mirror of
https://github.com/BookStackApp/BookStack.git
synced 2024-10-01 05:36:00 +00:00
Added login throttling test, updated reset-pw test method names
This commit is contained in:
parent
90b4257889
commit
5c5ea64228
@ -133,6 +133,19 @@ class AuthTest extends TestCase
|
|||||||
$this->assertFalse(auth()->check());
|
$this->assertFalse(auth()->check());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function test_login_attempts_are_rate_limited()
|
||||||
|
{
|
||||||
|
for ($i = 0; $i < 5; $i++) {
|
||||||
|
$resp = $this->login('bennynotexisting@example.com', 'pw123');
|
||||||
|
}
|
||||||
|
$resp = $this->followRedirects($resp);
|
||||||
|
$resp->assertSee('These credentials do not match our records.');
|
||||||
|
|
||||||
|
// Check the fifth attempt provides a lockout response
|
||||||
|
$resp = $this->followRedirects($this->login('bennynotexisting@example.com', 'pw123'));
|
||||||
|
$resp->assertSee('Too many login attempts. Please try again in');
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Perform a login.
|
* Perform a login.
|
||||||
*/
|
*/
|
||||||
|
@ -9,7 +9,7 @@ use Tests\TestCase;
|
|||||||
|
|
||||||
class ResetPasswordTest extends TestCase
|
class ResetPasswordTest extends TestCase
|
||||||
{
|
{
|
||||||
public function test_reset_password_flow()
|
public function test_reset_flow()
|
||||||
{
|
{
|
||||||
Notification::fake();
|
Notification::fake();
|
||||||
|
|
||||||
@ -52,7 +52,7 @@ class ResetPasswordTest extends TestCase
|
|||||||
$this->get('/')->assertSee('Your password has been successfully reset');
|
$this->get('/')->assertSee('Your password has been successfully reset');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function test_reset_password_flow_shows_success_message_even_if_wrong_password_to_prevent_user_discovery()
|
public function test_reset_flow_shows_success_message_even_if_wrong_password_to_prevent_user_discovery()
|
||||||
{
|
{
|
||||||
$this->get('/password/email');
|
$this->get('/password/email');
|
||||||
$resp = $this->followingRedirects()->post('/password/email', [
|
$resp = $this->followingRedirects()->post('/password/email', [
|
||||||
@ -75,7 +75,7 @@ class ResetPasswordTest extends TestCase
|
|||||||
->assertSee('The password reset token is invalid for this email address.');
|
->assertSee('The password reset token is invalid for this email address.');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function test_reset_password_page_shows_sign_links()
|
public function test_reset_page_shows_sign_links()
|
||||||
{
|
{
|
||||||
$this->setSettings(['registration-enabled' => 'true']);
|
$this->setSettings(['registration-enabled' => 'true']);
|
||||||
$resp = $this->get('/password/email');
|
$resp = $this->get('/password/email');
|
||||||
@ -83,7 +83,7 @@ class ResetPasswordTest extends TestCase
|
|||||||
->assertElementContains('a', 'Sign up');
|
->assertElementContains('a', 'Sign up');
|
||||||
}
|
}
|
||||||
|
|
||||||
public function test_reset_password_request_is_throttled()
|
public function test_reset_request_is_throttled()
|
||||||
{
|
{
|
||||||
$editor = $this->getEditor();
|
$editor = $this->getEditor();
|
||||||
Notification::fake();
|
Notification::fake();
|
||||||
|
Loading…
Reference in New Issue
Block a user