2FAuth/tests/Feature/Http/Auth/WebAuthnDeviceLostControllerTest.php
2024-07-06 16:05:48 +02:00

167 lines
4.6 KiB
PHP

<?php
namespace Tests\Feature\Http\Auth;
use App\Extensions\WebauthnCredentialBroker;
use App\Http\Controllers\Auth\WebAuthnDeviceLostController;
use App\Http\Requests\WebauthnDeviceLostRequest;
use App\Models\User;
use App\Notifications\WebauthnRecoveryNotification;
use App\Providers\AuthServiceProvider;
use App\Rules\CaseInsensitiveEmailExists;
use Illuminate\Support\Facades\Notification;
use PHPUnit\Framework\Attributes\CoversClass;
use PHPUnit\Framework\Attributes\CoversMethod;
use PHPUnit\Framework\Attributes\Test;
use Tests\FeatureTestCase;
/**
* WebAuthnDeviceLostControllerTest test class
*/
#[CoversMethod(User::class, 'sendWebauthnRecoveryNotification')]
#[CoversClass(WebAuthnDeviceLostController::class)]
#[CoversClass(WebauthnRecoveryNotification::class)]
#[CoversClass(WebauthnCredentialBroker::class)]
#[CoversClass(WebauthnDeviceLostRequest::class)]
#[CoversClass(AuthServiceProvider::class)]
#[CoversMethod(CaseInsensitiveEmailExists::class, 'validate')]
class WebAuthnDeviceLostControllerTest extends FeatureTestCase
{
/**
* @var \App\Models\User
*/
protected $user;
public function setUp() : void
{
parent::setUp();
$this->user = User::factory()->create();
}
#[Test]
public function test_sendRecoveryEmail_sends_notification_on_success()
{
Notification::fake();
$response = $this->json('POST', '/webauthn/lost', [
'email' => $this->user->email,
]);
Notification::assertSentTo($this->user, WebauthnRecoveryNotification::class);
$response->assertStatus(200)
->assertJsonStructure([
'message',
]);
$this->assertDatabaseHas(config('auth.passwords.webauthn.table'), [
'email' => $this->user->email,
]);
}
#[Test]
public function test_sendRecoveryEmail_does_not_send_anything_to_unknown_email()
{
Notification::fake();
$response = $this->json('POST', '/webauthn/lost', [
'email' => 'bad@email.com',
]);
Notification::assertNothingSent();
$response->assertStatus(422)
->assertJsonValidationErrors([
'email',
]);
$this->assertDatabaseMissing(config('auth.passwords.webauthn.table'), [
'email' => 'bad@email.com',
]);
}
#[Test]
public function test_sendRecoveryEmail_does_not_send_anything_to_invalid_email()
{
Notification::fake();
$response = $this->json('POST', '/webauthn/lost', [
'email' => 'bad@email.com',
]);
Notification::assertNothingSent();
$response->assertStatus(422)
->assertJsonValidationErrors([
'email',
]);
$this->assertDatabaseMissing(config('auth.passwords.webauthn.table'), [
'email' => 'bad@email.com',
]);
}
#[Test]
public function test_sendRecoveryEmail_does_not_send_anything_to_not_WebAuthnAuthenticatable()
{
$mock = $this->mock(\App\Extensions\WebauthnCredentialBroker::class)->makePartial();
$mock->shouldReceive('getUser')
->andReturn(new \Illuminate\Foundation\Auth\User());
Notification::fake();
$response = $this->json('POST', '/webauthn/lost', [
'email' => $this->user->email,
]);
Notification::assertNothingSent();
$response->assertStatus(422)
->assertJsonValidationErrors([
'email',
]);
}
#[Test]
public function test_sendRecoveryEmail_is_throttled()
{
Notification::fake();
$response = $this->json('POST', '/webauthn/lost', [
'email' => $this->user->email,
]);
Notification::assertSentTo($this->user, WebauthnRecoveryNotification::class);
$response->assertStatus(200)
->assertJsonStructure([
'message',
]);
$this->assertDatabaseHas(config('auth.passwords.webauthn.table'), [
'email' => $this->user->email,
]);
$this->json('POST', '/webauthn/lost', [
'email' => $this->user->email,
])
->assertStatus(422)
->assertJsonValidationErrorfor('email')
->assertJsonFragment([
'message' => __('passwords.throttled'),
]);
}
#[Test]
public function test_error_if_no_broker_is_set()
{
$this->app['config']->set('auth.passwords.webauthn', null);
$this->json('POST', '/webauthn/lost', [
'email' => $this->user->email,
])
->assertStatus(500);
}
}