2017-10-30 12:40:34 +08:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
use App\Events;
|
|
|
|
|
use App\Models\User;
|
2018-07-15 17:42:03 +08:00
|
|
|
use App\Mail\ForgotPassword;
|
2017-10-30 12:40:34 +08:00
|
|
|
use App\Services\Facades\Option;
|
|
|
|
|
use Illuminate\Support\Facades\Mail;
|
|
|
|
|
use Illuminate\Foundation\Testing\WithoutMiddleware;
|
|
|
|
|
use Illuminate\Foundation\Testing\DatabaseMigrations;
|
|
|
|
|
use Illuminate\Foundation\Testing\DatabaseTransactions;
|
|
|
|
|
|
|
|
|
|
class AuthControllerTest extends TestCase
|
|
|
|
|
{
|
|
|
|
|
use DatabaseTransactions;
|
|
|
|
|
|
|
|
|
|
public function testLogin()
|
|
|
|
|
{
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->get('/auth/login')->assertSee('Log in');
|
2017-10-30 12:40:34 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testHandleLogin()
|
|
|
|
|
{
|
|
|
|
|
$this->expectsEvents(Events\UserTryToLogin::class);
|
|
|
|
|
$this->expectsEvents(Events\UserLoggedIn::class);
|
|
|
|
|
|
|
|
|
|
$user = factory(User::class)->create();
|
|
|
|
|
$user->changePasswd('12345678');
|
|
|
|
|
$player = factory(App\Models\Player::class)->create(
|
|
|
|
|
[
|
|
|
|
|
'uid' => $user->uid
|
|
|
|
|
]
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
// Should return a warning if `identification` is empty
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/login', [], [
|
|
|
|
|
'X-Requested-With' => 'XMLHttpRequest'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('validation.required', ['attribute' => trans('auth.identification')])
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should return a warning if `password` is empty
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/login', [
|
|
|
|
|
'identification' => $user->email
|
|
|
|
|
], [
|
|
|
|
|
'X-Requested-With' => 'XMLHttpRequest'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('validation.required', ['attribute' => 'password'])
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should return a warning if length of `password` is lower than 6
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/login', [
|
|
|
|
|
'identification' => $user->email,
|
|
|
|
|
'password' => '123'
|
|
|
|
|
], [
|
|
|
|
|
'X-Requested-With' => 'XMLHttpRequest'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('validation.min.string', ['attribute' => 'password', 'min' => 6])
|
|
|
|
|
]);
|
|
|
|
|
|
2018-02-24 16:05:07 +08:00
|
|
|
// Should return a warning if length of `password` is greater than 32
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/login', [
|
|
|
|
|
'identification' => $user->email,
|
|
|
|
|
'password' => str_random(80)
|
|
|
|
|
], [
|
|
|
|
|
'X-Requested-With' => 'XMLHttpRequest'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
2018-02-24 16:05:07 +08:00
|
|
|
'msg' => trans('validation.max.string', ['attribute' => 'password', 'max' => 32])
|
2017-10-30 12:40:34 +08:00
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$this->flushSession();
|
|
|
|
|
|
|
|
|
|
// Logging in should be failed if password is wrong
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/login', [
|
|
|
|
|
'identification' => $user->email,
|
|
|
|
|
'password' => 'wrong-password'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
[
|
|
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('auth.validation.password'),
|
|
|
|
|
'login_fails' => 1
|
|
|
|
|
]
|
|
|
|
|
)->assertSessionHas('login_fails', 1);
|
|
|
|
|
|
|
|
|
|
$this->flushSession();
|
|
|
|
|
|
|
|
|
|
// Should check captcha if there are too many fails
|
|
|
|
|
$this->withSession(
|
|
|
|
|
[
|
|
|
|
|
'login_fails' => 4,
|
|
|
|
|
'phrase' => 'a'
|
|
|
|
|
]
|
2018-07-13 15:13:35 +08:00
|
|
|
)->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/login', [
|
|
|
|
|
'identification' => $user->email,
|
|
|
|
|
'password' => '12345678',
|
|
|
|
|
'captcha' => 'b'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('auth.validation.captcha')
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$this->flushSession();
|
|
|
|
|
|
|
|
|
|
// Should return a warning if user isn't existed
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/login', [
|
|
|
|
|
'identification' => 'nope@nope.net',
|
|
|
|
|
'password' => '12345678'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 2,
|
|
|
|
|
'msg' => trans('auth.validation.user')
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$this->flushSession();
|
|
|
|
|
|
|
|
|
|
// Should clean the `login_fails` session if logged in successfully
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->withSession(['login_fails' => 1])->postJson('/auth/login', [
|
2017-10-30 12:40:34 +08:00
|
|
|
'identification' => $user->email,
|
|
|
|
|
'password' => '12345678'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
[
|
|
|
|
|
'errno' => 0,
|
|
|
|
|
'msg' => trans('auth.login.success'),
|
|
|
|
|
'token' => $user->getToken()
|
|
|
|
|
]
|
|
|
|
|
)->assertSessionMissing('login_fails');
|
|
|
|
|
|
|
|
|
|
$this->flushSession();
|
|
|
|
|
|
|
|
|
|
// Logged in should be in success if logged in with player name
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/login', [
|
|
|
|
|
'identification' => $player->player_name,
|
|
|
|
|
'password' => '12345678'
|
|
|
|
|
]
|
2018-07-13 15:13:35 +08:00
|
|
|
)->assertJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
[
|
|
|
|
|
'errno' => 0,
|
|
|
|
|
'msg' => trans('auth.login.success'),
|
|
|
|
|
'token' => $user->getToken()
|
|
|
|
|
]
|
2018-07-13 15:13:35 +08:00
|
|
|
)->assertCookie('uid', $user->uid)
|
|
|
|
|
->assertCookie('token', $user->getToken())
|
2017-10-30 12:40:34 +08:00
|
|
|
->assertSessionHasAll(
|
|
|
|
|
[
|
|
|
|
|
'uid' => $user->uid,
|
|
|
|
|
'token' => $user->getToken()
|
|
|
|
|
]
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testLogout()
|
|
|
|
|
{
|
|
|
|
|
$user = factory(User::class)->create();
|
|
|
|
|
|
|
|
|
|
$this->withSession(
|
|
|
|
|
[
|
|
|
|
|
'uid' => $user->uid,
|
|
|
|
|
'token' => $user->getToken()
|
|
|
|
|
]
|
2018-07-13 15:13:35 +08:00
|
|
|
)->postJson('/auth/logout')->assertJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
[
|
|
|
|
|
'errno' => 0,
|
|
|
|
|
'msg' => trans('auth.logout.success')
|
|
|
|
|
]
|
|
|
|
|
)->assertSessionMissing(['uid', 'token']);
|
|
|
|
|
|
|
|
|
|
$this->flushSession();
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson('/auth/logout')
|
|
|
|
|
->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('auth.logout.fail')
|
|
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testRegister()
|
|
|
|
|
{
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->get('/auth/register')->assertSee('Register');
|
2017-10-30 12:40:34 +08:00
|
|
|
|
|
|
|
|
option(['user_can_register' => false]);
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->get('/auth/register')->assertSee(trans('auth.register.close'));
|
2017-10-30 12:40:34 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testHandleRegister()
|
|
|
|
|
{
|
|
|
|
|
$this->expectsEvents(Events\UserRegistered::class);
|
|
|
|
|
|
|
|
|
|
// Should return a warning if `captcha` is wrong
|
|
|
|
|
$this->withSession(['phrase' => 'a'])
|
2018-07-13 15:13:35 +08:00
|
|
|
->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/register', [], [
|
|
|
|
|
'X-Requested-With' => 'XMLHttpRequest'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('auth.validation.captcha')
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Once we have sent session in the last assertion,
|
|
|
|
|
// we don't need to send it again until we flush it.
|
|
|
|
|
// Should return a warning if `email` is empty
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/register',
|
|
|
|
|
['captcha' => 'a'],
|
|
|
|
|
['X-Requested-With' => 'XMLHttpRequest']
|
2018-07-13 15:13:35 +08:00
|
|
|
)->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('validation.required', ['attribute' => 'email'])
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should return a warning if `email` is invalid
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/register',
|
|
|
|
|
[
|
|
|
|
|
'email' => 'not_an_email',
|
|
|
|
|
'captcha' => 'a'
|
|
|
|
|
],
|
|
|
|
|
['X-Requested-With' => 'XMLHttpRequest']
|
2018-07-13 15:13:35 +08:00
|
|
|
)->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('validation.email', ['attribute' => 'email'])
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should return a warning if `password` is empty
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/register',
|
|
|
|
|
[
|
|
|
|
|
'email' => 'a@b.c',
|
|
|
|
|
'captcha' => 'a'
|
|
|
|
|
],
|
|
|
|
|
['X-Requested-With' => 'XMLHttpRequest']
|
2018-07-13 15:13:35 +08:00
|
|
|
)->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('validation.required', ['attribute' => 'password'])
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should return a warning if length of `password` is lower than 8
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/register',
|
|
|
|
|
[
|
|
|
|
|
'email' => 'a@b.c',
|
|
|
|
|
'password' => '1',
|
|
|
|
|
'captcha' => 'a'
|
|
|
|
|
],
|
|
|
|
|
['X-Requested-With' => 'XMLHttpRequest']
|
2018-07-13 15:13:35 +08:00
|
|
|
)->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('validation.min.string', ['attribute' => 'password', 'min' => 8])
|
|
|
|
|
]);
|
|
|
|
|
|
2018-02-24 16:05:07 +08:00
|
|
|
// Should return a warning if length of `password` is greater than 32
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/register',
|
|
|
|
|
[
|
|
|
|
|
'email' => 'a@b.c',
|
2018-02-24 16:05:07 +08:00
|
|
|
'password' => str_random(33),
|
2017-10-30 12:40:34 +08:00
|
|
|
'captcha' => 'a'
|
|
|
|
|
],
|
|
|
|
|
['X-Requested-With' => 'XMLHttpRequest']
|
2018-07-13 15:13:35 +08:00
|
|
|
)->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
2018-02-24 16:05:07 +08:00
|
|
|
'msg' => trans('validation.max.string', ['attribute' => 'password', 'max' => 32])
|
2017-10-30 12:40:34 +08:00
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should return a warning if `nickname` is empty
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/register',
|
|
|
|
|
[
|
|
|
|
|
'email' => 'a@b.c',
|
|
|
|
|
'password' => '12345678',
|
|
|
|
|
'captcha' => 'a'
|
|
|
|
|
],
|
|
|
|
|
['X-Requested-With' => 'XMLHttpRequest']
|
2018-07-13 15:13:35 +08:00
|
|
|
)->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('validation.required', ['attribute' => 'nickname'])
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should return a warning if `nickname` is invalid
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/register',
|
|
|
|
|
[
|
|
|
|
|
'email' => 'a@b.c',
|
|
|
|
|
'password' => '12345678',
|
|
|
|
|
'nickname' => '\\',
|
|
|
|
|
'captcha' => 'a'
|
|
|
|
|
],
|
|
|
|
|
['X-Requested-With' => 'XMLHttpRequest']
|
2018-07-13 15:13:35 +08:00
|
|
|
)->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
2018-06-19 11:51:34 +08:00
|
|
|
'msg' => trans('validation.no_special_chars', ['attribute' => 'nickname'])
|
2017-10-30 12:40:34 +08:00
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should return a warning if `nickname` is too long
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/register',
|
|
|
|
|
[
|
|
|
|
|
'email' => 'a@b.c',
|
|
|
|
|
'password' => '12345678',
|
|
|
|
|
'nickname' => str_random(256),
|
|
|
|
|
'captcha' => 'a'
|
|
|
|
|
],
|
|
|
|
|
['X-Requested-With' => 'XMLHttpRequest']
|
2018-07-13 15:13:35 +08:00
|
|
|
)->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('validation.max.string', ['attribute' => 'nickname', 'max' => 255])
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should be forbidden if registering is closed
|
|
|
|
|
Option::set('user_can_register', false);
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/register',
|
|
|
|
|
[
|
|
|
|
|
'email' => 'a@b.c',
|
|
|
|
|
'password' => '12345678',
|
|
|
|
|
'nickname' => 'nickname',
|
|
|
|
|
'captcha' => 'a'
|
|
|
|
|
],
|
|
|
|
|
['X-Requested-With' => 'XMLHttpRequest']
|
2018-07-13 15:13:35 +08:00
|
|
|
)->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 7,
|
|
|
|
|
'msg' => trans('auth.register.close')
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Reopen for test
|
|
|
|
|
Option::set('user_can_register', true);
|
|
|
|
|
|
|
|
|
|
// Should be forbidden if registering's count current IP is over
|
|
|
|
|
Option::set('regs_per_ip', -1);
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/register',
|
|
|
|
|
[
|
|
|
|
|
'email' => 'a@b.c',
|
|
|
|
|
'password' => '12345678',
|
|
|
|
|
'nickname' => 'nickname',
|
|
|
|
|
'captcha' => 'a'
|
|
|
|
|
]
|
2018-07-13 15:13:35 +08:00
|
|
|
)->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 7,
|
|
|
|
|
'msg' => trans('auth.register.max', ['regs' => option('regs_per_ip')])
|
|
|
|
|
]);
|
|
|
|
|
|
2017-11-05 19:48:11 +08:00
|
|
|
Option::set('regs_per_ip', 100);
|
2017-10-30 12:40:34 +08:00
|
|
|
|
|
|
|
|
// Should return a warning if using a duplicated email
|
|
|
|
|
$existedUser = factory(User::class)->create();
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/register',
|
|
|
|
|
[
|
|
|
|
|
'email' => $existedUser->email,
|
|
|
|
|
'password' => '12345678',
|
|
|
|
|
'nickname' => 'nickname',
|
|
|
|
|
'captcha' => 'a'
|
|
|
|
|
]
|
2018-07-13 15:13:35 +08:00
|
|
|
)->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 5,
|
|
|
|
|
'msg' => trans('auth.register.registered')
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Database should be updated if succeeded
|
2018-07-13 15:13:35 +08:00
|
|
|
$response = $this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/register',
|
|
|
|
|
[
|
|
|
|
|
'email' => 'a@b.c',
|
|
|
|
|
'password' => '12345678',
|
|
|
|
|
'nickname' => 'nickname',
|
|
|
|
|
'captcha' => 'a'
|
|
|
|
|
]
|
|
|
|
|
);
|
|
|
|
|
$newUser = User::where('email', 'a@b.c')->first();
|
2018-07-13 15:13:35 +08:00
|
|
|
$response->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 0,
|
|
|
|
|
'msg' => trans('auth.register.success'),
|
2018-06-15 22:41:49 +08:00
|
|
|
'token' => $newUser->getToken()
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertCookie('uid', $newUser->uid)
|
|
|
|
|
->assertCookie('token', $newUser->getToken());
|
2017-10-30 12:40:34 +08:00
|
|
|
$this->assertTrue($newUser->verifyPassword('12345678'));
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->assertDatabaseHas('users', [
|
2017-10-30 12:40:34 +08:00
|
|
|
'email' => 'a@b.c',
|
|
|
|
|
'nickname' => 'nickname',
|
|
|
|
|
'score' => option('user_initial_score'),
|
|
|
|
|
'ip' => '127.0.0.1',
|
|
|
|
|
'permission' => User::NORMAL
|
|
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testForgot()
|
|
|
|
|
{
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->get('/auth/forgot')->assertSee('Forgot Password');
|
2017-10-30 12:40:34 +08:00
|
|
|
|
2018-07-15 18:18:56 +08:00
|
|
|
config(['mail.driver' => '']);
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->get('/auth/forgot')->assertSee(trans('auth.forgot.close'));
|
2017-10-30 12:40:34 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testHandleForgot()
|
|
|
|
|
{
|
2018-07-13 19:23:20 +08:00
|
|
|
Mail::fake();
|
|
|
|
|
|
2017-10-30 12:40:34 +08:00
|
|
|
// Should return a warning if `captcha` is wrong
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->withSession(['phrase' => 'a'])->postJson('/auth/forgot', [
|
2017-10-30 12:40:34 +08:00
|
|
|
'captcha' => 'b'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('auth.validation.captcha')
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should be forbidden if "forgot password" is closed
|
2018-07-15 18:18:56 +08:00
|
|
|
config(['mail.driver' => '']);
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->withSession(['phrase' => 'a'])->postJson('/auth/forgot', [
|
2017-10-30 12:40:34 +08:00
|
|
|
'captcha' => 'a'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('auth.forgot.close')
|
|
|
|
|
]);
|
2018-07-15 18:18:56 +08:00
|
|
|
config(['mail.driver' => 'smtp']);
|
2017-10-30 12:40:34 +08:00
|
|
|
|
|
|
|
|
// Should be forbidden if sending email frequently
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->withSession(['last_mail_time' => time()])->postJson('/auth/forgot', [
|
2017-10-30 12:40:34 +08:00
|
|
|
'captcha' => 'a'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('auth.forgot.frequent-mail')
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should return a warning if user is not existed
|
|
|
|
|
$this->flushSession();
|
|
|
|
|
$user = factory(User::class)->create();
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->withSession(['phrase' => 'a'])->postJson('/auth/forgot', [
|
2017-10-30 12:40:34 +08:00
|
|
|
'email' => 'nope@nope.net',
|
|
|
|
|
'captcha' => 'a'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('auth.forgot.unregistered')
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$uid = $user->uid;
|
|
|
|
|
$token = base64_encode(
|
|
|
|
|
$user->getToken().substr(time(), 4, 6).str_random(16)
|
|
|
|
|
);
|
|
|
|
|
$url = Option::get('site_url')."/auth/reset?uid=$uid&token=$token";
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson('/auth/forgot', [
|
2017-10-30 12:40:34 +08:00
|
|
|
'email' => $user->email,
|
|
|
|
|
'captcha' => 'a'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 0,
|
|
|
|
|
'msg' => trans('auth.mail.success')
|
|
|
|
|
])->assertSessionHas('last_mail_time');
|
2018-07-15 17:42:03 +08:00
|
|
|
Mail::assertSent(ForgotPassword::class, function ($mail) use ($url, $user) {
|
|
|
|
|
return stristr($url, $mail->reset_url) == 0 && $mail->hasTo($user->email);
|
|
|
|
|
});
|
2017-10-30 12:40:34 +08:00
|
|
|
|
|
|
|
|
// Should handle exception when sending email
|
2018-07-15 17:42:03 +08:00
|
|
|
Mail::shouldReceive('to')
|
2017-10-30 12:40:34 +08:00
|
|
|
->once()
|
|
|
|
|
->andThrow(new \Mockery\Exception('A fake exception.'));
|
|
|
|
|
$this->flushSession();
|
|
|
|
|
$this->withSession(['phrase' => 'a'])
|
2018-07-13 15:13:35 +08:00
|
|
|
->postJson('/auth/forgot', [
|
2017-10-30 12:40:34 +08:00
|
|
|
'email' => $user->email,
|
|
|
|
|
'captcha' => 'a'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 2,
|
|
|
|
|
'msg' => trans('auth.mail.failed', ['msg' => 'A fake exception.'])
|
|
|
|
|
]);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testReset()
|
|
|
|
|
{
|
|
|
|
|
$user = factory(User::class)->create();
|
|
|
|
|
|
|
|
|
|
// Should be redirected if `uid` or `token` is empty
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->get('/auth/reset')
|
|
|
|
|
->assertRedirect('/auth/login');
|
2017-10-30 12:40:34 +08:00
|
|
|
|
|
|
|
|
// Should be redirected if `uid` is invalid
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->get('/auth/reset?uid=-1&token=nothing')
|
|
|
|
|
->assertRedirect('/auth/forgot');
|
2017-10-30 12:40:34 +08:00
|
|
|
|
|
|
|
|
// Should be redirected if `token` is invalid
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->get('/auth/reset?uid=' . $user->uid . '&token=nothing')
|
|
|
|
|
->assertRedirect('/auth/forgot');
|
2017-10-30 12:40:34 +08:00
|
|
|
|
|
|
|
|
// Should be redirected if expired
|
|
|
|
|
$token = base64_encode(
|
|
|
|
|
$user->getToken().substr(time() - 60 * 60 * 2, 4, 6).str_random(16)
|
|
|
|
|
);
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->get('/auth/reset?uid=' . $user->uid . '&token=' . $token)
|
|
|
|
|
->assertRedirect('/auth/forgot');
|
2017-10-30 12:40:34 +08:00
|
|
|
|
|
|
|
|
// Success
|
|
|
|
|
$token = base64_encode(
|
|
|
|
|
$user->getToken().substr(time(), 4, 6).str_random(16)
|
|
|
|
|
);
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->get('/auth/reset?uid=' . $user->uid . '&token=' . $token);
|
2017-10-30 12:40:34 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testHandleReset()
|
|
|
|
|
{
|
|
|
|
|
$user = factory(User::class)->create();
|
|
|
|
|
|
|
|
|
|
// Should return a warning if `uid` is empty
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson('/auth/reset', [], [
|
2017-10-30 12:40:34 +08:00
|
|
|
'X-Requested-With' => 'XMLHttpRequest'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('validation.required', ['attribute' => 'uid'])
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should return a warning if `uid` is not an integer
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson('/auth/reset', [
|
2017-10-30 12:40:34 +08:00
|
|
|
'uid' => 'string'
|
|
|
|
|
], [
|
|
|
|
|
'X-Requested-With' => 'XMLHttpRequest'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('validation.integer', ['attribute' => 'uid'])
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should return a warning if `password` is empty
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/reset', [
|
|
|
|
|
'uid' => $user->uid
|
|
|
|
|
], [
|
|
|
|
|
'X-Requested-With' => 'XMLHttpRequest'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('validation.required', ['attribute' => 'password'])
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should return a warning if `password` is too short
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/reset', [
|
|
|
|
|
'uid' => $user->uid,
|
|
|
|
|
'password' => '123'
|
|
|
|
|
], [
|
|
|
|
|
'X-Requested-With' => 'XMLHttpRequest'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('validation.min.string', ['attribute' => 'password', 'min' => 8])
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should return a warning if `password` is too long
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/reset', [
|
|
|
|
|
'uid' => $user->uid,
|
2018-02-24 16:05:07 +08:00
|
|
|
'password' => str_random(33)
|
2017-10-30 12:40:34 +08:00
|
|
|
], [
|
|
|
|
|
'X-Requested-With' => 'XMLHttpRequest'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 1,
|
2018-02-24 16:05:07 +08:00
|
|
|
'msg' => trans('validation.max.string', ['attribute' => 'password', 'max' => 32])
|
2017-10-30 12:40:34 +08:00
|
|
|
]);
|
|
|
|
|
|
2017-11-05 10:25:20 +08:00
|
|
|
// Should be forbidden if `token` is missing
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-10-30 12:40:34 +08:00
|
|
|
'/auth/reset', [
|
|
|
|
|
'uid' => $user->uid,
|
|
|
|
|
'password' => '12345678'
|
2018-07-13 15:13:35 +08:00
|
|
|
], ['X-Requested-With' => 'XMLHttpRequest'])->assertJson([
|
2017-11-05 10:25:20 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('validation.required', ['attribute' => 'token'])
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should be forbidden if expired
|
|
|
|
|
$token = base64_encode(
|
|
|
|
|
$user->getToken().substr(time() - 60 * 60 * 2, 4, 6).str_random(16)
|
|
|
|
|
);
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-11-05 10:25:20 +08:00
|
|
|
'/auth/reset', [
|
|
|
|
|
'uid' => $user->uid,
|
|
|
|
|
'password' => '12345678',
|
|
|
|
|
'token' => $token
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-11-05 10:25:20 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('auth.reset.expired')
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should return a warning if the user is not existed
|
|
|
|
|
$token = base64_encode(
|
|
|
|
|
$user->getToken().substr(time(), 4, 6).str_random(16)
|
|
|
|
|
);
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-11-05 10:25:20 +08:00
|
|
|
'/auth/reset', [
|
|
|
|
|
'uid' => -1,
|
|
|
|
|
'password' => '12345678',
|
|
|
|
|
'token' => $token
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-11-05 10:25:20 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('auth.reset.invalid')
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Should be forbidden if `token` is invalid
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-11-05 10:25:20 +08:00
|
|
|
'/auth/reset', [
|
|
|
|
|
'uid' => $user->uid,
|
|
|
|
|
'password' => '12345678',
|
|
|
|
|
'token' => 'invalid'
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-11-05 10:25:20 +08:00
|
|
|
'errno' => 1,
|
|
|
|
|
'msg' => trans('auth.reset.invalid')
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
// Success
|
|
|
|
|
$token = base64_encode(
|
|
|
|
|
$user->getToken().substr(time(), 4, 6).str_random(16)
|
|
|
|
|
);
|
2018-07-13 15:13:35 +08:00
|
|
|
$this->postJson(
|
2017-11-05 10:25:20 +08:00
|
|
|
'/auth/reset', [
|
|
|
|
|
'uid' => $user->uid,
|
|
|
|
|
'password' => '12345678',
|
|
|
|
|
'token' => $token
|
2018-07-13 15:13:35 +08:00
|
|
|
])->assertJson([
|
2017-10-30 12:40:34 +08:00
|
|
|
'errno' => 0,
|
|
|
|
|
'msg' => trans('auth.reset.success')
|
|
|
|
|
]);
|
|
|
|
|
// We must re-query the user model,
|
|
|
|
|
// because the old instance hasn't been changed
|
|
|
|
|
// after resetting password.
|
|
|
|
|
$user = User::find($user->uid);
|
|
|
|
|
$this->assertTrue($user->verifyPassword('12345678'));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function testCaptcha()
|
|
|
|
|
{
|
2017-11-18 23:41:37 +08:00
|
|
|
if (!function_exists('imagettfbbox') || getenv('TRAVIS_PHP_VERSION' == '5.5')) {
|
|
|
|
|
$this->markTestSkipped('There are some problems with PHP 5.5 on Travis CI');
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-30 12:40:34 +08:00
|
|
|
$this->get('/auth/captcha')
|
2018-07-13 15:13:35 +08:00
|
|
|
->assertSuccessful()
|
|
|
|
|
->assertHeader('Content-Type', 'image/png')
|
2017-10-30 12:40:34 +08:00
|
|
|
->assertSessionHas('phrase');
|
|
|
|
|
}
|
|
|
|
|
}
|
