webapp/bookstack
1
0
Fork 0
mirror of https://github.com/BookStackApp/BookStack.git synced 2025-07-30 04:23:11 +03:00
Code Activity

Changed logout routes to POST instead of GET

Browse Source 
As per #3047.

Also made some SAML specific fixes:
- IDP initiated login was broken due to forced default session value.
  Double checked against OneLogin lib docs that this reverted logic was fine.
- Changed how the saml login flow works to use 'withoutMiddleware' on
  the route instead of hacking out the session driver. This was due to
  the array driver (previously used for the hack) no longer being
  considered non-persistent.
This commit is contained in:
Dan Brown
2021-11-14 21:13:24 +00:00
parent fceb4ecc07
commit f910738a80
7 changed files with 26 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/Auth/AuthTest.php
View File

@ -192,7 +192,7 @@ class AuthTest extends TestCase
public function test_logout()
{
$this->asAdmin()->get('/')->assertOk();
$this->get('/logout')->assertRedirect('/');
$this->post('/logout')->assertRedirect('/');
$this->get('/')->assertRedirect('/login');
}
@ -204,7 +204,7 @@ class AuthTest extends TestCase
$mfaSession->markVerifiedForUser($user);
$this->assertTrue($mfaSession->isVerifiedForUser($user));
$this->asAdmin()->get('/logout');
$this->asAdmin()->post('/logout');
$this->assertFalse($mfaSession->isVerifiedForUser($user));
}

2
tests/Auth/OidcTest.php
View File

@ -90,7 +90,7 @@ class OidcTest extends TestCase
public function test_logout_route_functions()
{
$this->actingAs($this->getEditor());
$this->get('/logout');
$this->post('/logout');
$this->assertFalse(auth()->check());
}

13
tests/Auth/Saml2Test.php
View File

@ -157,8 +157,7 @@ class Saml2Test extends TestCase
]);
$resp = $this->actingAs($this->getEditor())->get('/');
$resp->assertElementExists('a[href$="/saml2/logout"]');
$resp->assertElementContains('a[href$="/saml2/logout"]', 'Logout');
$resp->assertElementContains('form[action$="/saml2/logout"] button', 'Logout');
}
public function test_logout_sls_flow()
@ -177,7 +176,7 @@ class Saml2Test extends TestCase
$this->followingRedirects()->post('/saml2/acs', ['SAMLResponse' => $this->acsPostData]);
$req = $this->get('/saml2/logout');
$req = $this->post('/saml2/logout');
$redirect = $req->headers->get('location');
$this->assertStringStartsWith('http://saml.local/saml2/idp/SingleLogoutService.php', $redirect);
$this->withGet(['SAMLResponse' => $this->sloResponseData], $handleLogoutResponse);
@ -193,7 +192,7 @@ class Saml2Test extends TestCase
$this->followingRedirects()->post('/saml2/acs', ['SAMLResponse' => $this->acsPostData]);
$this->assertTrue($this->isAuthenticated());
$req = $this->get('/saml2/logout');
$req = $this->post('/saml2/logout');
$req->assertRedirect('/');
$this->assertFalse($this->isAuthenticated());
}
@ -216,13 +215,13 @@ class Saml2Test extends TestCase
public function test_saml_routes_are_only_active_if_saml_enabled()
{
config()->set(['auth.method' => 'standard']);
$getRoutes = ['/logout', '/metadata', '/sls'];
$getRoutes = ['/metadata', '/sls'];
foreach ($getRoutes as $route) {
$req = $this->get('/saml2' . $route);
$this->assertPermissionError($req);
}
$postRoutes = ['/login', '/acs'];
$postRoutes = ['/login', '/acs', '/logout'];
foreach ($postRoutes as $route) {
$req = $this->post('/saml2' . $route);
$this->assertPermissionError($req);
@ -249,7 +248,7 @@ class Saml2Test extends TestCase
$resp = $this->post('/login');
$this->assertPermissionError($resp);
$resp = $this->get('/logout');
$resp = $this->post('/logout');
$this->assertPermissionError($resp);
}