2FAuth/tests/Feature/Http/Auth/WebAuthnManageControllerTest.php

155 lines
7.0 KiB
PHP
Raw Normal View History

2022-03-31 08:38:35 +02:00
<?php
2022-03-31 12:09:25 +02:00
namespace Tests\Feature\Http\Auth;
2022-03-31 08:38:35 +02:00
2023-08-01 11:28:27 +02:00
use App\Http\Controllers\Auth\WebAuthnManageController;
use App\Http\Middleware\RejectIfReverseProxy;
use App\Models\Traits\WebAuthnManageCredentials;
2022-03-31 08:38:35 +02:00
use App\Models\User;
use Illuminate\Foundation\Testing\WithoutMiddleware;
2022-11-22 15:15:52 +01:00
use Illuminate\Support\Facades\DB;
2023-08-01 11:28:27 +02:00
use PHPUnit\Framework\Attributes\CoversClass;
use PHPUnit\Framework\Attributes\CoversTrait;
use PHPUnit\Framework\Attributes\Test;
2022-11-22 15:15:52 +01:00
use Tests\FeatureTestCase;
2022-03-31 08:38:35 +02:00
2022-12-09 10:52:17 +01:00
/**
2023-08-01 11:28:27 +02:00
* WebAuthnManageControllerTest test class
2022-12-09 10:52:17 +01:00
*/
2023-08-01 11:28:27 +02:00
#[CoversClass(WebAuthnManageController::class)]
#[CoversClass(RejectIfReverseProxy::class)]
#[CoversTrait(WebAuthnManageCredentials::class)]
2022-03-31 08:38:35 +02:00
class WebAuthnManageControllerTest extends FeatureTestCase
{
// use WithoutMiddleware;
2022-03-31 08:38:35 +02:00
/**
2023-03-10 16:03:42 +01:00
* @var \App\Models\User|\Illuminate\Contracts\Auth\Authenticatable
2022-11-22 15:15:52 +01:00
*/
2022-03-31 08:38:35 +02:00
protected $user;
public const CREDENTIAL_ID = '-VOLFKPY-_FuMI_sJ7gMllK76L3VoRUINj6lL_Z3qDg';
2022-11-22 15:15:52 +01:00
public const CREDENTIAL_ID_RAW = '+VOLFKPY+/FuMI/sJ7gMllK76L3VoRUINj6lL/Z3qDg=';
2022-12-13 12:07:29 +01:00
public function setUp() : void
2022-03-31 08:38:35 +02:00
{
parent::setUp();
$this->user = User::factory()->create();
}
#[Test]
2022-03-31 08:38:35 +02:00
public function test_index_returns_success_with_credentials()
{
DB::table('webauthn_credentials')->insert([
2022-11-22 15:15:52 +01:00
'id' => self::CREDENTIAL_ID,
'authenticatable_type' => \App\Models\User::class,
2022-11-22 15:15:52 +01:00
'authenticatable_id' => $this->user->id,
'user_id' => 'e8af6f703f8042aa91c30cf72289aa07',
'counter' => 0,
'rp_id' => 'http://localhost',
'origin' => 'http://localhost',
'aaguid' => '00000000-0000-0000-0000-000000000000',
'attestation_format' => 'none',
'public_key' => 'eyJpdiI6Imp0U0NVeFNNbW45KzEvMXpad2p2SUE9PSIsInZhbHVlIjoic0VxZ2I1WnlHM2lJakhkWHVkK2kzMWtibk1IN2ZlaExGT01qOElXMDdRTjhnVlR0TDgwOHk1S0xQUy9BQ1JCWHRLNzRtenNsMml1dVQydWtERjFEU0h0bkJGT2RwUXE1M1JCcVpablE2Y2VGV2YvVEE2RGFIRUE5L0x1K0JIQXhLVE1aNVNmN3AxeHdjRUo2V0hwREZSRTJYaThNNnB1VnozMlVXZEVPajhBL3d3ODlkTVN3bW54RTEwSG0ybzRQZFFNNEFrVytUYThub2IvMFRtUlBZamoyZElWKzR1bStZQ1IwU3FXbkYvSm1FU2FlMTFXYUo0SG9kc1BDME9CNUNKeE9IelE5d2dmNFNJRXBKNUdlVzJ3VHUrQWJZRFluK0hib0xvVTdWQ0ZISjZmOWF3by83aVJES1dxbU9Zd1lhRTlLVmhZSUdlWmlBOUFtcTM2ZVBaRWNKNEFSQUhENk5EaC9hN3REdnVFbm16WkRxekRWOXd4cVcvZFdKa2tlWWJqZWlmZnZLS0F1VEVCZEZQcXJkTExiNWRyQmxsZWtaSDRlT3VVS0ZBSXFBRG1JMjRUMnBKRXZxOUFUa2xxMjg2TEplUzdscVo2UytoVU5SdXk1OE1lcFN6aU05ZkVXTkdIM2tKM3Q5bmx1TGtYb1F5bGxxQVR3K3BVUVlia1VybDFKRm9lZDViNzYraGJRdmtUb2FNTEVGZmZYZ3lYRDRiOUVjRnJpcTVvWVExOHJHSTJpMnVBZ3E0TmljbUlKUUtXY2lSWDh1dE5MVDNRUzVRSkQrTjVJUU8rSGhpeFhRRjJvSEdQYjBoVT0iLCJtYWMiOiI5MTdmNWRkZGE5OTEwNzQ3MjhkYWVhYjRlNjk0MWZlMmI5OTQ4YzlmZWI1M2I4OGVkMjE1MjMxNjUwOWRmZTU2IiwidGFnIjoiIn0=',
'updated_at' => now(),
'created_at' => now(),
2022-03-31 08:38:35 +02:00
]);
$response = $this->actingAs($this->user, 'web-guard')
->json('GET', '/webauthn/credentials')
->assertStatus(200)
->assertJsonStructure([
'*' => [
'id',
'alias',
2022-11-22 15:15:52 +01:00
],
2022-03-31 08:38:35 +02:00
]);
}
#[Test]
2022-03-31 08:38:35 +02:00
public function test_rename_returns_success_with_new_name()
{
DB::table('webauthn_credentials')->insert([
2022-11-22 15:15:52 +01:00
'id' => self::CREDENTIAL_ID,
'authenticatable_type' => \App\Models\User::class,
2022-11-22 15:15:52 +01:00
'authenticatable_id' => $this->user->id,
'user_id' => 'e8af6f703f8042aa91c30cf72289aa07',
2023-03-27 09:18:07 +02:00
'alias' => 'MyOldCredential',
2022-11-22 15:15:52 +01:00
'counter' => 0,
'rp_id' => 'http://localhost',
'origin' => 'http://localhost',
'aaguid' => '00000000-0000-0000-0000-000000000000',
'attestation_format' => 'none',
'public_key' => 'eyJpdiI6Imp0U0NVeFNNbW45KzEvMXpad2p2SUE9PSIsInZhbHVlIjoic0VxZ2I1WnlHM2lJakhkWHVkK2kzMWtibk1IN2ZlaExGT01qOElXMDdRTjhnVlR0TDgwOHk1S0xQUy9BQ1JCWHRLNzRtenNsMml1dVQydWtERjFEU0h0bkJGT2RwUXE1M1JCcVpablE2Y2VGV2YvVEE2RGFIRUE5L0x1K0JIQXhLVE1aNVNmN3AxeHdjRUo2V0hwREZSRTJYaThNNnB1VnozMlVXZEVPajhBL3d3ODlkTVN3bW54RTEwSG0ybzRQZFFNNEFrVytUYThub2IvMFRtUlBZamoyZElWKzR1bStZQ1IwU3FXbkYvSm1FU2FlMTFXYUo0SG9kc1BDME9CNUNKeE9IelE5d2dmNFNJRXBKNUdlVzJ3VHUrQWJZRFluK0hib0xvVTdWQ0ZISjZmOWF3by83aVJES1dxbU9Zd1lhRTlLVmhZSUdlWmlBOUFtcTM2ZVBaRWNKNEFSQUhENk5EaC9hN3REdnVFbm16WkRxekRWOXd4cVcvZFdKa2tlWWJqZWlmZnZLS0F1VEVCZEZQcXJkTExiNWRyQmxsZWtaSDRlT3VVS0ZBSXFBRG1JMjRUMnBKRXZxOUFUa2xxMjg2TEplUzdscVo2UytoVU5SdXk1OE1lcFN6aU05ZkVXTkdIM2tKM3Q5bmx1TGtYb1F5bGxxQVR3K3BVUVlia1VybDFKRm9lZDViNzYraGJRdmtUb2FNTEVGZmZYZ3lYRDRiOUVjRnJpcTVvWVExOHJHSTJpMnVBZ3E0TmljbUlKUUtXY2lSWDh1dE5MVDNRUzVRSkQrTjVJUU8rSGhpeFhRRjJvSEdQYjBoVT0iLCJtYWMiOiI5MTdmNWRkZGE5OTEwNzQ3MjhkYWVhYjRlNjk0MWZlMmI5OTQ4YzlmZWI1M2I4OGVkMjE1MjMxNjUwOWRmZTU2IiwidGFnIjoiIn0=',
'updated_at' => now(),
'created_at' => now(),
2022-03-31 08:38:35 +02:00
]);
$response = $this->actingAs($this->user, 'web-guard')
2022-11-22 15:15:52 +01:00
->json('PATCH', '/webauthn/credentials/' . self::CREDENTIAL_ID . '/name', [
2022-03-31 08:38:35 +02:00
'name' => 'MyNewCredential',
])
->assertStatus(200)
->assertExactJson([
'name' => 'MyNewCredential',
]);
}
#[Test]
2022-03-31 08:38:35 +02:00
public function test_rename_invalid_data_returns_validation_error()
{
$response = $this->actingAs($this->user, 'web-guard')
2022-11-22 15:15:52 +01:00
->json('PATCH', '/webauthn/credentials/' . self::CREDENTIAL_ID . '/name', [
2022-03-31 08:38:35 +02:00
'name' => null,
])
->assertStatus(422);
}
#[Test]
2022-03-31 08:38:35 +02:00
public function test_rename_missing_credential_returns_not_found()
{
$response = $this->actingAs($this->user, 'web-guard')
->json('PATCH', '/webauthn/credentials/unknown/name', [
'name' => 'MyNewCredential',
])
->assertNotFound()
->assertJsonStructure([
2022-11-22 15:15:52 +01:00
'message',
2022-03-31 08:38:35 +02:00
]);
}
#[Test]
2022-03-31 08:38:35 +02:00
public function test_index_as_reverse_proxy_returns_error()
{
$response = $this->actingAs($this->user, 'reverse-proxy-guard')
->json('GET', '/webauthn/credentials')
->assertStatus(405);
2022-03-31 08:38:35 +02:00
}
#[Test]
2022-03-31 08:38:35 +02:00
public function test_rename_as_reverse_proxy_returns_error()
{
$response = $this->actingAs($this->user, 'reverse-proxy-guard')
->json('PATCH', '/webauthn/credentials/fqsdfqsdf/name')
->assertStatus(405);
2022-03-31 08:38:35 +02:00
}
#[Test]
2022-03-31 08:38:35 +02:00
public function test_delete_as_reverse_proxy_returns_error()
{
$response = $this->actingAs($this->user, 'reverse-proxy-guard')
->json('DELETE', '/webauthn/credentials/dcnskldjnkljsrn')
->assertStatus(405);
2022-03-31 08:38:35 +02:00
}
#[Test]
2022-03-31 08:38:35 +02:00
public function test_delete_returns_no_content()
{
$response = $this->actingAs($this->user, 'web-guard')
->json('DELETE', '/webauthn/credentials/sdCKktnsdK')
->assertNoContent();
}
2022-11-22 15:15:52 +01:00
}