X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/90b4257889a5f9a63ee5d9934e90557e67ebca56..refs/pull/5676/head:/tests/Auth/ResetPasswordTest.php diff --git a/tests/Auth/ResetPasswordTest.php b/tests/Auth/ResetPasswordTest.php index 1ab579b26..026f8c5ba 100644 --- a/tests/Auth/ResetPasswordTest.php +++ b/tests/Auth/ResetPasswordTest.php @@ -2,14 +2,22 @@ namespace Tests\Auth; -use BookStack\Auth\User; -use BookStack\Notifications\ResetPassword; +use BookStack\Access\Notifications\ResetPasswordNotification; +use BookStack\Users\Models\User; +use Carbon\CarbonInterval; use Illuminate\Support\Facades\Notification; +use Illuminate\Support\Sleep; use Tests\TestCase; class ResetPasswordTest extends TestCase { - public function test_reset_password_flow() + protected function setUp(): void + { + parent::setUp(); + Sleep::fake(); + } + + public function test_reset_flow() { Notification::fake(); @@ -34,8 +42,8 @@ class ResetPasswordTest extends TestCase /** @var User $user */ $user = User::query()->where('email', '=', 'admin@admin.com')->first(); - Notification::assertSentTo($user, ResetPassword::class); - $n = Notification::sent($user, ResetPassword::class); + Notification::assertSentTo($user, ResetPasswordNotification::class); + $n = Notification::sent($user, ResetPasswordNotification::class); $this->get('/password/reset/' . $n->first()->token) ->assertOk() @@ -52,7 +60,7 @@ class ResetPasswordTest extends TestCase $this->get('/')->assertSee('Your password has been successfully reset'); } - public function test_reset_password_flow_shows_success_message_even_if_wrong_password_to_prevent_user_discovery() + public function test_reset_flow_shows_success_message_even_if_wrong_password_to_prevent_user_discovery() { $this->get('/password/email'); $resp = $this->followingRedirects()->post('/password/email', [ @@ -75,7 +83,18 @@ class ResetPasswordTest extends TestCase ->assertSee('The password reset token is invalid for this email address.'); } - public function test_reset_password_page_shows_sign_links() + public function test_reset_request_with_not_found_user_still_has_delay() + { + $this->followingRedirects()->post('/password/email', [ + 'email' => 'barrynotfoundrandomuser@example.com', + ]); + + Sleep::assertSlept(function (CarbonInterval $duration): bool { + return $duration->totalMilliseconds > 999; + }, 1); + } + + public function test_reset_page_shows_sign_links() { $this->setSettings(['registration-enabled' => 'true']); $resp = $this->get('/password/email'); @@ -83,9 +102,9 @@ class ResetPasswordTest extends TestCase ->assertElementContains('a', 'Sign up'); } - public function test_reset_password_request_is_throttled() + public function test_reset_request_is_throttled() { - $editor = $this->getEditor(); + $editor = $this->users->editor(); Notification::fake(); $this->get('/password/email'); $this->followingRedirects()->post('/password/email', [ @@ -95,7 +114,30 @@ class ResetPasswordTest extends TestCase $resp = $this->followingRedirects()->post('/password/email', [ 'email' => $editor->email, ]); - Notification::assertTimesSent(1, ResetPassword::class); + Notification::assertSentTimes(ResetPasswordNotification::class, 1); $resp->assertSee('A password reset link will be sent to ' . $editor->email . ' if that email address is found in the system.'); } + + public function test_reset_request_with_not_found_user_is_throttled() + { + for ($i = 0; $i < 11; $i++) { + $response = $this->post('/password/email', [ + 'email' => 'barrynotfoundrandomuser@example.com', + ]); + } + + $response->assertStatus(429); + } + + public function test_reset_call_is_throttled() + { + for ($i = 0; $i < 11; $i++) { + $response = $this->post('/password/reset', [ + 'email' => "arandomuser{$i}@example.com", + 'token' => "randomtoken{$i}", + ]); + } + + $response->assertStatus(429); + } }