-<?php
+<?php namespace Tests\Auth;
-use BookStack\EmailConfirmation;
+use BookStack\Auth\Role;
+use BookStack\Auth\User;
+use BookStack\Entities\Page;
+use BookStack\Notifications\ConfirmEmail;
+use BookStack\Notifications\ResetPassword;
+use BookStack\Settings\SettingService;
+use DB;
+use Hash;
+use Illuminate\Support\Facades\Notification;
+use Tests\BrowserKitTest;
-class AuthTest extends TestCase
+class AuthTest extends BrowserKitTest
{
public function test_auth_working()
public function test_public_viewing()
{
- $settings = app('BookStack\Services\SettingService');
+ $settings = app(SettingService::class);
$settings->put('app-public', 'true');
$this->visit('/')
->seePageIs('/')
- ->see('Sign In');
+ ->see('Log In');
}
public function test_registration_showing()
{
// Set settings and get user instance
$this->setSettings(['registration-enabled' => 'true']);
- $user = factory(\BookStack\User::class)->make();
+ $user = factory(User::class)->make();
// Test form and ensure user is created
$this->visit('/register')
->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email]);
}
+ public function test_empty_registration_redirects_back_with_errors()
+ {
+ // Set settings and get user instance
+ $this->setSettings(['registration-enabled' => 'true']);
+
+ // Test form and ensure user is created
+ $this->visit('/register')
+ ->press('Create Account')
+ ->see('The name field is required')
+ ->seePageIs('/register');
+ }
+
+ public function test_registration_validation()
+ {
+ $this->setSettings(['registration-enabled' => 'true']);
+
+ $this->visit('/register')
+ ->type('1', '#name')
+ ->type('1', '#email')
+ ->type('1', '#password')
+ ->press('Create Account')
+ ->see('The name must be at least 2 characters.')
+ ->see('The email must be a valid email address.')
+ ->see('The password must be at least 8 characters.')
+ ->seePageIs('/register');
+ }
+
+ public function test_sign_up_link_on_login()
+ {
+ $this->visit('/login')
+ ->dontSee('Sign up');
+
+ $this->setSettings(['registration-enabled' => 'true']);
+
+ $this->visit('/login')
+ ->see('Sign up');
+ }
public function test_confirmed_registration()
{
+ // Fake notifications
+ Notification::fake();
+
// Set settings and get user instance
$this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true']);
- $user = factory(\BookStack\User::class)->make();
-
- // Mock Mailer to ensure mail is being sent
- $mockMailer = Mockery::mock('Illuminate\Contracts\Mail\Mailer');
- $mockMailer->shouldReceive('send')->with('emails/email-confirmation', Mockery::type('array'), Mockery::type('callable'))->twice();
- $this->app->instance('mailer', $mockMailer);
+ $user = factory(User::class)->make();
// Go through registration process
$this->visit('/register')
->seePageIs('/register/confirm')
->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);
+ // Ensure notification sent
+ $dbUser = User::where('email', '=', $user->email)->first();
+ Notification::assertSentTo($dbUser, ConfirmEmail::class);
+
// Test access and resend confirmation email
$this->login($user->email, $user->password)
->seePageIs('/register/confirm/awaiting')
->seePageIs('/register/confirm/awaiting')
->press('Resend Confirmation Email');
- // Get confirmation
- $user = $user->where('email', '=', $user->email)->first();
- $emailConfirmation = EmailConfirmation::where('user_id', '=', $user->id)->first();
-
-
- // Check confirmation email button and confirmation activation.
- $this->visit('/register/confirm/' . $emailConfirmation->token . '/email')
- ->see('Email Confirmation')
- ->click('Confirm Email')
+ // Get confirmation and confirm notification matches
+ $emailConfirmation = DB::table('email_confirmations')->where('user_id', '=', $dbUser->id)->first();
+ Notification::assertSentTo($dbUser, ConfirmEmail::class, function($notification, $channels) use ($emailConfirmation) {
+ return $notification->token === $emailConfirmation->token;
+ });
+
+ // Check confirmation email confirmation activation.
+ $this->visit('/register/confirm/' . $emailConfirmation->token)
->seePageIs('/')
->see($user->name)
->notSeeInDatabase('email_confirmations', ['token' => $emailConfirmation->token])
- ->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => true]);
+ ->seeInDatabase('users', ['name' => $dbUser->name, 'email' => $dbUser->email, 'email_confirmed' => true]);
}
public function test_restricted_registration()
{
$this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true', 'registration-restrict' => 'example.com']);
- $user = factory(\BookStack\User::class)->make();
+ $user = factory(User::class)->make();
+ // Go through registration process
+ $this->visit('/register')
+ ->type($user->name, '#name')
+ ->type($user->email, '#email')
+ ->type($user->password, '#password')
+ ->press('Create Account')
+ ->seePageIs('/register')
+ ->dontSeeInDatabase('users', ['email' => $user->email])
+ ->see('That email domain does not have access to this application');
+
+
+ $this->visit('/register')
+ ->type($user->name, '#name')
+ ->type($user->email, '#email')
+ ->type($user->password, '#password')
+ ->press('Create Account')
+ ->seePageIs('/register/confirm')
+ ->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);
+
+ $this->visit('/')->seePageIs('/login')
+ ->type($user->email, '#email')
+ ->type($user->password, '#password')
+ ->press('Log In')
+ ->seePageIs('/register/confirm/awaiting')
+ ->seeText('Email Address Not Confirmed');
+ }
+
+ public function test_restricted_registration_with_confirmation_disabled()
+ {
+ $this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'false', 'registration-restrict' => 'example.com']);
+ $user = factory(User::class)->make();
// Go through registration process
$this->visit('/register')
->type($user->name, '#name')
->press('Create Account')
->seePageIs('/register/confirm')
->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);
+
+ $this->visit('/')->seePageIs('/login')
+ ->type($user->email, '#email')
+ ->type($user->password, '#password')
+ ->press('Log In')
+ ->seePageIs('/register/confirm/awaiting')
+ ->seeText('Email Address Not Confirmed');
}
public function test_user_creation()
{
- $user = factory(\BookStack\User::class)->make();
+ $user = factory(User::class)->make();
$this->asAdmin()
->visit('/settings/users')
- ->click('Add new user')
+ ->click('Add New User')
->type($user->name, '#name')
->type($user->email, '#email')
->check('roles[admin]')
public function test_user_updating()
{
- $user = \BookStack\User::all()->last();
+ $user = $this->getNormalUser();
$password = $user->password;
$this->asAdmin()
->visit('/settings/users')
public function test_user_password_update()
{
- $user = \BookStack\User::all()->last();
+ $user = $this->getNormalUser();
$userProfilePage = '/settings/users/' . $user->id;
$this->asAdmin()
->visit($userProfilePage)
->press('Save')
->seePageIs('/settings/users');
- $userPassword = \BookStack\User::find($user->id)->password;
+ $userPassword = User::find($user->id)->password;
$this->assertTrue(Hash::check('newpassword', $userPassword));
}
public function test_user_deletion()
{
- $userDetails = factory(\BookStack\User::class)->make();
- $user = $this->getNewUser($userDetails->toArray());
+ $userDetails = factory(User::class)->make();
+ $user = $this->getEditor($userDetails->toArray());
$this->asAdmin()
->visit('/settings/users/' . $user->id)
public function test_user_cannot_be_deleted_if_last_admin()
{
- $adminRole = \BookStack\Role::getRole('admin');
+ $adminRole = Role::getRole('admin');
+
+ // Delete all but one admin user if there are more than one
+ $adminUsers = $adminRole->users;
+ if (count($adminUsers) > 1) {
+ foreach ($adminUsers->splice(1) as $user) {
+ $user->delete();
+ }
+ }
+
// Ensure we currently only have 1 admin user
$this->assertEquals(1, $adminRole->users()->count());
$user = $adminRole->users->first();
->seePageIs('/login');
}
+ public function test_reset_password_flow()
+ {
+ Notification::fake();
+
+ $this->visit('/login')->click('Forgot Password?')
+ ->seePageIs('/password/email')
+ ->press('Send Reset Link')
+ ->see('A password reset link will be sent to
[email protected] if that email address is found in the system.');
+
+ $this->seeInDatabase('password_resets', [
+ ]);
+
+
+ Notification::assertSentTo($user, ResetPassword::class);
+ $n = Notification::sent($user, ResetPassword::class);
+
+ $this->visit('/password/reset/' . $n->first()->token)
+ ->see('Reset Password')
+ ->submitForm('Reset Password', [
+ 'password' => 'randompass',
+ 'password_confirmation' => 'randompass'
+ ])->seePageIs('/')
+ ->see('Your password has been successfully reset');
+ }
+
+ public function test_reset_password_flow_shows_success_message_even_if_wrong_password_to_prevent_user_discovery()
+ {
+ $this->visit('/login')->click('Forgot Password?')
+ ->seePageIs('/password/email')
+ ->press('Send Reset Link')
+ ->see('A password reset link will be sent to
[email protected] if that email address is found in the system.')
+ ->dontSee('We can\'t find a user');
+
+
+ $this->visit('/password/reset/arandometokenvalue')
+ ->see('Reset Password')
+ ->submitForm('Reset Password', [
+ 'password' => 'randompass',
+ 'password_confirmation' => 'randompass'
+ ])->followRedirects()
+ ->seePageIs('/password/reset/arandometokenvalue')
+ ->dontSee('We can\'t find a user')
+ ->see('The password reset token is invalid for this email address.');
+ }
+
+ public function test_reset_password_page_shows_sign_links()
+ {
+ $this->setSettings(['registration-enabled' => 'true']);
+ $this->visit('/password/email')
+ ->seeLink('Log in')
+ ->seeLink('Sign up');
+ }
+
+ public function test_login_redirects_to_initially_requested_url_correctly()
+ {
+ config()->set('app.url', 'http://localhost');
+ $page = Page::query()->first();
+
+ $this->visit($page->getUrl())
+ ->seePageUrlIs(url('/login'));
+ ->seePageUrlIs($page->getUrl());
+ }
+
/**
* Perform a login
* @param string $email
return $this->visit('/login')
->type($email, '#email')
->type($password, '#password')
- ->press('Sign In');
+ ->press('Log In');
}
}
projects / bookstack / blobdiff