X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/9135a85de4eef32a91c7a3ee0aa405ed454e5a4c..refs/pull/5676/head:/tests/Auth/AuthTest.php

diff --git a/tests/Auth/AuthTest.php b/tests/Auth/AuthTest.php
index fe7e62568..bffd8bbdb 100644
--- a/tests/Auth/AuthTest.php
+++ b/tests/Auth/AuthTest.php
@@ -2,7 +2,8 @@
 
 namespace Tests\Auth;
 
-use BookStack\Auth\Access\Mfa\MfaSession;
+use BookStack\Access\Mfa\MfaSession;
+use Illuminate\Support\Facades\Hash;
 use Illuminate\Testing\TestResponse;
 use Tests\TestCase;
 
@@ -144,6 +145,25 @@ class AuthTest extends TestCase
         $resp->assertSee('Too many login attempts. Please try again in');
     }
 
+    public function test_login_specifically_disabled_for_guest_account()
+    {
+        $guest = $this->users->guest();
+
+        $resp = $this->post('/login', ['email' => $guest->email, 'password' => 'password']);
+        $resp->assertRedirect('/login');
+        $resp = $this->followRedirects($resp);
+        $resp->assertSee('These credentials do not match our records.');
+
+        // Test login even with password somehow set
+        $guest->password = Hash::make('password');
+        $guest->save();
+
+        $resp = $this->post('/login', ['email' => $guest->email, 'password' => 'password']);
+        $resp->assertRedirect('/login');
+        $resp = $this->followRedirects($resp);
+        $resp->assertSee('These credentials do not match our records.');
+    }
+
     /**
      * Perform a login.
      */