X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/90b4257889a5f9a63ee5d9934e90557e67ebca56..refs/pull/3918/head:/tests/Auth/AuthTest.php

diff --git a/tests/Auth/AuthTest.php b/tests/Auth/AuthTest.php
index f0b473472..3220b2aac 100644
--- a/tests/Auth/AuthTest.php
+++ b/tests/Auth/AuthTest.php
@@ -3,7 +3,6 @@
 namespace Tests\Auth;
 
 use BookStack\Auth\Access\Mfa\MfaSession;
-use BookStack\Entities\Models\Page;
 use Illuminate\Testing\TestResponse;
 use Tests\TestCase;
 
@@ -58,8 +57,7 @@ class AuthTest extends TestCase
     public function test_login_redirects_to_initially_requested_url_correctly()
     {
         config()->set('app.url', 'http://localhost');
-        /** @var Page $page */
-        $page = Page::query()->first();
+        $page = $this->entities->page();
 
         $this->get($page->getUrl())->assertRedirect(url('/login'));
         $this->login('admin@admin.com', 'password')
@@ -133,6 +131,19 @@ class AuthTest extends TestCase
         $this->assertFalse(auth()->check());
     }
 
+    public function test_login_attempts_are_rate_limited()
+    {
+        for ($i = 0; $i < 5; $i++) {
+            $resp = $this->login('bennynotexisting@example.com', 'pw123');
+        }
+        $resp = $this->followRedirects($resp);
+        $resp->assertSee('These credentials do not match our records.');
+
+        // Check the fifth attempt provides a lockout response
+        $resp = $this->followRedirects($this->login('bennynotexisting@example.com', 'pw123'));
+        $resp->assertSee('Too many login attempts. Please try again in');
+    }
+
     /**
      * Perform a login.
      */