Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-07-17 00:32:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
3a402f6adc
BookStack/tests/Auth/AuthTest.php

456 lines
16 KiB
PHP
Raw Normal View History

Updated test files to be PSR-4 compliant Closes #1924
2020-04-04 00:16:05 +00:00
<?php namespace Tests\Auth;
Tweaked some styles and started automated testing. Fixes #11.
2015-09-02 17:26:33 +00:00
Updated password reset process not to indicate if email exists - Intended to prevent enumeration to check if a user exists. - Updated messages on both the reqest-reset and set-password elements. - Also updated notification auto-hide to be dynamic based upon the amount of words within the notification. - Added tests to cover. For #2016
2020-04-10 12:38:08 +00:00
use BookStack\Auth\Role;
Add docker development environment
2019-06-23 11:16:45 +00:00
use BookStack\Auth\User;
Fixed some mis-refactoring and split search service Search service broken into index and runner tools.
2020-11-22 00:17:45 +00:00
use BookStack\Entities\Models\Page;
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process
2016-09-17 17:22:04 +00:00
use BookStack\Notifications\ConfirmEmail;
Updated password reset process not to indicate if email exists - Intended to prevent enumeration to check if a user exists. - Updated messages on both the reqest-reset and set-password elements. - Also updated notification auto-hide to be dynamic based upon the amount of words within the notification. - Added tests to cover. For #2016
2020-04-10 12:38:08 +00:00
use BookStack\Notifications\ResetPassword;
Re-structured the app code to be feature based rather than code type based
2018-09-25 11:30:50 +00:00
use BookStack\Settings\SettingService;
Updated password reset process not to indicate if email exists - Intended to prevent enumeration to check if a user exists. - Updated messages on both the reqest-reset and set-password elements. - Also updated notification auto-hide to be dynamic based upon the amount of words within the notification. - Added tests to cover. For #2016
2020-04-10 12:38:08 +00:00
use DB;
use Hash;
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process
2016-09-17 17:22:04 +00:00
use Illuminate\Support\Facades\Notification;
Updated testing for user slugs
2021-03-10 23:04:18 +00:00
use Illuminate\Support\Str;
Updated test files to be PSR-4 compliant Closes #1924
2020-04-04 00:16:05 +00:00
use Tests\BrowserKitTest;
Added tests for confirmed registration
2015-09-21 19:54:11 +00:00
Upgraded to Laravel 5.4
2017-01-25 19:35:40 +00:00
class AuthTest extends BrowserKitTest
Tweaked some styles and started automated testing. Fixes #11.
2015-09-02 17:26:33 +00:00
{
Cleaned tests up, Started LDAP tests, Created LDAP wrapper
2016-01-15 23:21:47 +00:00
public function test_auth_working()
Tweaked some styles and started automated testing. Fixes #11.
2015-09-02 17:26:33 +00:00
{
$this->visit('/')
->seePageIs('/login');
}
Cleaned tests up, Started LDAP tests, Created LDAP wrapper
2016-01-15 23:21:47 +00:00
public function test_login()
Tweaked some styles and started automated testing. Fixes #11.
2015-09-02 17:26:33 +00:00
{
Added tests for confirmed registration
2015-09-21 19:54:11 +00:00
$this->login('admin@admin.com', 'password')
Cleaned tests up, Started LDAP tests, Created LDAP wrapper
2016-01-15 23:21:47 +00:00
->seePageIs('/');
Tweaked some styles and started automated testing. Fixes #11.
2015-09-02 17:26:33 +00:00
}
Cleaned tests up, Started LDAP tests, Created LDAP wrapper
2016-01-15 23:21:47 +00:00
public function test_public_viewing()
Added some basic registration testing
2015-09-10 19:28:53 +00:00
{
Re-structured the app code to be feature based rather than code type based
2018-09-25 11:30:50 +00:00
$settings = app(SettingService::class);
Added some basic registration testing
2015-09-10 19:28:53 +00:00
$settings->put('app-public', 'true');
$this->visit('/')
->seePageIs('/')
Extracted text for remaining views
2016-12-04 14:08:04 +00:00
->see('Log In');
Added some basic registration testing
2015-09-10 19:28:53 +00:00
}
Cleaned tests up, Started LDAP tests, Created LDAP wrapper
2016-01-15 23:21:47 +00:00
public function test_registration_showing()
Added some basic registration testing
2015-09-10 19:28:53 +00:00
{
// Ensure registration form is showing
$this->setSettings(['registration-enabled' => 'true']);
$this->visit('/login')
->see('Sign up')
->click('Sign up')
->seePageIs('/register');
}
Cleaned tests up, Started LDAP tests, Created LDAP wrapper
2016-01-15 23:21:47 +00:00
public function test_normal_registration()
Added some basic registration testing
2015-09-10 19:28:53 +00:00
{
Added tests for confirmed registration
2015-09-21 19:54:11 +00:00
// Set settings and get user instance
Added some basic registration testing
2015-09-10 19:28:53 +00:00
$this->setSettings(['registration-enabled' => 'true']);
Fixed validation issue on register post Added test to cover and also cleaned up RegisterController comments. Fixes #670
2018-01-28 17:15:30 +00:00
$user = factory(User::class)->make();
Added some basic registration testing
2015-09-10 19:28:53 +00:00
Added tests for confirmed registration
2015-09-21 19:54:11 +00:00
// Test form and ensure user is created
Added some basic registration testing
2015-09-10 19:28:53 +00:00
$this->visit('/register')
->see('Sign Up')
->type($user->name, '#name')
->type($user->email, '#email')
->type($user->password, '#password')
->press('Create Account')
->seePageIs('/')
Added tests for confirmed registration
2015-09-21 19:54:11 +00:00
->see($user->name)
->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email]);
Added some basic registration testing
2015-09-10 19:28:53 +00:00
}
Fixed validation issue on register post Added test to cover and also cleaned up RegisterController comments. Fixes #670
2018-01-28 17:15:30 +00:00
public function test_empty_registration_redirects_back_with_errors()
{
// Set settings and get user instance
$this->setSettings(['registration-enabled' => 'true']);
// Test form and ensure user is created
$this->visit('/register')
->press('Create Account')
->see('The name field is required')
->seePageIs('/register');
}
Add min length validation on name on register form & add sign up link
2019-04-16 11:18:51 +00:00
public function test_registration_validation()
{
$this->setSettings(['registration-enabled' => 'true']);
$this->visit('/register')
->type('1', '#name')
->type('1', '#email')
->type('1', '#password')
->press('Create Account')
->see('The name must be at least 2 characters.')
->see('The email must be a valid email address.')
Updated to Laravel 5.8
2019-09-13 22:58:40 +00:00
->see('The password must be at least 8 characters.')
Add min length validation on name on register form & add sign up link
2019-04-16 11:18:51 +00:00
->seePageIs('/register');
}
public function test_sign_up_link_on_login()
{
$this->visit('/login')
->dontSee('Sign up');
$this->setSettings(['registration-enabled' => 'true']);
$this->visit('/login')
->see('Sign up');
}
Cleaned tests up, Started LDAP tests, Created LDAP wrapper
2016-01-15 23:21:47 +00:00
public function test_confirmed_registration()
Added some basic registration testing
2015-09-10 19:28:53 +00:00
{
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process
2016-09-17 17:22:04 +00:00
// Fake notifications
Notification::fake();
Added tests for confirmed registration
2015-09-21 19:54:11 +00:00
// Set settings and get user instance
$this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true']);
Fixed validation issue on register post Added test to cover and also cleaned up RegisterController comments. Fixes #670
2018-01-28 17:15:30 +00:00
$user = factory(User::class)->make();
Added tests for confirmed registration
2015-09-21 19:54:11 +00:00
// Go through registration process
$this->visit('/register')
->see('Sign Up')
->type($user->name, '#name')
->type($user->email, '#email')
->type($user->password, '#password')
->press('Create Account')
->seePageIs('/register/confirm')
->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process
2016-09-17 17:22:04 +00:00
// Ensure notification sent
Fixed validation issue on register post Added test to cover and also cleaned up RegisterController comments. Fixes #670
2018-01-28 17:15:30 +00:00
$dbUser = User::where('email', '=', $user->email)->first();
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process
2016-09-17 17:22:04 +00:00
Notification::assertSentTo($dbUser, ConfirmEmail::class);
Added tests for confirmed registration
2015-09-21 19:54:11 +00:00
// Test access and resend confirmation email
$this->login($user->email, $user->password)
->seePageIs('/register/confirm/awaiting')
->see('Resend')
->visit('/books')
->seePageIs('/register/confirm/awaiting')
->press('Resend Confirmation Email');
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process
2016-09-17 17:22:04 +00:00
// Get confirmation and confirm notification matches
Updated password reset process not to indicate if email exists - Intended to prevent enumeration to check if a user exists. - Updated messages on both the reqest-reset and set-password elements. - Also updated notification auto-hide to be dynamic based upon the amount of words within the notification. - Added tests to cover. For #2016
2020-04-10 12:38:08 +00:00
$emailConfirmation = DB::table('email_confirmations')->where('user_id', '=', $dbUser->id)->first();
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process
2016-09-17 17:22:04 +00:00
Notification::assertSentTo($dbUser, ConfirmEmail::class, function($notification, $channels) use ($emailConfirmation) {
return $notification->token === $emailConfirmation->token;
});
// Check confirmation email confirmation activation.
$this->visit('/register/confirm/' . $emailConfirmation->token)
Added tests for confirmed registration
2015-09-21 19:54:11 +00:00
->seePageIs('/')
->see($user->name)
->notSeeInDatabase('email_confirmations', ['token' => $emailConfirmation->token])
Laravel 5.3 upgrade (#189) * Started move to laravel 5.3 * Started updating login & registration flows for laravel 5.3 update * Updated app emails to notification system * Fixed registations bugs and removed email confirmation model * Fixed large portion of laravel post-upgrade issues * Fixed and tested LDAP process
2016-09-17 17:22:04 +00:00
->seeInDatabase('users', ['name' => $dbUser->name, 'email' => $dbUser->email, 'email_confirmed' => true]);
Added some basic registration testing
2015-09-10 19:28:53 +00:00
}
Cleaned tests up, Started LDAP tests, Created LDAP wrapper
2016-01-15 23:21:47 +00:00
public function test_restricted_registration()
{
$this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'true', 'registration-restrict' => 'example.com']);
Fixed validation issue on register post Added test to cover and also cleaned up RegisterController comments. Fixes #670
2018-01-28 17:15:30 +00:00
$user = factory(User::class)->make();
Cleaned tests up, Started LDAP tests, Created LDAP wrapper
2016-01-15 23:21:47 +00:00
// Go through registration process
$this->visit('/register')
->type($user->name, '#name')
->type($user->email, '#email')
->type($user->password, '#password')
->press('Create Account')
->seePageIs('/register')
->dontSeeInDatabase('users', ['email' => $user->email])
->see('That email domain does not have access to this application');
$user->email = 'barry@example.com';
$this->visit('/register')
->type($user->name, '#name')
->type($user->email, '#email')
->type($user->password, '#password')
->press('Create Account')
->seePageIs('/register/confirm')
->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);
Fixed required email confirmation with domain restriction Added test to cover scenario. Closes #573
2017-11-11 18:09:48 +00:00
Updated flow to ensure /register/confirm route is used where needed Was accidentally skipped during previous updates. Will now be used on saml, ldap & standard registration where required. Uses session to know if the email was just sent and, if so, show the confirmation route.
2020-09-05 16:26:48 +00:00
$this->visit('/')
->seePageIs('/register/confirm/awaiting');
auth()->logout();
Fixed required email confirmation with domain restriction Added test to cover scenario. Closes #573
2017-11-11 18:09:48 +00:00
$this->visit('/')->seePageIs('/login')
->type($user->email, '#email')
->type($user->password, '#password')
->press('Log In')
->seePageIs('/register/confirm/awaiting')
->seeText('Email Address Not Confirmed');
}
public function test_restricted_registration_with_confirmation_disabled()
{
$this->setSettings(['registration-enabled' => 'true', 'registration-confirmation' => 'false', 'registration-restrict' => 'example.com']);
Fixed validation issue on register post Added test to cover and also cleaned up RegisterController comments. Fixes #670
2018-01-28 17:15:30 +00:00
$user = factory(User::class)->make();
Fixed required email confirmation with domain restriction Added test to cover scenario. Closes #573
2017-11-11 18:09:48 +00:00
// Go through registration process
$this->visit('/register')
->type($user->name, '#name')
->type($user->email, '#email')
->type($user->password, '#password')
->press('Create Account')
->seePageIs('/register')
->dontSeeInDatabase('users', ['email' => $user->email])
->see('That email domain does not have access to this application');
$user->email = 'barry@example.com';
$this->visit('/register')
->type($user->name, '#name')
->type($user->email, '#email')
->type($user->password, '#password')
->press('Create Account')
->seePageIs('/register/confirm')
->seeInDatabase('users', ['name' => $user->name, 'email' => $user->email, 'email_confirmed' => false]);
Updated flow to ensure /register/confirm route is used where needed Was accidentally skipped during previous updates. Will now be used on saml, ldap & standard registration where required. Uses session to know if the email was just sent and, if so, show the confirmation route.
2020-09-05 16:26:48 +00:00
$this->visit('/')
->seePageIs('/register/confirm/awaiting');
auth()->logout();
Fixed required email confirmation with domain restriction Added test to cover scenario. Closes #573
2017-11-11 18:09:48 +00:00
$this->visit('/')->seePageIs('/login')
->type($user->email, '#email')
->type($user->password, '#password')
->press('Log In')
->seePageIs('/register/confirm/awaiting')
->seeText('Email Address Not Confirmed');
Cleaned tests up, Started LDAP tests, Created LDAP wrapper
2016-01-15 23:21:47 +00:00
}
public function test_user_creation()
Added tests for user crud
2015-10-18 15:06:06 +00:00
{
Updated testing for user slugs
2021-03-10 23:04:18 +00:00
/** @var User $user */
Fixed validation issue on register post Added test to cover and also cleaned up RegisterController comments. Fixes #670
2018-01-28 17:15:30 +00:00
$user = factory(User::class)->make();
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
$adminRole = Role::getRole('admin');
Added more tests to increase test coverage
2016-01-02 14:48:35 +00:00
Added tests for user crud
2015-10-18 15:06:06 +00:00
$this->asAdmin()
Started work on user profile pages
2016-02-16 21:25:11 +00:00
->visit('/settings/users')
Extracted text for remaining views
2016-12-04 14:08:04 +00:00
->click('Add New User')
Added tests for user crud
2015-10-18 15:06:06 +00:00
->type($user->name, '#name')
->type($user->email, '#email')
Removed role 'name' field from database The 'name' field was really redundant and caused confusion in the codebase, since the 'Display' name is often used and we have a 'system_name' for the admin and public role. This fixes #2032, Where external auth group matching has confusing behaviour as matching was done against the display_name, if no external_auth field is set, but only roles with a match 'name' field would be considered. This also fixes and error where the role users migration, on role delete, would not actually fire due to mis-matching http body keys. Looks like this has been an issue from the start. Added some testing to cover. Fixes #2211. Also converted phpdoc to typehints in many areas of the reviewed code during the above.
2020-08-04 13:55:01 +00:00
->check("roles[{$adminRole->id}]")
Added tests for user crud
2015-10-18 15:06:06 +00:00
->type($user->password, '#password')
->type($user->password, '#password-confirm')
->press('Save')
Started work on user profile pages
2016-02-16 21:25:11 +00:00
->seePageIs('/settings/users')
Updated testing for user slugs
2021-03-10 23:04:18 +00:00
->seeInDatabase('users', $user->only(['name', 'email']))
Added tests for user crud
2015-10-18 15:06:06 +00:00
->see($user->name);
Updated testing for user slugs
2021-03-10 23:04:18 +00:00
$user->refresh();
$this->assertStringStartsWith(Str::slug($user->name), $user->slug);
Added more tests to increase test coverage
2016-01-02 14:48:35 +00:00
}
Added tests for user crud
2015-10-18 15:06:06 +00:00
Cleaned tests up, Started LDAP tests, Created LDAP wrapper
2016-01-15 23:21:47 +00:00
public function test_user_updating()
Added more tests to increase test coverage
2016-01-02 14:48:35 +00:00
{
Updated and added tests for new default user system Closes #138
2016-09-29 16:07:58 +00:00
$user = $this->getNormalUser();
Added more tests to increase test coverage
2016-01-02 14:48:35 +00:00
$password = $user->password;
Added tests for user crud
2015-10-18 15:06:06 +00:00
$this->asAdmin()
Started work on user profile pages
2016-02-16 21:25:11 +00:00
->visit('/settings/users')
Added tests for user crud
2015-10-18 15:06:06 +00:00
->click($user->name)
Started work on user profile pages
2016-02-16 21:25:11 +00:00
->seePageIs('/settings/users/' . $user->id)
Added tests for user crud
2015-10-18 15:06:06 +00:00
->see($user->email)
->type('Barry Scott', '#name')
->press('Save')
Started work on user profile pages
2016-02-16 21:25:11 +00:00
->seePageIs('/settings/users')
Added more tests to increase test coverage
2016-01-02 14:48:35 +00:00
->seeInDatabase('users', ['id' => $user->id, 'name' => 'Barry Scott', 'password' => $password])
Added tests for user crud
2015-10-18 15:06:06 +00:00
->notSeeInDatabase('users', ['name' => $user->name]);
Updated testing for user slugs
2021-03-10 23:04:18 +00:00
$user->refresh();
$this->assertStringStartsWith(Str::slug($user->name), $user->slug);
Added more tests to increase test coverage
2016-01-02 14:48:35 +00:00
}
Cleaned tests up, Started LDAP tests, Created LDAP wrapper
2016-01-15 23:21:47 +00:00
public function test_user_password_update()
Added more tests to increase test coverage
2016-01-02 14:48:35 +00:00
{
Updated and added tests for new default user system Closes #138
2016-09-29 16:07:58 +00:00
$user = $this->getNormalUser();
Started work on user profile pages
2016-02-16 21:25:11 +00:00
$userProfilePage = '/settings/users/' . $user->id;
Added more tests to increase test coverage
2016-01-02 14:48:35 +00:00
$this->asAdmin()
->visit($userProfilePage)
->type('newpassword', '#password')
->press('Save')
->seePageIs($userProfilePage)
->see('Password confirmation required')
->type('newpassword', '#password')
->type('newpassword', '#password-confirm')
->press('Save')
Started work on user profile pages
2016-02-16 21:25:11 +00:00
->seePageIs('/settings/users');
Added more tests to increase test coverage
2016-01-02 14:48:35 +00:00
Fixed validation issue on register post Added test to cover and also cleaned up RegisterController comments. Fixes #670
2018-01-28 17:15:30 +00:00
$userPassword = User::find($user->id)->password;
Updated password reset process not to indicate if email exists - Intended to prevent enumeration to check if a user exists. - Updated messages on both the reqest-reset and set-password elements. - Also updated notification auto-hide to be dynamic based upon the amount of words within the notification. - Added tests to cover. For #2016
2020-04-10 12:38:08 +00:00
$this->assertTrue(Hash::check('newpassword', $userPassword));
Added more tests to increase test coverage
2016-01-02 14:48:35 +00:00
}
Cleaned tests up, Started LDAP tests, Created LDAP wrapper
2016-01-15 23:21:47 +00:00
public function test_user_deletion()
Added more tests to increase test coverage
2016-01-02 14:48:35 +00:00
{
Fixed validation issue on register post Added test to cover and also cleaned up RegisterController comments. Fixes #670
2018-01-28 17:15:30 +00:00
$userDetails = factory(User::class)->make();
Added further attribute endpoints and added tests
2016-05-07 13:29:43 +00:00
$user = $this->getEditor($userDetails->toArray());
Added tests for user crud
2015-10-18 15:06:06 +00:00
$this->asAdmin()
Started work on user profile pages
2016-02-16 21:25:11 +00:00
->visit('/settings/users/' . $user->id)
Added more tests to increase test coverage
2016-01-02 14:48:35 +00:00
->click('Delete User')
Added tests for user crud
2015-10-18 15:06:06 +00:00
->see($user->name)
->press('Confirm')
Started work on user profile pages
2016-02-16 21:25:11 +00:00
->seePageIs('/settings/users')
Added tests for user crud
2015-10-18 15:06:06 +00:00
->notSeeInDatabase('users', ['name' => $user->name]);
}
Cleaned tests up, Started LDAP tests, Created LDAP wrapper
2016-01-15 23:21:47 +00:00
public function test_user_cannot_be_deleted_if_last_admin()
Added more tests to increase test coverage
2016-01-02 14:48:35 +00:00
{
Updated password reset process not to indicate if email exists - Intended to prevent enumeration to check if a user exists. - Updated messages on both the reqest-reset and set-password elements. - Also updated notification auto-hide to be dynamic based upon the amount of words within the notification. - Added tests to cover. For #2016
2020-04-10 12:38:08 +00:00
$adminRole = Role::getRole('admin');
Add docker development environment
2019-06-23 11:16:45 +00:00
// Delete all but one admin user if there are more than one
$adminUsers = $adminRole->users;
if (count($adminUsers) > 1) {
foreach ($adminUsers->splice(1) as $user) {
$user->delete();
}
}
Added more tests to increase test coverage
2016-01-02 14:48:35 +00:00
// Ensure we currently only have 1 admin user
$this->assertEquals(1, $adminRole->users()->count());
$user = $adminRole->users->first();
Started work on user profile pages
2016-02-16 21:25:11 +00:00
$this->asAdmin()->visit('/settings/users/' . $user->id)
Added more tests to increase test coverage
2016-01-02 14:48:35 +00:00
->click('Delete User')
->press('Confirm')
Started work on user profile pages
2016-02-16 21:25:11 +00:00
->seePageIs('/settings/users/' . $user->id)
Added more tests to increase test coverage
2016-01-02 14:48:35 +00:00
->see('You cannot delete the only admin');
}
Cleaned tests up, Started LDAP tests, Created LDAP wrapper
2016-01-15 23:21:47 +00:00
public function test_logout()
Tweaked some styles and started automated testing. Fixes #11.
2015-09-02 17:26:33 +00:00
{
$this->asAdmin()
->visit('/')
->seePageIs('/')
->visit('/logout')
->visit('/')
->seePageIs('/login');
}
Added tests for confirmed registration
2015-09-21 19:54:11 +00:00
Improved password reset flow with notifications. Also added links to sign-in/register. Fixed links in emails sent out. Fixes #210 and #218.
2016-10-30 11:33:56 +00:00
public function test_reset_password_flow()
{
Upgraded to Laravel 5.4
2017-01-25 19:35:40 +00:00
Notification::fake();
Improved password reset flow with notifications. Also added links to sign-in/register. Fixed links in emails sent out. Fixes #210 and #218.
2016-10-30 11:33:56 +00:00
$this->visit('/login')->click('Forgot Password?')
->seePageIs('/password/email')
->type('admin@admin.com', 'email')
->press('Send Reset Link')
Updated password reset process not to indicate if email exists - Intended to prevent enumeration to check if a user exists. - Updated messages on both the reqest-reset and set-password elements. - Also updated notification auto-hide to be dynamic based upon the amount of words within the notification. - Added tests to cover. For #2016
2020-04-10 12:38:08 +00:00
->see('A password reset link will be sent to admin@admin.com if that email address is found in the system.');
Improved password reset flow with notifications. Also added links to sign-in/register. Fixed links in emails sent out. Fixes #210 and #218.
2016-10-30 11:33:56 +00:00
$this->seeInDatabase('password_resets', [
'email' => 'admin@admin.com'
]);
Fixed validation issue on register post Added test to cover and also cleaned up RegisterController comments. Fixes #670
2018-01-28 17:15:30 +00:00
$user = User::where('email', '=', 'admin@admin.com')->first();
Upgraded to Laravel 5.4
2017-01-25 19:35:40 +00:00
Updated password reset process not to indicate if email exists - Intended to prevent enumeration to check if a user exists. - Updated messages on both the reqest-reset and set-password elements. - Also updated notification auto-hide to be dynamic based upon the amount of words within the notification. - Added tests to cover. For #2016
2020-04-10 12:38:08 +00:00
Notification::assertSentTo($user, ResetPassword::class);
$n = Notification::sent($user, ResetPassword::class);
Upgraded to Laravel 5.4
2017-01-25 19:35:40 +00:00
$this->visit('/password/reset/' . $n->first()->token)
Improved password reset flow with notifications. Also added links to sign-in/register. Fixed links in emails sent out. Fixes #210 and #218.
2016-10-30 11:33:56 +00:00
->see('Reset Password')
->submitForm('Reset Password', [
'email' => 'admin@admin.com',
'password' => 'randompass',
'password_confirmation' => 'randompass'
])->seePageIs('/')
->see('Your password has been successfully reset');
}
Updated password reset process not to indicate if email exists - Intended to prevent enumeration to check if a user exists. - Updated messages on both the reqest-reset and set-password elements. - Also updated notification auto-hide to be dynamic based upon the amount of words within the notification. - Added tests to cover. For #2016
2020-04-10 12:38:08 +00:00
public function test_reset_password_flow_shows_success_message_even_if_wrong_password_to_prevent_user_discovery()
{
$this->visit('/login')->click('Forgot Password?')
->seePageIs('/password/email')
->type('barry@admin.com', 'email')
->press('Send Reset Link')
->see('A password reset link will be sent to barry@admin.com if that email address is found in the system.')
->dontSee('We can\'t find a user');
$this->visit('/password/reset/arandometokenvalue')
->see('Reset Password')
->submitForm('Reset Password', [
'email' => 'barry@admin.com',
'password' => 'randompass',
'password_confirmation' => 'randompass'
])->followRedirects()
->seePageIs('/password/reset/arandometokenvalue')
->dontSee('We can\'t find a user')
->see('The password reset token is invalid for this email address.');
}
Improved password reset flow with notifications. Also added links to sign-in/register. Fixed links in emails sent out. Fixes #210 and #218.
2016-10-30 11:33:56 +00:00
public function test_reset_password_page_shows_sign_links()
{
$this->setSettings(['registration-enabled' => 'true']);
$this->visit('/password/email')
Extracted text from book & chapter views
2016-11-17 13:33:07 +00:00
->seeLink('Log in')
Improved password reset flow with notifications. Also added links to sign-in/register. Fixed links in emails sent out. Fixes #210 and #218.
2016-10-30 11:33:56 +00:00
->seeLink('Sign up');
}
Fixed faulty baseUrl rewrites Fixes #1452 May help #1377
2019-05-19 15:25:05 +00:00
public function test_login_redirects_to_initially_requested_url_correctly()
{
config()->set('app.url', 'http://localhost');
$page = Page::query()->first();
$this->visit($page->getUrl())
Replaced use of custom 'baseUrl' helper with 'url' Also changed up how base URL setting was being done by manipulating incoming request URLs instead of altering then on generation.
2019-08-04 13:26:39 +00:00
->seePageUrlIs(url('/login'));
Fixed faulty baseUrl rewrites Fixes #1452 May help #1377
2019-05-19 15:25:05 +00:00
$this->login('admin@admin.com', 'password')
->seePageUrlIs($page->getUrl());
}
Updated public-login redirect to check url Direct links to the login pages for public instances could lead to a redirect back to an external page upon login. This adds a check to ensure the URL is a URL expected from the current bookstack instance, or at least under the same domain. Fixes #2073
2020-07-28 15:27:16 +00:00
public function test_login_intended_redirect_does_not_redirect_to_external_pages()
{
config()->set('app.url', 'http://localhost');
$this->setSettings(['app-public' => true]);
$this->get('/login', ['referer' => 'https://example.com']);
$login = $this->post('/login', ['email' => 'admin@admin.com', 'password' => 'password']);
$login->assertRedirectedTo('http://localhost');
}
Authenticated admins on all guards upon login For #2031
2020-04-25 17:19:22 +00:00
public function test_login_authenticates_admins_on_all_guards()
{
$this->post('/login', ['email' => 'admin@admin.com', 'password' => 'password']);
$this->assertTrue(auth()->check());
$this->assertTrue(auth('ldap')->check());
$this->assertTrue(auth('saml2')->check());
}
public function test_login_authenticates_nonadmins_on_default_guard_only()
{
$editor = $this->getEditor();
$editor->password = bcrypt('password');
$editor->save();
$this->post('/login', ['email' => $editor->email, 'password' => 'password']);
$this->assertTrue(auth()->check());
$this->assertFalse(auth('ldap')->check());
$this->assertFalse(auth('saml2')->check());
}
Updated functionality for logging failed access - Added testing to cover. - Linked logging into Laravel's monolog logging system and made log channel configurable. - Updated env var names to be specific to login access. - Added extra locations as to where failed logins would be captured. Related to #1881 and #728
2020-07-28 11:59:43 +00:00
public function test_failed_logins_are_logged_when_message_configured()
{
$log = $this->withTestLogger();
config()->set(['logging.failed_login.message' => 'Failed login for %u']);
$this->post('/login', ['email' => 'admin@example.com', 'password' => 'cattreedog']);
$this->assertTrue($log->hasWarningThatContains('Failed login for admin@example.com'));
$this->post('/login', ['email' => 'admin@admin.com', 'password' => 'password']);
$this->assertFalse($log->hasWarningThatContains('Failed login for admin@admin.com'));
}
Added tests for confirmed registration
2015-09-21 19:54:11 +00:00
/**
* Perform a login
*/
Authenticated admins on all guards upon login For #2031
2020-04-25 17:19:22 +00:00
protected function login(string $email, string $password): AuthTest
Added tests for confirmed registration
2015-09-21 19:54:11 +00:00
{
return $this->visit('/login')
->type($email, '#email')
->type($password, '#password')
Extracted text from book & chapter views
2016-11-17 13:33:07 +00:00
->press('Log In');
Added tests for confirmed registration
2015-09-21 19:54:11 +00:00
}
Tweaked some styles and started automated testing. Fixes #11.
2015-09-02 17:26:33 +00:00
}
Reference in New Issue Copy Permalink