X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/8c945034b9f12e728c601502e730d2cfe4c937cf..refs/pull/5676/head:/tests/Auth/AuthTest.php

diff --git a/tests/Auth/AuthTest.php b/tests/Auth/AuthTest.php
index 3220b2aac..bffd8bbdb 100644
--- a/tests/Auth/AuthTest.php
+++ b/tests/Auth/AuthTest.php
@@ -2,7 +2,8 @@
 
 namespace Tests\Auth;
 
-use BookStack\Auth\Access\Mfa\MfaSession;
+use BookStack\Access\Mfa\MfaSession;
+use Illuminate\Support\Facades\Hash;
 use Illuminate\Testing\TestResponse;
 use Tests\TestCase;
 
@@ -44,7 +45,7 @@ class AuthTest extends TestCase
 
     public function test_mfa_session_cleared_on_logout()
     {
-        $user = $this->getEditor();
+        $user = $this->users->editor();
         $mfaSession = $this->app->make(MfaSession::class);
 
         $mfaSession->markVerifiedForUser($user);
@@ -94,7 +95,7 @@ class AuthTest extends TestCase
 
     public function test_login_authenticates_nonadmins_on_default_guard_only()
     {
-        $editor = $this->getEditor();
+        $editor = $this->users->editor();
         $editor->password = bcrypt('password');
         $editor->save();
 
@@ -120,7 +121,7 @@ class AuthTest extends TestCase
     public function test_logged_in_user_with_unconfirmed_email_is_logged_out()
     {
         $this->setSettings(['registration-confirmation' => 'true']);
-        $user = $this->getEditor();
+        $user = $this->users->editor();
         $user->email_confirmed = false;
         $user->save();
 
@@ -144,6 +145,25 @@ class AuthTest extends TestCase
         $resp->assertSee('Too many login attempts. Please try again in');
     }
 
+    public function test_login_specifically_disabled_for_guest_account()
+    {
+        $guest = $this->users->guest();
+
+        $resp = $this->post('/login', ['email' => $guest->email, 'password' => 'password']);
+        $resp->assertRedirect('/login');
+        $resp = $this->followRedirects($resp);
+        $resp->assertSee('These credentials do not match our records.');
+
+        // Test login even with password somehow set
+        $guest->password = Hash::make('password');
+        $guest->save();
+
+        $resp = $this->post('/login', ['email' => $guest->email, 'password' => 'password']);
+        $resp->assertRedirect('/login');
+        $resp = $this->followRedirects($resp);
+        $resp->assertSee('These credentials do not match our records.');
+    }
+
     /**
      * Perform a login.
      */