user = User::factory()->create(); Date::setTestNow($this->now = Date::create(2022, 11, 16, 9, 4)); DB::table(config('auth.passwords.webauthn.table'))->insert([ 'email' => $this->user->email, 'token' => self::STORED_TOKEN_VALUE, 'created_at' => $this->now->toDateTimeString(), ]); } /** * @test */ public function test_recover_fails_if_no_recovery_is_set() { DB::table(config('auth.passwords.webauthn.table'))->delete(); $this->json('POST', '/webauthn/recover', [ 'token' => self::ACTUAL_TOKEN_VALUE, 'email' => $this->user->email, 'password' => UserFactory::USER_PASSWORD, ]) ->assertStatus(422) ->assertJsonValidationErrors('token'); } /** * @test */ public function test_recover_with_wrong_token_returns_validation_error() { $response = $this->json('POST', '/webauthn/recover', [ 'token' => 'wrong_token', 'email' => $this->user->email, 'password' => UserFactory::USER_PASSWORD, ]) ->assertStatus(422) ->assertJsonMissingValidationErrors('email') ->assertJsonValidationErrors('token'); } /** * @test */ public function test_recover_with_expired_token_returns_validation_error() { Date::setTestNow($now = Date::create(2020, 01, 01, 16, 30)); DB::table(config('auth.passwords.webauthn.table'))->delete(); DB::table(config('auth.passwords.webauthn.table'))->insert([ 'token' => self::STORED_TOKEN_VALUE, 'email' => $this->user->email, 'created_at' => $now->clone()->subHour()->subSecond()->toDateTimeString(), ]); $this->json('POST', '/webauthn/recover', [ 'token' => self::ACTUAL_TOKEN_VALUE, 'email' => $this->user->email, 'password' => UserFactory::USER_PASSWORD, ]) ->assertStatus(422) ->assertJsonValidationErrors('token'); } /** * @test */ public function test_recover_with_invalid_password_returns_authentication_error() { $this->json('POST', '/webauthn/recover', [ 'token' => self::ACTUAL_TOKEN_VALUE, 'email' => $this->user->email, 'password' => 'bad_password', ]) ->assertStatus(401); } /** * @test */ public function test_recover_returns_validation_error_when_no_user_exists() { $this->json('POST', '/webauthn/recover', [ 'token' => self::ACTUAL_TOKEN_VALUE, 'email' => 'no@user.com', 'password' => UserFactory::USER_PASSWORD, ]) ->assertStatus(422) ->assertJsonMissingValidationErrors('password') ->assertJsonMissingValidationErrors('token') ->assertJsonValidationErrors('email'); } /** * @test */ public function test_recover_returns_success() { $response = $this->json('POST', '/webauthn/recover', [ 'token' => self::ACTUAL_TOKEN_VALUE, 'email' => $this->user->email, 'password' => UserFactory::USER_PASSWORD, ]) ->assertStatus(200); $this->assertDatabaseMissing(config('auth.passwords.webauthn.table'), [ 'token' => self::STORED_TOKEN_VALUE, ]); } /** * @test */ public function test_recover_resets_useWebauthnOnly_user_preference() { $this->user['preferences->useWebauthnOnly'] = true; $this->user->save(); $response = $this->json('POST', '/webauthn/recover', [ 'token' => self::ACTUAL_TOKEN_VALUE, 'email' => $this->user->email, 'password' => UserFactory::USER_PASSWORD, ]) ->assertStatus(200); $this->user->refresh(); $this->assertFalse($this->user->preferences['useWebauthnOnly']); } /** * @test */ public function test_revoke_all_credentials_clear_registered_credentials() { DB::table('webauthn_credentials')->insert([ 'id' => self::CREDENTIAL_ID, 'authenticatable_type' => \App\Models\User::class, 'authenticatable_id' => $this->user->id, 'user_id' => 'e8af6f703f8042aa91c30cf72289aa07', 'counter' => 0, 'rp_id' => 'http://localhost', 'origin' => 'http://localhost', 'aaguid' => '00000000-0000-0000-0000-000000000000', 'attestation_format' => 'none', 'public_key' => 'eyJpdiI6Imp0U0NVeFNNbW45KzEvMXpad2p2SUE9PSIsInZhbHVlIjoic0VxZ2I1WnlHM2lJakhkWHVkK2kzMWtibk1IN2ZlaExGT01qOElXMDdRTjhnVlR0TDgwOHk1S0xQUy9BQ1JCWHRLNzRtenNsMml1dVQydWtERjFEU0h0bkJGT2RwUXE1M1JCcVpablE2Y2VGV2YvVEE2RGFIRUE5L0x1K0JIQXhLVE1aNVNmN3AxeHdjRUo2V0hwREZSRTJYaThNNnB1VnozMlVXZEVPajhBL3d3ODlkTVN3bW54RTEwSG0ybzRQZFFNNEFrVytUYThub2IvMFRtUlBZamoyZElWKzR1bStZQ1IwU3FXbkYvSm1FU2FlMTFXYUo0SG9kc1BDME9CNUNKeE9IelE5d2dmNFNJRXBKNUdlVzJ3VHUrQWJZRFluK0hib0xvVTdWQ0ZISjZmOWF3by83aVJES1dxbU9Zd1lhRTlLVmhZSUdlWmlBOUFtcTM2ZVBaRWNKNEFSQUhENk5EaC9hN3REdnVFbm16WkRxekRWOXd4cVcvZFdKa2tlWWJqZWlmZnZLS0F1VEVCZEZQcXJkTExiNWRyQmxsZWtaSDRlT3VVS0ZBSXFBRG1JMjRUMnBKRXZxOUFUa2xxMjg2TEplUzdscVo2UytoVU5SdXk1OE1lcFN6aU05ZkVXTkdIM2tKM3Q5bmx1TGtYb1F5bGxxQVR3K3BVUVlia1VybDFKRm9lZDViNzYraGJRdmtUb2FNTEVGZmZYZ3lYRDRiOUVjRnJpcTVvWVExOHJHSTJpMnVBZ3E0TmljbUlKUUtXY2lSWDh1dE5MVDNRUzVRSkQrTjVJUU8rSGhpeFhRRjJvSEdQYjBoVT0iLCJtYWMiOiI5MTdmNWRkZGE5OTEwNzQ3MjhkYWVhYjRlNjk0MWZlMmI5OTQ4YzlmZWI1M2I4OGVkMjE1MjMxNjUwOWRmZTU2IiwidGFnIjoiIn0=', 'updated_at' => now(), 'created_at' => now(), ]); $response = $this->json('POST', '/webauthn/recover', [ 'token' => self::ACTUAL_TOKEN_VALUE, 'email' => $this->user->email, 'password' => UserFactory::USER_PASSWORD, 'revokeAll' => true, ]) ->assertStatus(200); $this->assertDatabaseMissing('webauthn_credentials', [ 'authenticatable_id' => $this->user->id, ]); } }