| 
									
										
										
										
											2020-04-04 08:16:05 +08:00
										 |  |  | <?php namespace Tests\Auth; | 
					
						
							| 
									
										
										
										
											2019-08-18 20:55:28 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | use BookStack\Auth\Access\UserInviteService; | 
					
						
							|  |  |  | use BookStack\Auth\User; | 
					
						
							|  |  |  | use BookStack\Notifications\UserInvite; | 
					
						
							|  |  |  | use Carbon\Carbon; | 
					
						
							|  |  |  | use DB; | 
					
						
							| 
									
										
										
										
											2019-09-14 06:58:40 +08:00
										 |  |  | use Illuminate\Support\Str; | 
					
						
							| 
									
										
										
										
											2019-08-18 20:55:28 +08:00
										 |  |  | use Notification; | 
					
						
							| 
									
										
										
										
											2020-04-04 08:16:05 +08:00
										 |  |  | use Tests\TestCase; | 
					
						
							| 
									
										
										
										
											2019-08-18 20:55:28 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | class UserInviteTest extends TestCase | 
					
						
							|  |  |  | { | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_user_creation_creates_invite() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         Notification::fake(); | 
					
						
							|  |  |  |         $admin = $this->getAdmin(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $email = Str::random(16) . '@example.com'; | 
					
						
							|  |  |  |         $resp = $this->actingAs($admin)->post('/settings/users/create', [ | 
					
						
							| 
									
										
										
										
											2019-08-18 20:55:28 +08:00
										 |  |  |             'name' => 'Barry', | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |             'email' => $email, | 
					
						
							| 
									
										
										
										
											2019-08-18 20:55:28 +08:00
										 |  |  |             'send_invite' => 'true', | 
					
						
							|  |  |  |         ]); | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $resp->assertRedirect('/settings/users'); | 
					
						
							| 
									
										
										
										
											2019-08-18 20:55:28 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-03-04 06:11:00 +08:00
										 |  |  |         $newUser = User::query()->where('email', '=', $email)->orderBy('id', 'desc')->first(); | 
					
						
							| 
									
										
										
										
											2019-08-18 20:55:28 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |         Notification::assertSentTo($newUser, UserInvite::class); | 
					
						
							|  |  |  |         $this->assertDatabaseHas('user_invites', [ | 
					
						
							|  |  |  |             'user_id' => $newUser->id | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_invite_set_password() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         Notification::fake(); | 
					
						
							|  |  |  |         $user = $this->getViewer(); | 
					
						
							|  |  |  |         $inviteService = app(UserInviteService::class); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $inviteService->sendInvitation($user); | 
					
						
							|  |  |  |         $token = DB::table('user_invites')->where('user_id', '=', $user->id)->first()->token; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $setPasswordPageResp = $this->get('/register/invite/' . $token); | 
					
						
							|  |  |  |         $setPasswordPageResp->assertSuccessful(); | 
					
						
							|  |  |  |         $setPasswordPageResp->assertSee('Welcome to BookStack!'); | 
					
						
							|  |  |  |         $setPasswordPageResp->assertSee('Password'); | 
					
						
							|  |  |  |         $setPasswordPageResp->assertSee('Confirm Password'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $setPasswordResp = $this->followingRedirects()->post('/register/invite/' . $token, [ | 
					
						
							|  |  |  |             'password' => 'my test password', | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  |         $setPasswordResp->assertSee('Password set, you now have access to BookStack!'); | 
					
						
							|  |  |  |         $newPasswordValid = auth()->validate([ | 
					
						
							|  |  |  |             'email' => $user->email, | 
					
						
							|  |  |  |             'password' => 'my test password' | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  |         $this->assertTrue($newPasswordValid); | 
					
						
							|  |  |  |         $this->assertDatabaseMissing('user_invites', [ | 
					
						
							|  |  |  |             'user_id' => $user->id | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_invite_set_has_password_validation() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         Notification::fake(); | 
					
						
							|  |  |  |         $user = $this->getViewer(); | 
					
						
							|  |  |  |         $inviteService = app(UserInviteService::class); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $inviteService->sendInvitation($user); | 
					
						
							|  |  |  |         $token = DB::table('user_invites')->where('user_id', '=', $user->id)->first()->token; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-09-14 06:58:40 +08:00
										 |  |  |         $this->get('/register/invite/' . $token); | 
					
						
							| 
									
										
										
										
											2019-08-18 20:55:28 +08:00
										 |  |  |         $shortPassword = $this->followingRedirects()->post('/register/invite/' . $token, [ | 
					
						
							| 
									
										
										
										
											2019-09-14 06:58:40 +08:00
										 |  |  |             'password' => 'mypassw', | 
					
						
							| 
									
										
										
										
											2019-08-18 20:55:28 +08:00
										 |  |  |         ]); | 
					
						
							| 
									
										
										
										
											2019-09-14 06:58:40 +08:00
										 |  |  |         $shortPassword->assertSee('The password must be at least 8 characters.'); | 
					
						
							| 
									
										
										
										
											2019-08-18 20:55:28 +08:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-09-14 06:58:40 +08:00
										 |  |  |         $this->get('/register/invite/' . $token); | 
					
						
							| 
									
										
										
										
											2019-08-18 20:55:28 +08:00
										 |  |  |         $noPassword = $this->followingRedirects()->post('/register/invite/' . $token, [ | 
					
						
							|  |  |  |             'password' => '', | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  |         $noPassword->assertSee('The password field is required.'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->assertDatabaseHas('user_invites', [ | 
					
						
							|  |  |  |             'user_id' => $user->id | 
					
						
							|  |  |  |         ]); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_non_existent_invite_token_redirects_to_home() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2019-09-14 06:58:40 +08:00
										 |  |  |         $setPasswordPageResp = $this->get('/register/invite/' . Str::random(12)); | 
					
						
							| 
									
										
										
										
											2019-08-18 20:55:28 +08:00
										 |  |  |         $setPasswordPageResp->assertRedirect('/'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-09-14 06:58:40 +08:00
										 |  |  |         $setPasswordResp = $this->post('/register/invite/' . Str::random(12), ['password' => 'Password Test']); | 
					
						
							| 
									
										
										
										
											2019-08-18 20:55:28 +08:00
										 |  |  |         $setPasswordResp->assertRedirect('/'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function test_token_expires_after_two_weeks() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         Notification::fake(); | 
					
						
							|  |  |  |         $user = $this->getViewer(); | 
					
						
							|  |  |  |         $inviteService = app(UserInviteService::class); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $inviteService->sendInvitation($user); | 
					
						
							|  |  |  |         $tokenEntry = DB::table('user_invites')->where('user_id', '=', $user->id)->first(); | 
					
						
							|  |  |  |         DB::table('user_invites')->update(['created_at' => Carbon::now()->subDays(14)->subHour(1)]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $setPasswordPageResp = $this->get('/register/invite/' . $tokenEntry->token); | 
					
						
							|  |  |  |         $setPasswordPageResp->assertRedirect('/password/email'); | 
					
						
							|  |  |  |         $setPasswordPageResp->assertSessionHas('error', 'This invitation link has expired. You can instead try to reset your account password.'); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | } |