Infra-Mirrors/BookStack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-07-07 20:02:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2890 from BookStackApp/analysis-kabPRy

Browse Source 
Apply fixes from StyleCI
This commit is contained in:
Dan Brown 2021-08-21 15:50:16 +01:00 committed by GitHub
commit ac110eb6b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
31 changed files with 173 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/Auth/Access/EmailConfirmationService.php
View File

@ -14,6 +14,7 @@ class EmailConfirmationService extends UserTokenService
/** /**
* Create new confirmation for a user, * Create new confirmation for a user,
* Also removes any existing old ones. * Also removes any existing old ones.
*
* @throws ConfirmationEmailException * @throws ConfirmationEmailException
*/ */
public function sendConfirmation(User $user) public function sendConfirmation(User $user)

12
app/Auth/Access/LoginService.php
View File

@ -13,7 +13,6 @@ use Exception;
class LoginService class LoginService
{ {
protected const LAST_LOGIN_ATTEMPTED_SESSION_KEY = 'auth-login-last-attempted'; protected const LAST_LOGIN_ATTEMPTED_SESSION_KEY = 'auth-login-last-attempted';
protected $mfaSession; protected $mfaSession;
@ -30,12 +29,14 @@ class LoginService
* Will start a login of the given user but will prevent if there's * Will start a login of the given user but will prevent if there's
* a reason to (MFA or Unconfirmed Email). * a reason to (MFA or Unconfirmed Email).
* Returns a boolean to indicate the current login result. * Returns a boolean to indicate the current login result.
*
* @throws StoppedAuthenticationException * @throws StoppedAuthenticationException
*/ */
public function login(User $user, string $method, bool $remember = false): void public function login(User $user, string $method, bool $remember = false): void
{ {
if ($this->awaitingEmailConfirmation($user) || $this->needsMfaVerification($user)) { if ($this->awaitingEmailConfirmation($user) || $this->needsMfaVerification($user)) {
$this->setLastLoginAttemptedForUser($user, $method, $remember); $this->setLastLoginAttemptedForUser($user, $method, $remember);
throw new StoppedAuthenticationException($user, $this); throw new StoppedAuthenticationException($user, $this);
} }
@ -55,6 +56,7 @@ class LoginService
/** /**
* Reattempt a system login after a previous stopped attempt. * Reattempt a system login after a previous stopped attempt.
*
* @throws Exception * @throws Exception
*/ */
public function reattemptLoginFor(User $user) public function reattemptLoginFor(User $user)
@ -75,12 +77,14 @@ class LoginService
public function getLastLoginAttemptUser(): ?User public function getLastLoginAttemptUser(): ?User
{ {
$id = $this->getLastLoginAttemptDetails()['user_id']; $id = $this->getLastLoginAttemptDetails()['user_id'];
return User::query()->where('id', '=', $id)->first(); return User::query()->where('id', '=', $id)->first();
} }
/** /**
* Get the details of the last login attempt. * Get the details of the last login attempt.
* Checks upon a ttl of about 1 hour since that last attempted login. * Checks upon a ttl of about 1 hour since that last attempted login.
*
* @return array{user_id: ?string, method: ?string, remember: bool} * @return array{user_id: ?string, method: ?string, remember: bool}
*/ */
protected function getLastLoginAttemptDetails(): array protected function getLastLoginAttemptDetails(): array
@ -91,9 +95,10 @@ class LoginService
} }
[$id, $method, $remember, $time] = explode(':', $value); [$id, $method, $remember, $time] = explode(':', $value);
$hourAgo = time() - (60*60); $hourAgo = time() - (60 * 60);
if ($time < $hourAgo) { if ($time < $hourAgo) {
$this->clearLastLoginAttempted(); $this->clearLastLoginAttempted();
return ['user_id' => null, 'method' => null]; return ['user_id' => null, 'method' => null];
} }
@ -156,5 +161,4 @@ class LoginService
return $result; return $result;
} }
}
}

4
app/Auth/Access/Mfa/BackupCodeService.php
View File

@ -29,6 +29,7 @@ class BackupCodeService
{ {
$cleanCode = $this->cleanInputCode($code); $cleanCode = $this->cleanInputCode($code);
$codes = json_decode($codeSet); $codes = json_decode($codeSet);
return in_array($cleanCode, $codes); return in_array($cleanCode, $codes);
} }
@ -42,6 +43,7 @@ class BackupCodeService
$codes = json_decode($codeSet); $codes = json_decode($codeSet);
$pos = array_search($cleanCode, $codes, true); $pos = array_search($cleanCode, $codes, true);
array_splice($codes, $pos, 1); array_splice($codes, $pos, 1);
return json_encode($codes); return json_encode($codes);
} }
@ -57,4 +59,4 @@ class BackupCodeService
{ {
return strtolower(str_replace(' ', '-', trim($code))); return strtolower(str_replace(' ', '-', trim($code)));
} }
} }

3
app/Auth/Access/Mfa/MfaSession.php
View File

@ -57,5 +57,4 @@ class MfaSession
{ {
return 'mfa-verification-passed:' . $user->id; return 'mfa-verification-passed:' . $user->id;
} }
}
}

6
app/Auth/Access/Mfa/MfaValue.php
View File

@ -7,8 +7,8 @@ use Carbon\Carbon;
use Illuminate\Database\Eloquent\Model; use Illuminate\Database\Eloquent\Model;
/** /**
* @property int $id * @property int $id
* @property int $user_id * @property int $user_id
* @property string $method * @property string $method
* @property string $value * @property string $value
* @property Carbon $created_at * @property Carbon $created_at
@ -38,7 +38,7 @@ class MfaValue extends Model
/** @var MfaValue $mfaVal */ /** @var MfaValue $mfaVal */
$mfaVal = static::query()->firstOrNew([ $mfaVal = static::query()->firstOrNew([
'user_id' => $user->id, 'user_id' => $user->id,
'method' => $method 'method' => $method,
]); ]);
$mfaVal->setValue($value); $mfaVal->setValue($value);
$mfaVal->save(); $mfaVal->save();

5
app/Auth/Access/Mfa/TotpService.php
View File

@ -51,10 +51,11 @@ class TotpService
public function generateQrCodeSvg(string $url): string public function generateQrCodeSvg(string $url): string
{ {
$color = Fill::uniformColor(new Rgb(255, 255, 255), new Rgb(32, 110, 167)); $color = Fill::uniformColor(new Rgb(255, 255, 255), new Rgb(32, 110, 167));
return (new Writer( return (new Writer(
new ImageRenderer( new ImageRenderer(
new RendererStyle(192, 0, null, null, $color), new RendererStyle(192, 0, null, null, $color),
new SvgImageBackEnd new SvgImageBackEnd()
) )
))->writeString($url); ))->writeString($url);
} }
@ -68,4 +69,4 @@ class TotpService
/** @noinspection PhpUnhandledExceptionInspection */ /** @noinspection PhpUnhandledExceptionInspection */
return $this->google2fa->verifyKey($secret, $code); return $this->google2fa->verifyKey($secret, $code);
} }
} }

1
app/Auth/Access/Mfa/TotpValidationRule.php
View File

@ -6,7 +6,6 @@ use Illuminate\Contracts\Validation\Rule;
class TotpValidationRule implements Rule class TotpValidationRule implements Rule
{ {
protected $secret; protected $secret;
protected $totpService; protected $totpService;

1
app/Auth/Access/RegistrationService.php
View File

@ -88,6 +88,7 @@ class RegistrationService
session()->flash('sent-email-confirmation', true); session()->flash('sent-email-confirmation', true);
} catch (Exception $e) { } catch (Exception $e) {
$message = trans('auth.email_confirm_send_error'); $message = trans('auth.email_confirm_send_error');
throw new UserRegistrationException($message, '/register/confirm'); throw new UserRegistrationException($message, '/register/confirm');
} }
} }

5
app/Auth/Access/Saml2Service.php
View File

@ -2,15 +2,11 @@
namespace BookStack\Auth\Access; namespace BookStack\Auth\Access;
use BookStack\Actions\ActivityType;
use BookStack\Auth\User; use BookStack\Auth\User;
use BookStack\Exceptions\JsonDebugException; use BookStack\Exceptions\JsonDebugException;
use BookStack\Exceptions\SamlException; use BookStack\Exceptions\SamlException;
use BookStack\Exceptions\StoppedAuthenticationException; use BookStack\Exceptions\StoppedAuthenticationException;
use BookStack\Exceptions\UserRegistrationException; use BookStack\Exceptions\UserRegistrationException;
use BookStack\Facades\Activity;
use BookStack\Facades\Theme;
use BookStack\Theming\ThemeEvents;
use Exception; use Exception;
use Illuminate\Support\Str; use Illuminate\Support\Str;
use OneLogin\Saml2\Auth; use OneLogin\Saml2\Auth;
@ -392,6 +388,7 @@ class Saml2Service extends ExternalAuthService
} }
$this->loginService->login($user, 'saml2'); $this->loginService->login($user, 'saml2');
return $user; return $user;
} }
} }

1
app/Auth/Access/SocialAuthService.php
View File

@ -142,6 +142,7 @@ class SocialAuthService
// Simply log the user into the application. // Simply log the user into the application.
if (!$isLoggedIn && $socialAccount !== null) { if (!$isLoggedIn && $socialAccount !== null) {
$this->loginService->login($socialAccount->user, $socialAccount); $this->loginService->login($socialAccount->user, $socialAccount);
return redirect()->intended('/'); return redirect()->intended('/');
} }

3
app/Console/Commands/ResetMfa.php
View File

@ -45,6 +45,7 @@ class ResetMfa extends Command
$email = $this->option('email'); $email = $this->option('email');
if (!$id && !$email) { if (!$id && !$email) {
$this->error('Either a --id=<number> or --email=<email> option must be provided.'); $this->error('Either a --id=<number> or --email=<email> option must be provided.');
return 1; return 1;
} }
@ -57,6 +58,7 @@ class ResetMfa extends Command
if (!$user) { if (!$user) {
$this->error("A user where {$field}={$value} could not be found."); $this->error("A user where {$field}={$value} could not be found.");
return 1; return 1;
} }
@ -66,6 +68,7 @@ class ResetMfa extends Command
if ($confirm) { if ($confirm) {
$user->mfaValues()->delete(); $user->mfaValues()->delete();
$this->info('User MFA methods have been reset.'); $this->info('User MFA methods have been reset.');
return 0; return 0;
} }

5
app/Exceptions/StoppedAuthenticationException.php
View File

@ -9,7 +9,6 @@ use Illuminate\Http\Request;
class StoppedAuthenticationException extends \Exception implements Responsable class StoppedAuthenticationException extends \Exception implements Responsable
{ {
protected $user; protected $user;
protected $loginService; protected $loginService;
@ -50,7 +49,7 @@ class StoppedAuthenticationException extends \Exception implements Responsable
if ($request->wantsJson()) { if ($request->wantsJson()) {
return response()->json([ return response()->json([
'error' => [ 'error' => [
'code' => 401, 'code' => 401,
'message' => trans('errors.email_confirmation_awaiting'), 'message' => trans('errors.email_confirmation_awaiting'),
], ],
], 401); ], 401);
@ -62,4 +61,4 @@ class StoppedAuthenticationException extends \Exception implements Responsable
return redirect('/register/confirm/awaiting'); return redirect('/register/confirm/awaiting');
} }
} }

4
app/Http/Controllers/Auth/ConfirmEmailController.php
View File

@ -28,8 +28,7 @@ class ConfirmEmailController extends Controller
EmailConfirmationService $emailConfirmationService, EmailConfirmationService $emailConfirmationService,
LoginService $loginService, LoginService $loginService,
UserRepo $userRepo UserRepo $userRepo
) ) {
{
$this->emailConfirmationService = $emailConfirmationService; $this->emailConfirmationService = $emailConfirmationService;
$this->loginService = $loginService; $this->loginService = $loginService;
$this->userRepo = $userRepo; $this->userRepo = $userRepo;
@ -51,6 +50,7 @@ class ConfirmEmailController extends Controller
public function showAwaiting() public function showAwaiting()
{ {
$user = $this->loginService->getLastLoginAttemptUser(); $user = $this->loginService->getLastLoginAttemptUser();
return view('auth.user-unconfirmed', ['user' => $user]); return view('auth.user-unconfirmed', ['user' => $user]);
} }

2
app/Http/Controllers/Auth/HandlesPartialLogins.php
View File

@ -22,4 +22,4 @@ trait HandlesPartialLogins
return $user; return $user;
} }
} }

7
app/Http/Controllers/Auth/LoginController.php
View File

@ -144,13 +144,16 @@ class LoginController extends Controller
/** /**
* Attempt to log the user into the application. * Attempt to log the user into the application.
* *
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
*
* @return bool * @return bool
*/ */
protected function attemptLogin(Request $request) protected function attemptLogin(Request $request)
{ {
return $this->loginService->attempt( return $this->loginService->attempt(
$this->credentials($request), auth()->getDefaultDriver(), $request->filled('remember') $this->credentials($request),
auth()->getDefaultDriver(),
$request->filled('remember')
); );
} }

11
app/Http/Controllers/Auth/MfaBackupCodesController.php
View File

@ -20,7 +20,7 @@ class MfaBackupCodesController extends Controller
protected const SETUP_SECRET_SESSION_KEY = 'mfa-setup-backup-codes'; protected const SETUP_SECRET_SESSION_KEY = 'mfa-setup-backup-codes';
/** /**
* Show a view that generates and displays backup codes * Show a view that generates and displays backup codes.
*/ */
public function generate(BackupCodeService $codeService) public function generate(BackupCodeService $codeService)
{ {
@ -30,13 +30,14 @@ class MfaBackupCodesController extends Controller
$downloadUrl = 'data:application/octet-stream;base64,' . base64_encode(implode("\n\n", $codes)); $downloadUrl = 'data:application/octet-stream;base64,' . base64_encode(implode("\n\n", $codes));
return view('mfa.backup-codes-generate', [ return view('mfa.backup-codes-generate', [
'codes' => $codes, 'codes' => $codes,
'downloadUrl' => $downloadUrl, 'downloadUrl' => $downloadUrl,
]); ]);
} }
/** /**
* Confirm the setup of backup codes, storing them against the user. * Confirm the setup of backup codes, storing them against the user.
*
* @throws Exception * @throws Exception
*/ */
public function confirm() public function confirm()
@ -52,6 +53,7 @@ class MfaBackupCodesController extends Controller
if (!auth()->check()) { if (!auth()->check()) {
$this->showSuccessNotification(trans('auth.mfa_setup_login_notification')); $this->showSuccessNotification(trans('auth.mfa_setup_login_notification'));
return redirect('/login'); return redirect('/login');
} }
@ -60,6 +62,7 @@ class MfaBackupCodesController extends Controller
/** /**
* Verify the MFA method submission on check. * Verify the MFA method submission on check.
*
* @throws NotFoundException * @throws NotFoundException
* @throws ValidationException * @throws ValidationException
*/ */
@ -76,8 +79,8 @@ class MfaBackupCodesController extends Controller
if (!$codeService->inputCodeExistsInSet($value, $codes)) { if (!$codeService->inputCodeExistsInSet($value, $codes)) {
$fail(trans('validation.backup_codes')); $fail(trans('validation.backup_codes'));
} }
} },
] ],
]); ]);
$updatedCodes = $codeService->removeInputCodeFromSet($request->get('code'), $codes); $updatedCodes = $codeService->removeInputCodeFromSet($request->get('code'), $codes);

8
app/Http/Controllers/Auth/MfaController.php
View File

@ -20,6 +20,7 @@ class MfaController extends Controller
->mfaValues() ->mfaValues()
->get(['id', 'method']) ->get(['id', 'method'])
->groupBy('method'); ->groupBy('method');
return view('mfa.setup', [ return view('mfa.setup', [
'userMethods' => $userMethods, 'userMethods' => $userMethods,
]); ]);
@ -27,6 +28,7 @@ class MfaController extends Controller
/** /**
* Remove an MFA method for the current user. * Remove an MFA method for the current user.
*
* @throws \Exception * @throws \Exception
*/ */
public function remove(string $method) public function remove(string $method)
@ -56,13 +58,13 @@ class MfaController extends Controller
// Basic search for the default option for a user. // Basic search for the default option for a user.
// (Prioritises totp over backup codes) // (Prioritises totp over backup codes)
$method = $userMethods->has($desiredMethod) ? $desiredMethod : $userMethods->keys()->sort()->reverse()->first(); $method = $userMethods->has($desiredMethod) ? $desiredMethod : $userMethods->keys()->sort()->reverse()->first();
$otherMethods = $userMethods->keys()->filter(function($userMethod) use ($method) { $otherMethods = $userMethods->keys()->filter(function ($userMethod) use ($method) {
return $method !== $userMethod; return $method !== $userMethod;
})->all(); })->all();
return view('mfa.verify', [ return view('mfa.verify', [
'userMethods' => $userMethods, 'userMethods' => $userMethods,
'method' => $method, 'method' => $method,
'otherMethods' => $otherMethods, 'otherMethods' => $otherMethods,
]); ]);
} }

9
app/Http/Controllers/Auth/MfaTotpController.php
View File

@ -36,13 +36,14 @@ class MfaTotpController extends Controller
return view('mfa.totp-generate', [ return view('mfa.totp-generate', [
'secret' => $totpSecret, 'secret' => $totpSecret,
'svg' => $svg, 'svg' => $svg,
]); ]);
} }
/** /**
* Confirm the setup of TOTP and save the auth method secret * Confirm the setup of TOTP and save the auth method secret
* against the current user. * against the current user.
*
* @throws ValidationException * @throws ValidationException
* @throws NotFoundException * @throws NotFoundException
*/ */
@ -54,7 +55,7 @@ class MfaTotpController extends Controller
'required', 'required',
'max:12', 'min:4', 'max:12', 'min:4',
new TotpValidationRule($totpSecret), new TotpValidationRule($totpSecret),
] ],
]); ]);
MfaValue::upsertWithValue($this->currentOrLastAttemptedUser(), MfaValue::METHOD_TOTP, $totpSecret); MfaValue::upsertWithValue($this->currentOrLastAttemptedUser(), MfaValue::METHOD_TOTP, $totpSecret);
@ -63,6 +64,7 @@ class MfaTotpController extends Controller
if (!auth()->check()) { if (!auth()->check()) {
$this->showSuccessNotification(trans('auth.mfa_setup_login_notification')); $this->showSuccessNotification(trans('auth.mfa_setup_login_notification'));
return redirect('/login'); return redirect('/login');
} }
@ -71,6 +73,7 @@ class MfaTotpController extends Controller
/** /**
* Verify the MFA method submission on check. * Verify the MFA method submission on check.
*
* @throws NotFoundException * @throws NotFoundException
*/ */
public function verify(Request $request, LoginService $loginService, MfaSession $mfaSession) public function verify(Request $request, LoginService $loginService, MfaSession $mfaSession)
@ -83,7 +86,7 @@ class MfaTotpController extends Controller
'required', 'required',
'max:12', 'min:4', 'max:12', 'min:4',
new TotpValidationRule($totpSecret), new TotpValidationRule($totpSecret),
] ],
]); ]);
$mfaSession->markVerifiedForUser($user); $mfaSession->markVerifiedForUser($user);

3
app/Http/Controllers/Auth/RegisterController.php
View File

@ -48,8 +48,7 @@ class RegisterController extends Controller
SocialAuthService $socialAuthService, SocialAuthService $socialAuthService,
RegistrationService $registrationService, RegistrationService $registrationService,
LoginService $loginService LoginService $loginService
) ) {
{
$this->middleware('guest'); $this->middleware('guest');
$this->middleware('guard:standard'); $this->middleware('guard:standard');

3
app/Http/Controllers/Auth/SocialController.php
View File

@ -27,8 +27,7 @@ class SocialController extends Controller
SocialAuthService $socialAuthService, SocialAuthService $socialAuthService,
RegistrationService $registrationService, RegistrationService $registrationService,
LoginService $loginService LoginService $loginService
) ) {
{
$this->middleware('guest')->only(['getRegister', 'postRegister']); $this->middleware('guest')->only(['getRegister', 'postRegister']);
$this->socialAuthService = $socialAuthService; $this->socialAuthService = $socialAuthService;
$this->registrationService = $registrationService; $this->registrationService = $registrationService;

1
app/Http/Middleware/ApiAuthenticate.php
View File

@ -9,7 +9,6 @@ use Illuminate\Http\Request;
class ApiAuthenticate class ApiAuthenticate
{ {
/** /**
* Handle an incoming request. * Handle an incoming request.
*/ */

1
app/Http/Middleware/Authenticate.php
View File

@ -16,6 +16,7 @@ class Authenticate
if ($request->ajax()) { if ($request->ajax()) {
return response('Unauthorized.', 401); return response('Unauthorized.', 401);
} }
return redirect()->guest(url('/login')); return redirect()->guest(url('/login'));
} }

7
app/Http/Middleware/AuthenticatedOrPendingMfa.php
View File

@ -8,7 +8,6 @@ use Closure;
class AuthenticatedOrPendingMfa class AuthenticatedOrPendingMfa
{ {
protected $loginService; protected $loginService;
protected $mfaSession; protected $mfaSession;
@ -18,12 +17,12 @@ class AuthenticatedOrPendingMfa
$this->mfaSession = $mfaSession; $this->mfaSession = $mfaSession;
} }
/** /**
* Handle an incoming request. * Handle an incoming request.
* *
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @param \Closure $next * @param \Closure $next
*
* @return mixed * @return mixed
*/ */
public function handle($request, Closure $next) public function handle($request, Closure $next)

2
app/Theming/ThemeEvents.php
View File

@ -41,7 +41,7 @@ class ThemeEvents
* Provides both the original request and the currently resolved response. * Provides both the original request and the currently resolved response.
* Return values, if provided, will be used as a new response to use. * Return values, if provided, will be used as a new response to use.
* *
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @param \Illuminate\Http\Response|Symfony\Component\HttpFoundation\BinaryFileResponse $response * @param \Illuminate\Http\Response|Symfony\Component\HttpFoundation\BinaryFileResponse $response
* @returns \Illuminate\Http\Response|null * @returns \Illuminate\Http\Response|null
*/ */

3
app/Translation/FileLoader.php
View File

@ -26,7 +26,8 @@ class FileLoader extends BaseLoader
if (is_null($namespace) || $namespace === '*') { if (is_null($namespace) || $namespace === '*') {
$themePath = theme_path('lang'); $themePath = theme_path('lang');
$themeTranslations = $themePath ? $this->loadPath($themePath, $locale, $group) : []; $themeTranslations = $themePath ? $this->loadPath($themePath, $locale, $group) : [];
$originalTranslations = $this->loadPath($this->path, $locale, $group); $originalTranslations = $this->loadPath($this->path, $locale, $group);
return array_merge($originalTranslations, $themeTranslations); return array_merge($originalTranslations, $themeTranslations);
} }

5
routes/web.php
View File

@ -223,18 +223,17 @@ Route::group(['middleware' => 'auth'], function () {
Route::get('/roles/{id}', 'RoleController@edit'); Route::get('/roles/{id}', 'RoleController@edit');
Route::put('/roles/{id}', 'RoleController@update'); Route::put('/roles/{id}', 'RoleController@update');
}); });
}); });
// MFA routes // MFA routes
Route::group(['middleware' => 'mfa-setup'], function() { Route::group(['middleware' => 'mfa-setup'], function () {
Route::get('/mfa/setup', 'Auth\MfaController@setup'); Route::get('/mfa/setup', 'Auth\MfaController@setup');
Route::get('/mfa/totp/generate', 'Auth\MfaTotpController@generate'); Route::get('/mfa/totp/generate', 'Auth\MfaTotpController@generate');
Route::post('/mfa/totp/confirm', 'Auth\MfaTotpController@confirm'); Route::post('/mfa/totp/confirm', 'Auth\MfaTotpController@confirm');
Route::get('/mfa/backup_codes/generate', 'Auth\MfaBackupCodesController@generate'); Route::get('/mfa/backup_codes/generate', 'Auth\MfaBackupCodesController@generate');
Route::post('/mfa/backup_codes/confirm', 'Auth\MfaBackupCodesController@confirm'); Route::post('/mfa/backup_codes/confirm', 'Auth\MfaBackupCodesController@confirm');
}); });
Route::group(['middleware' => 'guest'], function() { Route::group(['middleware' => 'guest'], function () {
Route::get('/mfa/verify', 'Auth\MfaController@verify'); Route::get('/mfa/verify', 'Auth\MfaController@verify');
Route::post('/mfa/totp/verify', 'Auth\MfaTotpController@verify'); Route::post('/mfa/totp/verify', 'Auth\MfaTotpController@verify');
Route::post('/mfa/backup_codes/verify', 'Auth\MfaBackupCodesController@verify'); Route::post('/mfa/backup_codes/verify', 'Auth\MfaBackupCodesController@verify');

2
tests/Auth/AuthTest.php
View File

@ -332,7 +332,7 @@ class AuthTest extends BrowserKitTest
$user = $this->getEditor(); $user = $this->getEditor();
$mfaSession = $this->app->make(MfaSession::class); $mfaSession = $this->app->make(MfaSession::class);
$mfaSession->markVerifiedForUser($user);; $mfaSession->markVerifiedForUser($user);
$this->assertTrue($mfaSession->isVerifiedForUser($user)); $this->assertTrue($mfaSession->isVerifiedForUser($user));
$this->asAdmin()->visit('/logout'); $this->asAdmin()->visit('/logout');

186
tests/Auth/LdapTest.php
View File

@ -27,18 +27,18 @@ class LdapTest extends TestCase
define('LDAP_OPT_REFERRALS', 1); define('LDAP_OPT_REFERRALS', 1);
} }
config()->set([ config()->set([
'auth.method' => 'ldap', 'auth.method' => 'ldap',
'auth.defaults.guard' => 'ldap', 'auth.defaults.guard' => 'ldap',
'services.ldap.base_dn' => 'dc=ldap,dc=local', 'services.ldap.base_dn' => 'dc=ldap,dc=local',
'services.ldap.email_attribute' => 'mail', 'services.ldap.email_attribute' => 'mail',
'services.ldap.display_name_attribute' => 'cn', 'services.ldap.display_name_attribute' => 'cn',
'services.ldap.id_attribute' => 'uid', 'services.ldap.id_attribute' => 'uid',
'services.ldap.user_to_groups' => false, 'services.ldap.user_to_groups' => false,
'services.ldap.version' => '3', 'services.ldap.version' => '3',
'services.ldap.user_filter' => '(&(uid=${user}))', 'services.ldap.user_filter' => '(&(uid=${user}))',
'services.ldap.follow_referrals' => false, 'services.ldap.follow_referrals' => false,
'services.ldap.tls_insecure' => false, 'services.ldap.tls_insecure' => false,
'services.ldap.thumbnail_attribute' => null, 'services.ldap.thumbnail_attribute' => null,
]); ]);
$this->mockLdap = \Mockery::mock(Ldap::class); $this->mockLdap = \Mockery::mock(Ldap::class);
$this->app[Ldap::class] = $this->mockLdap; $this->app[Ldap::class] = $this->mockLdap;
@ -70,9 +70,9 @@ class LdapTest extends TestCase
protected function mockUserLogin(?string $email = null): TestResponse protected function mockUserLogin(?string $email = null): TestResponse
{ {
return $this->post('/login', [ return $this->post('/login', [
'username' => $this->mockUser->name, 'username' => $this->mockUser->name,
'password' => $this->mockUser->password, 'password' => $this->mockUser->password,
] + ($email ? ['email' => $email] : [])); ] + ($email ? ['email' => $email] : []));
} }
/** /**
@ -95,8 +95,8 @@ class LdapTest extends TestCase
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array')) ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [ ->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name], 'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name], 'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')], 'dn' => ['dc=test' . config('services.ldap.base_dn')],
]]); ]]);
$resp = $this->mockUserLogin(); $resp = $this->mockUserLogin();
@ -109,8 +109,8 @@ class LdapTest extends TestCase
$resp->assertElementExists('#home-default'); $resp->assertElementExists('#home-default');
$resp->assertSee($this->mockUser->name); $resp->assertSee($this->mockUser->name);
$this->assertDatabaseHas('users', [ $this->assertDatabaseHas('users', [
'email' => $this->mockUser->email, 'email' => $this->mockUser->email,
'email_confirmed' => false, 'email_confirmed' => false,
'external_auth_id' => $this->mockUser->name, 'external_auth_id' => $this->mockUser->name,
]); ]);
} }
@ -126,8 +126,8 @@ class LdapTest extends TestCase
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array')) ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [ ->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name], 'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name], 'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')], 'dn' => ['dc=test' . config('services.ldap.base_dn')],
]]); ]]);
$resp = $this->mockUserLogin(); $resp = $this->mockUserLogin();
@ -150,8 +150,8 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(1) $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array')) ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [ ->andReturn(['count' => 1, 0 => [
'cn' => [$this->mockUser->name], 'cn' => [$this->mockUser->name],
'dn' => $ldapDn, 'dn' => $ldapDn,
'mail' => [$this->mockUser->email], 'mail' => [$this->mockUser->email],
]]); ]]);
@ -170,10 +170,10 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(1) $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array')) ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [ ->andReturn(['count' => 1, 0 => [
'cn' => [$this->mockUser->name], 'cn' => [$this->mockUser->name],
'dn' => $ldapDn, 'dn' => $ldapDn,
'my_custom_id' => ['cooluser456'], 'my_custom_id' => ['cooluser456'],
'mail' => [$this->mockUser->email], 'mail' => [$this->mockUser->email],
]]); ]]);
$resp = $this->mockUserLogin(); $resp = $this->mockUserLogin();
@ -189,8 +189,8 @@ class LdapTest extends TestCase
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array')) ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [ ->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name], 'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name], 'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')], 'dn' => ['dc=test' . config('services.ldap.base_dn')],
]]); ]]);
$this->mockLdap->shouldReceive('bind')->times(2)->andReturn(true, false); $this->mockLdap->shouldReceive('bind')->times(2)->andReturn(true, false);
@ -219,14 +219,14 @@ class LdapTest extends TestCase
$userForm->assertDontSee('Password'); $userForm->assertDontSee('Password');
$save = $this->post('/settings/users/create', [ $save = $this->post('/settings/users/create', [
'name' => $this->mockUser->name, 'name' => $this->mockUser->name,
'email' => $this->mockUser->email, 'email' => $this->mockUser->email,
]); ]);
$save->assertSessionHasErrors(['external_auth_id' => 'The external auth id field is required.']); $save->assertSessionHasErrors(['external_auth_id' => 'The external auth id field is required.']);
$save = $this->post('/settings/users/create', [ $save = $this->post('/settings/users/create', [
'name' => $this->mockUser->name, 'name' => $this->mockUser->name,
'email' => $this->mockUser->email, 'email' => $this->mockUser->email,
'external_auth_id' => $this->mockUser->name, 'external_auth_id' => $this->mockUser->name,
]); ]);
$save->assertRedirect('/settings/users'); $save->assertRedirect('/settings/users');
@ -241,8 +241,8 @@ class LdapTest extends TestCase
$editPage->assertDontSee('Password'); $editPage->assertDontSee('Password');
$update = $this->put("/settings/users/{$editUser->id}", [ $update = $this->put("/settings/users/{$editUser->id}", [
'name' => $editUser->name, 'name' => $editUser->name,
'email' => $editUser->email, 'email' => $editUser->email,
'external_auth_id' => 'test_auth_id', 'external_auth_id' => 'test_auth_id',
]); ]);
$update->assertRedirect('/settings/users'); $update->assertRedirect('/settings/users');
@ -271,8 +271,8 @@ class LdapTest extends TestCase
$this->mockUser->attachRole($existingRole); $this->mockUser->attachRole($existingRole);
app('config')->set([ app('config')->set([
'services.ldap.user_to_groups' => true, 'services.ldap.user_to_groups' => true,
'services.ldap.group_attribute' => 'memberOf', 'services.ldap.group_attribute' => 'memberOf',
'services.ldap.remove_from_groups' => false, 'services.ldap.remove_from_groups' => false,
]); ]);
@ -280,14 +280,14 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(4) $this->mockLdap->shouldReceive('searchAndGetEntries')->times(4)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array')) ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [ ->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name], 'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name], 'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')], 'dn' => ['dc=test' . config('services.ldap.base_dn')],
'mail' => [$this->mockUser->email], 'mail' => [$this->mockUser->email],
'memberof' => [ 'memberof' => [
'count' => 2, 'count' => 2,
0 => 'cn=ldaptester,ou=groups,dc=example,dc=com', 0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
1 => 'cn=ldaptester-second,ou=groups,dc=example,dc=com', 1 => 'cn=ldaptester-second,ou=groups,dc=example,dc=com',
], ],
]]); ]]);
@ -316,8 +316,8 @@ class LdapTest extends TestCase
$this->mockUser->attachRole($existingRole); $this->mockUser->attachRole($existingRole);
app('config')->set([ app('config')->set([
'services.ldap.user_to_groups' => true, 'services.ldap.user_to_groups' => true,
'services.ldap.group_attribute' => 'memberOf', 'services.ldap.group_attribute' => 'memberOf',
'services.ldap.remove_from_groups' => true, 'services.ldap.remove_from_groups' => true,
]); ]);
@ -325,13 +325,13 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(3) $this->mockLdap->shouldReceive('searchAndGetEntries')->times(3)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array')) ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [ ->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name], 'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name], 'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')], 'dn' => ['dc=test' . config('services.ldap.base_dn')],
'mail' => [$this->mockUser->email], 'mail' => [$this->mockUser->email],
'memberof' => [ 'memberof' => [
'count' => 1, 'count' => 1,
0 => 'cn=ldaptester,ou=groups,dc=example,dc=com', 0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
], ],
]]); ]]);
@ -361,8 +361,8 @@ class LdapTest extends TestCase
$roleToNotReceive = factory(Role::class)->create(['display_name' => 'ex-auth-a', 'external_auth_id' => 'test-second-param']); $roleToNotReceive = factory(Role::class)->create(['display_name' => 'ex-auth-a', 'external_auth_id' => 'test-second-param']);
app('config')->set([ app('config')->set([
'services.ldap.user_to_groups' => true, 'services.ldap.user_to_groups' => true,
'services.ldap.group_attribute' => 'memberOf', 'services.ldap.group_attribute' => 'memberOf',
'services.ldap.remove_from_groups' => true, 'services.ldap.remove_from_groups' => true,
]); ]);
@ -370,13 +370,13 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(3) $this->mockLdap->shouldReceive('searchAndGetEntries')->times(3)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array')) ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [ ->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name], 'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name], 'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')], 'dn' => ['dc=test' . config('services.ldap.base_dn')],
'mail' => [$this->mockUser->email], 'mail' => [$this->mockUser->email],
'memberof' => [ 'memberof' => [
'count' => 1, 'count' => 1,
0 => 'cn=ex-auth-a,ou=groups,dc=example,dc=com', 0 => 'cn=ex-auth-a,ou=groups,dc=example,dc=com',
], ],
]]); ]]);
@ -402,8 +402,8 @@ class LdapTest extends TestCase
setting()->put('registration-role', $roleToReceive->id); setting()->put('registration-role', $roleToReceive->id);
app('config')->set([ app('config')->set([
'services.ldap.user_to_groups' => true, 'services.ldap.user_to_groups' => true,
'services.ldap.group_attribute' => 'memberOf', 'services.ldap.group_attribute' => 'memberOf',
'services.ldap.remove_from_groups' => true, 'services.ldap.remove_from_groups' => true,
]); ]);
@ -411,14 +411,14 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(4) $this->mockLdap->shouldReceive('searchAndGetEntries')->times(4)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array')) ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [ ->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name], 'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name], 'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')], 'dn' => ['dc=test' . config('services.ldap.base_dn')],
'mail' => [$this->mockUser->email], 'mail' => [$this->mockUser->email],
'memberof' => [ 'memberof' => [
'count' => 2, 'count' => 2,
0 => 'cn=ldaptester,ou=groups,dc=example,dc=com', 0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
1 => 'cn=ldaptester-second,ou=groups,dc=example,dc=com', 1 => 'cn=ldaptester-second,ou=groups,dc=example,dc=com',
], ],
]]); ]]);
@ -445,9 +445,9 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(2) $this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array')) ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [ ->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name], 'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name], 'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')], 'dn' => ['dc=test' . config('services.ldap.base_dn')],
'displayname' => 'displayNameAttribute', 'displayname' => 'displayNameAttribute',
]]); ]]);
@ -471,8 +471,8 @@ class LdapTest extends TestCase
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array')) ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [ ->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name], 'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name], 'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')], 'dn' => ['dc=test' . config('services.ldap.base_dn')],
]]); ]]);
$this->mockUserLogin()->assertRedirect('/login'); $this->mockUserLogin()->assertRedirect('/login');
@ -482,10 +482,10 @@ class LdapTest extends TestCase
$resp->assertRedirect('/'); $resp->assertRedirect('/');
$this->get('/')->assertSee($this->mockUser->name); $this->get('/')->assertSee($this->mockUser->name);
$this->assertDatabaseHas('users', [ $this->assertDatabaseHas('users', [
'email' => $this->mockUser->email, 'email' => $this->mockUser->email,
'email_confirmed' => false, 'email_confirmed' => false,
'external_auth_id' => $this->mockUser->name, 'external_auth_id' => $this->mockUser->name,
'name' => $this->mockUser->name, 'name' => $this->mockUser->name,
]); ]);
} }
@ -499,8 +499,8 @@ class LdapTest extends TestCase
$this->commonLdapMocks(0, 1, 1, 2, 1); $this->commonLdapMocks(0, 1, 1, 2, 1);
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)->andReturn(['count' => 1, 0 => [ $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name], 'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name], 'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')], 'dn' => ['dc=test' . config('services.ldap.base_dn')],
]]); ]]);
$this->mockLdap->shouldReceive('connect')->once() $this->mockLdap->shouldReceive('connect')->once()
@ -566,8 +566,8 @@ class LdapTest extends TestCase
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array')) ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [ ->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name], 'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name], 'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')], 'dn' => ['dc=test' . config('services.ldap.base_dn')],
]]); ]]);
$resp = $this->post('/login', [ $resp = $this->post('/login', [
@ -575,7 +575,7 @@ class LdapTest extends TestCase
'password' => $this->mockUser->password, 'password' => $this->mockUser->password,
]); ]);
$resp->assertJsonStructure([ $resp->assertJsonStructure([
'details_from_ldap' => [], 'details_from_ldap' => [],
'details_bookstack_parsed' => [], 'details_bookstack_parsed' => [],
]); ]);
} }
@ -605,8 +605,8 @@ class LdapTest extends TestCase
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), ['cn', 'dn', 'uid', 'mail', 'cn']) ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), ['cn', 'dn', 'uid', 'mail', 'cn'])
->andReturn(['count' => 1, 0 => [ ->andReturn(['count' => 1, 0 => [
'uid' => [hex2bin('FFF8F7')], 'uid' => [hex2bin('FFF8F7')],
'cn' => [$this->mockUser->name], 'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')], 'dn' => ['dc=test' . config('services.ldap.base_dn')],
]]); ]]);
$details = $ldapService->getUserDetails('test'); $details = $ldapService->getUserDetails('test');
@ -619,14 +619,14 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(2) $this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array')) ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [ ->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name], 'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name], 'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')], 'dn' => ['dc=test' . config('services.ldap.base_dn')],
'mail' => 'tester@example.com', 'mail' => 'tester@example.com',
]], ['count' => 1, 0 => [ ]], ['count' => 1, 0 => [
'uid' => ['Barry'], 'uid' => ['Barry'],
'cn' => ['Scott'], 'cn' => ['Scott'],
'dn' => ['dc=bscott' . config('services.ldap.base_dn')], 'dn' => ['dc=bscott' . config('services.ldap.base_dn')],
'mail' => 'tester@example.com', 'mail' => 'tester@example.com',
]]); ]]);
@ -646,8 +646,8 @@ class LdapTest extends TestCase
setting()->put('registration-confirmation', 'true'); setting()->put('registration-confirmation', 'true');
app('config')->set([ app('config')->set([
'services.ldap.user_to_groups' => true, 'services.ldap.user_to_groups' => true,
'services.ldap.group_attribute' => 'memberOf', 'services.ldap.group_attribute' => 'memberOf',
'services.ldap.remove_from_groups' => true, 'services.ldap.remove_from_groups' => true,
]); ]);
@ -655,20 +655,20 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries') $this->mockLdap->shouldReceive('searchAndGetEntries')
->times(6) ->times(6)
->andReturn(['count' => 1, 0 => [ ->andReturn(['count' => 1, 0 => [
'uid' => [$user->name], 'uid' => [$user->name],
'cn' => [$user->name], 'cn' => [$user->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')], 'dn' => ['dc=test' . config('services.ldap.base_dn')],
'mail' => [$user->email], 'mail' => [$user->email],
'memberof' => [ 'memberof' => [
'count' => 1, 'count' => 1,
0 => 'cn=ldaptester,ou=groups,dc=example,dc=com', 0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
], ],
]]); ]]);
$login = $this->followingRedirects()->mockUserLogin(); $login = $this->followingRedirects()->mockUserLogin();
$login->assertSee('Thanks for registering!'); $login->assertSee('Thanks for registering!');
$this->assertDatabaseHas('users', [ $this->assertDatabaseHas('users', [
'email' => $user->email, 'email' => $user->email,
'email_confirmed' => false, 'email_confirmed' => false,
]); ]);
@ -704,8 +704,8 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(1) $this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array')) ->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [ ->andReturn(['count' => 1, 0 => [
'cn' => [$this->mockUser->name], 'cn' => [$this->mockUser->name],
'dn' => $ldapDn, 'dn' => $ldapDn,
'jpegphoto' => [base64_decode('/9j/2wBDAAMCAgICAgMCAgIDAwMDBAYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8Q 'jpegphoto' => [base64_decode('/9j/2wBDAAMCAgICAgMCAgIDAwMDBAYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8Q
EBEQCgwSExIQEw8QEBD/yQALCAABAAEBAREA/8wABgAQEAX/2gAIAQEAAD8A0s8g/9k=')], EBEQCgwSExIQEw8QEBD/yQALCAABAAEBAREA/8wABgAQEAX/2gAIAQEAAD8A0s8g/9k=')],
'mail' => [$this->mockUser->email], 'mail' => [$this->mockUser->email],

14
tests/Auth/MfaConfigurationTest.php
View File

@ -10,7 +10,6 @@ use Tests\TestCase;
class MfaConfigurationTest extends TestCase class MfaConfigurationTest extends TestCase
{ {
public function test_totp_setup() public function test_totp_setup()
{ {
$editor = $this->getEditor(); $editor = $this->getEditor();
@ -54,7 +53,7 @@ class MfaConfigurationTest extends TestCase
$this->assertDatabaseHas('mfa_values', [ $this->assertDatabaseHas('mfa_values', [
'user_id' => $editor->id, 'user_id' => $editor->id,
'method' => 'totp', 'method' => 'totp',
]); ]);
$this->assertFalse(session()->has('mfa-setup-totp-secret')); $this->assertFalse(session()->has('mfa-setup-totp-secret'));
$value = MfaValue::query()->where('user_id', '=', $editor->id) $value = MfaValue::query()->where('user_id', '=', $editor->id)
@ -79,7 +78,7 @@ class MfaConfigurationTest extends TestCase
$codes = decrypt(session()->get('mfa-setup-backup-codes')); $codes = decrypt(session()->get('mfa-setup-backup-codes'));
// Check code format // Check code format
$this->assertCount(16, $codes); $this->assertCount(16, $codes);
$this->assertEquals(16*11, strlen(implode('', $codes))); $this->assertEquals(16 * 11, strlen(implode('', $codes)));
// Check download link // Check download link
$resp->assertSee(base64_encode(implode("\n\n", $codes))); $resp->assertSee(base64_encode(implode("\n\n", $codes)));
@ -94,7 +93,7 @@ class MfaConfigurationTest extends TestCase
$this->assertDatabaseHas('mfa_values', [ $this->assertDatabaseHas('mfa_values', [
'user_id' => $editor->id, 'user_id' => $editor->id,
'method' => 'backup_codes', 'method' => 'backup_codes',
]); ]);
$this->assertFalse(session()->has('mfa-setup-backup-codes')); $this->assertFalse(session()->has('mfa-setup-backup-codes'));
$value = MfaValue::query()->where('user_id', '=', $editor->id) $value = MfaValue::query()->where('user_id', '=', $editor->id)
@ -155,13 +154,12 @@ class MfaConfigurationTest extends TestCase
$resp = $this->actingAs($admin)->get('/mfa/setup'); $resp = $this->actingAs($admin)->get('/mfa/setup');
$resp->assertElementExists('form[action$="/mfa/totp/remove"]'); $resp->assertElementExists('form[action$="/mfa/totp/remove"]');
$resp = $this->delete("/mfa/totp/remove"); $resp = $this->delete('/mfa/totp/remove');
$resp->assertRedirect("/mfa/setup"); $resp->assertRedirect('/mfa/setup');
$resp = $this->followRedirects($resp); $resp = $this->followRedirects($resp);
$resp->assertSee('Multi-factor method successfully removed'); $resp->assertSee('Multi-factor method successfully removed');
$this->assertActivityExists(ActivityType::MFA_REMOVE_METHOD); $this->assertActivityExists(ActivityType::MFA_REMOVE_METHOD);
$this->assertEquals(0, $admin->mfaValues()->count()); $this->assertEquals(0, $admin->mfaValues()->count());
} }
}
}

17
tests/Auth/MfaVerificationTest.php
View File

@ -149,7 +149,7 @@ class MfaVerificationTest extends TestCase
/** @var TestResponse $mfaView */ /** @var TestResponse $mfaView */
$mfaView = $this->followingRedirects()->post('/login', [ $mfaView = $this->followingRedirects()->post('/login', [
'email' => $user->email, 'email' => $user->email,
'password' => 'password', 'password' => 'password',
]); ]);
@ -179,7 +179,7 @@ class MfaVerificationTest extends TestCase
/** @var TestResponse $resp */ /** @var TestResponse $resp */
$resp = $this->followingRedirects()->post('/login', [ $resp = $this->followingRedirects()->post('/login', [
'email' => $user->email, 'email' => $user->email,
'password' => 'password', 'password' => 'password',
]); ]);
@ -197,7 +197,7 @@ class MfaVerificationTest extends TestCase
$resp->assertSeeText('Multi-factor method configured, Please now login again using the configured method.'); $resp->assertSeeText('Multi-factor method configured, Please now login again using the configured method.');
$resp = $this->followingRedirects()->post('/login', [ $resp = $this->followingRedirects()->post('/login', [
'email' => $user->email, 'email' => $user->email,
'password' => 'password', 'password' => 'password',
]); ]);
$resp->assertSeeText('Enter one of your remaining backup codes below:'); $resp->assertSeeText('Enter one of your remaining backup codes below:');
@ -227,6 +227,7 @@ class MfaVerificationTest extends TestCase
$role = $user->roles->first(); $role = $user->roles->first();
$role->mfa_enforced = true; $role->mfa_enforced = true;
$role->save(); $role->save();
try { try {
$loginService->login($user, 'testing'); $loginService->login($user, 'testing');
} catch (StoppedAuthenticationException $e) { } catch (StoppedAuthenticationException $e) {
@ -238,7 +239,6 @@ class MfaVerificationTest extends TestCase
$resp = $this->call($method, $path); $resp = $this->call($method, $path);
$resp->assertRedirect('/login'); $resp->assertRedirect('/login');
} }
} }
/** /**
@ -252,7 +252,7 @@ class MfaVerificationTest extends TestCase
$user->save(); $user->save();
MfaValue::upsertWithValue($user, MfaValue::METHOD_TOTP, $secret); MfaValue::upsertWithValue($user, MfaValue::METHOD_TOTP, $secret);
$loginResp = $this->post('/login', [ $loginResp = $this->post('/login', [
'email' => $user->email, 'email' => $user->email,
'password' => 'password', 'password' => 'password',
]); ]);
@ -262,18 +262,17 @@ class MfaVerificationTest extends TestCase
/** /**
* @return Array<User, string, TestResponse> * @return Array<User, string, TestResponse>
*/ */
protected function startBackupCodeLogin($codes = ['kzzu6-1pgll','bzxnf-plygd','bwdsp-ysl51','1vo93-ioy7n','lf7nw-wdyka','xmtrd-oplac']): array protected function startBackupCodeLogin($codes = ['kzzu6-1pgll', 'bzxnf-plygd', 'bwdsp-ysl51', '1vo93-ioy7n', 'lf7nw-wdyka', 'xmtrd-oplac']): array
{ {
$user = $this->getEditor(); $user = $this->getEditor();
$user->password = Hash::make('password'); $user->password = Hash::make('password');
$user->save(); $user->save();
MfaValue::upsertWithValue($user, MfaValue::METHOD_BACKUP_CODES, json_encode($codes)); MfaValue::upsertWithValue($user, MfaValue::METHOD_BACKUP_CODES, json_encode($codes));
$loginResp = $this->post('/login', [ $loginResp = $this->post('/login', [
'email' => $user->email, 'email' => $user->email,
'password' => 'password', 'password' => 'password',
]); ]);
return [$user, $codes, $loginResp]; return [$user, $codes, $loginResp];
} }
}
}

2
tests/Commands/ResetMfaCommandTest.php
View File

@ -58,7 +58,7 @@ class ResetMfaCommandTest extends TestCase
public function test_giving_non_existing_user_shows_error_message() public function test_giving_non_existing_user_shows_error_message()
{ {
$this->artisan("bookstack:reset-mfa --email=donkeys@example.com") $this->artisan('bookstack:reset-mfa --email=donkeys@example.com')
->expectsOutput('A user where email=donkeys@example.com could not be found.') ->expectsOutput('A user where email=donkeys@example.com could not be found.')
->assertExitCode(1); ->assertExitCode(1);
} }