

+ {

+ $this->setSettings(['registration-enabled' => 'true']);

+

+ $this->visit('/register')

+ ->type('1', '#name')

+ ->type('1', '#email')

+ ->type('1', '#password')

+ ->press('Create Account')

+ ->see('The name must be at least 2 characters.')

+ ->see('The email must be a valid email address.')

+ ->see('The password must be at least 8 characters.')

+ ->seePageIs('/register');

+ }

+

+ public function test_sign_up_link_on_login()

+ {

+ $this->visit('/login')

+ ->dontSee('Sign up');

+

+ $this->setSettings(['registration-enabled' => 'true']);

+

+ $this->visit('/login')

+ ->see('Sign up');

+ }

public function test_confirmed_registration()

{

public function test_confirmed_registration()

{

// Set settings and get user instance

$this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true']);

// Set settings and get user instance

$this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true']);

- $user = factory(\BookStack\User::class)->make();

+ $user = factory(User::class)->make();

// Go through registration process

$this->visit('/register')

// Go through registration process

$this->visit('/register')

->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);

// Ensure notification sent

->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);

// Ensure notification sent

- $dbUser = \BookStack\User::where('email', '=', $user->email)->first();

+ $dbUser = User::where('email', '=', $user->email)->first();

Notification::assertSentTo($dbUser, ConfirmEmail::class);

// Test access and resend confirmation email

Notification::assertSentTo($dbUser, ConfirmEmail::class);

// Test access and resend confirmation email

public function test_restricted_registration()

{

$this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true', 'registration-restrict' => 'example.com']);

public function test_restricted_registration()

{

$this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true', 'registration-restrict' => 'example.com']);

- $user = factory(\BookStack\User::class)->make();

+ $user = factory(User::class)->make();

+ // Go through registration process

+ $this->visit('/register')

+ ->type($user->name, '#name')

+ ->type($user->email, '#email')

+ ->type($user->password, '#password')

+ ->press('Create Account')

+ ->seePageIs('/register')

+ ->dontSeeInDatabase('users', ['email' => $user->email])

+ ->see('That email domain does not have access to this application');

+

+ $user->email = '[email protected]';

+

+ $this->visit('/register')

+ ->type($user->name, '#name')

+ ->type($user->email, '#email')

+ ->type($user->password, '#password')

+ ->press('Create Account')

+ ->seePageIs('/register/confirm')

+ ->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);

+

+ $this->visit('/')

+ ->seePageIs('/register/confirm/awaiting');

+

+ auth()->logout();

+

+ $this->visit('/')->seePageIs('/login')

+ ->type($user->email, '#email')

+ ->type($user->password, '#password')

+ ->press('Log In')

+ ->seePageIs('/register/confirm/awaiting')

+ ->seeText('Email Address Not Confirmed');

+ }

+

+ public function test_restricted_registration_with_confirmation_disabled()

+ {

+ $this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'false', 'registration-restrict' => 'example.com']);

+ $user = factory(User::class)->make();

// Go through registration process

$this->visit('/register')

->type($user->name, '#name')

// Go through registration process

$this->visit('/register')

->type($user->name, '#name')

->press('Create Account')

->seePageIs('/register/confirm')

->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);

->press('Create Account')

->seePageIs('/register/confirm')

->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);

+

+ $this->visit('/')

+ ->seePageIs('/register/confirm/awaiting');

+

+ auth()->logout();

+ $this->visit('/')->seePageIs('/login')

+ ->type($user->email, '#email')

+ ->type($user->password, '#password')

+ ->press('Log In')

+ ->seePageIs('/register/confirm/awaiting')

+ ->seeText('Email Address Not Confirmed');

}

public function test_user_creation()

{

}

public function test_user_creation()

{

- $user = factory(\BookStack\User::class)->make();

+ $user = factory(User::class)->make();

+ $adminRole = Role::getRole('admin');

$this->asAdmin()

->visit('/settings/users')

$this->asAdmin()

->visit('/settings/users')

- ->click('Add new user')

+ ->click('Add New User')

->type($user->name, '#name')

->type($user->email, '#email')

->type($user->name, '#name')

->type($user->email, '#email')

- ->check('roles[admin]')

+ ->check("roles[{$adminRole->id}]")

->type($user->password, '#password')

->type($user->password, '#password-confirm')

->press('Save')

->type($user->password, '#password')

->type($user->password, '#password-confirm')

->press('Save')

public function test_user_updating()

{

public function test_user_updating()

{

- $user = \BookStack\User::all()->last();

+ $user = $this->getNormalUser();

$password = $user->password;

$this->asAdmin()

->visit('/settings/users')

$password = $user->password;

$this->asAdmin()

->visit('/settings/users')

public function test_user_password_update()

{

public function test_user_password_update()

{

- $user = \BookStack\User::all()->last();

+ $user = $this->getNormalUser();

$userProfilePage = '/settings/users/' . $user->id;

$this->asAdmin()

->visit($userProfilePage)

$userProfilePage = '/settings/users/' . $user->id;

$this->asAdmin()

->visit($userProfilePage)

->press('Save')

->seePageIs('/settings/users');

->press('Save')

->seePageIs('/settings/users');

- $userPassword = \BookStack\User::find($user->id)->password;

+ $userPassword = User::find($user->id)->password;

$this->assertTrue(Hash::check('newpassword', $userPassword));

}

public function test_user_deletion()

{

$this->assertTrue(Hash::check('newpassword', $userPassword));

}

public function test_user_deletion()

{

- $userDetails = factory(\BookStack\User::class)->make();

+ $userDetails = factory(User::class)->make();

$user = $this->getEditor($userDetails->toArray());

$this->asAdmin()

$user = $this->getEditor($userDetails->toArray());

$this->asAdmin()

public function test_user_cannot_be_deleted_if_last_admin()

{

public function test_user_cannot_be_deleted_if_last_admin()

{

- $adminRole = \BookStack\Role::getRole('admin');

+ $adminRole = Role::getRole('admin');

+

+ // Delete all but one admin user if there are more than one

+ $adminUsers = $adminRole->users;

+ if (count($adminUsers) > 1) {

+ foreach ($adminUsers->splice(1) as $user) {

+ $user->delete();

+ }

+

// Ensure we currently only have 1 admin user

$this->assertEquals(1, $adminRole->users()->count());

$user = $adminRole->users->first();

// Ensure we currently only have 1 admin user

$this->assertEquals(1, $adminRole->users()->count());

$user = $adminRole->users->first();

->seePageIs('/login');

}

->seePageIs('/login');

}

+ public function test_reset_password_flow()

+ {

+ Notification::fake();

+

+ $this->visit('/login')->click('Forgot Password?')

+ ->seePageIs('/password/email')

+ ->type('[email protected]', 'email')

+ ->press('Send Reset Link')

+ ->see('A password reset link will be sent to [email protected] if that email address is found in the system.');

+

+ $this->seeInDatabase('password_resets', [

+ 'email' => '[email protected]'

+ ]);

+

+ $user = User::where('email', '=', '[email protected]')->first();

+

+ Notification::assertSentTo($user, ResetPassword::class);

+ $n = Notification::sent($user, ResetPassword::class);

+

+ $this->visit('/password/reset/' . $n->first()->token)

+ ->see('Reset Password')

+ ->submitForm('Reset Password', [

+ 'email' => '[email protected]',

+ 'password' => 'randompass',

+ 'password_confirmation' => 'randompass'

+ ])->seePageIs('/')

+ ->see('Your password has been successfully reset');

+ }

+

+ public function test_reset_password_flow_shows_success_message_even_if_wrong_password_to_prevent_user_discovery()

+ {

+ $this->visit('/login')->click('Forgot Password?')

+ ->seePageIs('/password/email')

+ ->type('[email protected]', 'email')

+ ->press('Send Reset Link')

+ ->see('A password reset link will be sent to [email protected] if that email address is found in the system.')

+ ->dontSee('We can\'t find a user');

+

+ $this->visit('/password/reset/arandometokenvalue')

+ ->see('Reset Password')

+ ->submitForm('Reset Password', [

+ 'email' => '[email protected]',

+ 'password' => 'randompass',

+ 'password_confirmation' => 'randompass'

+ ])->followRedirects()

+ ->seePageIs('/password/reset/arandometokenvalue')

+ ->dontSee('We can\'t find a user')

+ ->see('The password reset token is invalid for this email address.');

+ }

+

+ public function test_reset_password_page_shows_sign_links()

+ {

+ $this->setSettings(['registration-enabled' => 'true']);

+ $this->visit('/password/email')

+ ->seeLink('Log in')

+ ->seeLink('Sign up');

+ }

+

+ public function test_login_redirects_to_initially_requested_url_correctly()

+ {

+ config()->set('app.url', 'http://localhost');

+ $page = Page::query()->first();

+

+ $this->visit($page->getUrl())

+ ->seePageUrlIs(url('/login'));

+ $this->login('[email protected]', 'password')

+ ->seePageUrlIs($page->getUrl());

+ }

+

+ public function test_login_intended_redirect_does_not_redirect_to_external_pages()

+ {

+ config()->set('app.url', 'http://localhost');

+ $this->setSettings(['app-public' => true]);

+

+ $this->get('/login', ['referer' => 'https://example.com']);

+ $login = $this->post('/login', ['email' => '[email protected]', 'password' => 'password']);

+

+ $login->assertRedirectedTo('http://localhost');

+ }

+

+ public function test_login_authenticates_admins_on_all_guards()

+ {

+ $this->post('/login', ['email' => '[email protected]', 'password' => 'password']);

+ $this->assertTrue(auth()->check());

+ $this->assertTrue(auth('ldap')->check());

+ $this->assertTrue(auth('saml2')->check());

+ }

+

+ public function test_login_authenticates_nonadmins_on_default_guard_only()

+ {

+ $editor = $this->getEditor();

+ $editor->password = bcrypt('password');

+ $editor->save();

+

+ $this->post('/login', ['email' => $editor->email, 'password' => 'password']);

+ $this->assertTrue(auth()->check());

+ $this->assertFalse(auth('ldap')->check());

+ $this->assertFalse(auth('saml2')->check());

+ }

+

+ public function test_failed_logins_are_logged_when_message_configured()

+ {

+ $log = $this->withTestLogger();

+ config()->set(['logging.failed_login.message' => 'Failed login for %u']);

+

+ $this->post('/login', ['email' => '[email protected]', 'password' => 'cattreedog']);

+ $this->assertTrue($log->hasWarningThatContains('Failed login for [email protected]'));

+

+ $this->post('/login', ['email' => '[email protected]', 'password' => 'password']);

+ $this->assertFalse($log->hasWarningThatContains('Failed login for [email protected]'));

+ }

+

/**

* Perform a login

/**

* Perform a login

- * @param string $email

- * @param string $password

- * @return $this

*/

- protected function login($email, $password)

+ protected function login(string $email, string $password): AuthTest

{

return $this->visit('/login')

->type($email, '#email')

->type($password, '#password')

{

return $this->visit('/login')

->type($email, '#email')

->type($password, '#password')

- ->press('Sign In');

+ ->press('Log In');

}