X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/64785ed9da0d3bac61e4b3976da2e47a804335ec..refs/pull/3245/head:/tests/Auth/MfaConfigurationTest.php

diff --git a/tests/Auth/MfaConfigurationTest.php b/tests/Auth/MfaConfigurationTest.php
index eb0e2faf0..fab94817c 100644
--- a/tests/Auth/MfaConfigurationTest.php
+++ b/tests/Auth/MfaConfigurationTest.php
@@ -4,6 +4,7 @@ namespace Tests\Auth;
 
 use BookStack\Actions\ActivityType;
 use BookStack\Auth\Access\Mfa\MfaValue;
+use BookStack\Auth\Role;
 use BookStack\Auth\User;
 use PragmaRX\Google2FA\Google2FA;
 use Tests\TestCase;
@@ -36,10 +37,12 @@ class MfaConfigurationTest extends TestCase
         $resp->assertSee('The provided code is not valid or has expired.');
         $revisitSvg = $resp->getElementHtml('#main-content .card svg');
         $this->assertTrue($svg === $revisitSvg);
+        $secret = decrypt(session()->get('mfa-setup-totp-secret'));
+
+        $resp->assertSee("?secret={$secret}&issuer=BookStack&algorithm=SHA1&digits=6&period=30");
 
         // Successful confirmation
         $google2fa = new Google2FA();
-        $secret = decrypt(session()->get('mfa-setup-totp-secret'));
         $otp = $google2fa->getCurrentOtp($secret);
         $resp = $this->post('/mfa/totp/confirm', [
             'code' => $otp,
@@ -162,4 +165,22 @@ class MfaConfigurationTest extends TestCase
         $this->assertActivityExists(ActivityType::MFA_REMOVE_METHOD);
         $this->assertEquals(0, $admin->mfaValues()->count());
     }
+
+    public function test_totp_setup_url_shows_correct_user_when_setup_forced_upon_login()
+    {
+        $admin = $this->getAdmin();
+        /** @var Role $role */
+        $role = $admin->roles()->first();
+        $role->mfa_enforced = true;
+        $role->save();
+
+        $resp = $this->post('/login', ['email' => $admin->email, 'password' => 'password']);
+        $this->assertFalse(auth()->check());
+        $resp->assertRedirect('/mfa/verify');
+
+        $resp = $this->get('/mfa/totp/generate');
+        $resp->assertSeeText('Mobile App Setup');
+        $resp->assertDontSee('otpauth://totp/BookStack:guest%40example.com', false);
+        $resp->assertSee('otpauth://totp/BookStack:admin%40admin.com', false);
+    }
 }