BookStack Code Mirror - bookstack/blobdiff

diff --git a/tests/Auth/AuthTest.php b/tests/Auth/AuthTest.php

index d037b57011fada64a1c1755ab9418b9ea03af828..0ab6d0e8c61eec400a7c8afe2e9d2d2e8ec0501f 100644 (file)

--- a/tests/Auth/AuthTest.php

+++ b/tests/Auth/AuthTest.php

@@ -3,6 +3,7 @@

namespace Tests\Auth;

use BookStack\Auth\Access\Mfa\MfaSession;

+use BookStack\Auth\Role;

use BookStack\Auth\User;

use BookStack\Entities\Models\Page;

use BookStack\Notifications\ConfirmEmail;

@@ -43,8 +44,11 @@ class AuthTest extends TestCase

public function test_normal_registration()

{

// Set settings and get user instance

- $this->setSettings(['registration-enabled' => 'true']);

- $user = factory(User::class)->make();

+ /** @var Role $registrationRole */

+ $registrationRole = Role::query()->first();

+ $this->setSettings(['registration-enabled' => 'true', 'registration-role' => $registrationRole->id]);

+ /** @var User $user */

+ $user = User::factory()->make();

// Test form and ensure user is created

$this->get('/register')

@@ -57,7 +61,12 @@ class AuthTest extends TestCase

$resp = $this->get('/');

$resp->assertOk();

$resp->assertSee($user->name);

+

$this->assertDatabaseHas('users', ['name' => $user->name, 'email' => $user->email]);

+

+ $user = User::query()->where('email', '=', $user->email)->first();

+ $this->assertEquals(1, $user->roles()->count());

+ $this->assertEquals($registrationRole->id, $user->roles()->first()->id);

}

public function test_empty_registration_redirects_back_with_errors()

@@ -102,7 +111,7 @@ class AuthTest extends TestCase

// Set settings and get user instance

$this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true']);

- $user = factory(User::class)->make();

+ $user = User::factory()->make();

// Go through registration process

$resp = $this->post('/register', $user->only('name', 'email', 'password'));

@@ -131,8 +140,8 @@ class AuthTest extends TestCase

});

// Check confirmation email confirmation activation.

- $this->get('/register/confirm/' . $emailConfirmation->token)->assertRedirect('/');

- $this->get('/')->assertSee($user->name);

+ $this->get('/register/confirm/' . $emailConfirmation->token)->assertRedirect('/login');

+ $this->get('/login')->assertSee('Your email has been confirmed! You should now be able to login using this email address.');

$this->assertDatabaseMissing('email_confirmations', ['token' => $emailConfirmation->token]);

$this->assertDatabaseHas('users', ['name' => $dbUser->name, 'email' => $dbUser->email, 'email_confirmed' => true]);

}

@@ -140,7 +149,7 @@ class AuthTest extends TestCase

public function test_restricted_registration()

{

$this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true', 'registration-restrict' => 'example.com']);

- $user = factory(User::class)->make();

+ $user = User::factory()->make();

// Go through registration process

$this->post('/register', $user->only('name', 'email', 'password'))

@@ -166,7 +175,7 @@ class AuthTest extends TestCase

public function test_restricted_registration_with_confirmation_disabled()

{

$this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'false', 'registration-restrict' => 'example.com']);

- $user = factory(User::class)->make();

+ $user = User::factory()->make();

// Go through registration process

$this->post('/register', $user->only('name', 'email', 'password'))

@@ -189,10 +198,18 @@ class AuthTest extends TestCase

$this->assertNull(auth()->user());

}

+ public function test_registration_role_unset_by_default()

+ {

+ $this->assertFalse(setting('registration-role'));

+

+ $resp = $this->asAdmin()->get('/settings/registration');

+ $resp->assertElementContains('select[name="setting-registration-role"] option[value="0"][selected]', '-- None --');

+ }

+

public function test_logout()

{

$this->asAdmin()->get('/')->assertOk();

- $this->get('/logout')->assertRedirect('/');

+ $this->post('/logout')->assertRedirect('/');

$this->get('/')->assertRedirect('/login');

}

@@ -204,7 +221,7 @@ class AuthTest extends TestCase

$mfaSession->markVerifiedForUser($user);

$this->assertTrue($mfaSession->isVerifiedForUser($user));

- $this->asAdmin()->get('/logout');

+ $this->asAdmin()->post('/logout');

$this->assertFalse($mfaSession->isVerifiedForUser($user));

}

@@ -282,6 +299,22 @@ class AuthTest extends TestCase

->assertElementContains('a', 'Sign up');

}

+ public function test_reset_password_request_is_throttled()

+ {

+ $editor = $this->getEditor();

+ Notification::fake();

+ $this->get('/password/email');

+ $this->followingRedirects()->post('/password/email', [

+ 'email' => $editor->email,

+ ]);

+

+ $resp = $this->followingRedirects()->post('/password/email', [

+ 'email' => $editor->email,

+ ]);

+ Notification::assertTimesSent(1, ResetPassword::class);

+ $resp->assertSee('A password reset link will be sent to ' . $editor->email . ' if that email address is found in the system.');

+ }

+

public function test_login_redirects_to_initially_requested_url_correctly()

{

config()->set('app.url', 'http://localhost');

@@ -318,6 +351,7 @@ class AuthTest extends TestCase

$this->assertTrue(auth()->check());

$this->assertTrue(auth('ldap')->check());

$this->assertTrue(auth('saml2')->check());

+ $this->assertTrue(auth('oidc')->check());

}

public function test_login_authenticates_nonadmins_on_default_guard_only()

@@ -330,6 +364,7 @@ class AuthTest extends TestCase

$this->assertTrue(auth()->check());

$this->assertFalse(auth('ldap')->check());

$this->assertFalse(auth('saml2')->check());

+ $this->assertFalse(auth('oidc')->check());

}

public function test_failed_logins_are_logged_when_message_configured()