webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-08-07 23:03:00 +03:00
Code Activity

Fixed guest user email showing in TOTP setup url

Browse Source 
- Occured during enforced MFA setup upon login.
- Added test to cover.

Fixes #2971
This commit is contained in:
Dan Brown
2021-10-14 18:02:16 +01:00
parent d21b60079c
commit c9c0e5e16f
3 changed files with 23 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
tests/Auth/MfaConfigurationTest.php
View File

@@ -4,6 +4,7 @@ namespace Tests\Auth;
use BookStack\Actions\ActivityType;
use BookStack\Auth\Access\Mfa\MfaValue;
use BookStack\Auth\Role;
use BookStack\Auth\User;
use PragmaRX\Google2FA\Google2FA;
use Tests\TestCase;
@@ -164,4 +165,22 @@ class MfaConfigurationTest extends TestCase
$this->assertActivityExists(ActivityType::MFA_REMOVE_METHOD);
$this->assertEquals(0, $admin->mfaValues()->count());
}
public function test_totp_setup_url_shows_correct_user_when_setup_forced_upon_login()
{
$admin = $this->getAdmin();
/** @var Role $role */
$role = $admin->roles()->first();
$role->mfa_enforced = true;
$role->save();
$resp = $this->post('/login', ['email' => $admin->email, 'password' => 'password']);
$this->assertFalse(auth()->check());
$resp->assertRedirect('/mfa/verify');
$resp = $this->get('/mfa/totp/generate');
$resp->assertSeeText('Mobile App Setup');
$resp->assertDontSee("otpauth://totp/BookStack:guest%40example.com");
$resp->assertSee("otpauth://totp/BookStack:admin%40admin.com");
}
}