mirror of
https://github.com/Bubka/2FAuth.git
synced 2024-12-23 23:49:53 +01:00
Update and complete phpunit tests
This commit is contained in:
parent
342d656724
commit
d716213ece
@ -115,10 +115,6 @@ private function customApiResponse($exception, $debug)
|
||||
$response['message'] = 'Unauthorized';
|
||||
break;
|
||||
|
||||
case 403:
|
||||
$response['message'] = 'Forbidden';
|
||||
break;
|
||||
|
||||
case 404:
|
||||
$response['message'] = 'Not Found';
|
||||
break;
|
||||
|
@ -11,6 +11,7 @@ class Authenticate extends Middleware
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @return string
|
||||
* @codeCoverageIgnore
|
||||
*/
|
||||
protected function redirectTo($request)
|
||||
{
|
||||
|
@ -29,20 +29,27 @@ public function handle($request, Closure $next)
|
||||
$user = Auth::guard('api')->user();
|
||||
|
||||
$now = Carbon::now();
|
||||
$last_seen = Carbon::parse($user->last_seen_at);
|
||||
$inactiveFor = $now->diffInMinutes($last_seen);
|
||||
$inactiveFor = $now->diffInSeconds(Carbon::parse($user->last_seen_at));
|
||||
|
||||
// Fetch all setting values
|
||||
$settings = Options::get();
|
||||
|
||||
// If user has been inactivity longer than the allowed inactivity period
|
||||
if ($settings['kickUserAfter'] > 0 && $inactiveFor > $settings['kickUserAfter']) {
|
||||
|
||||
$kickUserAfterXSecond = intval($settings['kickUserAfter']) * 60;
|
||||
|
||||
// If user has been inactive longer than the allowed inactivity period
|
||||
if ($kickUserAfterXSecond > 0 && $inactiveFor > $kickUserAfterXSecond) {
|
||||
|
||||
$user->last_seen_at = $now->format('Y-m-d H:i:s');
|
||||
$user->save();
|
||||
|
||||
$accessToken = Auth::user()->token();
|
||||
$accessToken->revoke();
|
||||
|
||||
$accessToken = $user->token();
|
||||
|
||||
// phpunit does not generate token during tests, so we revoke it only if it exists
|
||||
// @codeCoverageIgnoreStart
|
||||
if( $accessToken ) {
|
||||
$accessToken->revoke();
|
||||
}
|
||||
// @codeCoverageIgnoreEnd
|
||||
|
||||
return response()->json(['message' => 'unauthorised'], Response::HTTP_UNAUTHORIZED);
|
||||
}
|
||||
|
@ -8,6 +8,7 @@
|
||||
use Illuminate\Support\Facades\Auth;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
use Illuminate\Auth\RequestGuard;
|
||||
use Illuminate\Support\Facades\Config;
|
||||
|
||||
class LoginTest extends TestCase
|
||||
{
|
||||
@ -173,4 +174,26 @@ public function testUserLogout()
|
||||
]);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* test User logout after inactivity via API
|
||||
*
|
||||
* @test
|
||||
*/
|
||||
public function testUserLogoutAfterInactivity()
|
||||
{
|
||||
// Set the autolock period to 1 minute
|
||||
$response = $this->actingAs($this->user, 'api')
|
||||
->json('POST', '/api/settings/options', [
|
||||
'kickUserAfter' => '1'])
|
||||
->assertStatus(200);
|
||||
|
||||
sleep(61);
|
||||
|
||||
// Ping a restricted endpoint to log last_seen_at time
|
||||
$response = $this->actingAs($this->user, 'api')
|
||||
->json('GET', '/api/settings/account')
|
||||
->assertStatus(401);
|
||||
}
|
||||
|
||||
}
|
@ -44,17 +44,6 @@ public function test_HTTP_UNAUTHORIZED()
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* test Unauthorized
|
||||
*
|
||||
* @test
|
||||
*/
|
||||
public function test_HTTP_FORBIDDEN()
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* test Not Found
|
||||
*
|
||||
|
Loading…
Reference in New Issue
Block a user