| 
									
										
										
										
											2022-09-23 00:15:15 +08:00
										 |  |  | <?php | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | namespace Tests\Auth; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-12 02:26:28 +08:00
										 |  |  | use BookStack\Access\Notifications\ResetPasswordNotification; | 
					
						
							| 
									
										
										
										
											2023-05-18 00:56:55 +08:00
										 |  |  | use BookStack\Users\Models\User; | 
					
						
							| 
									
										
										
										
											2022-09-23 00:15:15 +08:00
										 |  |  | use Illuminate\Support\Facades\Notification; | 
					
						
							|  |  |  | use Tests\TestCase; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | class ResetPasswordTest extends TestCase | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2022-09-23 00:29:38 +08:00
										 |  |  |     public function test_reset_flow() | 
					
						
							| 
									
										
										
										
											2022-09-23 00:15:15 +08:00
										 |  |  |     { | 
					
						
							|  |  |  |         Notification::fake(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $resp = $this->get('/login'); | 
					
						
							|  |  |  |         $this->withHtml($resp)->assertElementContains('a[href="' . url('/password/email') . '"]', 'Forgot Password?'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $resp = $this->get('/password/email'); | 
					
						
							|  |  |  |         $this->withHtml($resp)->assertElementContains('form[action="' . url('/password/email') . '"]', 'Send Reset Link'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $resp = $this->post('/password/email', [ | 
					
						
							|  |  |  |             'email' => 'admin@admin.com', | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  |         $resp->assertRedirect('/password/email'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $resp = $this->get('/password/email'); | 
					
						
							|  |  |  |         $resp->assertSee('A password reset link will be sent to admin@admin.com if that email address is found in the system.'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->assertDatabaseHas('password_resets', [ | 
					
						
							|  |  |  |             'email' => 'admin@admin.com', | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         /** @var User $user */ | 
					
						
							|  |  |  |         $user = User::query()->where('email', '=', 'admin@admin.com')->first(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2023-09-12 02:26:28 +08:00
										 |  |  |         Notification::assertSentTo($user, ResetPasswordNotification::class); | 
					
						
							|  |  |  |         $n = Notification::sent($user, ResetPasswordNotification::class); | 
					
						
							| 
									
										
										
										
											2022-09-23 00:15:15 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $this->get('/password/reset/' . $n->first()->token) | 
					
						
							|  |  |  |             ->assertOk() | 
					
						
							|  |  |  |             ->assertSee('Reset Password'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $resp = $this->post('/password/reset', [ | 
					
						
							|  |  |  |             'email'                 => 'admin@admin.com', | 
					
						
							|  |  |  |             'password'              => 'randompass', | 
					
						
							|  |  |  |             'password_confirmation' => 'randompass', | 
					
						
							|  |  |  |             'token'                 => $n->first()->token, | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  |         $resp->assertRedirect('/'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->get('/')->assertSee('Your password has been successfully reset'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-23 00:29:38 +08:00
										 |  |  |     public function test_reset_flow_shows_success_message_even_if_wrong_password_to_prevent_user_discovery() | 
					
						
							| 
									
										
										
										
											2022-09-23 00:15:15 +08:00
										 |  |  |     { | 
					
						
							|  |  |  |         $this->get('/password/email'); | 
					
						
							|  |  |  |         $resp = $this->followingRedirects()->post('/password/email', [ | 
					
						
							|  |  |  |             'email' => 'barry@admin.com', | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  |         $resp->assertSee('A password reset link will be sent to barry@admin.com if that email address is found in the system.'); | 
					
						
							|  |  |  |         $resp->assertDontSee('We can\'t find a user'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->get('/password/reset/arandometokenvalue')->assertSee('Reset Password'); | 
					
						
							|  |  |  |         $resp = $this->post('/password/reset', [ | 
					
						
							|  |  |  |             'email'                 => 'barry@admin.com', | 
					
						
							|  |  |  |             'password'              => 'randompass', | 
					
						
							|  |  |  |             'password_confirmation' => 'randompass', | 
					
						
							|  |  |  |             'token'                 => 'arandometokenvalue', | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  |         $resp->assertRedirect('/password/reset/arandometokenvalue'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->get('/password/reset/arandometokenvalue') | 
					
						
							|  |  |  |             ->assertDontSee('We can\'t find a user') | 
					
						
							|  |  |  |             ->assertSee('The password reset token is invalid for this email address.'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-23 00:29:38 +08:00
										 |  |  |     public function test_reset_page_shows_sign_links() | 
					
						
							| 
									
										
										
										
											2022-09-23 00:15:15 +08:00
										 |  |  |     { | 
					
						
							|  |  |  |         $this->setSettings(['registration-enabled' => 'true']); | 
					
						
							|  |  |  |         $resp = $this->get('/password/email'); | 
					
						
							|  |  |  |         $this->withHtml($resp)->assertElementContains('a', 'Log in') | 
					
						
							|  |  |  |             ->assertElementContains('a', 'Sign up'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-09-23 00:29:38 +08:00
										 |  |  |     public function test_reset_request_is_throttled() | 
					
						
							| 
									
										
										
										
											2022-09-23 00:15:15 +08:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2023-01-21 19:08:34 +08:00
										 |  |  |         $editor = $this->users->editor(); | 
					
						
							| 
									
										
										
										
											2022-09-23 00:15:15 +08:00
										 |  |  |         Notification::fake(); | 
					
						
							|  |  |  |         $this->get('/password/email'); | 
					
						
							|  |  |  |         $this->followingRedirects()->post('/password/email', [ | 
					
						
							|  |  |  |             'email' => $editor->email, | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $resp = $this->followingRedirects()->post('/password/email', [ | 
					
						
							|  |  |  |             'email' => $editor->email, | 
					
						
							|  |  |  |         ]); | 
					
						
							| 
									
										
										
										
											2023-09-12 02:26:28 +08:00
										 |  |  |         Notification::assertTimesSent(1, ResetPasswordNotification::class); | 
					
						
							| 
									
										
										
										
											2022-09-23 00:15:15 +08:00
										 |  |  |         $resp->assertSee('A password reset link will be sent to ' . $editor->email . ' if that email address is found in the system.'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | } |