webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-08-09 10:22:51 +03:00
Code Activity

Updated email confirmation flow so confirmation is done via POST

Browse Source 
To avoid non-user GET requests (Such as those from email scanners)
auto-triggering the confirm submission. Made auto-submit the form via
JavaScript in this extra added step with user-link backup to keep
existing user flow experience.

Closes #3797
This commit is contained in:
Dan Brown
2022-11-12 15:10:14 +00:00
parent 0e627a6e05
commit a1b1f8138a
7 changed files with 72 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
tests/Auth/RegistrationTest.php
View File

@@ -46,8 +46,18 @@ class RegistrationTest extends TestCase
return $notification->token === $emailConfirmation->token;
});
// Check confirmation email confirmation activation.
$this->get('/register/confirm/' . $emailConfirmation->token)->assertRedirect('/login');
// Check confirmation email confirmation accept page.
$resp = $this->get('/register/confirm/' . $emailConfirmation->token);
$acceptPage = $this->withHtml($resp);
$resp->assertOk();
$resp->assertSee('Thanks for confirming!');
$acceptPage->assertElementExists('form[method="post"][action$="/register/confirm/accept"][component="auto-submit"] button');
$acceptPage->assertFieldHasValue('token', $emailConfirmation->token);
// Check acceptance confirm
$this->post('/register/confirm/accept', ['token' => $emailConfirmation->token])->assertRedirect('/login');
// Check state on login redirect
$this->get('/login')->assertSee('Your email has been confirmed! You should now be able to login using this email address.');
$this->assertDatabaseMissing('email_confirmations', ['token' => $emailConfirmation->token]);
$this->assertDatabaseHas('users', ['name' => $dbUser->name, 'email' => $dbUser->email, 'email_confirmed' => true]);