blessing-skin-server/tests/AuthControllerTest.php

542 lines
17 KiB
PHP
Raw Normal View History

2017-10-30 12:40:34 +08:00
<?php
use App\Events;
use App\Models\User;
2018-07-15 17:42:03 +08:00
use App\Mail\ForgotPassword;
2017-10-30 12:40:34 +08:00
use App\Services\Facades\Option;
use Illuminate\Support\Facades\Mail;
use Illuminate\Foundation\Testing\WithoutMiddleware;
use Illuminate\Foundation\Testing\DatabaseMigrations;
use Illuminate\Foundation\Testing\DatabaseTransactions;
class AuthControllerTest extends TestCase
{
use DatabaseTransactions;
public function testLogin()
{
2018-07-13 15:13:35 +08:00
$this->get('/auth/login')->assertSee('Log in');
2017-10-30 12:40:34 +08:00
}
public function testHandleLogin()
{
$this->expectsEvents(Events\UserTryToLogin::class);
$this->expectsEvents(Events\UserLoggedIn::class);
$user = factory(User::class)->create();
$user->changePasswd('12345678');
$player = factory(App\Models\Player::class)->create(
[
'uid' => $user->uid
]
);
// Should return a warning if `identification` is empty
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/login', [], [
'X-Requested-With' => 'XMLHttpRequest'
2018-07-13 15:13:35 +08:00
])->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('validation.required', ['attribute' => trans('auth.identification')])
]);
// Should return a warning if `password` is empty
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/login', [
'identification' => $user->email
], [
'X-Requested-With' => 'XMLHttpRequest'
2018-07-13 15:13:35 +08:00
])->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('validation.required', ['attribute' => 'password'])
]);
// Should return a warning if length of `password` is lower than 6
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/login', [
'identification' => $user->email,
'password' => '123'
], [
'X-Requested-With' => 'XMLHttpRequest'
2018-07-13 15:13:35 +08:00
])->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('validation.min.string', ['attribute' => 'password', 'min' => 6])
]);
// Should return a warning if length of `password` is greater than 32
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/login', [
'identification' => $user->email,
'password' => str_random(80)
], [
'X-Requested-With' => 'XMLHttpRequest'
2018-07-13 15:13:35 +08:00
])->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('validation.max.string', ['attribute' => 'password', 'max' => 32])
2017-10-30 12:40:34 +08:00
]);
$this->flushSession();
// Logging in should be failed if password is wrong
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/login', [
'identification' => $user->email,
'password' => 'wrong-password'
2018-07-13 15:13:35 +08:00
])->assertJson(
2017-10-30 12:40:34 +08:00
[
'errno' => 1,
'msg' => trans('auth.validation.password'),
'login_fails' => 1
]
)->assertSessionHas('login_fails', 1);
$this->flushSession();
// Should check captcha if there are too many fails
$this->withSession(
[
'login_fails' => 4,
'phrase' => 'a'
]
2018-07-13 15:13:35 +08:00
)->postJson(
2017-10-30 12:40:34 +08:00
'/auth/login', [
'identification' => $user->email,
'password' => '12345678',
'captcha' => 'b'
2018-07-13 15:13:35 +08:00
])->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('auth.validation.captcha')
]);
$this->flushSession();
// Should return a warning if user isn't existed
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/login', [
'identification' => 'nope@nope.net',
'password' => '12345678'
2018-07-13 15:13:35 +08:00
])->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 2,
'msg' => trans('auth.validation.user')
]);
$this->flushSession();
// Should clean the `login_fails` session if logged in successfully
2018-07-13 15:13:35 +08:00
$this->withSession(['login_fails' => 1])->postJson('/auth/login', [
2017-10-30 12:40:34 +08:00
'identification' => $user->email,
'password' => '12345678'
2018-07-13 15:13:35 +08:00
])->assertJson(
2017-10-30 12:40:34 +08:00
[
'errno' => 0,
'msg' => trans('auth.login.success'),
'token' => $user->getToken()
]
)->assertSessionMissing('login_fails');
$this->flushSession();
// Logged in should be in success if logged in with player name
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/login', [
'identification' => $player->player_name,
'password' => '12345678'
]
2018-07-13 15:13:35 +08:00
)->assertJson(
2017-10-30 12:40:34 +08:00
[
'errno' => 0,
'msg' => trans('auth.login.success'),
'token' => $user->getToken()
]
2018-07-13 15:13:35 +08:00
)->assertCookie('uid', $user->uid)
->assertCookie('token', $user->getToken())
2017-10-30 12:40:34 +08:00
->assertSessionHasAll(
[
'uid' => $user->uid,
'token' => $user->getToken()
]
);
}
public function testLogout()
{
$user = factory(User::class)->create();
$this->withSession(
[
'uid' => $user->uid,
'token' => $user->getToken()
]
2018-07-13 15:13:35 +08:00
)->postJson('/auth/logout')->assertJson(
2017-10-30 12:40:34 +08:00
[
'errno' => 0,
'msg' => trans('auth.logout.success')
]
)->assertSessionMissing(['uid', 'token']);
$this->flushSession();
2018-07-13 15:13:35 +08:00
$this->postJson('/auth/logout')
->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('auth.logout.fail')
]);
}
public function testRegister()
{
2018-07-13 15:13:35 +08:00
$this->get('/auth/register')->assertSee('Register');
2017-10-30 12:40:34 +08:00
option(['user_can_register' => false]);
2018-07-13 15:13:35 +08:00
$this->get('/auth/register')->assertSee(trans('auth.register.close'));
2017-10-30 12:40:34 +08:00
}
public function testHandleRegister()
{
$this->expectsEvents(Events\UserRegistered::class);
// Should return a warning if `captcha` is wrong
$this->withSession(['phrase' => 'a'])
2018-07-13 15:13:35 +08:00
->postJson(
2017-10-30 12:40:34 +08:00
'/auth/register', [], [
'X-Requested-With' => 'XMLHttpRequest'
2018-07-13 15:13:35 +08:00
])->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('auth.validation.captcha')
]);
// Once we have sent session in the last assertion,
// we don't need to send it again until we flush it.
// Should return a warning if `email` is empty
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/register',
['captcha' => 'a'],
['X-Requested-With' => 'XMLHttpRequest']
2018-07-13 15:13:35 +08:00
)->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('validation.required', ['attribute' => 'email'])
]);
// Should return a warning if `email` is invalid
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/register',
[
'email' => 'not_an_email',
'captcha' => 'a'
],
['X-Requested-With' => 'XMLHttpRequest']
2018-07-13 15:13:35 +08:00
)->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('validation.email', ['attribute' => 'email'])
]);
// Should return a warning if `password` is empty
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/register',
[
'email' => 'a@b.c',
'captcha' => 'a'
],
['X-Requested-With' => 'XMLHttpRequest']
2018-07-13 15:13:35 +08:00
)->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('validation.required', ['attribute' => 'password'])
]);
// Should return a warning if length of `password` is lower than 8
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/register',
[
'email' => 'a@b.c',
'password' => '1',
'captcha' => 'a'
],
['X-Requested-With' => 'XMLHttpRequest']
2018-07-13 15:13:35 +08:00
)->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('validation.min.string', ['attribute' => 'password', 'min' => 8])
]);
// Should return a warning if length of `password` is greater than 32
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/register',
[
'email' => 'a@b.c',
'password' => str_random(33),
2017-10-30 12:40:34 +08:00
'captcha' => 'a'
],
['X-Requested-With' => 'XMLHttpRequest']
2018-07-13 15:13:35 +08:00
)->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('validation.max.string', ['attribute' => 'password', 'max' => 32])
2017-10-30 12:40:34 +08:00
]);
// Should return a warning if `nickname` is empty
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/register',
[
'email' => 'a@b.c',
'password' => '12345678',
'captcha' => 'a'
],
['X-Requested-With' => 'XMLHttpRequest']
2018-07-13 15:13:35 +08:00
)->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('validation.required', ['attribute' => 'nickname'])
]);
// Should return a warning if `nickname` is invalid
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/register',
[
'email' => 'a@b.c',
'password' => '12345678',
'nickname' => '\\',
'captcha' => 'a'
],
['X-Requested-With' => 'XMLHttpRequest']
2018-07-13 15:13:35 +08:00
)->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('validation.no_special_chars', ['attribute' => 'nickname'])
2017-10-30 12:40:34 +08:00
]);
// Should return a warning if `nickname` is too long
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/register',
[
'email' => 'a@b.c',
'password' => '12345678',
'nickname' => str_random(256),
'captcha' => 'a'
],
['X-Requested-With' => 'XMLHttpRequest']
2018-07-13 15:13:35 +08:00
)->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('validation.max.string', ['attribute' => 'nickname', 'max' => 255])
]);
// Should be forbidden if registering is closed
Option::set('user_can_register', false);
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/register',
[
'email' => 'a@b.c',
'password' => '12345678',
'nickname' => 'nickname',
'captcha' => 'a'
],
['X-Requested-With' => 'XMLHttpRequest']
2018-07-13 15:13:35 +08:00
)->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 7,
'msg' => trans('auth.register.close')
]);
// Reopen for test
Option::set('user_can_register', true);
// Should be forbidden if registering's count current IP is over
Option::set('regs_per_ip', -1);
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/register',
[
'email' => 'a@b.c',
'password' => '12345678',
'nickname' => 'nickname',
'captcha' => 'a'
]
2018-07-13 15:13:35 +08:00
)->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 7,
'msg' => trans('auth.register.max', ['regs' => option('regs_per_ip')])
]);
Option::set('regs_per_ip', 100);
2017-10-30 12:40:34 +08:00
// Should return a warning if using a duplicated email
$existedUser = factory(User::class)->create();
2018-07-13 15:13:35 +08:00
$this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/register',
[
'email' => $existedUser->email,
'password' => '12345678',
'nickname' => 'nickname',
'captcha' => 'a'
]
2018-07-13 15:13:35 +08:00
)->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 5,
'msg' => trans('auth.register.registered')
]);
// Database should be updated if succeeded
2018-07-13 15:13:35 +08:00
$response = $this->postJson(
2017-10-30 12:40:34 +08:00
'/auth/register',
[
'email' => 'a@b.c',
'password' => '12345678',
'nickname' => 'nickname',
'captcha' => 'a'
]
);
$newUser = User::where('email', 'a@b.c')->first();
2018-07-13 15:13:35 +08:00
$response->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 0,
'msg' => trans('auth.register.success'),
'token' => $newUser->getToken()
2018-07-13 15:13:35 +08:00
])->assertCookie('uid', $newUser->uid)
->assertCookie('token', $newUser->getToken());
2017-10-30 12:40:34 +08:00
$this->assertTrue($newUser->verifyPassword('12345678'));
2018-07-13 15:13:35 +08:00
$this->assertDatabaseHas('users', [
2017-10-30 12:40:34 +08:00
'email' => 'a@b.c',
'nickname' => 'nickname',
'score' => option('user_initial_score'),
'ip' => '127.0.0.1',
'permission' => User::NORMAL
]);
}
public function testForgot()
{
2018-07-13 15:13:35 +08:00
$this->get('/auth/forgot')->assertSee('Forgot Password');
2017-10-30 12:40:34 +08:00
config(['mail.driver' => '']);
2018-07-13 15:13:35 +08:00
$this->get('/auth/forgot')->assertSee(trans('auth.forgot.close'));
2017-10-30 12:40:34 +08:00
}
public function testHandleForgot()
{
2018-07-13 19:23:20 +08:00
Mail::fake();
2017-10-30 12:40:34 +08:00
// Should return a warning if `captcha` is wrong
2018-07-13 15:13:35 +08:00
$this->withSession(['phrase' => 'a'])->postJson('/auth/forgot', [
2017-10-30 12:40:34 +08:00
'captcha' => 'b'
2018-07-13 15:13:35 +08:00
])->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('auth.validation.captcha')
]);
// Should be forbidden if "forgot password" is closed
config(['mail.driver' => '']);
2018-07-13 15:13:35 +08:00
$this->withSession(['phrase' => 'a'])->postJson('/auth/forgot', [
2017-10-30 12:40:34 +08:00
'captcha' => 'a'
2018-07-13 15:13:35 +08:00
])->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('auth.forgot.close')
]);
config(['mail.driver' => 'smtp']);
2017-10-30 12:40:34 +08:00
// Should be forbidden if sending email frequently
2018-07-13 15:13:35 +08:00
$this->withSession(['last_mail_time' => time()])->postJson('/auth/forgot', [
2017-10-30 12:40:34 +08:00
'captcha' => 'a'
2018-07-13 15:13:35 +08:00
])->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('auth.forgot.frequent-mail')
]);
// Should return a warning if user is not existed
$this->flushSession();
$user = factory(User::class)->create();
2018-07-13 15:13:35 +08:00
$this->withSession(['phrase' => 'a'])->postJson('/auth/forgot', [
2017-10-30 12:40:34 +08:00
'email' => 'nope@nope.net',
'captcha' => 'a'
2018-07-13 15:13:35 +08:00
])->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('auth.forgot.unregistered')
]);
2018-07-13 15:13:35 +08:00
$this->postJson('/auth/forgot', [
2017-10-30 12:40:34 +08:00
'email' => $user->email,
'captcha' => 'a'
2018-07-13 15:13:35 +08:00
])->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 0,
'msg' => trans('auth.mail.success')
])->assertSessionHas('last_mail_time');
Mail::assertSent(ForgotPassword::class, function ($mail) use ($user) {
return $mail->hasTo($user->email);
2018-07-15 17:42:03 +08:00
});
2017-10-30 12:40:34 +08:00
// Should handle exception when sending email
2018-07-15 17:42:03 +08:00
Mail::shouldReceive('to')
2017-10-30 12:40:34 +08:00
->once()
->andThrow(new \Mockery\Exception('A fake exception.'));
$this->flushSession();
$this->withSession(['phrase' => 'a'])
2018-07-13 15:13:35 +08:00
->postJson('/auth/forgot', [
2017-10-30 12:40:34 +08:00
'email' => $user->email,
'captcha' => 'a'
2018-07-13 15:13:35 +08:00
])->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 2,
'msg' => trans('auth.mail.failed', ['msg' => 'A fake exception.'])
]);
}
public function testReset()
{
$user = factory(User::class)->create();
$this->get(
URL::temporarySignedRoute('auth.reset', now()->addHour(), ['uid' => $user->uid])
)->assertSuccessful();
2017-10-30 12:40:34 +08:00
}
public function testHandleReset()
{
$user = factory(User::class)->create();
$url = URL::temporarySignedRoute('auth.reset', now()->addHour(), ['uid' => $user->uid]);
2017-10-30 12:40:34 +08:00
// Should return a warning if `password` is empty
2018-07-13 15:13:35 +08:00
$this->postJson(
$url, [], [
2017-10-30 12:40:34 +08:00
'X-Requested-With' => 'XMLHttpRequest'
2018-07-13 15:13:35 +08:00
])->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('validation.required', ['attribute' => 'password'])
]);
// Should return a warning if `password` is too short
2018-07-13 15:13:35 +08:00
$this->postJson(
$url, [
2017-10-30 12:40:34 +08:00
'password' => '123'
], [
'X-Requested-With' => 'XMLHttpRequest'
2018-07-13 15:13:35 +08:00
])->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('validation.min.string', ['attribute' => 'password', 'min' => 8])
]);
// Should return a warning if `password` is too long
2018-07-13 15:13:35 +08:00
$this->postJson(
$url, [
'password' => str_random(33)
2017-10-30 12:40:34 +08:00
], [
'X-Requested-With' => 'XMLHttpRequest'
2018-07-13 15:13:35 +08:00
])->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 1,
'msg' => trans('validation.max.string', ['attribute' => 'password', 'max' => 32])
2017-10-30 12:40:34 +08:00
]);
// Success
2018-07-13 15:13:35 +08:00
$this->postJson(
$url, [
'password' => '12345678',
2018-07-13 15:13:35 +08:00
])->assertJson([
2017-10-30 12:40:34 +08:00
'errno' => 0,
'msg' => trans('auth.reset.success')
]);
// We must re-query the user model,
// because the old instance hasn't been changed
// after resetting password.
$user = User::find($user->uid);
$this->assertTrue($user->verifyPassword('12345678'));
}
public function testCaptcha()
{
2017-11-18 23:41:37 +08:00
if (!function_exists('imagettfbbox') || getenv('TRAVIS_PHP_VERSION' == '5.5')) {
$this->markTestSkipped('There are some problems with PHP 5.5 on Travis CI');
}
2017-10-30 12:40:34 +08:00
$this->get('/auth/captcha')
2018-07-13 15:13:35 +08:00
->assertSuccessful()
->assertHeader('Content-Type', 'image/png')
2017-10-30 12:40:34 +08:00
->assertSessionHas('phrase');
}
}