colin
/
bookstack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added login throttling test, updated reset-pw test method names

This commit is contained in:
Dan Brown 2022-09-22 17:29:38 +01:00
parent 90b4257889
commit 5c5ea64228
No known key found for this signature in database
GPG Key ID: 46D9F943C24A2EF9
2 changed files with 17 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
tests/Auth/AuthTest.php
View File

@ -133,6 +133,19 @@ class AuthTest extends TestCase
$this->assertFalse(auth()->check()); $this->assertFalse(auth()->check());
} }
public function test_login_attempts_are_rate_limited()
{
for ($i = 0; $i < 5; $i++) {
$resp = $this->login('bennynotexisting@example.com', 'pw123');
}
$resp = $this->followRedirects($resp);
$resp->assertSee('These credentials do not match our records.');
// Check the fifth attempt provides a lockout response
$resp = $this->followRedirects($this->login('bennynotexisting@example.com', 'pw123'));
$resp->assertSee('Too many login attempts. Please try again in');
}
/** /**
* Perform a login. * Perform a login.
*/ */

8
tests/Auth/ResetPasswordTest.php
View File

@ -9,7 +9,7 @@ use Tests\TestCase;
class ResetPasswordTest extends TestCase class ResetPasswordTest extends TestCase
{ {
public function test_reset_password_flow() public function test_reset_flow()
{ {
Notification::fake(); Notification::fake();
@ -52,7 +52,7 @@ class ResetPasswordTest extends TestCase
$this->get('/')->assertSee('Your password has been successfully reset'); $this->get('/')->assertSee('Your password has been successfully reset');
} }
public function test_reset_password_flow_shows_success_message_even_if_wrong_password_to_prevent_user_discovery() public function test_reset_flow_shows_success_message_even_if_wrong_password_to_prevent_user_discovery()
{ {
$this->get('/password/email'); $this->get('/password/email');
$resp = $this->followingRedirects()->post('/password/email', [ $resp = $this->followingRedirects()->post('/password/email', [
@ -75,7 +75,7 @@ class ResetPasswordTest extends TestCase
->assertSee('The password reset token is invalid for this email address.'); ->assertSee('The password reset token is invalid for this email address.');
} }
public function test_reset_password_page_shows_sign_links() public function test_reset_page_shows_sign_links()
{ {
$this->setSettings(['registration-enabled' => 'true']); $this->setSettings(['registration-enabled' => 'true']);
$resp = $this->get('/password/email'); $resp = $this->get('/password/email');
@ -83,7 +83,7 @@ class ResetPasswordTest extends TestCase
->assertElementContains('a', 'Sign up'); ->assertElementContains('a', 'Sign up');
} }
public function test_reset_password_request_is_throttled() public function test_reset_request_is_throttled()
{ {
$editor = $this->getEditor(); $editor = $this->getEditor();
Notification::fake(); Notification::fake();