mirror of
https://github.com/Bubka/2FAuth.git
synced 2024-11-26 02:04:52 +01:00
Fix missing admin permissions on WebAuthn login - Closes #326
This commit is contained in:
parent
f4624e2793
commit
f2c9f8aaa8
@ -147,8 +147,11 @@ protected function sendLoginResponse(WebauthnAssertedRequest $request)
|
||||
|
||||
return response()->json([
|
||||
'message' => 'authenticated',
|
||||
'id' => $user->id,
|
||||
'name' => $user->name,
|
||||
'email' => $user->email,
|
||||
'preferences' => $user->preferences,
|
||||
'is_admin' => $user->isAdministrator(),
|
||||
], Response::HTTP_OK);
|
||||
}
|
||||
|
||||
|
@ -28,6 +28,11 @@ class LoginTest extends FeatureTestCase
|
||||
*/
|
||||
protected $user;
|
||||
|
||||
/**
|
||||
* @var \App\Models\User|\Illuminate\Contracts\Auth\Authenticatable
|
||||
*/
|
||||
protected $admin;
|
||||
|
||||
private const PASSWORD = 'password';
|
||||
|
||||
private const WRONG_PASSWORD = 'wrong_password';
|
||||
@ -40,6 +45,7 @@ public function setUp() : void
|
||||
parent::setUp();
|
||||
|
||||
$this->user = User::factory()->create();
|
||||
$this->admin = User::factory()->administrator()->create();
|
||||
}
|
||||
|
||||
/**
|
||||
@ -54,15 +60,31 @@ public function test_user_login_returns_success()
|
||||
->assertOk()
|
||||
->assertJsonFragment([
|
||||
'message' => 'authenticated',
|
||||
'id' => $this->user->id,
|
||||
'name' => $this->user->name,
|
||||
'email' => $this->user->email,
|
||||
'is_admin' => false,
|
||||
])
|
||||
->assertJsonStructure([
|
||||
'message',
|
||||
'name',
|
||||
'preferences',
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function test_admin_login_returns_admin_role()
|
||||
{
|
||||
$response = $this->json('POST', '/user/login', [
|
||||
'email' => $this->admin->email,
|
||||
'password' => self::PASSWORD,
|
||||
])
|
||||
->assertOk()
|
||||
->assertJsonFragment([
|
||||
'is_admin' => true,
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*
|
||||
|
@ -25,6 +25,11 @@ class WebAuthnLoginControllerTest extends FeatureTestCase
|
||||
*/
|
||||
protected $user;
|
||||
|
||||
/**
|
||||
* @var \App\Models\User
|
||||
*/
|
||||
protected $admin;
|
||||
|
||||
const CREDENTIAL_ID = 's06aG41wsIYh5X1YUhB-SlH8y3F2RzdJZVse8iXRXOCd3oqQdEyCOsBawzxrYBtJRQA2azAMEN_q19TUp6iMgg';
|
||||
|
||||
const CREDENTIAL_ID_ALT = '-VOLFKPY-_FuMI_sJ7gMllK76L3VoRUINj6lL_Z3qDg';
|
||||
@ -126,15 +131,55 @@ public function test_webauthn_login_returns_success()
|
||||
->assertOk()
|
||||
->assertJsonFragment([
|
||||
'message' => 'authenticated',
|
||||
'id' => $this->user->id,
|
||||
'name' => $this->user->name,
|
||||
'email' => $this->user->email,
|
||||
'is_admin' => false,
|
||||
])
|
||||
->assertJsonStructure([
|
||||
'message',
|
||||
'name',
|
||||
'preferences',
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
public function test_webauthn_admin_login_returns_admin_role()
|
||||
{
|
||||
$this->admin = User::factory()->administrator()->create(['email' => self::EMAIL]);
|
||||
|
||||
DB::table('webauthn_credentials')->insert([
|
||||
'id' => self::CREDENTIAL_ID_ALT,
|
||||
'authenticatable_type' => \App\Models\User::class,
|
||||
'authenticatable_id' => $this->admin->id,
|
||||
'user_id' => self::USER_ID_ALT,
|
||||
'counter' => 0,
|
||||
'rp_id' => 'http://localhost',
|
||||
'origin' => 'http://localhost',
|
||||
'aaguid' => '00000000-0000-0000-0000-000000000000',
|
||||
'attestation_format' => 'none',
|
||||
'public_key' => self::PUBLIC_KEY,
|
||||
'updated_at' => now(),
|
||||
'created_at' => now(),
|
||||
]);
|
||||
|
||||
$this->session(['_webauthn' => new \Laragear\WebAuthn\Challenge(
|
||||
new \Laragear\WebAuthn\ByteBuffer(base64_decode(self::ASSERTION_CHALLENGE)),
|
||||
60,
|
||||
false,
|
||||
)]);
|
||||
|
||||
$this->mock(AssertionValidator::class)
|
||||
->expects('send->thenReturn')
|
||||
->andReturn();
|
||||
|
||||
$this->json('POST', '/webauthn/login', self::ASSERTION_RESPONSE)
|
||||
->assertOk()
|
||||
->assertJsonFragment([
|
||||
'is_admin' => true,
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* @test
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user