BookStack Code Mirror - bookstack/blobdiff - tests/Auth/ResetPasswordTest.php

index 1ab579b268aea4bec271965dbc98ade3a5156e38..026f8c5ba3f78a42f623e6fc9d6f1fc6c61a9598 100644 (file)

--- a/tests/Auth/ResetPasswordTest.php

+++ b/tests/Auth/ResetPasswordTest.php

@@ -2,14 +2,22 @@

namespace Tests\Auth;

-use BookStack\Auth\User;

-use BookStack\Notifications\ResetPassword;

+use BookStack\Access\Notifications\ResetPasswordNotification;

+use BookStack\Users\Models\User;

+use Carbon\CarbonInterval;

use Illuminate\Support\Facades\Notification;

+use Illuminate\Support\Sleep;

use Tests\TestCase;

class ResetPasswordTest extends TestCase

{

- public function test_reset_password_flow()

+ protected function setUp(): void

+ {

+ parent::setUp();

+ Sleep::fake();

+ }

+ public function test_reset_flow()

{

Notification::fake();

@@ -34,8 +42,8 @@ class ResetPasswordTest extends TestCase

/** @var User $user */

$user = User::query()->where('email', '=', '[email protected]')->first();

- Notification::assertSentTo($user, ResetPassword::class);

- $n = Notification::sent($user, ResetPassword::class);

+ Notification::assertSentTo($user, ResetPasswordNotification::class);

+ $n = Notification::sent($user, ResetPasswordNotification::class);

$this->get('/password/reset/' . $n->first()->token)

->assertOk()

@@ -52,7 +60,7 @@ class ResetPasswordTest extends TestCase

$this->get('/')->assertSee('Your password has been successfully reset');

}

- public function test_reset_password_flow_shows_success_message_even_if_wrong_password_to_prevent_user_discovery()

+ public function test_reset_flow_shows_success_message_even_if_wrong_password_to_prevent_user_discovery()

{

$this->get('/password/email');

$resp = $this->followingRedirects()->post('/password/email', [

@@ -75,7 +83,18 @@ class ResetPasswordTest extends TestCase

->assertSee('The password reset token is invalid for this email address.');

}

- public function test_reset_password_page_shows_sign_links()

+ public function test_reset_request_with_not_found_user_still_has_delay()

+ {

+ $this->followingRedirects()->post('/password/email', [

+ 'email' => '[email protected]',

+ ]);

+ Sleep::assertSlept(function (CarbonInterval $duration): bool {

+ return $duration->totalMilliseconds > 999;

+ }, 1);

+ }

+ public function test_reset_page_shows_sign_links()

{

$this->setSettings(['registration-enabled' => 'true']);

$resp = $this->get('/password/email');

@@ -83,9 +102,9 @@ class ResetPasswordTest extends TestCase

->assertElementContains('a', 'Sign up');

}

- public function test_reset_password_request_is_throttled()

+ public function test_reset_request_is_throttled()

{

- $editor = $this->getEditor();

+ $editor = $this->users->editor();

Notification::fake();

$this->get('/password/email');

$this->followingRedirects()->post('/password/email', [

@@ -95,7 +114,30 @@ class ResetPasswordTest extends TestCase

$resp = $this->followingRedirects()->post('/password/email', [

'email' => $editor->email,

]);

- Notification::assertTimesSent(1, ResetPassword::class);

+ Notification::assertSentTimes(ResetPasswordNotification::class, 1);

$resp->assertSee('A password reset link will be sent to ' . $editor->email . ' if that email address is found in the system.');

}

+ public function test_reset_request_with_not_found_user_is_throttled()

+ {

+ for ($i = 0; $i < 11; $i++) {

+ $response = $this->post('/password/email', [

+ 'email' => '[email protected]',

+ ]);

+ }

+ $response->assertStatus(429);

+ }

+ public function test_reset_call_is_throttled()

+ {

+ for ($i = 0; $i < 11; $i++) {

+ $response = $this->post('/password/reset', [

+ 'email' => "arandomuser{$i}@example.com",

+ 'token' => "randomtoken{$i}",

+ ]);

+ }

+ $response->assertStatus(429);

+ }

}