namespace Tests\Auth;
-use BookStack\Auth\Access\Mfa\MfaSession;
-use BookStack\Entities\Models\Page;
+use BookStack\Access\Mfa\MfaSession;
use Illuminate\Testing\TestResponse;
use Tests\TestCase;
public function test_mfa_session_cleared_on_logout()
{
- $user = $this->getEditor();
+ $user = $this->users->editor();
$mfaSession = $this->app->make(MfaSession::class);
$mfaSession->markVerifiedForUser($user);
public function test_login_redirects_to_initially_requested_url_correctly()
{
config()->set('app.url', 'http://localhost');
- /** @var Page $page */
- $page = Page::query()->first();
+ $page = $this->entities->page();
$this->get($page->getUrl())->assertRedirect(url('/login'));
public function test_login_authenticates_nonadmins_on_default_guard_only()
{
- $editor = $this->getEditor();
+ $editor = $this->users->editor();
$editor->password = bcrypt('password');
$editor->save();
public function test_logged_in_user_with_unconfirmed_email_is_logged_out()
{
$this->setSettings(['registration-confirmation' => 'true']);
- $user = $this->getEditor();
+ $user = $this->users->editor();
$user->email_confirmed = false;
$user->save();
$this->assertFalse(auth()->check());
}
+ public function test_login_attempts_are_rate_limited()
+ {
+ for ($i = 0; $i < 5; $i++) {
+ }
+ $resp = $this->followRedirects($resp);
+ $resp->assertSee('These credentials do not match our records.');
+
+ // Check the fifth attempt provides a lockout response
+ $resp->assertSee('Too many login attempts. Please try again in');
+ }
+
/**
* Perform a login.
*/
projects / bookstack / blobdiff