2015-09-02 13:26:33 -04:00
|
|
|
<?php
|
|
|
|
|
2016-09-17 13:22:04 -04:00
|
|
|
use BookStack\Notifications\ConfirmEmail;
|
|
|
|
use Illuminate\Support\Facades\Notification;
|
2015-09-21 15:54:11 -04:00
|
|
|
|
2015-09-02 13:26:33 -04:00
|
|
|
class AuthTest extends TestCase
|
|
|
|
{
|
|
|
|
|
2016-01-15 18:21:47 -05:00
|
|
|
public function test_auth_working()
|
2015-09-02 13:26:33 -04:00
|
|
|
{
|
|
|
|
$this->visit('/')
|
|
|
|
->seePageIs('/login');
|
|
|
|
}
|
|
|
|
|
2016-01-15 18:21:47 -05:00
|
|
|
public function test_login()
|
2015-09-02 13:26:33 -04:00
|
|
|
{
|
2015-09-21 15:54:11 -04:00
|
|
|
$this->login('admin@admin.com', 'password')
|
2016-01-15 18:21:47 -05:00
|
|
|
->seePageIs('/');
|
2015-09-02 13:26:33 -04:00
|
|
|
}
|
|
|
|
|
2016-01-15 18:21:47 -05:00
|
|
|
public function test_public_viewing()
|
2015-09-10 15:28:53 -04:00
|
|
|
{
|
|
|
|
$settings = app('BookStack\Services\SettingService');
|
|
|
|
$settings->put('app-public', 'true');
|
|
|
|
$this->visit('/')
|
|
|
|
->seePageIs('/')
|
2016-12-04 09:08:04 -05:00
|
|
|
->see('Log In');
|
2015-09-10 15:28:53 -04:00
|
|
|
}
|
|
|
|
|
2016-01-15 18:21:47 -05:00
|
|
|
public function test_registration_showing()
|
2015-09-10 15:28:53 -04:00
|
|
|
{
|
|
|
|
// Ensure registration form is showing
|
|
|
|
$this->setSettings(['registration-enabled' => 'true']);
|
|
|
|
$this->visit('/login')
|
|
|
|
->see('Sign up')
|
|
|
|
->click('Sign up')
|
|
|
|
->seePageIs('/register');
|
|
|
|
}
|
|
|
|
|
2016-01-15 18:21:47 -05:00
|
|
|
public function test_normal_registration()
|
2015-09-10 15:28:53 -04:00
|
|
|
{
|
2015-09-21 15:54:11 -04:00
|
|
|
// Set settings and get user instance
|
2015-09-10 15:28:53 -04:00
|
|
|
$this->setSettings(['registration-enabled' => 'true']);
|
|
|
|
$user = factory(\BookStack\User::class)->make();
|
|
|
|
|
2015-09-21 15:54:11 -04:00
|
|
|
// Test form and ensure user is created
|
2015-09-10 15:28:53 -04:00
|
|
|
$this->visit('/register')
|
|
|
|
->see('Sign Up')
|
|
|
|
->type($user->name, '#name')
|
|
|
|
->type($user->email, '#email')
|
|
|
|
->type($user->password, '#password')
|
|
|
|
->press('Create Account')
|
|
|
|
->seePageIs('/')
|
2015-09-21 15:54:11 -04:00
|
|
|
->see($user->name)
|
|
|
|
->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email]);
|
2015-09-10 15:28:53 -04:00
|
|
|
}
|
|
|
|
|
2016-01-15 18:21:47 -05:00
|
|
|
|
|
|
|
public function test_confirmed_registration()
|
2015-09-10 15:28:53 -04:00
|
|
|
{
|
2016-09-17 13:22:04 -04:00
|
|
|
// Fake notifications
|
|
|
|
Notification::fake();
|
|
|
|
|
2015-09-21 15:54:11 -04:00
|
|
|
// Set settings and get user instance
|
|
|
|
$this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true']);
|
|
|
|
$user = factory(\BookStack\User::class)->make();
|
|
|
|
|
|
|
|
// Go through registration process
|
|
|
|
$this->visit('/register')
|
|
|
|
->see('Sign Up')
|
|
|
|
->type($user->name, '#name')
|
|
|
|
->type($user->email, '#email')
|
|
|
|
->type($user->password, '#password')
|
|
|
|
->press('Create Account')
|
|
|
|
->seePageIs('/register/confirm')
|
|
|
|
->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);
|
|
|
|
|
2016-09-17 13:22:04 -04:00
|
|
|
// Ensure notification sent
|
|
|
|
$dbUser = \BookStack\User::where('email', '=', $user->email)->first();
|
|
|
|
Notification::assertSentTo($dbUser, ConfirmEmail::class);
|
|
|
|
|
2015-09-21 15:54:11 -04:00
|
|
|
// Test access and resend confirmation email
|
|
|
|
$this->login($user->email, $user->password)
|
|
|
|
->seePageIs('/register/confirm/awaiting')
|
|
|
|
->see('Resend')
|
|
|
|
->visit('/books')
|
|
|
|
->seePageIs('/register/confirm/awaiting')
|
|
|
|
->press('Resend Confirmation Email');
|
|
|
|
|
2016-09-17 13:22:04 -04:00
|
|
|
// Get confirmation and confirm notification matches
|
|
|
|
$emailConfirmation = DB::table('email_confirmations')->where('user_id', '=', $dbUser->id)->first();
|
|
|
|
Notification::assertSentTo($dbUser, ConfirmEmail::class, function($notification, $channels) use ($emailConfirmation) {
|
|
|
|
return $notification->token === $emailConfirmation->token;
|
|
|
|
});
|
|
|
|
|
|
|
|
// Check confirmation email confirmation activation.
|
|
|
|
$this->visit('/register/confirm/' . $emailConfirmation->token)
|
2015-09-21 15:54:11 -04:00
|
|
|
->seePageIs('/')
|
|
|
|
->see($user->name)
|
|
|
|
->notSeeInDatabase('email_confirmations', ['token' => $emailConfirmation->token])
|
2016-09-17 13:22:04 -04:00
|
|
|
->seeInDatabase('users', ['name' => $dbUser->name, 'email' => $dbUser->email, 'email_confirmed' => true]);
|
2015-09-10 15:28:53 -04:00
|
|
|
}
|
|
|
|
|
2016-01-15 18:21:47 -05:00
|
|
|
public function test_restricted_registration()
|
|
|
|
{
|
|
|
|
$this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true', 'registration-restrict' => 'example.com']);
|
|
|
|
$user = factory(\BookStack\User::class)->make();
|
|
|
|
// Go through registration process
|
|
|
|
$this->visit('/register')
|
|
|
|
->type($user->name, '#name')
|
|
|
|
->type($user->email, '#email')
|
|
|
|
->type($user->password, '#password')
|
|
|
|
->press('Create Account')
|
|
|
|
->seePageIs('/register')
|
|
|
|
->dontSeeInDatabase('users', ['email' => $user->email])
|
|
|
|
->see('That email domain does not have access to this application');
|
|
|
|
|
|
|
|
$user->email = 'barry@example.com';
|
|
|
|
|
|
|
|
$this->visit('/register')
|
|
|
|
->type($user->name, '#name')
|
|
|
|
->type($user->email, '#email')
|
|
|
|
->type($user->password, '#password')
|
|
|
|
->press('Create Account')
|
|
|
|
->seePageIs('/register/confirm')
|
|
|
|
->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_user_creation()
|
2015-10-18 11:06:06 -04:00
|
|
|
{
|
|
|
|
$user = factory(\BookStack\User::class)->make();
|
2016-01-02 09:48:35 -05:00
|
|
|
|
2015-10-18 11:06:06 -04:00
|
|
|
$this->asAdmin()
|
2016-02-16 16:25:11 -05:00
|
|
|
->visit('/settings/users')
|
2016-12-04 09:08:04 -05:00
|
|
|
->click('Add New User')
|
2015-10-18 11:06:06 -04:00
|
|
|
->type($user->name, '#name')
|
|
|
|
->type($user->email, '#email')
|
2016-02-27 14:24:42 -05:00
|
|
|
->check('roles[admin]')
|
2015-10-18 11:06:06 -04:00
|
|
|
->type($user->password, '#password')
|
|
|
|
->type($user->password, '#password-confirm')
|
|
|
|
->press('Save')
|
2016-02-16 16:25:11 -05:00
|
|
|
->seePageIs('/settings/users')
|
2016-02-27 14:24:42 -05:00
|
|
|
->seeInDatabase('users', $user->toArray())
|
2015-10-18 11:06:06 -04:00
|
|
|
->see($user->name);
|
2016-01-02 09:48:35 -05:00
|
|
|
}
|
2015-10-18 11:06:06 -04:00
|
|
|
|
2016-01-15 18:21:47 -05:00
|
|
|
public function test_user_updating()
|
2016-01-02 09:48:35 -05:00
|
|
|
{
|
2016-09-29 12:07:58 -04:00
|
|
|
$user = $this->getNormalUser();
|
2016-01-02 09:48:35 -05:00
|
|
|
$password = $user->password;
|
2015-10-18 11:06:06 -04:00
|
|
|
$this->asAdmin()
|
2016-02-16 16:25:11 -05:00
|
|
|
->visit('/settings/users')
|
2015-10-18 11:06:06 -04:00
|
|
|
->click($user->name)
|
2016-02-16 16:25:11 -05:00
|
|
|
->seePageIs('/settings/users/' . $user->id)
|
2015-10-18 11:06:06 -04:00
|
|
|
->see($user->email)
|
|
|
|
->type('Barry Scott', '#name')
|
|
|
|
->press('Save')
|
2016-02-16 16:25:11 -05:00
|
|
|
->seePageIs('/settings/users')
|
2016-01-02 09:48:35 -05:00
|
|
|
->seeInDatabase('users', ['id' => $user->id, 'name' => 'Barry Scott', 'password' => $password])
|
2015-10-18 11:06:06 -04:00
|
|
|
->notSeeInDatabase('users', ['name' => $user->name]);
|
2016-01-02 09:48:35 -05:00
|
|
|
}
|
|
|
|
|
2016-01-15 18:21:47 -05:00
|
|
|
public function test_user_password_update()
|
2016-01-02 09:48:35 -05:00
|
|
|
{
|
2016-09-29 12:07:58 -04:00
|
|
|
$user = $this->getNormalUser();
|
2016-02-16 16:25:11 -05:00
|
|
|
$userProfilePage = '/settings/users/' . $user->id;
|
2016-01-02 09:48:35 -05:00
|
|
|
$this->asAdmin()
|
|
|
|
->visit($userProfilePage)
|
|
|
|
->type('newpassword', '#password')
|
|
|
|
->press('Save')
|
|
|
|
->seePageIs($userProfilePage)
|
|
|
|
->see('Password confirmation required')
|
|
|
|
|
|
|
|
->type('newpassword', '#password')
|
|
|
|
->type('newpassword', '#password-confirm')
|
|
|
|
->press('Save')
|
2016-02-16 16:25:11 -05:00
|
|
|
->seePageIs('/settings/users');
|
2016-01-02 09:48:35 -05:00
|
|
|
|
|
|
|
$userPassword = \BookStack\User::find($user->id)->password;
|
|
|
|
$this->assertTrue(Hash::check('newpassword', $userPassword));
|
|
|
|
}
|
|
|
|
|
2016-01-15 18:21:47 -05:00
|
|
|
public function test_user_deletion()
|
2016-01-02 09:48:35 -05:00
|
|
|
{
|
|
|
|
$userDetails = factory(\BookStack\User::class)->make();
|
2016-05-07 09:29:43 -04:00
|
|
|
$user = $this->getEditor($userDetails->toArray());
|
2015-10-18 11:06:06 -04:00
|
|
|
|
|
|
|
$this->asAdmin()
|
2016-02-16 16:25:11 -05:00
|
|
|
->visit('/settings/users/' . $user->id)
|
2016-01-02 09:48:35 -05:00
|
|
|
->click('Delete User')
|
2015-10-18 11:06:06 -04:00
|
|
|
->see($user->name)
|
|
|
|
->press('Confirm')
|
2016-02-16 16:25:11 -05:00
|
|
|
->seePageIs('/settings/users')
|
2015-10-18 11:06:06 -04:00
|
|
|
->notSeeInDatabase('users', ['name' => $user->name]);
|
|
|
|
}
|
|
|
|
|
2016-01-15 18:21:47 -05:00
|
|
|
public function test_user_cannot_be_deleted_if_last_admin()
|
2016-01-02 09:48:35 -05:00
|
|
|
{
|
|
|
|
$adminRole = \BookStack\Role::getRole('admin');
|
|
|
|
// Ensure we currently only have 1 admin user
|
|
|
|
$this->assertEquals(1, $adminRole->users()->count());
|
|
|
|
$user = $adminRole->users->first();
|
|
|
|
|
2016-02-16 16:25:11 -05:00
|
|
|
$this->asAdmin()->visit('/settings/users/' . $user->id)
|
2016-01-02 09:48:35 -05:00
|
|
|
->click('Delete User')
|
|
|
|
->press('Confirm')
|
2016-02-16 16:25:11 -05:00
|
|
|
->seePageIs('/settings/users/' . $user->id)
|
2016-01-02 09:48:35 -05:00
|
|
|
->see('You cannot delete the only admin');
|
|
|
|
}
|
|
|
|
|
2016-01-15 18:21:47 -05:00
|
|
|
public function test_logout()
|
2015-09-02 13:26:33 -04:00
|
|
|
{
|
|
|
|
$this->asAdmin()
|
|
|
|
->visit('/')
|
|
|
|
->seePageIs('/')
|
|
|
|
->visit('/logout')
|
|
|
|
->visit('/')
|
|
|
|
->seePageIs('/login');
|
|
|
|
}
|
2015-09-21 15:54:11 -04:00
|
|
|
|
2016-10-30 07:33:56 -04:00
|
|
|
public function test_reset_password_flow()
|
|
|
|
{
|
|
|
|
$this->visit('/login')->click('Forgot Password?')
|
|
|
|
->seePageIs('/password/email')
|
|
|
|
->type('admin@admin.com', 'email')
|
|
|
|
->press('Send Reset Link')
|
|
|
|
->see('A password reset link has been sent to admin@admin.com');
|
|
|
|
|
|
|
|
$this->seeInDatabase('password_resets', [
|
|
|
|
'email' => 'admin@admin.com'
|
|
|
|
]);
|
|
|
|
|
|
|
|
$reset = DB::table('password_resets')->where('email', '=', 'admin@admin.com')->first();
|
|
|
|
$this->visit('/password/reset/' . $reset->token)
|
|
|
|
->see('Reset Password')
|
|
|
|
->submitForm('Reset Password', [
|
|
|
|
'email' => 'admin@admin.com',
|
|
|
|
'password' => 'randompass',
|
|
|
|
'password_confirmation' => 'randompass'
|
|
|
|
])->seePageIs('/')
|
|
|
|
->see('Your password has been successfully reset');
|
|
|
|
}
|
|
|
|
|
|
|
|
public function test_reset_password_page_shows_sign_links()
|
|
|
|
{
|
|
|
|
$this->setSettings(['registration-enabled' => 'true']);
|
|
|
|
$this->visit('/password/email')
|
2016-11-17 08:33:07 -05:00
|
|
|
->seeLink('Log in')
|
2016-10-30 07:33:56 -04:00
|
|
|
->seeLink('Sign up');
|
|
|
|
}
|
|
|
|
|
2015-09-21 15:54:11 -04:00
|
|
|
/**
|
|
|
|
* Perform a login
|
|
|
|
* @param string $email
|
|
|
|
* @param string $password
|
|
|
|
* @return $this
|
|
|
|
*/
|
2016-01-15 18:21:47 -05:00
|
|
|
protected function login($email, $password)
|
2015-09-21 15:54:11 -04:00
|
|
|
{
|
|
|
|
return $this->visit('/login')
|
|
|
|
->type($email, '#email')
|
|
|
|
->type($password, '#password')
|
2016-11-17 08:33:07 -05:00
|
|
|
->press('Log In');
|
2015-09-21 15:54:11 -04:00
|
|
|
}
|
2015-09-02 13:26:33 -04:00
|
|
|
}
|