github-mirror/BookStack
2
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2024-11-28 03:33:37 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Merge pull request #2890 from BookStackApp/analysis-kabPRy

Browse Source 
Apply fixes from StyleCI
This commit is contained in:
Dan Brown 2021-08-21 15:50:16 +01:00 committed by GitHub
commit ac110eb6b2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
31 changed files with 173 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/Auth/Access/EmailConfirmationService.php
View File

@ -14,6 +14,7 @@ class EmailConfirmationService extends UserTokenService
/**
* Create new confirmation for a user,
* Also removes any existing old ones.
*
* @throws ConfirmationEmailException
*/
public function sendConfirmation(User $user)

12
app/Auth/Access/LoginService.php
View File

@ -13,7 +13,6 @@ use Exception;
class LoginService
{
protected const LAST_LOGIN_ATTEMPTED_SESSION_KEY = 'auth-login-last-attempted';
protected $mfaSession;
@ -30,12 +29,14 @@ class LoginService
* Will start a login of the given user but will prevent if there's
* a reason to (MFA or Unconfirmed Email).
* Returns a boolean to indicate the current login result.
*
* @throws StoppedAuthenticationException
*/
public function login(User $user, string $method, bool $remember = false): void
{
if ($this->awaitingEmailConfirmation($user) || $this->needsMfaVerification($user)) {
$this->setLastLoginAttemptedForUser($user, $method, $remember);
throw new StoppedAuthenticationException($user, $this);
}
@ -55,6 +56,7 @@ class LoginService
/**
* Reattempt a system login after a previous stopped attempt.
*
* @throws Exception
*/
public function reattemptLoginFor(User $user)
@ -75,12 +77,14 @@ class LoginService
public function getLastLoginAttemptUser(): ?User
{
$id = $this->getLastLoginAttemptDetails()['user_id'];
return User::query()->where('id', '=', $id)->first();
}
/**
* Get the details of the last login attempt.
* Checks upon a ttl of about 1 hour since that last attempted login.
*
* @return array{user_id: ?string, method: ?string, remember: bool}
*/
protected function getLastLoginAttemptDetails(): array
@ -91,9 +95,10 @@ class LoginService
}
[$id, $method, $remember, $time] = explode(':', $value);
$hourAgo = time() - (60*60);
$hourAgo = time() - (60 * 60);
if ($time < $hourAgo) {
$this->clearLastLoginAttempted();
return ['user_id' => null, 'method' => null];
}
@ -156,5 +161,4 @@ class LoginService
return $result;
}
}
}

4
app/Auth/Access/Mfa/BackupCodeService.php
View File

@ -29,6 +29,7 @@ class BackupCodeService
{
$cleanCode = $this->cleanInputCode($code);
$codes = json_decode($codeSet);
return in_array($cleanCode, $codes);
}
@ -42,6 +43,7 @@ class BackupCodeService
$codes = json_decode($codeSet);
$pos = array_search($cleanCode, $codes, true);
array_splice($codes, $pos, 1);
return json_encode($codes);
}
@ -57,4 +59,4 @@ class BackupCodeService
{
return strtolower(str_replace(' ', '-', trim($code)));
}
}
}

3
app/Auth/Access/Mfa/MfaSession.php
View File

@ -57,5 +57,4 @@ class MfaSession
{
return 'mfa-verification-passed:' . $user->id;
}
}
}

6
app/Auth/Access/Mfa/MfaValue.php
View File

@ -7,8 +7,8 @@ use Carbon\Carbon;
use Illuminate\Database\Eloquent\Model;
/**
* @property int $id
* @property int $user_id
* @property int $id
* @property int $user_id
* @property string $method
* @property string $value
* @property Carbon $created_at
@ -38,7 +38,7 @@ class MfaValue extends Model
/** @var MfaValue $mfaVal */
$mfaVal = static::query()->firstOrNew([
'user_id' => $user->id,
'method' => $method
'method' => $method,
]);
$mfaVal->setValue($value);
$mfaVal->save();

5
app/Auth/Access/Mfa/TotpService.php
View File

@ -51,10 +51,11 @@ class TotpService
public function generateQrCodeSvg(string $url): string
{
$color = Fill::uniformColor(new Rgb(255, 255, 255), new Rgb(32, 110, 167));
return (new Writer(
new ImageRenderer(
new RendererStyle(192, 0, null, null, $color),
new SvgImageBackEnd
new SvgImageBackEnd()
)
))->writeString($url);
}
@ -68,4 +69,4 @@ class TotpService
/** @noinspection PhpUnhandledExceptionInspection */
return $this->google2fa->verifyKey($secret, $code);
}
}
}

1
app/Auth/Access/Mfa/TotpValidationRule.php
View File

@ -6,7 +6,6 @@ use Illuminate\Contracts\Validation\Rule;
class TotpValidationRule implements Rule
{
protected $secret;
protected $totpService;

1
app/Auth/Access/RegistrationService.php
View File

@ -88,6 +88,7 @@ class RegistrationService
session()->flash('sent-email-confirmation', true);
} catch (Exception $e) {
$message = trans('auth.email_confirm_send_error');
throw new UserRegistrationException($message, '/register/confirm');
}
}

5
app/Auth/Access/Saml2Service.php
View File

@ -2,15 +2,11 @@
namespace BookStack\Auth\Access;
use BookStack\Actions\ActivityType;
use BookStack\Auth\User;
use BookStack\Exceptions\JsonDebugException;
use BookStack\Exceptions\SamlException;
use BookStack\Exceptions\StoppedAuthenticationException;
use BookStack\Exceptions\UserRegistrationException;
use BookStack\Facades\Activity;
use BookStack\Facades\Theme;
use BookStack\Theming\ThemeEvents;
use Exception;
use Illuminate\Support\Str;
use OneLogin\Saml2\Auth;
@ -392,6 +388,7 @@ class Saml2Service extends ExternalAuthService
}
$this->loginService->login($user, 'saml2');
return $user;
}
}

1
app/Auth/Access/SocialAuthService.php
View File

@ -142,6 +142,7 @@ class SocialAuthService
// Simply log the user into the application.
if (!$isLoggedIn && $socialAccount !== null) {
$this->loginService->login($socialAccount->user, $socialAccount);
return redirect()->intended('/');
}

3
app/Console/Commands/ResetMfa.php
View File

@ -45,6 +45,7 @@ class ResetMfa extends Command
$email = $this->option('email');
if (!$id && !$email) {
$this->error('Either a --id=<number> or --email=<email> option must be provided.');
return 1;
}
@ -57,6 +58,7 @@ class ResetMfa extends Command
if (!$user) {
$this->error("A user where {$field}={$value} could not be found.");
return 1;
}
@ -66,6 +68,7 @@ class ResetMfa extends Command
if ($confirm) {
$user->mfaValues()->delete();
$this->info('User MFA methods have been reset.');
return 0;
}

5
app/Exceptions/StoppedAuthenticationException.php
View File

@ -9,7 +9,6 @@ use Illuminate\Http\Request;
class StoppedAuthenticationException extends \Exception implements Responsable
{
protected $user;
protected $loginService;
@ -50,7 +49,7 @@ class StoppedAuthenticationException extends \Exception implements Responsable
if ($request->wantsJson()) {
return response()->json([
'error' => [
'code' => 401,
'code' => 401,
'message' => trans('errors.email_confirmation_awaiting'),
],
], 401);
@ -62,4 +61,4 @@ class StoppedAuthenticationException extends \Exception implements Responsable
return redirect('/register/confirm/awaiting');
}
}
}

4
app/Http/Controllers/Auth/ConfirmEmailController.php
View File

@ -28,8 +28,7 @@ class ConfirmEmailController extends Controller
EmailConfirmationService $emailConfirmationService,
LoginService $loginService,
UserRepo $userRepo
)
{
) {
$this->emailConfirmationService = $emailConfirmationService;
$this->loginService = $loginService;
$this->userRepo = $userRepo;
@ -51,6 +50,7 @@ class ConfirmEmailController extends Controller
public function showAwaiting()
{
$user = $this->loginService->getLastLoginAttemptUser();
return view('auth.user-unconfirmed', ['user' => $user]);
}

2
app/Http/Controllers/Auth/HandlesPartialLogins.php
View File

@ -22,4 +22,4 @@ trait HandlesPartialLogins
return $user;
}
}
}

7
app/Http/Controllers/Auth/LoginController.php
View File

@ -144,13 +144,16 @@ class LoginController extends Controller
/**
* Attempt to log the user into the application.
*
* @param \Illuminate\Http\Request $request
* @param \Illuminate\Http\Request $request
*
* @return bool
*/
protected function attemptLogin(Request $request)
{
return $this->loginService->attempt(
$this->credentials($request), auth()->getDefaultDriver(), $request->filled('remember')
$this->credentials($request),
auth()->getDefaultDriver(),
$request->filled('remember')
);
}

11
app/Http/Controllers/Auth/MfaBackupCodesController.php
View File

@ -20,7 +20,7 @@ class MfaBackupCodesController extends Controller
protected const SETUP_SECRET_SESSION_KEY = 'mfa-setup-backup-codes';
/**
* Show a view that generates and displays backup codes
* Show a view that generates and displays backup codes.
*/
public function generate(BackupCodeService $codeService)
{
@ -30,13 +30,14 @@ class MfaBackupCodesController extends Controller
$downloadUrl = 'data:application/octet-stream;base64,' . base64_encode(implode("\n\n", $codes));
return view('mfa.backup-codes-generate', [
'codes' => $codes,
'codes' => $codes,
'downloadUrl' => $downloadUrl,
]);
}
/**
* Confirm the setup of backup codes, storing them against the user.
*
* @throws Exception
*/
public function confirm()
@ -52,6 +53,7 @@ class MfaBackupCodesController extends Controller
if (!auth()->check()) {
$this->showSuccessNotification(trans('auth.mfa_setup_login_notification'));
return redirect('/login');
}
@ -60,6 +62,7 @@ class MfaBackupCodesController extends Controller
/**
* Verify the MFA method submission on check.
*
* @throws NotFoundException
* @throws ValidationException
*/
@ -76,8 +79,8 @@ class MfaBackupCodesController extends Controller
if (!$codeService->inputCodeExistsInSet($value, $codes)) {
$fail(trans('validation.backup_codes'));
}
}
]
},
],
]);
$updatedCodes = $codeService->removeInputCodeFromSet($request->get('code'), $codes);

8
app/Http/Controllers/Auth/MfaController.php
View File

@ -20,6 +20,7 @@ class MfaController extends Controller
->mfaValues()
->get(['id', 'method'])
->groupBy('method');
return view('mfa.setup', [
'userMethods' => $userMethods,
]);
@ -27,6 +28,7 @@ class MfaController extends Controller
/**
* Remove an MFA method for the current user.
*
* @throws \Exception
*/
public function remove(string $method)
@ -56,13 +58,13 @@ class MfaController extends Controller
// Basic search for the default option for a user.
// (Prioritises totp over backup codes)
$method = $userMethods->has($desiredMethod) ? $desiredMethod : $userMethods->keys()->sort()->reverse()->first();
$otherMethods = $userMethods->keys()->filter(function($userMethod) use ($method) {
$otherMethods = $userMethods->keys()->filter(function ($userMethod) use ($method) {
return $method !== $userMethod;
})->all();
return view('mfa.verify', [
'userMethods' => $userMethods,
'method' => $method,
'userMethods' => $userMethods,
'method' => $method,
'otherMethods' => $otherMethods,
]);
}

9
app/Http/Controllers/Auth/MfaTotpController.php
View File

@ -36,13 +36,14 @@ class MfaTotpController extends Controller
return view('mfa.totp-generate', [
'secret' => $totpSecret,
'svg' => $svg,
'svg' => $svg,
]);
}
/**
* Confirm the setup of TOTP and save the auth method secret
* against the current user.
*
* @throws ValidationException
* @throws NotFoundException
*/
@ -54,7 +55,7 @@ class MfaTotpController extends Controller
'required',
'max:12', 'min:4',
new TotpValidationRule($totpSecret),
]
],
]);
MfaValue::upsertWithValue($this->currentOrLastAttemptedUser(), MfaValue::METHOD_TOTP, $totpSecret);
@ -63,6 +64,7 @@ class MfaTotpController extends Controller
if (!auth()->check()) {
$this->showSuccessNotification(trans('auth.mfa_setup_login_notification'));
return redirect('/login');
}
@ -71,6 +73,7 @@ class MfaTotpController extends Controller
/**
* Verify the MFA method submission on check.
*
* @throws NotFoundException
*/
public function verify(Request $request, LoginService $loginService, MfaSession $mfaSession)
@ -83,7 +86,7 @@ class MfaTotpController extends Controller
'required',
'max:12', 'min:4',
new TotpValidationRule($totpSecret),
]
],
]);
$mfaSession->markVerifiedForUser($user);

3
app/Http/Controllers/Auth/RegisterController.php
View File

@ -48,8 +48,7 @@ class RegisterController extends Controller
SocialAuthService $socialAuthService,
RegistrationService $registrationService,
LoginService $loginService
)
{
) {
$this->middleware('guest');
$this->middleware('guard:standard');

3
app/Http/Controllers/Auth/SocialController.php
View File

@ -27,8 +27,7 @@ class SocialController extends Controller
SocialAuthService $socialAuthService,
RegistrationService $registrationService,
LoginService $loginService
)
{
) {
$this->middleware('guest')->only(['getRegister', 'postRegister']);
$this->socialAuthService = $socialAuthService;
$this->registrationService = $registrationService;

1
app/Http/Middleware/ApiAuthenticate.php
View File

@ -9,7 +9,6 @@ use Illuminate\Http\Request;
class ApiAuthenticate
{
/**
* Handle an incoming request.
*/

1
app/Http/Middleware/Authenticate.php
View File

@ -16,6 +16,7 @@ class Authenticate
if ($request->ajax()) {
return response('Unauthorized.', 401);
}
return redirect()->guest(url('/login'));
}

7
app/Http/Middleware/AuthenticatedOrPendingMfa.php
View File

@ -8,7 +8,6 @@ use Closure;
class AuthenticatedOrPendingMfa
{
protected $loginService;
protected $mfaSession;
@ -18,12 +17,12 @@ class AuthenticatedOrPendingMfa
$this->mfaSession = $mfaSession;
}
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)

2
app/Theming/ThemeEvents.php
View File

@ -41,7 +41,7 @@ class ThemeEvents
* Provides both the original request and the currently resolved response.
* Return values, if provided, will be used as a new response to use.
*
* @param \Illuminate\Http\Request $request
* @param \Illuminate\Http\Request $request
* @param \Illuminate\Http\Response|Symfony\Component\HttpFoundation\BinaryFileResponse $response
* @returns \Illuminate\Http\Response|null
*/

3
app/Translation/FileLoader.php
View File

@ -26,7 +26,8 @@ class FileLoader extends BaseLoader
if (is_null($namespace) || $namespace === '*') {
$themePath = theme_path('lang');
$themeTranslations = $themePath ? $this->loadPath($themePath, $locale, $group) : [];
$originalTranslations = $this->loadPath($this->path, $locale, $group);
$originalTranslations = $this->loadPath($this->path, $locale, $group);
return array_merge($originalTranslations, $themeTranslations);
}

5
routes/web.php
View File

@ -223,18 +223,17 @@ Route::group(['middleware' => 'auth'], function () {
Route::get('/roles/{id}', 'RoleController@edit');
Route::put('/roles/{id}', 'RoleController@update');
});
});
// MFA routes
Route::group(['middleware' => 'mfa-setup'], function() {
Route::group(['middleware' => 'mfa-setup'], function () {
Route::get('/mfa/setup', 'Auth\MfaController@setup');
Route::get('/mfa/totp/generate', 'Auth\MfaTotpController@generate');
Route::post('/mfa/totp/confirm', 'Auth\MfaTotpController@confirm');
Route::get('/mfa/backup_codes/generate', 'Auth\MfaBackupCodesController@generate');
Route::post('/mfa/backup_codes/confirm', 'Auth\MfaBackupCodesController@confirm');
});
Route::group(['middleware' => 'guest'], function() {
Route::group(['middleware' => 'guest'], function () {
Route::get('/mfa/verify', 'Auth\MfaController@verify');
Route::post('/mfa/totp/verify', 'Auth\MfaTotpController@verify');
Route::post('/mfa/backup_codes/verify', 'Auth\MfaBackupCodesController@verify');

2
tests/Auth/AuthTest.php
View File

@ -332,7 +332,7 @@ class AuthTest extends BrowserKitTest
$user = $this->getEditor();
$mfaSession = $this->app->make(MfaSession::class);
$mfaSession->markVerifiedForUser($user);;
$mfaSession->markVerifiedForUser($user);
$this->assertTrue($mfaSession->isVerifiedForUser($user));
$this->asAdmin()->visit('/logout');

186
tests/Auth/LdapTest.php
View File

@ -27,18 +27,18 @@ class LdapTest extends TestCase
define('LDAP_OPT_REFERRALS', 1);
}
config()->set([
'auth.method' => 'ldap',
'auth.defaults.guard' => 'ldap',
'services.ldap.base_dn' => 'dc=ldap,dc=local',
'services.ldap.email_attribute' => 'mail',
'auth.method' => 'ldap',
'auth.defaults.guard' => 'ldap',
'services.ldap.base_dn' => 'dc=ldap,dc=local',
'services.ldap.email_attribute' => 'mail',
'services.ldap.display_name_attribute' => 'cn',
'services.ldap.id_attribute' => 'uid',
'services.ldap.user_to_groups' => false,
'services.ldap.version' => '3',
'services.ldap.user_filter' => '(&(uid=${user}))',
'services.ldap.follow_referrals' => false,
'services.ldap.tls_insecure' => false,
'services.ldap.thumbnail_attribute' => null,
'services.ldap.id_attribute' => 'uid',
'services.ldap.user_to_groups' => false,
'services.ldap.version' => '3',
'services.ldap.user_filter' => '(&(uid=${user}))',
'services.ldap.follow_referrals' => false,
'services.ldap.tls_insecure' => false,
'services.ldap.thumbnail_attribute' => null,
]);
$this->mockLdap = \Mockery::mock(Ldap::class);
$this->app[Ldap::class] = $this->mockLdap;
@ -70,9 +70,9 @@ class LdapTest extends TestCase
protected function mockUserLogin(?string $email = null): TestResponse
{
return $this->post('/login', [
'username' => $this->mockUser->name,
'password' => $this->mockUser->password,
] + ($email ? ['email' => $email] : []));
'username' => $this->mockUser->name,
'password' => $this->mockUser->password,
] + ($email ? ['email' => $email] : []));
}
/**
@ -95,8 +95,8 @@ class LdapTest extends TestCase
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
]]);
$resp = $this->mockUserLogin();
@ -109,8 +109,8 @@ class LdapTest extends TestCase
$resp->assertElementExists('#home-default');
$resp->assertSee($this->mockUser->name);
$this->assertDatabaseHas('users', [
'email' => $this->mockUser->email,
'email_confirmed' => false,
'email' => $this->mockUser->email,
'email_confirmed' => false,
'external_auth_id' => $this->mockUser->name,
]);
}
@ -126,8 +126,8 @@ class LdapTest extends TestCase
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
]]);
$resp = $this->mockUserLogin();
@ -150,8 +150,8 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [
'cn' => [$this->mockUser->name],
'dn' => $ldapDn,
'cn' => [$this->mockUser->name],
'dn' => $ldapDn,
'mail' => [$this->mockUser->email],
]]);
@ -170,10 +170,10 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [
'cn' => [$this->mockUser->name],
'dn' => $ldapDn,
'cn' => [$this->mockUser->name],
'dn' => $ldapDn,
'my_custom_id' => ['cooluser456'],
'mail' => [$this->mockUser->email],
'mail' => [$this->mockUser->email],
]]);
$resp = $this->mockUserLogin();
@ -189,8 +189,8 @@ class LdapTest extends TestCase
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
]]);
$this->mockLdap->shouldReceive('bind')->times(2)->andReturn(true, false);
@ -219,14 +219,14 @@ class LdapTest extends TestCase
$userForm->assertDontSee('Password');
$save = $this->post('/settings/users/create', [
'name' => $this->mockUser->name,
'name' => $this->mockUser->name,
'email' => $this->mockUser->email,
]);
$save->assertSessionHasErrors(['external_auth_id' => 'The external auth id field is required.']);
$save = $this->post('/settings/users/create', [
'name' => $this->mockUser->name,
'email' => $this->mockUser->email,
'name' => $this->mockUser->name,
'email' => $this->mockUser->email,
'external_auth_id' => $this->mockUser->name,
]);
$save->assertRedirect('/settings/users');
@ -241,8 +241,8 @@ class LdapTest extends TestCase
$editPage->assertDontSee('Password');
$update = $this->put("/settings/users/{$editUser->id}", [
'name' => $editUser->name,
'email' => $editUser->email,
'name' => $editUser->name,
'email' => $editUser->email,
'external_auth_id' => 'test_auth_id',
]);
$update->assertRedirect('/settings/users');
@ -271,8 +271,8 @@ class LdapTest extends TestCase
$this->mockUser->attachRole($existingRole);
app('config')->set([
'services.ldap.user_to_groups' => true,
'services.ldap.group_attribute' => 'memberOf',
'services.ldap.user_to_groups' => true,
'services.ldap.group_attribute' => 'memberOf',
'services.ldap.remove_from_groups' => false,
]);
@ -280,14 +280,14 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(4)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'mail' => [$this->mockUser->email],
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'mail' => [$this->mockUser->email],
'memberof' => [
'count' => 2,
0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
1 => 'cn=ldaptester-second,ou=groups,dc=example,dc=com',
0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
1 => 'cn=ldaptester-second,ou=groups,dc=example,dc=com',
],
]]);
@ -316,8 +316,8 @@ class LdapTest extends TestCase
$this->mockUser->attachRole($existingRole);
app('config')->set([
'services.ldap.user_to_groups' => true,
'services.ldap.group_attribute' => 'memberOf',
'services.ldap.user_to_groups' => true,
'services.ldap.group_attribute' => 'memberOf',
'services.ldap.remove_from_groups' => true,
]);
@ -325,13 +325,13 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(3)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'mail' => [$this->mockUser->email],
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'mail' => [$this->mockUser->email],
'memberof' => [
'count' => 1,
0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
],
]]);
@ -361,8 +361,8 @@ class LdapTest extends TestCase
$roleToNotReceive = factory(Role::class)->create(['display_name' => 'ex-auth-a', 'external_auth_id' => 'test-second-param']);
app('config')->set([
'services.ldap.user_to_groups' => true,
'services.ldap.group_attribute' => 'memberOf',
'services.ldap.user_to_groups' => true,
'services.ldap.group_attribute' => 'memberOf',
'services.ldap.remove_from_groups' => true,
]);
@ -370,13 +370,13 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(3)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'mail' => [$this->mockUser->email],
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'mail' => [$this->mockUser->email],
'memberof' => [
'count' => 1,
0 => 'cn=ex-auth-a,ou=groups,dc=example,dc=com',
0 => 'cn=ex-auth-a,ou=groups,dc=example,dc=com',
],
]]);
@ -402,8 +402,8 @@ class LdapTest extends TestCase
setting()->put('registration-role', $roleToReceive->id);
app('config')->set([
'services.ldap.user_to_groups' => true,
'services.ldap.group_attribute' => 'memberOf',
'services.ldap.user_to_groups' => true,
'services.ldap.group_attribute' => 'memberOf',
'services.ldap.remove_from_groups' => true,
]);
@ -411,14 +411,14 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(4)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'mail' => [$this->mockUser->email],
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'mail' => [$this->mockUser->email],
'memberof' => [
'count' => 2,
0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
1 => 'cn=ldaptester-second,ou=groups,dc=example,dc=com',
0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
1 => 'cn=ldaptester-second,ou=groups,dc=example,dc=com',
],
]]);
@ -445,9 +445,9 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'displayname' => 'displayNameAttribute',
]]);
@ -471,8 +471,8 @@ class LdapTest extends TestCase
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
]]);
$this->mockUserLogin()->assertRedirect('/login');
@ -482,10 +482,10 @@ class LdapTest extends TestCase
$resp->assertRedirect('/');
$this->get('/')->assertSee($this->mockUser->name);
$this->assertDatabaseHas('users', [
'email' => $this->mockUser->email,
'email_confirmed' => false,
'email' => $this->mockUser->email,
'email_confirmed' => false,
'external_auth_id' => $this->mockUser->name,
'name' => $this->mockUser->name,
'name' => $this->mockUser->name,
]);
}
@ -499,8 +499,8 @@ class LdapTest extends TestCase
$this->commonLdapMocks(0, 1, 1, 2, 1);
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
]]);
$this->mockLdap->shouldReceive('connect')->once()
@ -566,8 +566,8 @@ class LdapTest extends TestCase
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
]]);
$resp = $this->post('/login', [
@ -575,7 +575,7 @@ class LdapTest extends TestCase
'password' => $this->mockUser->password,
]);
$resp->assertJsonStructure([
'details_from_ldap' => [],
'details_from_ldap' => [],
'details_bookstack_parsed' => [],
]);
}
@ -605,8 +605,8 @@ class LdapTest extends TestCase
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), ['cn', 'dn', 'uid', 'mail', 'cn'])
->andReturn(['count' => 1, 0 => [
'uid' => [hex2bin('FFF8F7')],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
]]);
$details = $ldapService->getUserDetails('test');
@ -619,14 +619,14 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(2)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'uid' => [$this->mockUser->name],
'cn' => [$this->mockUser->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'mail' => 'tester@example.com',
]], ['count' => 1, 0 => [
'uid' => ['Barry'],
'cn' => ['Scott'],
'dn' => ['dc=bscott' . config('services.ldap.base_dn')],
'uid' => ['Barry'],
'cn' => ['Scott'],
'dn' => ['dc=bscott' . config('services.ldap.base_dn')],
'mail' => 'tester@example.com',
]]);
@ -646,8 +646,8 @@ class LdapTest extends TestCase
setting()->put('registration-confirmation', 'true');
app('config')->set([
'services.ldap.user_to_groups' => true,
'services.ldap.group_attribute' => 'memberOf',
'services.ldap.user_to_groups' => true,
'services.ldap.group_attribute' => 'memberOf',
'services.ldap.remove_from_groups' => true,
]);
@ -655,20 +655,20 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')
->times(6)
->andReturn(['count' => 1, 0 => [
'uid' => [$user->name],
'cn' => [$user->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'mail' => [$user->email],
'uid' => [$user->name],
'cn' => [$user->name],
'dn' => ['dc=test' . config('services.ldap.base_dn')],
'mail' => [$user->email],
'memberof' => [
'count' => 1,
0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
0 => 'cn=ldaptester,ou=groups,dc=example,dc=com',
],
]]);
$login = $this->followingRedirects()->mockUserLogin();
$login->assertSee('Thanks for registering!');
$this->assertDatabaseHas('users', [
'email' => $user->email,
'email' => $user->email,
'email_confirmed' => false,
]);
@ -704,8 +704,8 @@ class LdapTest extends TestCase
$this->mockLdap->shouldReceive('searchAndGetEntries')->times(1)
->with($this->resourceId, config('services.ldap.base_dn'), \Mockery::type('string'), \Mockery::type('array'))
->andReturn(['count' => 1, 0 => [
'cn' => [$this->mockUser->name],
'dn' => $ldapDn,
'cn' => [$this->mockUser->name],
'dn' => $ldapDn,
'jpegphoto' => [base64_decode('/9j/2wBDAAMCAgICAgMCAgIDAwMDBAYEBAQEBAgGBgUGCQgKCgkICQkKDA8MCgsOCwkJDRENDg8Q
EBEQCgwSExIQEw8QEBD/yQALCAABAAEBAREA/8wABgAQEAX/2gAIAQEAAD8A0s8g/9k=')],
'mail' => [$this->mockUser->email],

14
tests/Auth/MfaConfigurationTest.php
View File

@ -10,7 +10,6 @@ use Tests\TestCase;
class MfaConfigurationTest extends TestCase
{
public function test_totp_setup()
{
$editor = $this->getEditor();
@ -54,7 +53,7 @@ class MfaConfigurationTest extends TestCase
$this->assertDatabaseHas('mfa_values', [
'user_id' => $editor->id,
'method' => 'totp',
'method' => 'totp',
]);
$this->assertFalse(session()->has('mfa-setup-totp-secret'));
$value = MfaValue::query()->where('user_id', '=', $editor->id)
@ -79,7 +78,7 @@ class MfaConfigurationTest extends TestCase
$codes = decrypt(session()->get('mfa-setup-backup-codes'));
// Check code format
$this->assertCount(16, $codes);
$this->assertEquals(16*11, strlen(implode('', $codes)));
$this->assertEquals(16 * 11, strlen(implode('', $codes)));
// Check download link
$resp->assertSee(base64_encode(implode("\n\n", $codes)));
@ -94,7 +93,7 @@ class MfaConfigurationTest extends TestCase
$this->assertDatabaseHas('mfa_values', [
'user_id' => $editor->id,
'method' => 'backup_codes',
'method' => 'backup_codes',
]);
$this->assertFalse(session()->has('mfa-setup-backup-codes'));
$value = MfaValue::query()->where('user_id', '=', $editor->id)
@ -155,13 +154,12 @@ class MfaConfigurationTest extends TestCase
$resp = $this->actingAs($admin)->get('/mfa/setup');
$resp->assertElementExists('form[action$="/mfa/totp/remove"]');
$resp = $this->delete("/mfa/totp/remove");
$resp->assertRedirect("/mfa/setup");
$resp = $this->delete('/mfa/totp/remove');
$resp->assertRedirect('/mfa/setup');
$resp = $this->followRedirects($resp);
$resp->assertSee('Multi-factor method successfully removed');
$this->assertActivityExists(ActivityType::MFA_REMOVE_METHOD);
$this->assertEquals(0, $admin->mfaValues()->count());
}
}
}

17
tests/Auth/MfaVerificationTest.php
View File

@ -149,7 +149,7 @@ class MfaVerificationTest extends TestCase
/** @var TestResponse $mfaView */
$mfaView = $this->followingRedirects()->post('/login', [
'email' => $user->email,
'email' => $user->email,
'password' => 'password',
]);
@ -179,7 +179,7 @@ class MfaVerificationTest extends TestCase
/** @var TestResponse $resp */
$resp = $this->followingRedirects()->post('/login', [
'email' => $user->email,
'email' => $user->email,
'password' => 'password',
]);
@ -197,7 +197,7 @@ class MfaVerificationTest extends TestCase
$resp->assertSeeText('Multi-factor method configured, Please now login again using the configured method.');
$resp = $this->followingRedirects()->post('/login', [
'email' => $user->email,
'email' => $user->email,
'password' => 'password',
]);
$resp->assertSeeText('Enter one of your remaining backup codes below:');
@ -227,6 +227,7 @@ class MfaVerificationTest extends TestCase
$role = $user->roles->first();
$role->mfa_enforced = true;
$role->save();
try {
$loginService->login($user, 'testing');
} catch (StoppedAuthenticationException $e) {
@ -238,7 +239,6 @@ class MfaVerificationTest extends TestCase
$resp = $this->call($method, $path);
$resp->assertRedirect('/login');
}
}
/**
@ -252,7 +252,7 @@ class MfaVerificationTest extends TestCase
$user->save();
MfaValue::upsertWithValue($user, MfaValue::METHOD_TOTP, $secret);
$loginResp = $this->post('/login', [
'email' => $user->email,
'email' => $user->email,
'password' => 'password',
]);
@ -262,18 +262,17 @@ class MfaVerificationTest extends TestCase
/**
* @return Array<User, string, TestResponse>
*/
protected function startBackupCodeLogin($codes = ['kzzu6-1pgll','bzxnf-plygd','bwdsp-ysl51','1vo93-ioy7n','lf7nw-wdyka','xmtrd-oplac']): array
protected function startBackupCodeLogin($codes = ['kzzu6-1pgll', 'bzxnf-plygd', 'bwdsp-ysl51', '1vo93-ioy7n', 'lf7nw-wdyka', 'xmtrd-oplac']): array
{
$user = $this->getEditor();
$user->password = Hash::make('password');
$user->save();
MfaValue::upsertWithValue($user, MfaValue::METHOD_BACKUP_CODES, json_encode($codes));
$loginResp = $this->post('/login', [
'email' => $user->email,
'email' => $user->email,
'password' => 'password',
]);
return [$user, $codes, $loginResp];
}
}
}

2
tests/Commands/ResetMfaCommandTest.php
View File

@ -58,7 +58,7 @@ class ResetMfaCommandTest extends TestCase
public function test_giving_non_existing_user_shows_error_message()
{
$this->artisan("bookstack:reset-mfa --email=donkeys@example.com")
$this->artisan('bookstack:reset-mfa --email=donkeys@example.com')
->expectsOutput('A user where email=donkeys@example.com could not be found.')
->assertExitCode(1);
}