webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-08-09 10:22:51 +03:00
Code Activity

Simplified guard names and rolled out guard route checks

Browse Source 
- Included tests to cover for LDAP and SAML
- Updated wording for external auth id option.
- Updated 'assertPermissionError' test case to be usable in BrowserKitTests
This commit is contained in:
Dan Brown
2020-02-02 13:10:21 +00:00
parent 5d08ec3cef
commit e6c6de0848
17 changed files with 146 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
tests/Auth/Saml2Test.php
View File

@@ -219,22 +219,58 @@ class Saml2Test extends TestCase
$getRoutes = ['/logout', '/metadata', '/sls'];
foreach ($getRoutes as $route) {
$req = $this->get('/saml2' . $route);
$req->assertRedirect('/');
$error = session()->get('error');
$this->assertStringStartsWith('You do not have permission to access', $error);
session()->flush();
$this->assertPermissionError($req);
}
$postRoutes = ['/login', '/acs'];
foreach ($postRoutes as $route) {
$req = $this->post('/saml2' . $route);
$req->assertRedirect('/');
$error = session()->get('error');
$this->assertStringStartsWith('You do not have permission to access', $error);
session()->flush();
$this->assertPermissionError($req);
}
}
public function test_forgot_password_routes_inaccessible()
{
$resp = $this->get('/password/email');
$this->assertPermissionError($resp);
$resp = $this->post('/password/email');
$this->assertPermissionError($resp);
$resp = $this->get('/password/reset/abc123');
$this->assertPermissionError($resp);
$resp = $this->post('/password/reset');
$this->assertPermissionError($resp);
}
public function test_standard_login_routes_inaccessible()
{
$resp = $this->post('/login');
$this->assertPermissionError($resp);
$resp = $this->get('/logout');
$this->assertPermissionError($resp);
}
public function test_user_invite_routes_inaccessible()
{
$resp = $this->get('/register/invite/abc123');
$this->assertPermissionError($resp);
$resp = $this->post('/register/invite/abc123');
$this->assertPermissionError($resp);
}
public function test_user_register_routes_inaccessible()
{
$resp = $this->get('/register');
$this->assertPermissionError($resp);
$resp = $this->post('/register');
$this->assertPermissionError($resp);
}
protected function withGet(array $options, callable $callback)
{
return $this->withGlobal($_GET, $options, $callback);