BookStack Code Mirror - bookstack/blobdiff

diff --git a/tests/Auth/AuthTest.php b/tests/Auth/AuthTest.php

index cb27de96170ec8517a4befc6a27d8b99e95f3d0e..40bcda713d6affc1cd1097346c2b1986eeaf7c15 100644 (file)

--- a/tests/Auth/AuthTest.php

+++ b/tests/Auth/AuthTest.php

@@ -1,9 +1,13 @@

<?php namespace Tests\Auth;

+use BookStack\Auth\Role;

use BookStack\Auth\User;

use BookStack\Entities\Page;

use BookStack\Notifications\ConfirmEmail;

+use BookStack\Notifications\ResetPassword;

use BookStack\Settings\SettingService;

+use DB;

+use Hash;

use Illuminate\Support\Facades\Notification;

use Tests\BrowserKitTest;

@@ -129,7 +133,7 @@ class AuthTest extends BrowserKitTest

->press('Resend Confirmation Email');

// Get confirmation and confirm notification matches

- $emailConfirmation = \DB::table('email_confirmations')->where('user_id', '=', $dbUser->id)->first();

+ $emailConfirmation = DB::table('email_confirmations')->where('user_id', '=', $dbUser->id)->first();

Notification::assertSentTo($dbUser, ConfirmEmail::class, function($notification, $channels) use ($emailConfirmation) {

return $notification->token === $emailConfirmation->token;

});

@@ -257,7 +261,7 @@ class AuthTest extends BrowserKitTest

->seePageIs('/settings/users');

$userPassword = User::find($user->id)->password;

- $this->assertTrue(\Hash::check('newpassword', $userPassword));

+ $this->assertTrue(Hash::check('newpassword', $userPassword));

}

public function test_user_deletion()

@@ -276,7 +280,7 @@ class AuthTest extends BrowserKitTest

public function test_user_cannot_be_deleted_if_last_admin()

{

- $adminRole = \BookStack\Auth\Role::getRole('admin');

+ $adminRole = Role::getRole('admin');

// Delete all but one admin user if there are more than one

$adminUsers = $adminRole->users;

@@ -309,14 +313,13 @@ class AuthTest extends BrowserKitTest

public function test_reset_password_flow()

{

-

Notification::fake();

$this->visit('/login')->click('Forgot Password?')

->seePageIs('/password/email')

->type('[email protected]', 'email')

->press('Send Reset Link')

- ->see('A password reset link has been sent to [email protected]');

+ ->see('A password reset link will be sent to [email protected] if that email address is found in the system.');

$this->seeInDatabase('password_resets', [

'email' => '[email protected]'

@@ -324,8 +327,8 @@ class AuthTest extends BrowserKitTest

$user = User::where('email', '=', '[email protected]')->first();

- Notification::assertSentTo($user, \BookStack\Notifications\ResetPassword::class);

- $n = Notification::sent($user, \BookStack\Notifications\ResetPassword::class);

+ Notification::assertSentTo($user, ResetPassword::class);

+ $n = Notification::sent($user, ResetPassword::class);

$this->visit('/password/reset/' . $n->first()->token)

->see('Reset Password')

@@ -337,6 +340,28 @@ class AuthTest extends BrowserKitTest

->see('Your password has been successfully reset');

}

+ public function test_reset_password_flow_shows_success_message_even_if_wrong_password_to_prevent_user_discovery()

+ {

+ $this->visit('/login')->click('Forgot Password?')

+ ->seePageIs('/password/email')

+ ->type('[email protected]', 'email')

+ ->press('Send Reset Link')

+ ->see('A password reset link will be sent to [email protected] if that email address is found in the system.')

+ ->dontSee('We can\'t find a user');

+

+ $this->visit('/password/reset/arandometokenvalue')

+ ->see('Reset Password')

+ ->submitForm('Reset Password', [

+ 'email' => '[email protected]',

+ 'password' => 'randompass',

+ 'password_confirmation' => 'randompass'

+ ])->followRedirects()

+ ->seePageIs('/password/reset/arandometokenvalue')

+ ->dontSee('We can\'t find a user')

+ ->see('The password reset token is invalid for this email address.');

+ }

+

public function test_reset_password_page_shows_sign_links()

{

$this->setSettings(['registration-enabled' => 'true']);