X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/e6c6de0848caab863f410bbf9a74312392db9dcd..refs/pull/2257/head:/tests/Auth/Saml2Test.php diff --git a/tests/Auth/Saml2Test.php b/tests/Auth/Saml2Test.php index b3e6bd41b..7303d4bd8 100644 --- a/tests/Auth/Saml2Test.php +++ b/tests/Auth/Saml2Test.php @@ -1,7 +1,8 @@ -assertDatabaseHas('users', [ 'email' => 'user@example.com', 'external_auth_id' => 'user', - 'email_confirmed' => true, + 'email_confirmed' => false, 'name' => 'Barry Scott' ]); @@ -209,7 +210,7 @@ class Saml2Test extends TestCase $acsPost = $this->post('/saml2/acs'); $acsPost->assertRedirect('/'); $errorMessage = session()->get('error'); - $this->assertEquals('Registration unsuccessful since a user already exists with email address "user@example.com"', $errorMessage); + $this->assertEquals('A user with the email user@example.com already exists but with different credentials.', $errorMessage); }); } @@ -271,6 +272,53 @@ class Saml2Test extends TestCase $this->assertPermissionError($resp); } + public function test_email_domain_restriction_active_on_new_saml_login() + { + $this->setSettings([ + 'registration-restrict' => 'testing.com' + ]); + config()->set([ + 'saml2.onelogin.strict' => false, + ]); + + $this->withPost(['SAMLResponse' => $this->acsPostData], function () { + $acsPost = $this->post('/saml2/acs'); + $acsPost->assertRedirect('/login'); + $errorMessage = session()->get('error'); + $this->assertStringContainsString('That email domain does not have access to this application', $errorMessage); + $this->assertDatabaseMissing('users', ['email' => 'user@example.com']); + }); + } + + public function test_group_sync_functions_when_email_confirmation_required() + { + setting()->put('registration-confirmation', 'true'); + config()->set([ + 'saml2.onelogin.strict' => false, + 'saml2.user_to_groups' => true, + 'saml2.remove_from_groups' => false, + ]); + + $memberRole = factory(Role::class)->create(['external_auth_id' => 'member']); + $adminRole = Role::getSystemRole('admin'); + + $this->withPost(['SAMLResponse' => $this->acsPostData], function () use ($memberRole, $adminRole) { + $acsPost = $this->followingRedirects()->post('/saml2/acs'); + + $this->assertEquals('http://localhost/register/confirm', url()->current()); + $acsPost->assertSee('Please check your email and click the confirmation button to access BookStack.'); + $user = User::query()->where('external_auth_id', '=', 'user')->first(); + + $userRoleIds = $user->roles()->pluck('id'); + $this->assertContains($memberRole->id, $userRoleIds, 'User was assigned to member role'); + $this->assertContains($adminRole->id, $userRoleIds, 'User was assigned to admin role'); + $this->assertTrue($user->email_confirmed == false, 'User email remains unconfirmed'); + }); + + $homeGet = $this->get('/'); + $homeGet->assertRedirect('/register/confirm/awaiting'); + } + protected function withGet(array $options, callable $callback) { return $this->withGlobal($_GET, $options, $callback);