X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/c32b315cd7d2d302e7f55706f8e69c99d736c66b..refs/pull/3598/head:/tests/Auth/AuthTest.php

diff --git a/tests/Auth/AuthTest.php b/tests/Auth/AuthTest.php
index d037b5701..106b71875 100644
--- a/tests/Auth/AuthTest.php
+++ b/tests/Auth/AuthTest.php
@@ -3,14 +3,15 @@
 namespace Tests\Auth;
 
 use BookStack\Auth\Access\Mfa\MfaSession;
+use BookStack\Auth\Role;
 use BookStack\Auth\User;
 use BookStack\Entities\Models\Page;
 use BookStack\Notifications\ConfirmEmail;
 use BookStack\Notifications\ResetPassword;
 use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Notification;
+use Illuminate\Testing\TestResponse;
 use Tests\TestCase;
-use Tests\TestResponse;
 
 class AuthTest extends TestCase
 {
@@ -36,20 +37,23 @@ class AuthTest extends TestCase
     {
         // Ensure registration form is showing
         $this->setSettings(['registration-enabled' => 'true']);
-        $this->get('/login')
-            ->assertElementContains('a[href="' . url('/http/source.bookstackapp.com/register') . '"]', 'Sign up');
+        $resp = $this->get('/login');
+        $this->withHtml($resp)->assertElementContains('a[href="' . url('/http/source.bookstackapp.com/register') . '"]', 'Sign up');
     }
 
     public function test_normal_registration()
     {
         // Set settings and get user instance
-        $this->setSettings(['registration-enabled' => 'true']);
-        $user = factory(User::class)->make();
+        /** @var Role $registrationRole */
+        $registrationRole = Role::query()->first();
+        $this->setSettings(['registration-enabled' => 'true', 'registration-role' => $registrationRole->id]);
+        /** @var User $user */
+        $user = User::factory()->make();
 
         // Test form and ensure user is created
-        $this->get('/register')
-            ->assertSee('Sign Up')
-            ->assertElementContains('form[action="' . url('/http/source.bookstackapp.com/register') . '"]', 'Create Account');
+        $resp = $this->get('/register')
+            ->assertSee('Sign Up');
+        $this->withHtml($resp)->assertElementContains('form[action="' . url('/http/source.bookstackapp.com/register') . '"]', 'Create Account');
 
         $resp = $this->post('/register', $user->only('password', 'name', 'email'));
         $resp->assertRedirect('/');
@@ -57,7 +61,12 @@ class AuthTest extends TestCase
         $resp = $this->get('/');
         $resp->assertOk();
         $resp->assertSee($user->name);
+
         $this->assertDatabaseHas('users', ['name' => $user->name, 'email' => $user->email]);
+
+        $user = User::query()->where('email', '=', $user->email)->first();
+        $this->assertEquals(1, $user->roles()->count());
+        $this->assertEquals($registrationRole->id, $user->roles()->first()->id);
     }
 
     public function test_empty_registration_redirects_back_with_errors()
@@ -102,7 +111,7 @@ class AuthTest extends TestCase
 
         // Set settings and get user instance
         $this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true']);
-        $user = factory(User::class)->make();
+        $user = User::factory()->make();
 
         // Go through registration process
         $resp = $this->post('/register', $user->only('name', 'email', 'password'));
@@ -119,7 +128,7 @@ class AuthTest extends TestCase
         $resp->assertRedirect('/register/confirm/awaiting');
 
         $resp = $this->get('/register/confirm/awaiting');
-        $resp->assertElementContains('form[action="' . url('/http/source.bookstackapp.com/register/confirm/resend') . '"]', 'Resend');
+        $this->withHtml($resp)->assertElementContains('form[action="' . url('/http/source.bookstackapp.com/register/confirm/resend') . '"]', 'Resend');
 
         $this->get('/books')->assertRedirect('/login');
         $this->post('/register/confirm/resend', $user->only('email'));
@@ -131,8 +140,8 @@ class AuthTest extends TestCase
         });
 
         // Check confirmation email confirmation activation.
-        $this->get('/register/confirm/' . $emailConfirmation->token)->assertRedirect('/');
-        $this->get('/')->assertSee($user->name);
+        $this->get('/register/confirm/' . $emailConfirmation->token)->assertRedirect('/login');
+        $this->get('/login')->assertSee('Your email has been confirmed! You should now be able to login using this email address.');
         $this->assertDatabaseMissing('email_confirmations', ['token' => $emailConfirmation->token]);
         $this->assertDatabaseHas('users', ['name' => $dbUser->name, 'email' => $dbUser->email, 'email_confirmed' => true]);
     }
@@ -140,7 +149,7 @@ class AuthTest extends TestCase
     public function test_restricted_registration()
     {
         $this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true', 'registration-restrict' => 'example.com']);
-        $user = factory(User::class)->make();
+        $user = User::factory()->make();
 
         // Go through registration process
         $this->post('/register', $user->only('name', 'email', 'password'))
@@ -166,7 +175,7 @@ class AuthTest extends TestCase
     public function test_restricted_registration_with_confirmation_disabled()
     {
         $this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'false', 'registration-restrict' => 'example.com']);
-        $user = factory(User::class)->make();
+        $user = User::factory()->make();
 
         // Go through registration process
         $this->post('/register', $user->only('name', 'email', 'password'))
@@ -189,10 +198,18 @@ class AuthTest extends TestCase
         $this->assertNull(auth()->user());
     }
 
+    public function test_registration_role_unset_by_default()
+    {
+        $this->assertFalse(setting('registration-role'));
+
+        $resp = $this->asAdmin()->get('/settings/registration');
+        $this->withHtml($resp)->assertElementContains('select[name="setting-registration-role"] option[value="0"][selected]', '-- None --');
+    }
+
     public function test_logout()
     {
         $this->asAdmin()->get('/')->assertOk();
-        $this->get('/logout')->assertRedirect('/');
+        $this->post('/logout')->assertRedirect('/');
         $this->get('/')->assertRedirect('/login');
     }
 
@@ -204,7 +221,7 @@ class AuthTest extends TestCase
         $mfaSession->markVerifiedForUser($user);
         $this->assertTrue($mfaSession->isVerifiedForUser($user));
 
-        $this->asAdmin()->get('/logout');
+        $this->asAdmin()->post('/logout');
         $this->assertFalse($mfaSession->isVerifiedForUser($user));
     }
 
@@ -212,11 +229,11 @@ class AuthTest extends TestCase
     {
         Notification::fake();
 
-        $this->get('/login')
-            ->assertElementContains('a[href="' . url('/http/source.bookstackapp.com/password/email') . '"]', 'Forgot Password?');
+        $resp = $this->get('/login');
+        $this->withHtml($resp)->assertElementContains('a[href="' . url('/http/source.bookstackapp.com/password/email') . '"]', 'Forgot Password?');
 
-        $this->get('/password/email')
-            ->assertElementContains('form[action="' . url('/http/source.bookstackapp.com/password/email') . '"]', 'Send Reset Link');
+        $resp = $this->get('/password/email');
+        $this->withHtml($resp)->assertElementContains('form[action="' . url('/http/source.bookstackapp.com/password/email') . '"]', 'Send Reset Link');
 
         $resp = $this->post('/password/email', [
             'email' => 'admin@admin.com',
@@ -277,11 +294,27 @@ class AuthTest extends TestCase
     public function test_reset_password_page_shows_sign_links()
     {
         $this->setSettings(['registration-enabled' => 'true']);
-        $this->get('/password/email')
-            ->assertElementContains('a', 'Log in')
+        $resp = $this->get('/password/email');
+        $this->withHtml($resp)->assertElementContains('a', 'Log in')
             ->assertElementContains('a', 'Sign up');
     }
 
+    public function test_reset_password_request_is_throttled()
+    {
+        $editor = $this->getEditor();
+        Notification::fake();
+        $this->get('/password/email');
+        $this->followingRedirects()->post('/password/email', [
+            'email' => $editor->email,
+        ]);
+
+        $resp = $this->followingRedirects()->post('/password/email', [
+            'email' => $editor->email,
+        ]);
+        Notification::assertTimesSent(1, ResetPassword::class);
+        $resp->assertSee('A password reset link will be sent to ' . $editor->email . ' if that email address is found in the system.');
+    }
+
     public function test_login_redirects_to_initially_requested_url_correctly()
     {
         config()->set('app.url', 'http://localhost');
@@ -318,6 +351,7 @@ class AuthTest extends TestCase
         $this->assertTrue(auth()->check());
         $this->assertTrue(auth('ldap')->check());
         $this->assertTrue(auth('saml2')->check());
+        $this->assertTrue(auth('oidc')->check());
     }
 
     public function test_login_authenticates_nonadmins_on_default_guard_only()
@@ -330,6 +364,7 @@ class AuthTest extends TestCase
         $this->assertTrue(auth()->check());
         $this->assertFalse(auth('ldap')->check());
         $this->assertFalse(auth('saml2')->check());
+        $this->assertFalse(auth('oidc')->check());
     }
 
     public function test_failed_logins_are_logged_when_message_configured()