mirror of
https://github.com/Bubka/2FAuth.git
synced 2024-12-26 00:50:12 +01:00
Update tests to match new webauthn package
This commit is contained in:
parent
235b5f0b1e
commit
616a9348b2
@ -7,6 +7,9 @@
|
||||
|
||||
class UserFactory extends Factory
|
||||
{
|
||||
|
||||
const USER_PASSWORD = 'password';
|
||||
|
||||
/**
|
||||
* Define the model's default state.
|
||||
*
|
||||
@ -18,7 +21,7 @@ public function definition()
|
||||
'name' => $this->faker->name(),
|
||||
'email' => $this->faker->unique()->safeEmail(),
|
||||
'email_verified_at' => now(),
|
||||
'password' => bcrypt('password'),
|
||||
'password' => bcrypt(self::USER_PASSWORD),
|
||||
'remember_token' => Str::random(10),
|
||||
];
|
||||
}
|
||||
|
@ -5,10 +5,7 @@
|
||||
use App\Models\User;
|
||||
use Tests\FeatureTestCase;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Support\Str;
|
||||
use Webauthn\TrustPath\EmptyTrustPath;
|
||||
use DarkGhostHunter\Larapass\Eloquent\WebAuthnCredential;
|
||||
use DarkGhostHunter\Larapass\WebAuthn\WebAuthnAssertValidator;
|
||||
use Laragear\WebAuthn\Http\Requests\AssertedRequest;
|
||||
|
||||
class WebAuthnLoginControllerTest extends FeatureTestCase
|
||||
{
|
||||
@ -17,6 +14,9 @@ class WebAuthnLoginControllerTest extends FeatureTestCase
|
||||
*/
|
||||
protected $user;
|
||||
|
||||
const CREDENTIAL_ID = 's06aG41wsIYh5X1YUhB-SlH8y3F2RzdJZVse8iXRXOCd3oqQdEyCOsBawzxrYBtJRQA2azAMEN_q19TUp6iMgg';
|
||||
const PUBLIC_KEY = 'eyJpdiI6ImYyUHlJOEJML0pwTXJ2UDkveTQwZFE9PSIsInZhbHVlIjoiQWFSYi9LVEszazlBRUZsWHp0cGNRNktGeEQ3aTBsbU9zZ1g5MEgrWFJJNmgraElsNU9hV0VsRVlWc3NoUVVHUjRRdlcxTS9pVklnOWtVYWY5TFJQTTFhR1Rxb1ZzTFkxTWE4VUVvK1lyU3pYQ1M3VlBMWWxZcDVaYWFnK25iaXVyWGR6ZFRmMFVoSmdPZ3UvSnptbVZER0FYdEEyYmNYcW43RkV5aTVqSjNwZEFsUjhUYSs0YjU2Z2V2bUJXa0E0aVB1VC8xSjdJZ2llRGlHY2RwOGk3MmNPTyt6eDFDWUs1dVBOSWp1ZUFSeUlkclgwRW16RE9sUUpDSWV6Sk50TSIsIm1hYyI6IjI3ODQ5NzcxZGY1MzMwYTNiZjAwZmEwMDJkZjYzMGU4N2UzZjZlOGM0ZWE3NDkyYWMxMThhNmE5NWZiMTVjNGEiLCJ0YWciOiIifQ==';
|
||||
const USER_ID = '3b758ac868b74307a7e96e69ae187339';
|
||||
|
||||
/**
|
||||
* @test
|
||||
@ -32,137 +32,45 @@ public function setUp(): void
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function test_user_login_returns_success()
|
||||
public function test_webauthn_login_uses_login_and_returns_no_content()
|
||||
{
|
||||
$this->user = User::factory()->create([
|
||||
'name' => 'john',
|
||||
'email' => 'john.doe@mail.com',
|
||||
'password' => '$2y$10$FLIykVJWDsYSVMJyaFZZfe4tF5uBTnGsosJBL.ZfAAHsYgc27FSdi',
|
||||
]);
|
||||
$uuid = Str::uuid();
|
||||
$this->user = User::factory()->create();
|
||||
|
||||
DB::table('web_authn_credentials')->insert([
|
||||
'id' => 'dGVzdF9jcmVkZW50aWFsX2lk',
|
||||
'user_id' => $this->user->id,
|
||||
'type' => 'public_key',
|
||||
'transports' => json_encode([]),
|
||||
'attestation_type' => 'none',
|
||||
'trust_path' => json_encode(['type' => EmptyTrustPath::class]),
|
||||
'aaguid' => $uuid->toString(),
|
||||
'public_key' => 'public_key',
|
||||
'counter' => 0,
|
||||
'user_handle' => 'test_user_handle',
|
||||
'created_at' => now()->toDateTimeString(),
|
||||
'updated_at' => now()->toDateTimeString(),
|
||||
$mock = $this->mock(AssertedRequest::class)->makePartial()->shouldIgnoreMissing();
|
||||
$mock->shouldReceive([
|
||||
'has' => false,
|
||||
'login' => $this->user,
|
||||
]);
|
||||
|
||||
$data = [
|
||||
'id' => 'dGVzdF9jcmVkZW50aWFsX2lk',
|
||||
'rawId' => 'ZEdWemRGOWpjbVZrWlc1MGFXRnNYMmxr',
|
||||
'type' => 'test_type',
|
||||
'response' => [
|
||||
'authenticatorData' => 'test',
|
||||
'clientDataJSON' => 'test',
|
||||
'signature' => 'test',
|
||||
'userHandle' => 'test',
|
||||
],
|
||||
];
|
||||
|
||||
$this->mock(WebAuthnAssertValidator::class)
|
||||
->shouldReceive('validate')
|
||||
->with($data)
|
||||
->andReturnUsing(function ($data) {
|
||||
$credentials = WebAuthnCredential::find($data['id']);
|
||||
|
||||
$credentials->setAttribute('counter', 1)->save();
|
||||
|
||||
return $credentials->toCredentialSource();
|
||||
});
|
||||
|
||||
$this->json('POST', '/webauthn/login', $data)
|
||||
$this->json('POST', '/webauthn/login')
|
||||
->assertNoContent();
|
||||
|
||||
$this->assertAuthenticatedAs($this->user);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function test_user_login_without_userhandle_returns_success()
|
||||
public function test_webauthn_invalid_login_returns_error()
|
||||
{
|
||||
$this->user = User::factory()->create([
|
||||
'name' => 'john',
|
||||
'email' => 'john.doe@mail.com',
|
||||
'password' => '$2y$10$FLIykVJWDsYSVMJyaFZZfe4tF5uBTnGsosJBL.ZfAAHsYgc27FSdi',
|
||||
]);
|
||||
$uuid = Str::uuid();
|
||||
$this->user = User::factory()->create();
|
||||
|
||||
DB::table('web_authn_credentials')->insert([
|
||||
'id' => 'dGVzdF9jcmVkZW50aWFsX2lk',
|
||||
'user_id' => $this->user->id,
|
||||
'type' => 'public_key',
|
||||
'transports' => json_encode([]),
|
||||
'attestation_type' => 'none',
|
||||
'trust_path' => json_encode(['type' => EmptyTrustPath::class]),
|
||||
'aaguid' => $uuid->toString(),
|
||||
'public_key' => 'public_key',
|
||||
'counter' => 0,
|
||||
'user_handle' => 'test_user_handle',
|
||||
'created_at' => now()->toDateTimeString(),
|
||||
'updated_at' => now()->toDateTimeString(),
|
||||
$mock = $this->mock(AssertedRequest::class)->makePartial()->shouldIgnoreMissing();
|
||||
$mock->shouldReceive([
|
||||
'has' => false,
|
||||
'login' => null,
|
||||
]);
|
||||
|
||||
$data = [
|
||||
'id' => 'dGVzdF9jcmVkZW50aWFsX2lk',
|
||||
'rawId' => 'ZEdWemRGOWpjbVZrWlc1MGFXRnNYMmxr',
|
||||
'type' => 'test_type',
|
||||
'response' => [
|
||||
'authenticatorData' => 'test',
|
||||
'clientDataJSON' => 'test',
|
||||
'signature' => 'test',
|
||||
'userHandle' => '',
|
||||
],
|
||||
];
|
||||
|
||||
$this->mock(WebAuthnAssertValidator::class)
|
||||
->shouldReceive('validate')
|
||||
->with([
|
||||
'id' => 'dGVzdF9jcmVkZW50aWFsX2lk',
|
||||
'rawId' => 'ZEdWemRGOWpjbVZrWlc1MGFXRnNYMmxr',
|
||||
'type' => 'test_type',
|
||||
'response' => [
|
||||
'authenticatorData' => 'test',
|
||||
'clientDataJSON' => 'test',
|
||||
'signature' => 'test',
|
||||
'userHandle' => 'dGVzdF91c2VyX2hhbmRsZQ==',
|
||||
],
|
||||
])
|
||||
->andReturnUsing(function ($data) {
|
||||
$credentials = WebAuthnCredential::find($data['id']);
|
||||
|
||||
$credentials->setAttribute('counter', 1)->save();
|
||||
|
||||
return $credentials->toCredentialSource();
|
||||
});
|
||||
|
||||
$this->json('POST', '/webauthn/login', $data)
|
||||
->assertNoContent();
|
||||
|
||||
$this->assertAuthenticatedAs($this->user);
|
||||
$this->json('POST', '/webauthn/login')
|
||||
->assertNoContent(422);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function test_user_login_with_missing_data_returns_validation_error()
|
||||
public function test_webauthn_login_with_missing_data_returns_validation_error()
|
||||
{
|
||||
$this->user = User::factory()->create([
|
||||
'name' => 'john',
|
||||
'email' => 'john.doe@mail.com',
|
||||
'password' => '$2y$10$FLIykVJWDsYSVMJyaFZZfe4tF5uBTnGsosJBL.ZfAAHsYgc27FSdi',
|
||||
]);
|
||||
$this->user = User::factory()->create();
|
||||
|
||||
$data = [
|
||||
'id' => '',
|
||||
@ -194,19 +102,35 @@ public function test_user_login_with_missing_data_returns_validation_error()
|
||||
*/
|
||||
public function test_get_options_returns_success()
|
||||
{
|
||||
$this->user = User::factory()->create([
|
||||
'name' => 'john',
|
||||
'email' => 'john.doe@mail.com',
|
||||
'password' => '$2y$10$FLIykVJWDsYSVMJyaFZZfe4tF5uBTnGsosJBL.ZfAAHsYgc27FSdi',
|
||||
$this->user = User::factory()->create();
|
||||
|
||||
DB::table('webauthn_credentials')->insert([
|
||||
'id' => self::CREDENTIAL_ID,
|
||||
'authenticatable_type' => \App\Models\User::class,
|
||||
'authenticatable_id' => $this->user->id,
|
||||
'user_id' => self::USER_ID,
|
||||
'counter' => 0,
|
||||
'rp_id' => 'http://localhost',
|
||||
'origin' => 'http://localhost',
|
||||
'aaguid' => '00000000-0000-0000-0000-000000000000',
|
||||
'attestation_format' => 'none',
|
||||
'public_key' => self::PUBLIC_KEY,
|
||||
'updated_at' => now(),
|
||||
'created_at' => now(),
|
||||
]);
|
||||
|
||||
$response = $this->json('POST', '/webauthn/login/options', [])
|
||||
$response = $this->json('POST', '/webauthn/login/options')
|
||||
->assertOk()
|
||||
->assertJsonStructure([
|
||||
'challenge',
|
||||
'rpId',
|
||||
'userVerification',
|
||||
'timeout',
|
||||
])
|
||||
->assertJsonFragment([
|
||||
'allowCredentials' => [[
|
||||
'id' => self::CREDENTIAL_ID,
|
||||
'type' => 'public-key'
|
||||
]],
|
||||
]);
|
||||
}
|
||||
|
||||
@ -216,7 +140,7 @@ public function test_get_options_returns_success()
|
||||
*/
|
||||
public function test_get_options_with_no_registred_user_returns_error()
|
||||
{
|
||||
$this->json('POST', '/webauthn/login/options', [])
|
||||
$this->json('POST', '/webauthn/login/options')
|
||||
->assertStatus(400)
|
||||
->assertJsonStructure([
|
||||
'message',
|
||||
|
@ -7,15 +7,22 @@
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Support\Str;
|
||||
use Webauthn\TrustPath\EmptyTrustPath;
|
||||
use Illuminate\Foundation\Testing\WithoutMiddleware;
|
||||
|
||||
class WebAuthnManageControllerTest extends FeatureTestCase
|
||||
{
|
||||
// use WithoutMiddleware;
|
||||
|
||||
/**
|
||||
* @var \App\Models\User
|
||||
*/
|
||||
protected $user;
|
||||
|
||||
|
||||
public const CREDENTIAL_ID = '-VOLFKPY-_FuMI_sJ7gMllK76L3VoRUINj6lL_Z3qDg';
|
||||
public const CREDENTIAL_ID_RAW = '+VOLFKPY+/FuMI/sJ7gMllK76L3VoRUINj6lL/Z3qDg=';
|
||||
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
@ -32,20 +39,19 @@ public function setUp(): void
|
||||
*/
|
||||
public function test_index_returns_success_with_credentials()
|
||||
{
|
||||
DB::table('web_authn_credentials')->insert([
|
||||
'id' => 'test_credential_id',
|
||||
'user_id' => $this->user->id,
|
||||
'type' => 'public_key',
|
||||
'transports' => json_encode([]),
|
||||
'attestation_type' => 'none',
|
||||
'trust_path' => json_encode(['type' => EmptyTrustPath::class]),
|
||||
'aaguid' => Str::uuid(),
|
||||
'public_key' => 'public_key_bar',
|
||||
'counter' => 0,
|
||||
'user_handle' => 'test_id',
|
||||
'created_at' => now()->toDateTimeString(),
|
||||
'updated_at' => now()->toDateTimeString(),
|
||||
'disabled_at' => null,
|
||||
DB::table('webauthn_credentials')->insert([
|
||||
'id' => self::CREDENTIAL_ID,
|
||||
'authenticatable_type' => \App\Models\User::class,
|
||||
'authenticatable_id' => $this->user->id,
|
||||
'user_id' => 'e8af6f703f8042aa91c30cf72289aa07',
|
||||
'counter' => 0,
|
||||
'rp_id' => 'http://localhost',
|
||||
'origin' => 'http://localhost',
|
||||
'aaguid' => '00000000-0000-0000-0000-000000000000',
|
||||
'attestation_format' => 'none',
|
||||
'public_key' => 'eyJpdiI6Imp0U0NVeFNNbW45KzEvMXpad2p2SUE9PSIsInZhbHVlIjoic0VxZ2I1WnlHM2lJakhkWHVkK2kzMWtibk1IN2ZlaExGT01qOElXMDdRTjhnVlR0TDgwOHk1S0xQUy9BQ1JCWHRLNzRtenNsMml1dVQydWtERjFEU0h0bkJGT2RwUXE1M1JCcVpablE2Y2VGV2YvVEE2RGFIRUE5L0x1K0JIQXhLVE1aNVNmN3AxeHdjRUo2V0hwREZSRTJYaThNNnB1VnozMlVXZEVPajhBL3d3ODlkTVN3bW54RTEwSG0ybzRQZFFNNEFrVytUYThub2IvMFRtUlBZamoyZElWKzR1bStZQ1IwU3FXbkYvSm1FU2FlMTFXYUo0SG9kc1BDME9CNUNKeE9IelE5d2dmNFNJRXBKNUdlVzJ3VHUrQWJZRFluK0hib0xvVTdWQ0ZISjZmOWF3by83aVJES1dxbU9Zd1lhRTlLVmhZSUdlWmlBOUFtcTM2ZVBaRWNKNEFSQUhENk5EaC9hN3REdnVFbm16WkRxekRWOXd4cVcvZFdKa2tlWWJqZWlmZnZLS0F1VEVCZEZQcXJkTExiNWRyQmxsZWtaSDRlT3VVS0ZBSXFBRG1JMjRUMnBKRXZxOUFUa2xxMjg2TEplUzdscVo2UytoVU5SdXk1OE1lcFN6aU05ZkVXTkdIM2tKM3Q5bmx1TGtYb1F5bGxxQVR3K3BVUVlia1VybDFKRm9lZDViNzYraGJRdmtUb2FNTEVGZmZYZ3lYRDRiOUVjRnJpcTVvWVExOHJHSTJpMnVBZ3E0TmljbUlKUUtXY2lSWDh1dE5MVDNRUzVRSkQrTjVJUU8rSGhpeFhRRjJvSEdQYjBoVT0iLCJtYWMiOiI5MTdmNWRkZGE5OTEwNzQ3MjhkYWVhYjRlNjk0MWZlMmI5OTQ4YzlmZWI1M2I4OGVkMjE1MjMxNjUwOWRmZTU2IiwidGFnIjoiIn0=',
|
||||
'updated_at' => now(),
|
||||
'created_at' => now(),
|
||||
]);
|
||||
|
||||
$response = $this->actingAs($this->user, 'web-guard')
|
||||
@ -54,9 +60,7 @@ public function test_index_returns_success_with_credentials()
|
||||
->assertJsonStructure([
|
||||
'*' => [
|
||||
'id',
|
||||
'name',
|
||||
'type',
|
||||
'transports'
|
||||
'alias',
|
||||
]
|
||||
]);
|
||||
}
|
||||
@ -67,25 +71,24 @@ public function test_index_returns_success_with_credentials()
|
||||
*/
|
||||
public function test_rename_returns_success_with_new_name()
|
||||
{
|
||||
DB::table('web_authn_credentials')->insert([
|
||||
'id' => 'test_credential_id',
|
||||
'name' => 'MyCredential',
|
||||
'user_id' => $this->user->id,
|
||||
'type' => 'public_key',
|
||||
'transports' => json_encode([]),
|
||||
'attestation_type' => 'none',
|
||||
'trust_path' => json_encode(['type' => EmptyTrustPath::class]),
|
||||
'aaguid' => Str::uuid(),
|
||||
'public_key' => 'public_key_bar',
|
||||
'counter' => 0,
|
||||
'user_handle' => 'test_id',
|
||||
'created_at' => now()->toDateTimeString(),
|
||||
'updated_at' => now()->toDateTimeString(),
|
||||
'disabled_at' => null,
|
||||
DB::table('webauthn_credentials')->insert([
|
||||
'id' => self::CREDENTIAL_ID,
|
||||
'authenticatable_type' => \App\Models\User::class,
|
||||
'authenticatable_id' => $this->user->id,
|
||||
'user_id' => 'e8af6f703f8042aa91c30cf72289aa07',
|
||||
'alias' => 'MyNewCredential',
|
||||
'counter' => 0,
|
||||
'rp_id' => 'http://localhost',
|
||||
'origin' => 'http://localhost',
|
||||
'aaguid' => '00000000-0000-0000-0000-000000000000',
|
||||
'attestation_format' => 'none',
|
||||
'public_key' => 'eyJpdiI6Imp0U0NVeFNNbW45KzEvMXpad2p2SUE9PSIsInZhbHVlIjoic0VxZ2I1WnlHM2lJakhkWHVkK2kzMWtibk1IN2ZlaExGT01qOElXMDdRTjhnVlR0TDgwOHk1S0xQUy9BQ1JCWHRLNzRtenNsMml1dVQydWtERjFEU0h0bkJGT2RwUXE1M1JCcVpablE2Y2VGV2YvVEE2RGFIRUE5L0x1K0JIQXhLVE1aNVNmN3AxeHdjRUo2V0hwREZSRTJYaThNNnB1VnozMlVXZEVPajhBL3d3ODlkTVN3bW54RTEwSG0ybzRQZFFNNEFrVytUYThub2IvMFRtUlBZamoyZElWKzR1bStZQ1IwU3FXbkYvSm1FU2FlMTFXYUo0SG9kc1BDME9CNUNKeE9IelE5d2dmNFNJRXBKNUdlVzJ3VHUrQWJZRFluK0hib0xvVTdWQ0ZISjZmOWF3by83aVJES1dxbU9Zd1lhRTlLVmhZSUdlWmlBOUFtcTM2ZVBaRWNKNEFSQUhENk5EaC9hN3REdnVFbm16WkRxekRWOXd4cVcvZFdKa2tlWWJqZWlmZnZLS0F1VEVCZEZQcXJkTExiNWRyQmxsZWtaSDRlT3VVS0ZBSXFBRG1JMjRUMnBKRXZxOUFUa2xxMjg2TEplUzdscVo2UytoVU5SdXk1OE1lcFN6aU05ZkVXTkdIM2tKM3Q5bmx1TGtYb1F5bGxxQVR3K3BVUVlia1VybDFKRm9lZDViNzYraGJRdmtUb2FNTEVGZmZYZ3lYRDRiOUVjRnJpcTVvWVExOHJHSTJpMnVBZ3E0TmljbUlKUUtXY2lSWDh1dE5MVDNRUzVRSkQrTjVJUU8rSGhpeFhRRjJvSEdQYjBoVT0iLCJtYWMiOiI5MTdmNWRkZGE5OTEwNzQ3MjhkYWVhYjRlNjk0MWZlMmI5OTQ4YzlmZWI1M2I4OGVkMjE1MjMxNjUwOWRmZTU2IiwidGFnIjoiIn0=',
|
||||
'updated_at' => now(),
|
||||
'created_at' => now(),
|
||||
]);
|
||||
|
||||
$response = $this->actingAs($this->user, 'web-guard')
|
||||
->json('PATCH', '/webauthn/credentials/test_credential_id/name',[
|
||||
->json('PATCH', '/webauthn/credentials/'.self::CREDENTIAL_ID.'/name',[
|
||||
'name' => 'MyNewCredential',
|
||||
])
|
||||
->assertStatus(200)
|
||||
@ -101,7 +104,7 @@ public function test_rename_returns_success_with_new_name()
|
||||
public function test_rename_invalid_data_returns_validation_error()
|
||||
{
|
||||
$response = $this->actingAs($this->user, 'web-guard')
|
||||
->json('PATCH', '/webauthn/credentials/test_credential_id/name', [
|
||||
->json('PATCH', '/webauthn/credentials/'.self::CREDENTIAL_ID.'/name', [
|
||||
'name' => null,
|
||||
])
|
||||
->assertStatus(422);
|
||||
|
@ -6,6 +6,7 @@
|
||||
use Tests\FeatureTestCase;
|
||||
use Illuminate\Support\Facades\DB;
|
||||
use Illuminate\Support\Facades\Date;
|
||||
use Database\Factories\UserFactory;
|
||||
|
||||
class WebAuthnRecoveryControllerTest extends FeatureTestCase
|
||||
{
|
||||
@ -13,6 +14,15 @@ class WebAuthnRecoveryControllerTest extends FeatureTestCase
|
||||
* @var \App\Models\User
|
||||
*/
|
||||
protected $user;
|
||||
|
||||
/**
|
||||
* @var
|
||||
*/
|
||||
protected $now;
|
||||
|
||||
const STORED_TOKEN_VALUE = '$2y$10$P6q8rl8te5QaO1EdpyJcNO0s9VFlVgf62KaItQhrPTskxfyu97mlW';
|
||||
const ACTUAL_TOKEN_VALUE = '9e583e3fb6c32034164ac62415c9657dcbd1fb861b434340b08a94c2075cac66';
|
||||
const CREDENTIAL_ID = '-VOLFKPY-_FuMI_sJ7gMllK76L3VoRUINj6lL_Z3qDg';
|
||||
|
||||
|
||||
/**
|
||||
@ -23,39 +33,42 @@ public function setUp(): void
|
||||
parent::setUp();
|
||||
|
||||
$this->user = User::factory()->create();
|
||||
}
|
||||
|
||||
Date::setTestNow($this->now = Date::create(2022, 11, 16, 9, 4));
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function test_options_returns_success()
|
||||
{
|
||||
$token = '$2y$10$hgGTVVTRLsSYSlAHpyydBu6m4ZuRheBqTTUfRE/aG89DaqEyo.HPu';
|
||||
Date::setTestNow($now = Date::create(2020, 01, 01, 16, 30));
|
||||
|
||||
DB::table('web_authn_recoveries')->insert([
|
||||
DB::table('webauthn_recoveries')->insert([
|
||||
'email' => $this->user->email,
|
||||
'token' => $token,
|
||||
'created_at' => $now->toDateTimeString(),
|
||||
'token' => self::STORED_TOKEN_VALUE,
|
||||
'created_at' => $this->now->toDateTimeString(),
|
||||
]);
|
||||
|
||||
$response = $this->json('POST', '/webauthn/recover/options', [
|
||||
'token' => 'test_token',
|
||||
'email' => $this->user->email,
|
||||
])
|
||||
->assertStatus(200);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function test_options_with_invalid_token_returns_error()
|
||||
public function test_recover_with_invalid_token_returns_validation_error()
|
||||
{
|
||||
$response = $this->json('POST', '/webauthn/recover/options', [
|
||||
'token' => 'myToken',
|
||||
$response = $this->json('POST', '/webauthn/recover', [
|
||||
'token' => 'bad_token',
|
||||
'email' => $this->user->email,
|
||||
'password' => UserFactory::USER_PASSWORD,
|
||||
])
|
||||
->assertStatus(422)
|
||||
->assertJsonMissingValidationErrors('email')
|
||||
->assertJsonValidationErrors('token');
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function test_recover_with_invalid_password_returns_authentication_error()
|
||||
{
|
||||
$response = $this->json('POST', '/webauthn/recover', [
|
||||
'token' => self::ACTUAL_TOKEN_VALUE,
|
||||
'email' => $this->user->email,
|
||||
'password' => 'bad_password',
|
||||
])
|
||||
->assertStatus(401);
|
||||
}
|
||||
@ -64,52 +77,55 @@ public function test_options_with_invalid_token_returns_error()
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function test_options_without_inputs_returns_validation_errors()
|
||||
public function test_recover_returns_success()
|
||||
{
|
||||
$response = $this->json('POST', '/webauthn/recover/options', [
|
||||
'token' => '',
|
||||
'email' => '',
|
||||
$response = $this->json('POST', '/webauthn/recover', [
|
||||
'token' => self::ACTUAL_TOKEN_VALUE,
|
||||
'email' => $this->user->email,
|
||||
'password' => UserFactory::USER_PASSWORD,
|
||||
])
|
||||
->assertStatus(200);
|
||||
|
||||
$this->assertDatabaseMissing('webauthn_recoveries', [
|
||||
'token' => self::STORED_TOKEN_VALUE,
|
||||
]);
|
||||
|
||||
$response->assertStatus(422)
|
||||
->assertJsonValidationErrors(['token'])
|
||||
->assertJsonValidationErrors(['email']);
|
||||
$this->assertDatabaseMissing('options', [
|
||||
'key' => 'useWebauthnOnly',
|
||||
]);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
// public function test_recover_returns_success()
|
||||
// {
|
||||
// $token = '$2y$10$hgGTVVTRLsSYSlAHpyydBu6m4ZuRheBqTTUfRE/aG89DaqEyo.HPu';
|
||||
// Date::setTestNow($now = Date::create(2020, 01, 01, 16, 30));
|
||||
|
||||
// DB::table('web_authn_recoveries')->insert([
|
||||
// 'email' => $this->user->email,
|
||||
// 'token' => $token,
|
||||
// 'created_at' => $now->toDateTimeString(),
|
||||
// ]);
|
||||
|
||||
// $response = $this->json('POST', '/webauthn/recover', [], [
|
||||
// 'token' => $token,
|
||||
// 'email' => $this->user->email,
|
||||
// ])
|
||||
// ->assertStatus(200);
|
||||
// }
|
||||
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function test_recover_with_invalid_token_returns_validation_error()
|
||||
public function test_revoke_all_credentials_clear_registered_credentials()
|
||||
{
|
||||
$response = $this->json('POST', '/webauthn/recover', [], [
|
||||
'token' => 'toekn',
|
||||
'email' => $this->user->email,
|
||||
])
|
||||
->assertStatus(422)
|
||||
->assertJsonValidationErrors(['email']);
|
||||
}
|
||||
DB::table('webauthn_credentials')->insert([
|
||||
'id' => self::CREDENTIAL_ID,
|
||||
'authenticatable_type' => \App\Models\User::class,
|
||||
'authenticatable_id' => $this->user->id,
|
||||
'user_id' => 'e8af6f703f8042aa91c30cf72289aa07',
|
||||
'counter' => 0,
|
||||
'rp_id' => 'http://localhost',
|
||||
'origin' => 'http://localhost',
|
||||
'aaguid' => '00000000-0000-0000-0000-000000000000',
|
||||
'attestation_format' => 'none',
|
||||
'public_key' => 'eyJpdiI6Imp0U0NVeFNNbW45KzEvMXpad2p2SUE9PSIsInZhbHVlIjoic0VxZ2I1WnlHM2lJakhkWHVkK2kzMWtibk1IN2ZlaExGT01qOElXMDdRTjhnVlR0TDgwOHk1S0xQUy9BQ1JCWHRLNzRtenNsMml1dVQydWtERjFEU0h0bkJGT2RwUXE1M1JCcVpablE2Y2VGV2YvVEE2RGFIRUE5L0x1K0JIQXhLVE1aNVNmN3AxeHdjRUo2V0hwREZSRTJYaThNNnB1VnozMlVXZEVPajhBL3d3ODlkTVN3bW54RTEwSG0ybzRQZFFNNEFrVytUYThub2IvMFRtUlBZamoyZElWKzR1bStZQ1IwU3FXbkYvSm1FU2FlMTFXYUo0SG9kc1BDME9CNUNKeE9IelE5d2dmNFNJRXBKNUdlVzJ3VHUrQWJZRFluK0hib0xvVTdWQ0ZISjZmOWF3by83aVJES1dxbU9Zd1lhRTlLVmhZSUdlWmlBOUFtcTM2ZVBaRWNKNEFSQUhENk5EaC9hN3REdnVFbm16WkRxekRWOXd4cVcvZFdKa2tlWWJqZWlmZnZLS0F1VEVCZEZQcXJkTExiNWRyQmxsZWtaSDRlT3VVS0ZBSXFBRG1JMjRUMnBKRXZxOUFUa2xxMjg2TEplUzdscVo2UytoVU5SdXk1OE1lcFN6aU05ZkVXTkdIM2tKM3Q5bmx1TGtYb1F5bGxxQVR3K3BVUVlia1VybDFKRm9lZDViNzYraGJRdmtUb2FNTEVGZmZYZ3lYRDRiOUVjRnJpcTVvWVExOHJHSTJpMnVBZ3E0TmljbUlKUUtXY2lSWDh1dE5MVDNRUzVRSkQrTjVJUU8rSGhpeFhRRjJvSEdQYjBoVT0iLCJtYWMiOiI5MTdmNWRkZGE5OTEwNzQ3MjhkYWVhYjRlNjk0MWZlMmI5OTQ4YzlmZWI1M2I4OGVkMjE1MjMxNjUwOWRmZTU2IiwidGFnIjoiIn0=',
|
||||
'updated_at' => now(),
|
||||
'created_at' => now(),
|
||||
]);
|
||||
|
||||
$response = $this->json('POST', '/webauthn/recover', [
|
||||
'token' => self::ACTUAL_TOKEN_VALUE,
|
||||
'email' => $this->user->email,
|
||||
'password' => UserFactory::USER_PASSWORD,
|
||||
'revokeAll' => true
|
||||
])
|
||||
->assertStatus(200);
|
||||
|
||||
$this->assertDatabaseMissing('webauthn_credentials', [
|
||||
'authenticatable_id' => $this->user->id,
|
||||
]);
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user