X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a274406038e13cf678e14d65dfa70d04ead67206..refs/pull/3693/head:/tests/Auth/MfaConfigurationTest.php

diff --git a/tests/Auth/MfaConfigurationTest.php b/tests/Auth/MfaConfigurationTest.php
index eb0e2faf0..3416263f3 100644
--- a/tests/Auth/MfaConfigurationTest.php
+++ b/tests/Auth/MfaConfigurationTest.php
@@ -4,6 +4,7 @@ namespace Tests\Auth;
 
 use BookStack\Actions\ActivityType;
 use BookStack\Auth\Access\Mfa\MfaValue;
+use BookStack\Auth\Role;
 use BookStack\Auth\User;
 use PragmaRX\Google2FA\Google2FA;
 use Tests\TestCase;
@@ -17,15 +18,15 @@ class MfaConfigurationTest extends TestCase
 
         // Setup page state
         $resp = $this->actingAs($editor)->get('/mfa/setup');
-        $resp->assertElementContains('a[href$="/mfa/totp/generate"]', 'Setup');
+        $this->withHtml($resp)->assertElementContains('a[href$="/mfa/totp/generate"]', 'Setup');
 
         // Generate page access
         $resp = $this->get('/mfa/totp/generate');
         $resp->assertSee('Mobile App Setup');
         $resp->assertSee('Verify Setup');
-        $resp->assertElementExists('form[action$="/mfa/totp/confirm"] button');
+        $this->withHtml($resp)->assertElementExists('form[action$="/mfa/totp/confirm"] button');
         $this->assertSessionHas('mfa-setup-totp-secret');
-        $svg = $resp->getElementHtml('#main-content .card svg');
+        $svg = $this->withHtml($resp)->getOuterHtml('#main-content .card svg');
 
         // Validation error, code should remain the same
         $resp = $this->post('/mfa/totp/confirm', [
@@ -34,12 +35,14 @@ class MfaConfigurationTest extends TestCase
         $resp->assertRedirect('/mfa/totp/generate');
         $resp = $this->followRedirects($resp);
         $resp->assertSee('The provided code is not valid or has expired.');
-        $revisitSvg = $resp->getElementHtml('#main-content .card svg');
+        $revisitSvg = $this->withHtml($resp)->getOuterHtml('#main-content .card svg');
         $this->assertTrue($svg === $revisitSvg);
+        $secret = decrypt(session()->get('mfa-setup-totp-secret'));
+
+        $resp->assertSee("?secret={$secret}&issuer=BookStack&algorithm=SHA1&digits=6&period=30");
 
         // Successful confirmation
         $google2fa = new Google2FA();
-        $secret = decrypt(session()->get('mfa-setup-totp-secret'));
         $otp = $google2fa->getCurrentOtp($secret);
         $resp = $this->post('/mfa/totp/confirm', [
             'code' => $otp,
@@ -49,7 +52,7 @@ class MfaConfigurationTest extends TestCase
         // Confirmation of setup
         $resp = $this->followRedirects($resp);
         $resp->assertSee('Multi-factor method successfully configured');
-        $resp->assertElementContains('a[href$="/mfa/totp/generate"]', 'Reconfigure');
+        $this->withHtml($resp)->assertElementContains('a[href$="/mfa/totp/generate"]', 'Reconfigure');
 
         $this->assertDatabaseHas('mfa_values', [
             'user_id' => $editor->id,
@@ -68,12 +71,12 @@ class MfaConfigurationTest extends TestCase
 
         // Setup page state
         $resp = $this->actingAs($editor)->get('/mfa/setup');
-        $resp->assertElementContains('a[href$="/mfa/backup_codes/generate"]', 'Setup');
+        $this->withHtml($resp)->assertElementContains('a[href$="/mfa/backup_codes/generate"]', 'Setup');
 
         // Generate page access
         $resp = $this->get('/mfa/backup_codes/generate');
         $resp->assertSee('Backup Codes');
-        $resp->assertElementContains('form[action$="/mfa/backup_codes/confirm"]', 'Confirm and Enable');
+        $this->withHtml($resp)->assertElementContains('form[action$="/mfa/backup_codes/confirm"]', 'Confirm and Enable');
         $this->assertSessionHas('mfa-setup-backup-codes');
         $codes = decrypt(session()->get('mfa-setup-backup-codes'));
         // Check code format
@@ -89,7 +92,7 @@ class MfaConfigurationTest extends TestCase
         // Confirmation of setup
         $resp = $this->followRedirects($resp);
         $resp->assertSee('Multi-factor method successfully configured');
-        $resp->assertElementContains('a[href$="/mfa/backup_codes/generate"]', 'Reconfigure');
+        $this->withHtml($resp)->assertElementContains('a[href$="/mfa/backup_codes/generate"]', 'Reconfigure');
 
         $this->assertDatabaseHas('mfa_values', [
             'user_id' => $editor->id,
@@ -126,10 +129,10 @@ class MfaConfigurationTest extends TestCase
     {
         $admin = $this->getAdmin();
         $resp = $this->actingAs($admin)->get($admin->getEditUrl());
-        $resp->assertElementExists('a[href$="/mfa/setup"]');
+        $this->withHtml($resp)->assertElementExists('a[href$="/mfa/setup"]');
 
         $resp = $this->actingAs($admin)->get($this->getEditor()->getEditUrl());
-        $resp->assertElementNotExists('a[href$="/mfa/setup"]');
+        $this->withHtml($resp)->assertElementNotExists('a[href$="/mfa/setup"]');
     }
 
     public function test_mfa_indicator_shows_in_user_list()
@@ -138,11 +141,11 @@ class MfaConfigurationTest extends TestCase
         User::query()->where('id', '!=', $admin->id)->delete();
 
         $resp = $this->actingAs($admin)->get('/settings/users');
-        $resp->assertElementNotExists('[title="MFA Configured"] svg');
+        $this->withHtml($resp)->assertElementNotExists('[title="MFA Configured"] svg');
 
         MfaValue::upsertWithValue($admin, MfaValue::METHOD_TOTP, 'test');
         $resp = $this->actingAs($admin)->get('/settings/users');
-        $resp->assertElementExists('[title="MFA Configured"] svg');
+        $this->withHtml($resp)->assertElementExists('[title="MFA Configured"] svg');
     }
 
     public function test_remove_mfa_method()
@@ -152,7 +155,7 @@ class MfaConfigurationTest extends TestCase
         MfaValue::upsertWithValue($admin, MfaValue::METHOD_TOTP, 'test');
         $this->assertEquals(1, $admin->mfaValues()->count());
         $resp = $this->actingAs($admin)->get('/mfa/setup');
-        $resp->assertElementExists('form[action$="/mfa/totp/remove"]');
+        $this->withHtml($resp)->assertElementExists('form[action$="/mfa/totp/remove"]');
 
         $resp = $this->delete('/mfa/totp/remove');
         $resp->assertRedirect('/mfa/setup');
@@ -162,4 +165,22 @@ class MfaConfigurationTest extends TestCase
         $this->assertActivityExists(ActivityType::MFA_REMOVE_METHOD);
         $this->assertEquals(0, $admin->mfaValues()->count());
     }
+
+    public function test_totp_setup_url_shows_correct_user_when_setup_forced_upon_login()
+    {
+        $admin = $this->getAdmin();
+        /** @var Role $role */
+        $role = $admin->roles()->first();
+        $role->mfa_enforced = true;
+        $role->save();
+
+        $resp = $this->post('/login', ['email' => $admin->email, 'password' => 'password']);
+        $this->assertFalse(auth()->check());
+        $resp->assertRedirect('/mfa/verify');
+
+        $resp = $this->get('/mfa/totp/generate');
+        $resp->assertSeeText('Mobile App Setup');
+        $resp->assertDontSee('otpauth://totp/BookStack:guest%40example.com', false);
+        $resp->assertSee('otpauth://totp/BookStack:admin%40admin.com', false);
+    }
 }