2022-03-31 08:38:35 +02:00
|
|
|
<?php
|
|
|
|
|
|
2022-03-31 12:09:25 +02:00
|
|
|
namespace Tests\Feature\Http\Auth;
|
2022-03-31 08:38:35 +02:00
|
|
|
|
2023-08-01 11:28:27 +02:00
|
|
|
use App\Extensions\WebauthnCredentialBroker;
|
|
|
|
|
use App\Http\Controllers\Auth\WebAuthnDeviceLostController;
|
|
|
|
|
use App\Http\Requests\WebauthnDeviceLostRequest;
|
2022-03-31 08:38:35 +02:00
|
|
|
use App\Models\User;
|
2022-12-09 10:52:17 +01:00
|
|
|
use App\Notifications\WebauthnRecoveryNotification;
|
2023-08-01 11:28:27 +02:00
|
|
|
use App\Providers\AuthServiceProvider;
|
2024-06-26 14:29:13 +02:00
|
|
|
use App\Rules\CaseInsensitiveEmailExists;
|
2022-12-13 12:07:29 +01:00
|
|
|
use Illuminate\Support\Facades\Notification;
|
2023-08-01 11:28:27 +02:00
|
|
|
use PHPUnit\Framework\Attributes\CoversClass;
|
2024-06-26 14:29:13 +02:00
|
|
|
use PHPUnit\Framework\Attributes\CoversMethod;
|
|
|
|
|
use PHPUnit\Framework\Attributes\Test;
|
2022-12-13 12:07:29 +01:00
|
|
|
use Tests\FeatureTestCase;
|
2022-03-31 08:38:35 +02:00
|
|
|
|
2022-12-09 10:52:17 +01:00
|
|
|
/**
|
2023-08-01 11:28:27 +02:00
|
|
|
* WebAuthnDeviceLostControllerTest test class
|
2022-12-09 10:52:17 +01:00
|
|
|
*/
|
2024-07-03 11:16:08 +02:00
|
|
|
#[CoversMethod(User::class, 'sendWebauthnRecoveryNotification')]
|
2023-08-01 11:28:27 +02:00
|
|
|
#[CoversClass(WebAuthnDeviceLostController::class)]
|
|
|
|
|
#[CoversClass(WebauthnRecoveryNotification::class)]
|
|
|
|
|
#[CoversClass(WebauthnCredentialBroker::class)]
|
|
|
|
|
#[CoversClass(WebauthnDeviceLostRequest::class)]
|
|
|
|
|
#[CoversClass(AuthServiceProvider::class)]
|
2024-06-26 14:29:13 +02:00
|
|
|
#[CoversMethod(CaseInsensitiveEmailExists::class, 'validate')]
|
2022-03-31 08:38:35 +02:00
|
|
|
class WebAuthnDeviceLostControllerTest extends FeatureTestCase
|
|
|
|
|
{
|
|
|
|
|
/**
|
|
|
|
|
* @var \App\Models\User
|
2022-11-22 15:15:52 +01:00
|
|
|
*/
|
2022-03-31 08:38:35 +02:00
|
|
|
protected $user;
|
|
|
|
|
|
2022-12-13 12:07:29 +01:00
|
|
|
public function setUp() : void
|
2022-03-31 08:38:35 +02:00
|
|
|
{
|
|
|
|
|
parent::setUp();
|
|
|
|
|
|
|
|
|
|
$this->user = User::factory()->create();
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-26 14:29:13 +02:00
|
|
|
#[Test]
|
2022-03-31 08:38:35 +02:00
|
|
|
public function test_sendRecoveryEmail_sends_notification_on_success()
|
|
|
|
|
{
|
|
|
|
|
Notification::fake();
|
|
|
|
|
|
|
|
|
|
$response = $this->json('POST', '/webauthn/lost', [
|
|
|
|
|
'email' => $this->user->email,
|
|
|
|
|
]);
|
|
|
|
|
|
2022-12-09 10:52:17 +01:00
|
|
|
Notification::assertSentTo($this->user, WebauthnRecoveryNotification::class);
|
2022-03-31 08:38:35 +02:00
|
|
|
|
|
|
|
|
$response->assertStatus(200)
|
2022-12-09 10:52:17 +01:00
|
|
|
->assertJsonStructure([
|
|
|
|
|
'message',
|
|
|
|
|
]);
|
|
|
|
|
|
2024-01-26 18:16:55 +01:00
|
|
|
$this->assertDatabaseHas(config('auth.passwords.webauthn.table'), [
|
2022-12-13 12:07:29 +01:00
|
|
|
'email' => $this->user->email,
|
2022-12-09 10:52:17 +01:00
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-26 14:29:13 +02:00
|
|
|
#[Test]
|
2022-12-09 10:52:17 +01:00
|
|
|
public function test_sendRecoveryEmail_does_not_send_anything_to_unknown_email()
|
|
|
|
|
{
|
|
|
|
|
Notification::fake();
|
|
|
|
|
|
|
|
|
|
$response = $this->json('POST', '/webauthn/lost', [
|
|
|
|
|
'email' => 'bad@email.com',
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
Notification::assertNothingSent();
|
|
|
|
|
|
|
|
|
|
$response->assertStatus(422)
|
|
|
|
|
->assertJsonValidationErrors([
|
|
|
|
|
'email',
|
|
|
|
|
]);
|
|
|
|
|
|
2024-01-26 18:16:55 +01:00
|
|
|
$this->assertDatabaseMissing(config('auth.passwords.webauthn.table'), [
|
2022-12-13 12:07:29 +01:00
|
|
|
'email' => 'bad@email.com',
|
2022-03-31 08:38:35 +02:00
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-26 14:29:13 +02:00
|
|
|
#[Test]
|
2022-12-09 10:52:17 +01:00
|
|
|
public function test_sendRecoveryEmail_does_not_send_anything_to_invalid_email()
|
2022-03-31 08:38:35 +02:00
|
|
|
{
|
|
|
|
|
Notification::fake();
|
|
|
|
|
|
|
|
|
|
$response = $this->json('POST', '/webauthn/lost', [
|
|
|
|
|
'email' => 'bad@email.com',
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
Notification::assertNothingSent();
|
|
|
|
|
|
|
|
|
|
$response->assertStatus(422)
|
2022-12-09 10:52:17 +01:00
|
|
|
->assertJsonValidationErrors([
|
|
|
|
|
'email',
|
|
|
|
|
]);
|
|
|
|
|
|
2024-01-26 18:16:55 +01:00
|
|
|
$this->assertDatabaseMissing(config('auth.passwords.webauthn.table'), [
|
2022-12-13 12:07:29 +01:00
|
|
|
'email' => 'bad@email.com',
|
2022-03-31 08:38:35 +02:00
|
|
|
]);
|
|
|
|
|
}
|
2022-12-09 10:52:17 +01:00
|
|
|
|
2024-06-26 14:29:13 +02:00
|
|
|
#[Test]
|
2022-12-09 10:52:17 +01:00
|
|
|
public function test_sendRecoveryEmail_does_not_send_anything_to_not_WebAuthnAuthenticatable()
|
|
|
|
|
{
|
|
|
|
|
$mock = $this->mock(\App\Extensions\WebauthnCredentialBroker::class)->makePartial();
|
|
|
|
|
$mock->shouldReceive('getUser')
|
2024-09-26 23:50:01 +02:00
|
|
|
->andReturn(new \Illuminate\Foundation\Auth\User);
|
2022-12-09 10:52:17 +01:00
|
|
|
|
|
|
|
|
Notification::fake();
|
|
|
|
|
|
|
|
|
|
$response = $this->json('POST', '/webauthn/lost', [
|
|
|
|
|
'email' => $this->user->email,
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
Notification::assertNothingSent();
|
|
|
|
|
|
|
|
|
|
$response->assertStatus(422)
|
|
|
|
|
->assertJsonValidationErrors([
|
|
|
|
|
'email',
|
|
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-26 14:29:13 +02:00
|
|
|
#[Test]
|
2022-12-09 10:52:17 +01:00
|
|
|
public function test_sendRecoveryEmail_is_throttled()
|
|
|
|
|
{
|
|
|
|
|
Notification::fake();
|
|
|
|
|
|
|
|
|
|
$response = $this->json('POST', '/webauthn/lost', [
|
|
|
|
|
'email' => $this->user->email,
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
Notification::assertSentTo($this->user, WebauthnRecoveryNotification::class);
|
|
|
|
|
|
|
|
|
|
$response->assertStatus(200)
|
|
|
|
|
->assertJsonStructure([
|
|
|
|
|
'message',
|
|
|
|
|
]);
|
|
|
|
|
|
2024-01-26 18:16:55 +01:00
|
|
|
$this->assertDatabaseHas(config('auth.passwords.webauthn.table'), [
|
2022-12-13 12:07:29 +01:00
|
|
|
'email' => $this->user->email,
|
2022-12-09 10:52:17 +01:00
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$this->json('POST', '/webauthn/lost', [
|
|
|
|
|
'email' => $this->user->email,
|
|
|
|
|
])
|
|
|
|
|
->assertStatus(422)
|
|
|
|
|
->assertJsonValidationErrorfor('email')
|
|
|
|
|
->assertJsonFragment([
|
2022-12-13 12:07:29 +01:00
|
|
|
'message' => __('passwords.throttled'),
|
2022-12-09 10:52:17 +01:00
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-26 14:29:13 +02:00
|
|
|
#[Test]
|
2022-12-09 10:52:17 +01:00
|
|
|
public function test_error_if_no_broker_is_set()
|
|
|
|
|
{
|
|
|
|
|
$this->app['config']->set('auth.passwords.webauthn', null);
|
|
|
|
|
|
|
|
|
|
$this->json('POST', '/webauthn/lost', [
|
2022-12-13 12:07:29 +01:00
|
|
|
'email' => $this->user->email,
|
2022-12-09 10:52:17 +01:00
|
|
|
])
|
|
|
|
|
->assertStatus(500);
|
|
|
|
|
}
|
2022-11-22 15:15:52 +01:00
|
|
|
}
|
