]> BookStack Code Mirror - bookstack/blob - tests/Auth/AuthTest.php
projects / bookstack / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Added ability to secure images behind auth
[bookstack] / tests / Auth / AuthTest.php
1 <?php namespace Tests;
2
3 use BookStack\Notifications\ConfirmEmail;
4 use Illuminate\Support\Facades\Notification;
5
6 class AuthTest extends BrowserKitTest
7 {
8
9     public function test_auth_working()
10     {
11         $this->visit('/')
12             ->seePageIs('/login');
13     }
14
15     public function test_login()
16     {
17         $this->login('[email protected]', 'password')
18             ->seePageIs('/');
19     }
20
21     public function test_public_viewing()
22     {
23         $settings = app('BookStack\Services\SettingService');
24         $settings->put('app-public', 'true');
25         $this->visit('/')
26             ->seePageIs('/')
27             ->see('Log In');
28     }
29
30     public function test_registration_showing()
31     {
32         // Ensure registration form is showing
33         $this->setSettings(['registration-enabled' => 'true']);
34         $this->visit('/login')
35             ->see('Sign up')
36             ->click('Sign up')
37             ->seePageIs('/register');
38     }
39
40     public function test_normal_registration()
41     {
42         // Set settings and get user instance
43         $this->setSettings(['registration-enabled' => 'true']);
44         $user = factory(\BookStack\User::class)->make();
45
46         // Test form and ensure user is created
47         $this->visit('/register')
48             ->see('Sign Up')
49             ->type($user->name, '#name')
50             ->type($user->email, '#email')
51             ->type($user->password, '#password')
52             ->press('Create Account')
53             ->seePageIs('/')
54             ->see($user->name)
55             ->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email]);
56     }
57
58
59     public function test_confirmed_registration()
60     {
61         // Fake notifications
62         Notification::fake();
63
64         // Set settings and get user instance
65         $this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true']);
66         $user = factory(\BookStack\User::class)->make();
67
68         // Go through registration process
69         $this->visit('/register')
70             ->see('Sign Up')
71             ->type($user->name, '#name')
72             ->type($user->email, '#email')
73             ->type($user->password, '#password')
74             ->press('Create Account')
75             ->seePageIs('/register/confirm')
76             ->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);
77
78         // Ensure notification sent
79         $dbUser = \BookStack\User::where('email', '=', $user->email)->first();
80         Notification::assertSentTo($dbUser, ConfirmEmail::class);
81
82         // Test access and resend confirmation email
83         $this->login($user->email, $user->password)
84             ->seePageIs('/register/confirm/awaiting')
85             ->see('Resend')
86             ->visit('/books')
87             ->seePageIs('/register/confirm/awaiting')
88             ->press('Resend Confirmation Email');
89
90         // Get confirmation and confirm notification matches
91         $emailConfirmation = \DB::table('email_confirmations')->where('user_id', '=', $dbUser->id)->first();
92         Notification::assertSentTo($dbUser, ConfirmEmail::class, function($notification, $channels) use ($emailConfirmation) {
93             return $notification->token === $emailConfirmation->token;
94         });
95         
96         // Check confirmation email confirmation activation.
97         $this->visit('/register/confirm/' . $emailConfirmation->token)
98             ->seePageIs('/')
99             ->see($user->name)
100             ->notSeeInDatabase('email_confirmations', ['token' => $emailConfirmation->token])
101             ->seeInDatabase('users', ['name' => $dbUser->name, 'email' => $dbUser->email, 'email_confirmed' => true]);
102     }
103
104     public function test_restricted_registration()
105     {
106         $this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true', 'registration-restrict' => 'example.com']);
107         $user = factory(\BookStack\User::class)->make();
108         // Go through registration process
109         $this->visit('/register')
110             ->type($user->name, '#name')
111             ->type($user->email, '#email')
112             ->type($user->password, '#password')
113             ->press('Create Account')
114             ->seePageIs('/register')
115             ->dontSeeInDatabase('users', ['email' => $user->email])
116             ->see('That email domain does not have access to this application');
117
118         $user->email = '[email protected]';
119
120         $this->visit('/register')
121             ->type($user->name, '#name')
122             ->type($user->email, '#email')
123             ->type($user->password, '#password')
124             ->press('Create Account')
125             ->seePageIs('/register/confirm')
126             ->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);
127
128         $this->visit('/')->seePageIs('/login')
129             ->type($user->email, '#email')
130             ->type($user->password, '#password')
131             ->press('Log In')
132             ->seePageIs('/register/confirm/awaiting')
133             ->seeText('Email Address Not Confirmed');
134     }
135
136     public function test_restricted_registration_with_confirmation_disabled()
137     {
138         $this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'false', 'registration-restrict' => 'example.com']);
139         $user = factory(\BookStack\User::class)->make();
140         // Go through registration process
141         $this->visit('/register')
142             ->type($user->name, '#name')
143             ->type($user->email, '#email')
144             ->type($user->password, '#password')
145             ->press('Create Account')
146             ->seePageIs('/register')
147             ->dontSeeInDatabase('users', ['email' => $user->email])
148             ->see('That email domain does not have access to this application');
149
150         $user->email = '[email protected]';
151
152         $this->visit('/register')
153             ->type($user->name, '#name')
154             ->type($user->email, '#email')
155             ->type($user->password, '#password')
156             ->press('Create Account')
157             ->seePageIs('/register/confirm')
158             ->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);
159
160         $this->visit('/')->seePageIs('/login')
161             ->type($user->email, '#email')
162             ->type($user->password, '#password')
163             ->press('Log In')
164             ->seePageIs('/register/confirm/awaiting')
165             ->seeText('Email Address Not Confirmed');
166     }
167
168     public function test_user_creation()
169     {
170         $user = factory(\BookStack\User::class)->make();
171
172         $this->asAdmin()
173             ->visit('/settings/users')
174             ->click('Add New User')
175             ->type($user->name, '#name')
176             ->type($user->email, '#email')
177             ->check('roles[admin]')
178             ->type($user->password, '#password')
179             ->type($user->password, '#password-confirm')
180             ->press('Save')
181             ->seePageIs('/settings/users')
182             ->seeInDatabase('users', $user->toArray())
183             ->see($user->name);
184     }
185
186     public function test_user_updating()
187     {
188         $user = $this->getNormalUser();
189         $password = $user->password;
190         $this->asAdmin()
191             ->visit('/settings/users')
192             ->click($user->name)
193             ->seePageIs('/settings/users/' . $user->id)
194             ->see($user->email)
195             ->type('Barry Scott', '#name')
196             ->press('Save')
197             ->seePageIs('/settings/users')
198             ->seeInDatabase('users', ['id' => $user->id, 'name' => 'Barry Scott', 'password' => $password])
199             ->notSeeInDatabase('users', ['name' => $user->name]);
200     }
201
202     public function test_user_password_update()
203     {
204         $user = $this->getNormalUser();
205         $userProfilePage = '/settings/users/' . $user->id;
206         $this->asAdmin()
207             ->visit($userProfilePage)
208             ->type('newpassword', '#password')
209             ->press('Save')
210             ->seePageIs($userProfilePage)
211             ->see('Password confirmation required')
212
213             ->type('newpassword', '#password')
214             ->type('newpassword', '#password-confirm')
215             ->press('Save')
216             ->seePageIs('/settings/users');
217
218             $userPassword = \BookStack\User::find($user->id)->password;
219             $this->assertTrue(\Hash::check('newpassword', $userPassword));
220     }
221
222     public function test_user_deletion()
223     {
224         $userDetails = factory(\BookStack\User::class)->make();
225         $user = $this->getEditor($userDetails->toArray());
226
227         $this->asAdmin()
228             ->visit('/settings/users/' . $user->id)
229             ->click('Delete User')
230             ->see($user->name)
231             ->press('Confirm')
232             ->seePageIs('/settings/users')
233             ->notSeeInDatabase('users', ['name' => $user->name]);
234     }
235
236     public function test_user_cannot_be_deleted_if_last_admin()
237     {
238         $adminRole = \BookStack\Role::getRole('admin');
239         // Ensure we currently only have 1 admin user
240         $this->assertEquals(1, $adminRole->users()->count());
241         $user = $adminRole->users->first();
242
243         $this->asAdmin()->visit('/settings/users/' . $user->id)
244             ->click('Delete User')
245             ->press('Confirm')
246             ->seePageIs('/settings/users/' . $user->id)
247             ->see('You cannot delete the only admin');
248     }
249
250     public function test_logout()
251     {
252         $this->asAdmin()
253             ->visit('/')
254             ->seePageIs('/')
255             ->visit('/logout')
256             ->visit('/')
257             ->seePageIs('/login');
258     }
259
260     public function test_reset_password_flow()
261     {
262
263         Notification::fake();
264
265         $this->visit('/login')->click('Forgot Password?')
266             ->seePageIs('/password/email')
267             ->type('[email protected]', 'email')
268             ->press('Send Reset Link')
269             ->see('A password reset link has been sent to [email protected]');
270
271         $this->seeInDatabase('password_resets', [
272             'email' => '[email protected]'
273         ]);
274
275         $user = \BookStack\User::where('email', '=', '[email protected]')->first();
276
277         Notification::assertSentTo($user, \BookStack\Notifications\ResetPassword::class);
278         $n = Notification::sent($user, \BookStack\Notifications\ResetPassword::class);
279
280         $this->visit('/password/reset/' . $n->first()->token)
281             ->see('Reset Password')
282             ->submitForm('Reset Password', [
283                 'email' => '[email protected]',
284                 'password' => 'randompass',
285                 'password_confirmation' => 'randompass'
286             ])->seePageIs('/')
287             ->see('Your password has been successfully reset');
288     }
289
290     public function test_reset_password_page_shows_sign_links()
291     {
292         $this->setSettings(['registration-enabled' => 'true']);
293         $this->visit('/password/email')
294             ->seeLink('Log in')
295             ->seeLink('Sign up');
296     }
297
298     /**
299      * Perform a login
300      * @param string $email
301      * @param string $password
302      * @return $this
303      */
304     protected function login($email, $password)
305     {
306         return $this->visit('/login')
307             ->type($email, '#email')
308             ->type($password, '#password')
309             ->press('Log In');
310     }
311 }
The core source code for the BookStack project.