bookstack/tests/Auth/MfaConfigurationTest.php

<?php

namespace Tests\Auth;

use BookStack\Actions\ActivityType;
use BookStack\Auth\Access\Mfa\MfaValue;
use BookStack\Auth\Role;
use BookStack\Auth\User;
use PragmaRX\Google2FA\Google2FA;
use Tests\TestCase;

class MfaConfigurationTest extends TestCase
{
    public function test_totp_setup()
    {
        $editor = $this->users->editor();
        $this->assertDatabaseMissing('mfa_values', ['user_id' => $editor->id]);

        // Setup page state
        $resp = $this->actingAs($editor)->get('/mfa/setup');
        $this->withHtml($resp)->assertElementContains('a[href$="/mfa/totp/generate"]', 'Setup');

        // Generate page access
        $resp = $this->get('/mfa/totp/generate');
        $resp->assertSee('Mobile App Setup');
        $resp->assertSee('Verify Setup');
        $this->withHtml($resp)->assertElementExists('form[action$="/mfa/totp/confirm"] button');
        $this->assertSessionHas('mfa-setup-totp-secret');
        $svg = $this->withHtml($resp)->getOuterHtml('#main-content .card svg');

        // Validation error, code should remain the same
        $resp = $this->post('/mfa/totp/confirm', [
            'code' => 'abc123',
        ]);
        $resp->assertRedirect('/mfa/totp/generate');
        $resp = $this->followRedirects($resp);
        $resp->assertSee('The provided code is not valid or has expired.');
        $revisitSvg = $this->withHtml($resp)->getOuterHtml('#main-content .card svg');
        $this->assertTrue($svg === $revisitSvg);
        $secret = decrypt(session()->get('mfa-setup-totp-secret'));

        $resp->assertSee("?secret={$secret}&issuer=BookStack&algorithm=SHA1&digits=6&period=30");

        // Successful confirmation
        $google2fa = new Google2FA();
        $otp = $google2fa->getCurrentOtp($secret);
        $resp = $this->post('/mfa/totp/confirm', [
            'code' => $otp,
        ]);
        $resp->assertRedirect('/mfa/setup');

        // Confirmation of setup
        $resp = $this->followRedirects($resp);
        $resp->assertSee('Multi-factor method successfully configured');
        $this->withHtml($resp)->assertElementContains('a[href$="/mfa/totp/generate"]', 'Reconfigure');

        $this->assertDatabaseHas('mfa_values', [
            'user_id' => $editor->id,
            'method'  => 'totp',
        ]);
        $this->assertFalse(session()->has('mfa-setup-totp-secret'));
        $value = MfaValue::query()->where('user_id', '=', $editor->id)
            ->where('method', '=', 'totp')->first();
        $this->assertEquals($secret, decrypt($value->value));
    }

    public function test_backup_codes_setup()
    {
        $editor = $this->users->editor();
        $this->assertDatabaseMissing('mfa_values', ['user_id' => $editor->id]);

        // Setup page state
        $resp = $this->actingAs($editor)->get('/mfa/setup');
        $this->withHtml($resp)->assertElementContains('a[href$="/mfa/backup_codes/generate"]', 'Setup');

        // Generate page access
        $resp = $this->get('/mfa/backup_codes/generate');
        $resp->assertSee('Backup Codes');
        $this->withHtml($resp)->assertElementContains('form[action$="/mfa/backup_codes/confirm"]', 'Confirm and Enable');
        $this->assertSessionHas('mfa-setup-backup-codes');
        $codes = decrypt(session()->get('mfa-setup-backup-codes'));
        // Check code format
        $this->assertCount(16, $codes);
        $this->assertEquals(16 * 11, strlen(implode('', $codes)));
        // Check download link
        $resp->assertSee(base64_encode(implode("\n\n", $codes)));

        // Confirm submit
        $resp = $this->post('/mfa/backup_codes/confirm');
        $resp->assertRedirect('/mfa/setup');

        // Confirmation of setup
        $resp = $this->followRedirects($resp);
        $resp->assertSee('Multi-factor method successfully configured');
        $this->withHtml($resp)->assertElementContains('a[href$="/mfa/backup_codes/generate"]', 'Reconfigure');

        $this->assertDatabaseHas('mfa_values', [
            'user_id' => $editor->id,
            'method'  => 'backup_codes',
        ]);
        $this->assertFalse(session()->has('mfa-setup-backup-codes'));
        $value = MfaValue::query()->where('user_id', '=', $editor->id)
            ->where('method', '=', 'backup_codes')->first();
        $this->assertEquals($codes, json_decode(decrypt($value->value)));
    }

    public function test_backup_codes_cannot_be_confirmed_if_not_previously_generated()
    {
        $resp = $this->asEditor()->post('/mfa/backup_codes/confirm');
        $resp->assertStatus(500);
    }

    public function test_mfa_method_count_is_visible_on_user_edit_page()
    {
        $user = $this->users->editor();
        $resp = $this->actingAs($this->users->admin())->get($user->getEditUrl());
        $resp->assertSee('0 methods configured');

        MfaValue::upsertWithValue($user, MfaValue::METHOD_TOTP, 'test');
        $resp = $this->get($user->getEditUrl());
        $resp->assertSee('1 method configured');

        MfaValue::upsertWithValue($user, MfaValue::METHOD_BACKUP_CODES, 'test');
        $resp = $this->get($user->getEditUrl());
        $resp->assertSee('2 methods configured');
    }

    public function test_mfa_setup_link_only_shown_when_viewing_own_user_edit_page()
    {
        $admin = $this->users->admin();
        $resp = $this->actingAs($admin)->get($admin->getEditUrl());
        $this->withHtml($resp)->assertElementExists('a[href$="/mfa/setup"]');

        $resp = $this->actingAs($admin)->get($this->users->editor()->getEditUrl());
        $this->withHtml($resp)->assertElementNotExists('a[href$="/mfa/setup"]');
    }

    public function test_mfa_indicator_shows_in_user_list()
    {
        $admin = $this->users->admin();
        User::query()->where('id', '!=', $admin->id)->delete();

        $resp = $this->actingAs($admin)->get('/settings/users');
        $this->withHtml($resp)->assertElementNotExists('[title="MFA Configured"] svg');

        MfaValue::upsertWithValue($admin, MfaValue::METHOD_TOTP, 'test');
        $resp = $this->actingAs($admin)->get('/settings/users');
        $this->withHtml($resp)->assertElementExists('[title="MFA Configured"] svg');
    }

    public function test_remove_mfa_method()
    {
        $admin = $this->users->admin();

        MfaValue::upsertWithValue($admin, MfaValue::METHOD_TOTP, 'test');
        $this->assertEquals(1, $admin->mfaValues()->count());
        $resp = $this->actingAs($admin)->get('/mfa/setup');
        $this->withHtml($resp)->assertElementExists('form[action$="/mfa/totp/remove"]');

        $resp = $this->delete('/mfa/totp/remove');
        $resp->assertRedirect('/mfa/setup');
        $resp = $this->followRedirects($resp);
        $resp->assertSee('Multi-factor method successfully removed');

        $this->assertActivityExists(ActivityType::MFA_REMOVE_METHOD);
        $this->assertEquals(0, $admin->mfaValues()->count());
    }

    public function test_totp_setup_url_shows_correct_user_when_setup_forced_upon_login()
    {
        $admin = $this->users->admin();
        /** @var Role $role */
        $role = $admin->roles()->first();
        $role->mfa_enforced = true;
        $role->save();

        $resp = $this->post('/login', ['email' => $admin->email, 'password' => 'password']);
        $this->assertFalse(auth()->check());
        $resp->assertRedirect('/mfa/verify');

        $resp = $this->get('/mfa/totp/generate');
        $resp->assertSeeText('Mobile App Setup');
        $resp->assertDontSee('otpauth://totp/BookStack:guest%40example.com', false);
        $resp->assertSee('otpauth://totp/BookStack:admin%40admin.com', false);
    }
}
Covered TOTP setup with testing 2021-07-03 02:51:30 +08:00			`<?php`

			`namespace Tests\Auth;`

Added the ability to remove an MFA method Includes testing to cover 2021-07-15 04:27:21 +08:00			`use BookStack\Actions\ActivityType;`
Added backup code setup flow - Includes testing to cover flow. - Moved TOTP logic to its own controller. - Added some extra totp tests. 2021-07-03 03:53:33 +08:00			`use BookStack\Auth\Access\Mfa\MfaValue;`
Fixed guest user email showing in TOTP setup url - Occured during enforced MFA setup upon login. - Added test to cover. Fixes #2971 2021-10-15 01:02:16 +08:00			`use BookStack\Auth\Role;`
Added MFA indicator to user list Also fixed issue with showing incorrect MFA method count on user edit page changes done in last commit 2021-07-15 03:18:48 +08:00			`use BookStack\Auth\User;`
Covered TOTP setup with testing 2021-07-03 02:51:30 +08:00			`use PragmaRX\Google2FA\Google2FA;`
			`use Tests\TestCase;`

			`class MfaConfigurationTest extends TestCase`
			`{`
			`public function test_totp_setup()`
			`{`
Copied over work from user_permissions branch Only that relevant to the additional testing work. 2023-01-21 19:08:34 +08:00			`$editor = $this->users->editor();`
Covered TOTP setup with testing 2021-07-03 02:51:30 +08:00			`$this->assertDatabaseMissing('mfa_values', ['user_id' => $editor->id]);`

			`// Setup page state`
			`$resp = $this->actingAs($editor)->get('/mfa/setup');`
Updated tests to use ssddanbrown/asserthtml package Closes #3519 2022-07-23 22:10:18 +08:00			`$this->withHtml($resp)->assertElementContains('a[href$="/mfa/totp/generate"]', 'Setup');`
Covered TOTP setup with testing 2021-07-03 02:51:30 +08:00
			`// Generate page access`
Worked on MFA setup required flow - Restructured some of the route naming to be a little more consistent. - Moved the routes about to be more logically in one place. - Created a new middleware to handle the auth of people that should be allowed access to mfa setup routes, since these could be used by existing logged in users or by people needing to setup MFA on access. - Added testing to cover MFA setup required flow. - Added TTL and method tracking to session last-login tracking system. 2021-08-03 05:02:25 +08:00			`$resp = $this->get('/mfa/totp/generate');`
Covered TOTP setup with testing 2021-07-03 02:51:30 +08:00			`$resp->assertSee('Mobile App Setup');`
			`$resp->assertSee('Verify Setup');`
Updated tests to use ssddanbrown/asserthtml package Closes #3519 2022-07-23 22:10:18 +08:00			`$this->withHtml($resp)->assertElementExists('form[action$="/mfa/totp/confirm"] button');`
Covered TOTP setup with testing 2021-07-03 02:51:30 +08:00			`$this->assertSessionHas('mfa-setup-totp-secret');`
Updated tests to use ssddanbrown/asserthtml package Closes #3519 2022-07-23 22:10:18 +08:00			`$svg = $this->withHtml($resp)->getOuterHtml('#main-content .card svg');`
Covered TOTP setup with testing 2021-07-03 02:51:30 +08:00
			`// Validation error, code should remain the same`
Worked on MFA setup required flow - Restructured some of the route naming to be a little more consistent. - Moved the routes about to be more logically in one place. - Created a new middleware to handle the auth of people that should be allowed access to mfa setup routes, since these could be used by existing logged in users or by people needing to setup MFA on access. - Added testing to cover MFA setup required flow. - Added TTL and method tracking to session last-login tracking system. 2021-08-03 05:02:25 +08:00			`$resp = $this->post('/mfa/totp/confirm', [`
Covered TOTP setup with testing 2021-07-03 02:51:30 +08:00			`'code' => 'abc123',`
			`]);`
Worked on MFA setup required flow - Restructured some of the route naming to be a little more consistent. - Moved the routes about to be more logically in one place. - Created a new middleware to handle the auth of people that should be allowed access to mfa setup routes, since these could be used by existing logged in users or by people needing to setup MFA on access. - Added testing to cover MFA setup required flow. - Added TTL and method tracking to session last-login tracking system. 2021-08-03 05:02:25 +08:00			`$resp->assertRedirect('/mfa/totp/generate');`
Covered TOTP setup with testing 2021-07-03 02:51:30 +08:00			`$resp = $this->followRedirects($resp);`
			`$resp->assertSee('The provided code is not valid or has expired.');`
Updated tests to use ssddanbrown/asserthtml package Closes #3519 2022-07-23 22:10:18 +08:00			`$revisitSvg = $this->withHtml($resp)->getOuterHtml('#main-content .card svg');`
Covered TOTP setup with testing 2021-07-03 02:51:30 +08:00			`$this->assertTrue($svg === $revisitSvg);`
Made the TOTP URL visible during setup Useful for some non-scanner type apps. Closes #2908 2021-09-02 03:58:19 +08:00			`$secret = decrypt(session()->get('mfa-setup-totp-secret'));`

Laravel 7.x Shift (#3011) * Apply Laravel coding style * Shift bindings * Shift core files * Shift to Throwable * Add laravel/ui dependency * Shift Eloquent methods * Shift config files * Shift Laravel dependencies * Shift cleanup * Shift test config and references * Applied styleci changes * Applied fixes post shift to laravel 7 Co-authored-by: Shift <shift@laravelshift.com> 2021-10-27 05:04:18 +08:00			`$resp->assertSee("?secret={$secret}&issuer=BookStack&algorithm=SHA1&digits=6&period=30");`
Covered TOTP setup with testing 2021-07-03 02:51:30 +08:00
			`// Successful confirmation`
			`$google2fa = new Google2FA();`
Added backup code setup flow - Includes testing to cover flow. - Moved TOTP logic to its own controller. - Added some extra totp tests. 2021-07-03 03:53:33 +08:00			`$otp = $google2fa->getCurrentOtp($secret);`
Worked on MFA setup required flow - Restructured some of the route naming to be a little more consistent. - Moved the routes about to be more logically in one place. - Created a new middleware to handle the auth of people that should be allowed access to mfa setup routes, since these could be used by existing logged in users or by people needing to setup MFA on access. - Added testing to cover MFA setup required flow. - Added TTL and method tracking to session last-login tracking system. 2021-08-03 05:02:25 +08:00			`$resp = $this->post('/mfa/totp/confirm', [`
Covered TOTP setup with testing 2021-07-03 02:51:30 +08:00			`'code' => $otp,`
			`]);`
			`$resp->assertRedirect('/mfa/setup');`

			`// Confirmation of setup`
			`$resp = $this->followRedirects($resp);`
			`$resp->assertSee('Multi-factor method successfully configured');`
Updated tests to use ssddanbrown/asserthtml package Closes #3519 2022-07-23 22:10:18 +08:00			`$this->withHtml($resp)->assertElementContains('a[href$="/mfa/totp/generate"]', 'Reconfigure');`
Added backup code setup flow - Includes testing to cover flow. - Moved TOTP logic to its own controller. - Added some extra totp tests. 2021-07-03 03:53:33 +08:00
			`$this->assertDatabaseHas('mfa_values', [`
			`'user_id' => $editor->id,`
Apply fixes from StyleCI 2021-08-21 22:49:40 +08:00			`'method' => 'totp',`
Added backup code setup flow - Includes testing to cover flow. - Moved TOTP logic to its own controller. - Added some extra totp tests. 2021-07-03 03:53:33 +08:00			`]);`
			`$this->assertFalse(session()->has('mfa-setup-totp-secret'));`
			`$value = MfaValue::query()->where('user_id', '=', $editor->id)`
			`->where('method', '=', 'totp')->first();`
			`$this->assertEquals($secret, decrypt($value->value));`
			`}`

			`public function test_backup_codes_setup()`
			`{`
Copied over work from user_permissions branch Only that relevant to the additional testing work. 2023-01-21 19:08:34 +08:00			`$editor = $this->users->editor();`
Added backup code setup flow - Includes testing to cover flow. - Moved TOTP logic to its own controller. - Added some extra totp tests. 2021-07-03 03:53:33 +08:00			`$this->assertDatabaseMissing('mfa_values', ['user_id' => $editor->id]);`

			`// Setup page state`
			`$resp = $this->actingAs($editor)->get('/mfa/setup');`
Updated tests to use ssddanbrown/asserthtml package Closes #3519 2022-07-23 22:10:18 +08:00			`$this->withHtml($resp)->assertElementContains('a[href$="/mfa/backup_codes/generate"]', 'Setup');`
Added backup code setup flow - Includes testing to cover flow. - Moved TOTP logic to its own controller. - Added some extra totp tests. 2021-07-03 03:53:33 +08:00
			`// Generate page access`
Worked on MFA setup required flow - Restructured some of the route naming to be a little more consistent. - Moved the routes about to be more logically in one place. - Created a new middleware to handle the auth of people that should be allowed access to mfa setup routes, since these could be used by existing logged in users or by people needing to setup MFA on access. - Added testing to cover MFA setup required flow. - Added TTL and method tracking to session last-login tracking system. 2021-08-03 05:02:25 +08:00			`$resp = $this->get('/mfa/backup_codes/generate');`
Added backup code setup flow - Includes testing to cover flow. - Moved TOTP logic to its own controller. - Added some extra totp tests. 2021-07-03 03:53:33 +08:00			`$resp->assertSee('Backup Codes');`
Updated tests to use ssddanbrown/asserthtml package Closes #3519 2022-07-23 22:10:18 +08:00			`$this->withHtml($resp)->assertElementContains('form[action$="/mfa/backup_codes/confirm"]', 'Confirm and Enable');`
Added backup code setup flow - Includes testing to cover flow. - Moved TOTP logic to its own controller. - Added some extra totp tests. 2021-07-03 03:53:33 +08:00			`$this->assertSessionHas('mfa-setup-backup-codes');`
			`$codes = decrypt(session()->get('mfa-setup-backup-codes'));`
			`// Check code format`
			`$this->assertCount(16, $codes);`
Apply fixes from StyleCI 2021-08-21 22:49:40 +08:00			`$this->assertEquals(16 * 11, strlen(implode('', $codes)));`
Added backup code setup flow - Includes testing to cover flow. - Moved TOTP logic to its own controller. - Added some extra totp tests. 2021-07-03 03:53:33 +08:00			`// Check download link`
			`$resp->assertSee(base64_encode(implode("\n\n", $codes)));`

			`// Confirm submit`
Worked on MFA setup required flow - Restructured some of the route naming to be a little more consistent. - Moved the routes about to be more logically in one place. - Created a new middleware to handle the auth of people that should be allowed access to mfa setup routes, since these could be used by existing logged in users or by people needing to setup MFA on access. - Added testing to cover MFA setup required flow. - Added TTL and method tracking to session last-login tracking system. 2021-08-03 05:02:25 +08:00			`$resp = $this->post('/mfa/backup_codes/confirm');`
Added backup code setup flow - Includes testing to cover flow. - Moved TOTP logic to its own controller. - Added some extra totp tests. 2021-07-03 03:53:33 +08:00			`$resp->assertRedirect('/mfa/setup');`

			`// Confirmation of setup`
			`$resp = $this->followRedirects($resp);`
			`$resp->assertSee('Multi-factor method successfully configured');`
Updated tests to use ssddanbrown/asserthtml package Closes #3519 2022-07-23 22:10:18 +08:00			`$this->withHtml($resp)->assertElementContains('a[href$="/mfa/backup_codes/generate"]', 'Reconfigure');`
Added backup code setup flow - Includes testing to cover flow. - Moved TOTP logic to its own controller. - Added some extra totp tests. 2021-07-03 03:53:33 +08:00
			`$this->assertDatabaseHas('mfa_values', [`
			`'user_id' => $editor->id,`
Apply fixes from StyleCI 2021-08-21 22:49:40 +08:00			`'method' => 'backup_codes',`
Added backup code setup flow - Includes testing to cover flow. - Moved TOTP logic to its own controller. - Added some extra totp tests. 2021-07-03 03:53:33 +08:00			`]);`
			`$this->assertFalse(session()->has('mfa-setup-backup-codes'));`
			`$value = MfaValue::query()->where('user_id', '=', $editor->id)`
			`->where('method', '=', 'backup_codes')->first();`
			`$this->assertEquals($codes, json_decode(decrypt($value->value)));`
			`}`

			`public function test_backup_codes_cannot_be_confirmed_if_not_previously_generated()`
			`{`
Worked on MFA setup required flow - Restructured some of the route naming to be a little more consistent. - Moved the routes about to be more logically in one place. - Created a new middleware to handle the auth of people that should be allowed access to mfa setup routes, since these could be used by existing logged in users or by people needing to setup MFA on access. - Added testing to cover MFA setup required flow. - Added TTL and method tracking to session last-login tracking system. 2021-08-03 05:02:25 +08:00			`$resp = $this->asEditor()->post('/mfa/backup_codes/confirm');`
Added backup code setup flow - Includes testing to cover flow. - Moved TOTP logic to its own controller. - Added some extra totp tests. 2021-07-03 03:53:33 +08:00			`$resp->assertStatus(500);`
Covered TOTP setup with testing 2021-07-03 02:51:30 +08:00			`}`

Added MFA setup link on user edit view 2021-07-15 03:06:41 +08:00			`public function test_mfa_method_count_is_visible_on_user_edit_page()`
			`{`
Copied over work from user_permissions branch Only that relevant to the additional testing work. 2023-01-21 19:08:34 +08:00			`$user = $this->users->editor();`
			`$resp = $this->actingAs($this->users->admin())->get($user->getEditUrl());`
Added MFA setup link on user edit view 2021-07-15 03:06:41 +08:00			`$resp->assertSee('0 methods configured');`

Added MFA indicator to user list Also fixed issue with showing incorrect MFA method count on user edit page changes done in last commit 2021-07-15 03:18:48 +08:00			`MfaValue::upsertWithValue($user, MfaValue::METHOD_TOTP, 'test');`
			`$resp = $this->get($user->getEditUrl());`
Added MFA setup link on user edit view 2021-07-15 03:06:41 +08:00			`$resp->assertSee('1 method configured');`

Added MFA indicator to user list Also fixed issue with showing incorrect MFA method count on user edit page changes done in last commit 2021-07-15 03:18:48 +08:00			`MfaValue::upsertWithValue($user, MfaValue::METHOD_BACKUP_CODES, 'test');`
			`$resp = $this->get($user->getEditUrl());`
Added MFA setup link on user edit view 2021-07-15 03:06:41 +08:00			`$resp->assertSee('2 methods configured');`
			`}`

			`public function test_mfa_setup_link_only_shown_when_viewing_own_user_edit_page()`
			`{`
Copied over work from user_permissions branch Only that relevant to the additional testing work. 2023-01-21 19:08:34 +08:00			`$admin = $this->users->admin();`
Added MFA setup link on user edit view 2021-07-15 03:06:41 +08:00			`$resp = $this->actingAs($admin)->get($admin->getEditUrl());`
Updated tests to use ssddanbrown/asserthtml package Closes #3519 2022-07-23 22:10:18 +08:00			`$this->withHtml($resp)->assertElementExists('a[href$="/mfa/setup"]');`
Added MFA setup link on user edit view 2021-07-15 03:06:41 +08:00
Copied over work from user_permissions branch Only that relevant to the additional testing work. 2023-01-21 19:08:34 +08:00			`$resp = $this->actingAs($admin)->get($this->users->editor()->getEditUrl());`
Updated tests to use ssddanbrown/asserthtml package Closes #3519 2022-07-23 22:10:18 +08:00			`$this->withHtml($resp)->assertElementNotExists('a[href$="/mfa/setup"]');`
Added MFA setup link on user edit view 2021-07-15 03:06:41 +08:00			`}`

Added MFA indicator to user list Also fixed issue with showing incorrect MFA method count on user edit page changes done in last commit 2021-07-15 03:18:48 +08:00			`public function test_mfa_indicator_shows_in_user_list()`
			`{`
Copied over work from user_permissions branch Only that relevant to the additional testing work. 2023-01-21 19:08:34 +08:00			`$admin = $this->users->admin();`
Added MFA indicator to user list Also fixed issue with showing incorrect MFA method count on user edit page changes done in last commit 2021-07-15 03:18:48 +08:00			`User::query()->where('id', '!=', $admin->id)->delete();`

			`$resp = $this->actingAs($admin)->get('/settings/users');`
Updated tests to use ssddanbrown/asserthtml package Closes #3519 2022-07-23 22:10:18 +08:00			`$this->withHtml($resp)->assertElementNotExists('[title="MFA Configured"] svg');`
Added MFA indicator to user list Also fixed issue with showing incorrect MFA method count on user edit page changes done in last commit 2021-07-15 03:18:48 +08:00
			`MfaValue::upsertWithValue($admin, MfaValue::METHOD_TOTP, 'test');`
			`$resp = $this->actingAs($admin)->get('/settings/users');`
Updated tests to use ssddanbrown/asserthtml package Closes #3519 2022-07-23 22:10:18 +08:00			`$this->withHtml($resp)->assertElementExists('[title="MFA Configured"] svg');`
Added MFA indicator to user list Also fixed issue with showing incorrect MFA method count on user edit page changes done in last commit 2021-07-15 03:18:48 +08:00			`}`

Added the ability to remove an MFA method Includes testing to cover 2021-07-15 04:27:21 +08:00			`public function test_remove_mfa_method()`
			`{`
Copied over work from user_permissions branch Only that relevant to the additional testing work. 2023-01-21 19:08:34 +08:00			`$admin = $this->users->admin();`
Added the ability to remove an MFA method Includes testing to cover 2021-07-15 04:27:21 +08:00
			`MfaValue::upsertWithValue($admin, MfaValue::METHOD_TOTP, 'test');`
			`$this->assertEquals(1, $admin->mfaValues()->count());`
			`$resp = $this->actingAs($admin)->get('/mfa/setup');`
Updated tests to use ssddanbrown/asserthtml package Closes #3519 2022-07-23 22:10:18 +08:00			`$this->withHtml($resp)->assertElementExists('form[action$="/mfa/totp/remove"]');`
Added the ability to remove an MFA method Includes testing to cover 2021-07-15 04:27:21 +08:00
Apply fixes from StyleCI 2021-08-21 22:49:40 +08:00			`$resp = $this->delete('/mfa/totp/remove');`
			`$resp->assertRedirect('/mfa/setup');`
Added the ability to remove an MFA method Includes testing to cover 2021-07-15 04:27:21 +08:00			`$resp = $this->followRedirects($resp);`
			`$resp->assertSee('Multi-factor method successfully removed');`

			`$this->assertActivityExists(ActivityType::MFA_REMOVE_METHOD);`
			`$this->assertEquals(0, $admin->mfaValues()->count());`
			`}`
Fixed guest user email showing in TOTP setup url - Occured during enforced MFA setup upon login. - Added test to cover. Fixes #2971 2021-10-15 01:02:16 +08:00
			`public function test_totp_setup_url_shows_correct_user_when_setup_forced_upon_login()`
			`{`
Copied over work from user_permissions branch Only that relevant to the additional testing work. 2023-01-21 19:08:34 +08:00			`$admin = $this->users->admin();`
Fixed guest user email showing in TOTP setup url - Occured during enforced MFA setup upon login. - Added test to cover. Fixes #2971 2021-10-15 01:02:16 +08:00			`/** @var Role $role */`
			`$role = $admin->roles()->first();`
			`$role->mfa_enforced = true;`
			`$role->save();`

			`$resp = $this->post('/login', ['email' => $admin->email, 'password' => 'password']);`
			`$this->assertFalse(auth()->check());`
			`$resp->assertRedirect('/mfa/verify');`

			`$resp = $this->get('/mfa/totp/generate');`
			`$resp->assertSeeText('Mobile App Setup');`
Laravel 7.x Shift (#3011) * Apply Laravel coding style * Shift bindings * Shift core files * Shift to Throwable * Add laravel/ui dependency * Shift Eloquent methods * Shift config files * Shift Laravel dependencies * Shift cleanup * Shift test config and references * Applied styleci changes * Applied fixes post shift to laravel 7 Co-authored-by: Shift <shift@laravelshift.com> 2021-10-27 05:04:18 +08:00			`$resp->assertDontSee('otpauth://totp/BookStack:guest%40example.com', false);`
			`$resp->assertSee('otpauth://totp/BookStack:admin%40admin.com', false);`
Fixed guest user email showing in TOTP setup url - Occured during enforced MFA setup upon login. - Added test to cover. Fixes #2971 2021-10-15 01:02:16 +08:00			`}`
Apply fixes from StyleCI 2021-08-21 22:49:40 +08:00			`}`