2FAuth/tests/Feature/Http/Auth/WebAuthnDeviceLostControllerTest.php

167 lines
4.6 KiB
PHP
Raw Normal View History

2022-03-31 08:38:35 +02:00
<?php
2022-03-31 12:09:25 +02:00
namespace Tests\Feature\Http\Auth;
2022-03-31 08:38:35 +02:00
2023-08-01 11:28:27 +02:00
use App\Extensions\WebauthnCredentialBroker;
use App\Http\Controllers\Auth\WebAuthnDeviceLostController;
use App\Http\Requests\WebauthnDeviceLostRequest;
2022-03-31 08:38:35 +02:00
use App\Models\User;
2022-12-09 10:52:17 +01:00
use App\Notifications\WebauthnRecoveryNotification;
2023-08-01 11:28:27 +02:00
use App\Providers\AuthServiceProvider;
use App\Rules\CaseInsensitiveEmailExists;
2022-12-13 12:07:29 +01:00
use Illuminate\Support\Facades\Notification;
2023-08-01 11:28:27 +02:00
use PHPUnit\Framework\Attributes\CoversClass;
use PHPUnit\Framework\Attributes\CoversMethod;
use PHPUnit\Framework\Attributes\Test;
2022-12-13 12:07:29 +01:00
use Tests\FeatureTestCase;
2022-03-31 08:38:35 +02:00
2022-12-09 10:52:17 +01:00
/**
2023-08-01 11:28:27 +02:00
* WebAuthnDeviceLostControllerTest test class
2022-12-09 10:52:17 +01:00
*/
2024-07-03 11:16:08 +02:00
#[CoversMethod(User::class, 'sendWebauthnRecoveryNotification')]
2023-08-01 11:28:27 +02:00
#[CoversClass(WebAuthnDeviceLostController::class)]
#[CoversClass(WebauthnRecoveryNotification::class)]
#[CoversClass(WebauthnCredentialBroker::class)]
#[CoversClass(WebauthnDeviceLostRequest::class)]
#[CoversClass(AuthServiceProvider::class)]
#[CoversMethod(CaseInsensitiveEmailExists::class, 'validate')]
2022-03-31 08:38:35 +02:00
class WebAuthnDeviceLostControllerTest extends FeatureTestCase
{
/**
* @var \App\Models\User
2022-11-22 15:15:52 +01:00
*/
2022-03-31 08:38:35 +02:00
protected $user;
2022-12-13 12:07:29 +01:00
public function setUp() : void
2022-03-31 08:38:35 +02:00
{
parent::setUp();
$this->user = User::factory()->create();
}
#[Test]
2022-03-31 08:38:35 +02:00
public function test_sendRecoveryEmail_sends_notification_on_success()
{
Notification::fake();
$response = $this->json('POST', '/webauthn/lost', [
'email' => $this->user->email,
]);
2022-12-09 10:52:17 +01:00
Notification::assertSentTo($this->user, WebauthnRecoveryNotification::class);
2022-03-31 08:38:35 +02:00
$response->assertStatus(200)
2022-12-09 10:52:17 +01:00
->assertJsonStructure([
'message',
]);
$this->assertDatabaseHas(config('auth.passwords.webauthn.table'), [
2022-12-13 12:07:29 +01:00
'email' => $this->user->email,
2022-12-09 10:52:17 +01:00
]);
}
#[Test]
2022-12-09 10:52:17 +01:00
public function test_sendRecoveryEmail_does_not_send_anything_to_unknown_email()
{
Notification::fake();
$response = $this->json('POST', '/webauthn/lost', [
'email' => 'bad@email.com',
]);
Notification::assertNothingSent();
$response->assertStatus(422)
->assertJsonValidationErrors([
'email',
]);
$this->assertDatabaseMissing(config('auth.passwords.webauthn.table'), [
2022-12-13 12:07:29 +01:00
'email' => 'bad@email.com',
2022-03-31 08:38:35 +02:00
]);
}
#[Test]
2022-12-09 10:52:17 +01:00
public function test_sendRecoveryEmail_does_not_send_anything_to_invalid_email()
2022-03-31 08:38:35 +02:00
{
Notification::fake();
$response = $this->json('POST', '/webauthn/lost', [
'email' => 'bad@email.com',
]);
Notification::assertNothingSent();
$response->assertStatus(422)
2022-12-09 10:52:17 +01:00
->assertJsonValidationErrors([
'email',
]);
$this->assertDatabaseMissing(config('auth.passwords.webauthn.table'), [
2022-12-13 12:07:29 +01:00
'email' => 'bad@email.com',
2022-03-31 08:38:35 +02:00
]);
}
2022-12-09 10:52:17 +01:00
#[Test]
2022-12-09 10:52:17 +01:00
public function test_sendRecoveryEmail_does_not_send_anything_to_not_WebAuthnAuthenticatable()
{
$mock = $this->mock(\App\Extensions\WebauthnCredentialBroker::class)->makePartial();
$mock->shouldReceive('getUser')
->andReturn(new \Illuminate\Foundation\Auth\User());
Notification::fake();
$response = $this->json('POST', '/webauthn/lost', [
'email' => $this->user->email,
]);
Notification::assertNothingSent();
$response->assertStatus(422)
->assertJsonValidationErrors([
'email',
]);
}
#[Test]
2022-12-09 10:52:17 +01:00
public function test_sendRecoveryEmail_is_throttled()
{
Notification::fake();
$response = $this->json('POST', '/webauthn/lost', [
'email' => $this->user->email,
]);
Notification::assertSentTo($this->user, WebauthnRecoveryNotification::class);
$response->assertStatus(200)
->assertJsonStructure([
'message',
]);
$this->assertDatabaseHas(config('auth.passwords.webauthn.table'), [
2022-12-13 12:07:29 +01:00
'email' => $this->user->email,
2022-12-09 10:52:17 +01:00
]);
$this->json('POST', '/webauthn/lost', [
'email' => $this->user->email,
])
->assertStatus(422)
->assertJsonValidationErrorfor('email')
->assertJsonFragment([
2022-12-13 12:07:29 +01:00
'message' => __('passwords.throttled'),
2022-12-09 10:52:17 +01:00
]);
}
#[Test]
2022-12-09 10:52:17 +01:00
public function test_error_if_no_broker_is_set()
{
$this->app['config']->set('auth.passwords.webauthn', null);
$this->json('POST', '/webauthn/lost', [
2022-12-13 12:07:29 +01:00
'email' => $this->user->email,
2022-12-09 10:52:17 +01:00
])
->assertStatus(500);
}
2022-11-22 15:15:52 +01:00
}