From 616a9348b2c57e49952c71ae729d4824ae0c4e46 Mon Sep 17 00:00:00 2001 From: Bubka <858858+Bubka@users.noreply.github.com> Date: Thu, 17 Nov 2022 17:00:28 +0100 Subject: [PATCH] Update tests to match new webauthn package --- database/factories/UserFactory.php | 5 +- .../Http/Auth/WebAuthnLoginControllerTest.php | 164 +++++------------- .../Auth/WebAuthnManageControllerTest.php | 71 ++++---- .../Auth/WebAuthnRecoveryControllerTest.php | 132 +++++++------- 4 files changed, 159 insertions(+), 213 deletions(-) diff --git a/database/factories/UserFactory.php b/database/factories/UserFactory.php index 88be7e1b..4ed95204 100644 --- a/database/factories/UserFactory.php +++ b/database/factories/UserFactory.php @@ -7,6 +7,9 @@ class UserFactory extends Factory { + + const USER_PASSWORD = 'password'; + /** * Define the model's default state. * @@ -18,7 +21,7 @@ public function definition() 'name' => $this->faker->name(), 'email' => $this->faker->unique()->safeEmail(), 'email_verified_at' => now(), - 'password' => bcrypt('password'), + 'password' => bcrypt(self::USER_PASSWORD), 'remember_token' => Str::random(10), ]; } diff --git a/tests/Feature/Http/Auth/WebAuthnLoginControllerTest.php b/tests/Feature/Http/Auth/WebAuthnLoginControllerTest.php index d092cc14..8da0ca5d 100644 --- a/tests/Feature/Http/Auth/WebAuthnLoginControllerTest.php +++ b/tests/Feature/Http/Auth/WebAuthnLoginControllerTest.php @@ -5,10 +5,7 @@ use App\Models\User; use Tests\FeatureTestCase; use Illuminate\Support\Facades\DB; -use Illuminate\Support\Str; -use Webauthn\TrustPath\EmptyTrustPath; -use DarkGhostHunter\Larapass\Eloquent\WebAuthnCredential; -use DarkGhostHunter\Larapass\WebAuthn\WebAuthnAssertValidator; +use Laragear\WebAuthn\Http\Requests\AssertedRequest; class WebAuthnLoginControllerTest extends FeatureTestCase { @@ -17,6 +14,9 @@ class WebAuthnLoginControllerTest extends FeatureTestCase */ protected $user; + const CREDENTIAL_ID = 's06aG41wsIYh5X1YUhB-SlH8y3F2RzdJZVse8iXRXOCd3oqQdEyCOsBawzxrYBtJRQA2azAMEN_q19TUp6iMgg'; + const PUBLIC_KEY = 'eyJpdiI6ImYyUHlJOEJML0pwTXJ2UDkveTQwZFE9PSIsInZhbHVlIjoiQWFSYi9LVEszazlBRUZsWHp0cGNRNktGeEQ3aTBsbU9zZ1g5MEgrWFJJNmgraElsNU9hV0VsRVlWc3NoUVVHUjRRdlcxTS9pVklnOWtVYWY5TFJQTTFhR1Rxb1ZzTFkxTWE4VUVvK1lyU3pYQ1M3VlBMWWxZcDVaYWFnK25iaXVyWGR6ZFRmMFVoSmdPZ3UvSnptbVZER0FYdEEyYmNYcW43RkV5aTVqSjNwZEFsUjhUYSs0YjU2Z2V2bUJXa0E0aVB1VC8xSjdJZ2llRGlHY2RwOGk3MmNPTyt6eDFDWUs1dVBOSWp1ZUFSeUlkclgwRW16RE9sUUpDSWV6Sk50TSIsIm1hYyI6IjI3ODQ5NzcxZGY1MzMwYTNiZjAwZmEwMDJkZjYzMGU4N2UzZjZlOGM0ZWE3NDkyYWMxMThhNmE5NWZiMTVjNGEiLCJ0YWciOiIifQ=='; + const USER_ID = '3b758ac868b74307a7e96e69ae187339'; /** * @test @@ -32,137 +32,45 @@ public function setUp(): void /** * @test */ - public function test_user_login_returns_success() + public function test_webauthn_login_uses_login_and_returns_no_content() { - $this->user = User::factory()->create([ - 'name' => 'john', - 'email' => 'john.doe@mail.com', - 'password' => '$2y$10$FLIykVJWDsYSVMJyaFZZfe4tF5uBTnGsosJBL.ZfAAHsYgc27FSdi', - ]); - $uuid = Str::uuid(); + $this->user = User::factory()->create(); - DB::table('web_authn_credentials')->insert([ - 'id' => 'dGVzdF9jcmVkZW50aWFsX2lk', - 'user_id' => $this->user->id, - 'type' => 'public_key', - 'transports' => json_encode([]), - 'attestation_type' => 'none', - 'trust_path' => json_encode(['type' => EmptyTrustPath::class]), - 'aaguid' => $uuid->toString(), - 'public_key' => 'public_key', - 'counter' => 0, - 'user_handle' => 'test_user_handle', - 'created_at' => now()->toDateTimeString(), - 'updated_at' => now()->toDateTimeString(), + $mock = $this->mock(AssertedRequest::class)->makePartial()->shouldIgnoreMissing(); + $mock->shouldReceive([ + 'has' => false, + 'login' => $this->user, ]); - $data = [ - 'id' => 'dGVzdF9jcmVkZW50aWFsX2lk', - 'rawId' => 'ZEdWemRGOWpjbVZrWlc1MGFXRnNYMmxr', - 'type' => 'test_type', - 'response' => [ - 'authenticatorData' => 'test', - 'clientDataJSON' => 'test', - 'signature' => 'test', - 'userHandle' => 'test', - ], - ]; - - $this->mock(WebAuthnAssertValidator::class) - ->shouldReceive('validate') - ->with($data) - ->andReturnUsing(function ($data) { - $credentials = WebAuthnCredential::find($data['id']); - - $credentials->setAttribute('counter', 1)->save(); - - return $credentials->toCredentialSource(); - }); - - $this->json('POST', '/webauthn/login', $data) + $this->json('POST', '/webauthn/login') ->assertNoContent(); - - $this->assertAuthenticatedAs($this->user); } /** * @test */ - public function test_user_login_without_userhandle_returns_success() + public function test_webauthn_invalid_login_returns_error() { - $this->user = User::factory()->create([ - 'name' => 'john', - 'email' => 'john.doe@mail.com', - 'password' => '$2y$10$FLIykVJWDsYSVMJyaFZZfe4tF5uBTnGsosJBL.ZfAAHsYgc27FSdi', - ]); - $uuid = Str::uuid(); + $this->user = User::factory()->create(); - DB::table('web_authn_credentials')->insert([ - 'id' => 'dGVzdF9jcmVkZW50aWFsX2lk', - 'user_id' => $this->user->id, - 'type' => 'public_key', - 'transports' => json_encode([]), - 'attestation_type' => 'none', - 'trust_path' => json_encode(['type' => EmptyTrustPath::class]), - 'aaguid' => $uuid->toString(), - 'public_key' => 'public_key', - 'counter' => 0, - 'user_handle' => 'test_user_handle', - 'created_at' => now()->toDateTimeString(), - 'updated_at' => now()->toDateTimeString(), + $mock = $this->mock(AssertedRequest::class)->makePartial()->shouldIgnoreMissing(); + $mock->shouldReceive([ + 'has' => false, + 'login' => null, ]); - $data = [ - 'id' => 'dGVzdF9jcmVkZW50aWFsX2lk', - 'rawId' => 'ZEdWemRGOWpjbVZrWlc1MGFXRnNYMmxr', - 'type' => 'test_type', - 'response' => [ - 'authenticatorData' => 'test', - 'clientDataJSON' => 'test', - 'signature' => 'test', - 'userHandle' => '', - ], - ]; - - $this->mock(WebAuthnAssertValidator::class) - ->shouldReceive('validate') - ->with([ - 'id' => 'dGVzdF9jcmVkZW50aWFsX2lk', - 'rawId' => 'ZEdWemRGOWpjbVZrWlc1MGFXRnNYMmxr', - 'type' => 'test_type', - 'response' => [ - 'authenticatorData' => 'test', - 'clientDataJSON' => 'test', - 'signature' => 'test', - 'userHandle' => 'dGVzdF91c2VyX2hhbmRsZQ==', - ], - ]) - ->andReturnUsing(function ($data) { - $credentials = WebAuthnCredential::find($data['id']); - - $credentials->setAttribute('counter', 1)->save(); - - return $credentials->toCredentialSource(); - }); - - $this->json('POST', '/webauthn/login', $data) - ->assertNoContent(); - - $this->assertAuthenticatedAs($this->user); + $this->json('POST', '/webauthn/login') + ->assertNoContent(422); } /** * @test */ - public function test_user_login_with_missing_data_returns_validation_error() + public function test_webauthn_login_with_missing_data_returns_validation_error() { - $this->user = User::factory()->create([ - 'name' => 'john', - 'email' => 'john.doe@mail.com', - 'password' => '$2y$10$FLIykVJWDsYSVMJyaFZZfe4tF5uBTnGsosJBL.ZfAAHsYgc27FSdi', - ]); + $this->user = User::factory()->create(); $data = [ 'id' => '', @@ -194,19 +102,35 @@ public function test_user_login_with_missing_data_returns_validation_error() */ public function test_get_options_returns_success() { - $this->user = User::factory()->create([ - 'name' => 'john', - 'email' => 'john.doe@mail.com', - 'password' => '$2y$10$FLIykVJWDsYSVMJyaFZZfe4tF5uBTnGsosJBL.ZfAAHsYgc27FSdi', + $this->user = User::factory()->create(); + + DB::table('webauthn_credentials')->insert([ + 'id' => self::CREDENTIAL_ID, + 'authenticatable_type' => \App\Models\User::class, + 'authenticatable_id' => $this->user->id, + 'user_id' => self::USER_ID, + 'counter' => 0, + 'rp_id' => 'http://localhost', + 'origin' => 'http://localhost', + 'aaguid' => '00000000-0000-0000-0000-000000000000', + 'attestation_format' => 'none', + 'public_key' => self::PUBLIC_KEY, + 'updated_at' => now(), + 'created_at' => now(), ]); - $response = $this->json('POST', '/webauthn/login/options', []) + $response = $this->json('POST', '/webauthn/login/options') ->assertOk() ->assertJsonStructure([ 'challenge', - 'rpId', 'userVerification', 'timeout', + ]) + ->assertJsonFragment([ + 'allowCredentials' => [[ + 'id' => self::CREDENTIAL_ID, + 'type' => 'public-key' + ]], ]); } @@ -216,7 +140,7 @@ public function test_get_options_returns_success() */ public function test_get_options_with_no_registred_user_returns_error() { - $this->json('POST', '/webauthn/login/options', []) + $this->json('POST', '/webauthn/login/options') ->assertStatus(400) ->assertJsonStructure([ 'message', diff --git a/tests/Feature/Http/Auth/WebAuthnManageControllerTest.php b/tests/Feature/Http/Auth/WebAuthnManageControllerTest.php index c00bdb00..2c8e5fb5 100644 --- a/tests/Feature/Http/Auth/WebAuthnManageControllerTest.php +++ b/tests/Feature/Http/Auth/WebAuthnManageControllerTest.php @@ -7,15 +7,22 @@ use Illuminate\Support\Facades\DB; use Illuminate\Support\Str; use Webauthn\TrustPath\EmptyTrustPath; +use Illuminate\Foundation\Testing\WithoutMiddleware; class WebAuthnManageControllerTest extends FeatureTestCase { + // use WithoutMiddleware; + /** * @var \App\Models\User */ protected $user; + public const CREDENTIAL_ID = '-VOLFKPY-_FuMI_sJ7gMllK76L3VoRUINj6lL_Z3qDg'; + public const CREDENTIAL_ID_RAW = '+VOLFKPY+/FuMI/sJ7gMllK76L3VoRUINj6lL/Z3qDg='; + + /** * @test */ @@ -32,20 +39,19 @@ public function setUp(): void */ public function test_index_returns_success_with_credentials() { - DB::table('web_authn_credentials')->insert([ - 'id' => 'test_credential_id', - 'user_id' => $this->user->id, - 'type' => 'public_key', - 'transports' => json_encode([]), - 'attestation_type' => 'none', - 'trust_path' => json_encode(['type' => EmptyTrustPath::class]), - 'aaguid' => Str::uuid(), - 'public_key' => 'public_key_bar', - 'counter' => 0, - 'user_handle' => 'test_id', - 'created_at' => now()->toDateTimeString(), - 'updated_at' => now()->toDateTimeString(), - 'disabled_at' => null, + DB::table('webauthn_credentials')->insert([ + 'id' => self::CREDENTIAL_ID, + 'authenticatable_type' => \App\Models\User::class, + 'authenticatable_id' => $this->user->id, + 'user_id' => 'e8af6f703f8042aa91c30cf72289aa07', + 'counter' => 0, + 'rp_id' => 'http://localhost', + 'origin' => 'http://localhost', + 'aaguid' => '00000000-0000-0000-0000-000000000000', + 'attestation_format' => 'none', + 'public_key' => 'eyJpdiI6Imp0U0NVeFNNbW45KzEvMXpad2p2SUE9PSIsInZhbHVlIjoic0VxZ2I1WnlHM2lJakhkWHVkK2kzMWtibk1IN2ZlaExGT01qOElXMDdRTjhnVlR0TDgwOHk1S0xQUy9BQ1JCWHRLNzRtenNsMml1dVQydWtERjFEU0h0bkJGT2RwUXE1M1JCcVpablE2Y2VGV2YvVEE2RGFIRUE5L0x1K0JIQXhLVE1aNVNmN3AxeHdjRUo2V0hwREZSRTJYaThNNnB1VnozMlVXZEVPajhBL3d3ODlkTVN3bW54RTEwSG0ybzRQZFFNNEFrVytUYThub2IvMFRtUlBZamoyZElWKzR1bStZQ1IwU3FXbkYvSm1FU2FlMTFXYUo0SG9kc1BDME9CNUNKeE9IelE5d2dmNFNJRXBKNUdlVzJ3VHUrQWJZRFluK0hib0xvVTdWQ0ZISjZmOWF3by83aVJES1dxbU9Zd1lhRTlLVmhZSUdlWmlBOUFtcTM2ZVBaRWNKNEFSQUhENk5EaC9hN3REdnVFbm16WkRxekRWOXd4cVcvZFdKa2tlWWJqZWlmZnZLS0F1VEVCZEZQcXJkTExiNWRyQmxsZWtaSDRlT3VVS0ZBSXFBRG1JMjRUMnBKRXZxOUFUa2xxMjg2TEplUzdscVo2UytoVU5SdXk1OE1lcFN6aU05ZkVXTkdIM2tKM3Q5bmx1TGtYb1F5bGxxQVR3K3BVUVlia1VybDFKRm9lZDViNzYraGJRdmtUb2FNTEVGZmZYZ3lYRDRiOUVjRnJpcTVvWVExOHJHSTJpMnVBZ3E0TmljbUlKUUtXY2lSWDh1dE5MVDNRUzVRSkQrTjVJUU8rSGhpeFhRRjJvSEdQYjBoVT0iLCJtYWMiOiI5MTdmNWRkZGE5OTEwNzQ3MjhkYWVhYjRlNjk0MWZlMmI5OTQ4YzlmZWI1M2I4OGVkMjE1MjMxNjUwOWRmZTU2IiwidGFnIjoiIn0=', + 'updated_at' => now(), + 'created_at' => now(), ]); $response = $this->actingAs($this->user, 'web-guard') @@ -54,9 +60,7 @@ public function test_index_returns_success_with_credentials() ->assertJsonStructure([ '*' => [ 'id', - 'name', - 'type', - 'transports' + 'alias', ] ]); } @@ -67,25 +71,24 @@ public function test_index_returns_success_with_credentials() */ public function test_rename_returns_success_with_new_name() { - DB::table('web_authn_credentials')->insert([ - 'id' => 'test_credential_id', - 'name' => 'MyCredential', - 'user_id' => $this->user->id, - 'type' => 'public_key', - 'transports' => json_encode([]), - 'attestation_type' => 'none', - 'trust_path' => json_encode(['type' => EmptyTrustPath::class]), - 'aaguid' => Str::uuid(), - 'public_key' => 'public_key_bar', - 'counter' => 0, - 'user_handle' => 'test_id', - 'created_at' => now()->toDateTimeString(), - 'updated_at' => now()->toDateTimeString(), - 'disabled_at' => null, + DB::table('webauthn_credentials')->insert([ + 'id' => self::CREDENTIAL_ID, + 'authenticatable_type' => \App\Models\User::class, + 'authenticatable_id' => $this->user->id, + 'user_id' => 'e8af6f703f8042aa91c30cf72289aa07', + 'alias' => 'MyNewCredential', + 'counter' => 0, + 'rp_id' => 'http://localhost', + 'origin' => 'http://localhost', + 'aaguid' => '00000000-0000-0000-0000-000000000000', + 'attestation_format' => 'none', + 'public_key' => 'eyJpdiI6Imp0U0NVeFNNbW45KzEvMXpad2p2SUE9PSIsInZhbHVlIjoic0VxZ2I1WnlHM2lJakhkWHVkK2kzMWtibk1IN2ZlaExGT01qOElXMDdRTjhnVlR0TDgwOHk1S0xQUy9BQ1JCWHRLNzRtenNsMml1dVQydWtERjFEU0h0bkJGT2RwUXE1M1JCcVpablE2Y2VGV2YvVEE2RGFIRUE5L0x1K0JIQXhLVE1aNVNmN3AxeHdjRUo2V0hwREZSRTJYaThNNnB1VnozMlVXZEVPajhBL3d3ODlkTVN3bW54RTEwSG0ybzRQZFFNNEFrVytUYThub2IvMFRtUlBZamoyZElWKzR1bStZQ1IwU3FXbkYvSm1FU2FlMTFXYUo0SG9kc1BDME9CNUNKeE9IelE5d2dmNFNJRXBKNUdlVzJ3VHUrQWJZRFluK0hib0xvVTdWQ0ZISjZmOWF3by83aVJES1dxbU9Zd1lhRTlLVmhZSUdlWmlBOUFtcTM2ZVBaRWNKNEFSQUhENk5EaC9hN3REdnVFbm16WkRxekRWOXd4cVcvZFdKa2tlWWJqZWlmZnZLS0F1VEVCZEZQcXJkTExiNWRyQmxsZWtaSDRlT3VVS0ZBSXFBRG1JMjRUMnBKRXZxOUFUa2xxMjg2TEplUzdscVo2UytoVU5SdXk1OE1lcFN6aU05ZkVXTkdIM2tKM3Q5bmx1TGtYb1F5bGxxQVR3K3BVUVlia1VybDFKRm9lZDViNzYraGJRdmtUb2FNTEVGZmZYZ3lYRDRiOUVjRnJpcTVvWVExOHJHSTJpMnVBZ3E0TmljbUlKUUtXY2lSWDh1dE5MVDNRUzVRSkQrTjVJUU8rSGhpeFhRRjJvSEdQYjBoVT0iLCJtYWMiOiI5MTdmNWRkZGE5OTEwNzQ3MjhkYWVhYjRlNjk0MWZlMmI5OTQ4YzlmZWI1M2I4OGVkMjE1MjMxNjUwOWRmZTU2IiwidGFnIjoiIn0=', + 'updated_at' => now(), + 'created_at' => now(), ]); $response = $this->actingAs($this->user, 'web-guard') - ->json('PATCH', '/webauthn/credentials/test_credential_id/name',[ + ->json('PATCH', '/webauthn/credentials/'.self::CREDENTIAL_ID.'/name',[ 'name' => 'MyNewCredential', ]) ->assertStatus(200) @@ -101,7 +104,7 @@ public function test_rename_returns_success_with_new_name() public function test_rename_invalid_data_returns_validation_error() { $response = $this->actingAs($this->user, 'web-guard') - ->json('PATCH', '/webauthn/credentials/test_credential_id/name', [ + ->json('PATCH', '/webauthn/credentials/'.self::CREDENTIAL_ID.'/name', [ 'name' => null, ]) ->assertStatus(422); diff --git a/tests/Feature/Http/Auth/WebAuthnRecoveryControllerTest.php b/tests/Feature/Http/Auth/WebAuthnRecoveryControllerTest.php index 41753265..5f32a803 100644 --- a/tests/Feature/Http/Auth/WebAuthnRecoveryControllerTest.php +++ b/tests/Feature/Http/Auth/WebAuthnRecoveryControllerTest.php @@ -6,6 +6,7 @@ use Tests\FeatureTestCase; use Illuminate\Support\Facades\DB; use Illuminate\Support\Facades\Date; +use Database\Factories\UserFactory; class WebAuthnRecoveryControllerTest extends FeatureTestCase { @@ -13,6 +14,15 @@ class WebAuthnRecoveryControllerTest extends FeatureTestCase * @var \App\Models\User */ protected $user; + + /** + * @var + */ + protected $now; + + const STORED_TOKEN_VALUE = '$2y$10$P6q8rl8te5QaO1EdpyJcNO0s9VFlVgf62KaItQhrPTskxfyu97mlW'; + const ACTUAL_TOKEN_VALUE = '9e583e3fb6c32034164ac62415c9657dcbd1fb861b434340b08a94c2075cac66'; + const CREDENTIAL_ID = '-VOLFKPY-_FuMI_sJ7gMllK76L3VoRUINj6lL_Z3qDg'; /** @@ -23,39 +33,42 @@ public function setUp(): void parent::setUp(); $this->user = User::factory()->create(); - } + Date::setTestNow($this->now = Date::create(2022, 11, 16, 9, 4)); - /** - * @test - */ - public function test_options_returns_success() - { - $token = '$2y$10$hgGTVVTRLsSYSlAHpyydBu6m4ZuRheBqTTUfRE/aG89DaqEyo.HPu'; - Date::setTestNow($now = Date::create(2020, 01, 01, 16, 30)); - - DB::table('web_authn_recoveries')->insert([ + DB::table('webauthn_recoveries')->insert([ 'email' => $this->user->email, - 'token' => $token, - 'created_at' => $now->toDateTimeString(), + 'token' => self::STORED_TOKEN_VALUE, + 'created_at' => $this->now->toDateTimeString(), ]); - - $response = $this->json('POST', '/webauthn/recover/options', [ - 'token' => 'test_token', - 'email' => $this->user->email, - ]) - ->assertStatus(200); } /** * @test */ - public function test_options_with_invalid_token_returns_error() + public function test_recover_with_invalid_token_returns_validation_error() { - $response = $this->json('POST', '/webauthn/recover/options', [ - 'token' => 'myToken', + $response = $this->json('POST', '/webauthn/recover', [ + 'token' => 'bad_token', 'email' => $this->user->email, + 'password' => UserFactory::USER_PASSWORD, + ]) + ->assertStatus(422) + ->assertJsonMissingValidationErrors('email') + ->assertJsonValidationErrors('token'); + } + + + /** + * @test + */ + public function test_recover_with_invalid_password_returns_authentication_error() + { + $response = $this->json('POST', '/webauthn/recover', [ + 'token' => self::ACTUAL_TOKEN_VALUE, + 'email' => $this->user->email, + 'password' => 'bad_password', ]) ->assertStatus(401); } @@ -64,52 +77,55 @@ public function test_options_with_invalid_token_returns_error() /** * @test */ - public function test_options_without_inputs_returns_validation_errors() + public function test_recover_returns_success() { - $response = $this->json('POST', '/webauthn/recover/options', [ - 'token' => '', - 'email' => '', + $response = $this->json('POST', '/webauthn/recover', [ + 'token' => self::ACTUAL_TOKEN_VALUE, + 'email' => $this->user->email, + 'password' => UserFactory::USER_PASSWORD, + ]) + ->assertStatus(200); + + $this->assertDatabaseMissing('webauthn_recoveries', [ + 'token' => self::STORED_TOKEN_VALUE, ]); - $response->assertStatus(422) - ->assertJsonValidationErrors(['token']) - ->assertJsonValidationErrors(['email']); + $this->assertDatabaseMissing('options', [ + 'key' => 'useWebauthnOnly', + ]); } /** * @test */ - // public function test_recover_returns_success() - // { - // $token = '$2y$10$hgGTVVTRLsSYSlAHpyydBu6m4ZuRheBqTTUfRE/aG89DaqEyo.HPu'; - // Date::setTestNow($now = Date::create(2020, 01, 01, 16, 30)); - - // DB::table('web_authn_recoveries')->insert([ - // 'email' => $this->user->email, - // 'token' => $token, - // 'created_at' => $now->toDateTimeString(), - // ]); - - // $response = $this->json('POST', '/webauthn/recover', [], [ - // 'token' => $token, - // 'email' => $this->user->email, - // ]) - // ->assertStatus(200); - // } - - - /** - * @test - */ - public function test_recover_with_invalid_token_returns_validation_error() + public function test_revoke_all_credentials_clear_registered_credentials() { - $response = $this->json('POST', '/webauthn/recover', [], [ - 'token' => 'toekn', - 'email' => $this->user->email, - ]) - ->assertStatus(422) - ->assertJsonValidationErrors(['email']); - } + DB::table('webauthn_credentials')->insert([ + 'id' => self::CREDENTIAL_ID, + 'authenticatable_type' => \App\Models\User::class, + 'authenticatable_id' => $this->user->id, + 'user_id' => 'e8af6f703f8042aa91c30cf72289aa07', + 'counter' => 0, + 'rp_id' => 'http://localhost', + 'origin' => 'http://localhost', + 'aaguid' => '00000000-0000-0000-0000-000000000000', + 'attestation_format' => 'none', + 'public_key' => 'eyJpdiI6Imp0U0NVeFNNbW45KzEvMXpad2p2SUE9PSIsInZhbHVlIjoic0VxZ2I1WnlHM2lJakhkWHVkK2kzMWtibk1IN2ZlaExGT01qOElXMDdRTjhnVlR0TDgwOHk1S0xQUy9BQ1JCWHRLNzRtenNsMml1dVQydWtERjFEU0h0bkJGT2RwUXE1M1JCcVpablE2Y2VGV2YvVEE2RGFIRUE5L0x1K0JIQXhLVE1aNVNmN3AxeHdjRUo2V0hwREZSRTJYaThNNnB1VnozMlVXZEVPajhBL3d3ODlkTVN3bW54RTEwSG0ybzRQZFFNNEFrVytUYThub2IvMFRtUlBZamoyZElWKzR1bStZQ1IwU3FXbkYvSm1FU2FlMTFXYUo0SG9kc1BDME9CNUNKeE9IelE5d2dmNFNJRXBKNUdlVzJ3VHUrQWJZRFluK0hib0xvVTdWQ0ZISjZmOWF3by83aVJES1dxbU9Zd1lhRTlLVmhZSUdlWmlBOUFtcTM2ZVBaRWNKNEFSQUhENk5EaC9hN3REdnVFbm16WkRxekRWOXd4cVcvZFdKa2tlWWJqZWlmZnZLS0F1VEVCZEZQcXJkTExiNWRyQmxsZWtaSDRlT3VVS0ZBSXFBRG1JMjRUMnBKRXZxOUFUa2xxMjg2TEplUzdscVo2UytoVU5SdXk1OE1lcFN6aU05ZkVXTkdIM2tKM3Q5bmx1TGtYb1F5bGxxQVR3K3BVUVlia1VybDFKRm9lZDViNzYraGJRdmtUb2FNTEVGZmZYZ3lYRDRiOUVjRnJpcTVvWVExOHJHSTJpMnVBZ3E0TmljbUlKUUtXY2lSWDh1dE5MVDNRUzVRSkQrTjVJUU8rSGhpeFhRRjJvSEdQYjBoVT0iLCJtYWMiOiI5MTdmNWRkZGE5OTEwNzQ3MjhkYWVhYjRlNjk0MWZlMmI5OTQ4YzlmZWI1M2I4OGVkMjE1MjMxNjUwOWRmZTU2IiwidGFnIjoiIn0=', + 'updated_at' => now(), + 'created_at' => now(), + ]); + $response = $this->json('POST', '/webauthn/recover', [ + 'token' => self::ACTUAL_TOKEN_VALUE, + 'email' => $this->user->email, + 'password' => UserFactory::USER_PASSWORD, + 'revokeAll' => true + ]) + ->assertStatus(200); + + $this->assertDatabaseMissing('webauthn_credentials', [ + 'authenticatable_id' => $this->user->id, + ]); + } } \ No newline at end of file