klevze/SkinbaseNova
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Add tests for featured thumbnail generation; apply Pint formatting and related edits

Browse Source
This commit is contained in:
Gregor Klevže
2026-05-06 18:55:40 +02:00
parent 7a8bc8e22a
commit 82f2b1f660
65 changed files with 11325 additions and 49545 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
tests/Feature/Auth/RegistrationAntiSpamTest.php
View File

@@ -2,8 +2,8 @@
use App\Jobs\SendVerificationEmailJob;
use App\Models\User;
use App\Services\Security\TurnstileVerifier;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Queue;
use Illuminate\Support\Facades\RateLimiter;
@@ -11,6 +11,7 @@ uses(RefreshDatabase::class);
it('rejects registration when honeypot field is filled', function () {
Queue::fake();
config()->set('services.turnstile.enabled', false);
$response = $this->from('/register')->post('/register', [
'email' => 'bot1@example.com',
@@ -24,6 +25,7 @@ it('rejects registration when honeypot field is filled', function () {
it('throttles excessive registration attempts by ip', function () {
Queue::fake();
config()->set('services.turnstile.enabled', false);
config()->set('registration.ip_per_minute_limit', 2);
config()->set('registration.ip_per_day_limit', 100);
@@ -45,6 +47,7 @@ it('throttles excessive registration attempts by ip', function () {
it('blocks disposable email domains during registration', function () {
Queue::fake();
config()->set('services.turnstile.enabled', false);
config()->set('registration.disposable_domains_enabled', true);
config()->set('disposable_email_domains.domains', ['tempmail.com']);
@@ -59,42 +62,56 @@ it('blocks disposable email domains during registration', function () {
it('requires turnstile after suspicious registration attempts', function () {
Queue::fake();
config()->set('registration.enable_turnstile', true);
config()->set('registration.turnstile_suspicious_attempts', 1);
config()->set('services.turnstile.enabled', true);
config()->set('services.turnstile.site_key', 'site-key');
config()->set('services.turnstile.secret_key', 'secret-key');
$mock = \Mockery::mock(TurnstileVerifier::class);
$mock->shouldReceive('isEnabled')->andReturn(true);
$mock->shouldReceive('verify')->once()->andReturn(false);
$this->app->instance(TurnstileVerifier::class, $mock);
$response = $this->from('/register')->post('/register', [
'email' => 'captcha-user@example.com',
]);
$response->assertRedirect('/register');
$response->assertSessionHasErrors('captcha');
$response->assertSessionHasErrors('turnstile_token');
$this->assertDatabaseMissing('users', ['email' => 'captcha-user@example.com']);
});
it('shows turnstile when ip is in rate-limited state', function () {
config()->set('registration.enable_turnstile', true);
config()->set('registration.ip_per_minute_limit', 1);
it('shows turnstile on the registration screen when enabled', function () {
config()->set('services.turnstile.enabled', true);
config()->set('services.turnstile.site_key', 'site-key');
config()->set('services.turnstile.secret_key', 'secret-key');
RateLimiter::hit('register:ip:127.0.0.1', 60);
$this->get('/register')
->assertOk()
->assertSee('cf-turnstile', false);
});
RateLimiter::clear('register:ip:127.0.0.1');
it('rejects registration when turnstile verification fails', function () {
Queue::fake();
config()->set('services.turnstile.enabled', true);
config()->set('services.turnstile.site_key', 'site-key');
config()->set('services.turnstile.secret_key', 'secret-key');
Http::fake([
'https://challenges.cloudflare.com/turnstile/v0/siteverify' => Http::response([
'success' => false,
'error-codes' => ['invalid-input-response'],
], 200),
]);
$response = $this->from('/register')->post('/register', [
'email' => 'captcha-fail@example.com',
'turnstile_token' => 'bad-token',
]);
$response->assertRedirect('/register');
$response->assertSessionHasErrors('turnstile_token');
$this->assertDatabaseMissing('users', ['email' => 'captcha-fail@example.com']);
Http::assertSentCount(1);
});
it('enforces verification email cooldown per address', function () {
Queue::fake();
config()->set('services.turnstile.enabled', false);
$first = $this->post('/register', [
'email' => 'cooldown2@example.com',
@@ -114,6 +131,7 @@ it('enforces verification email cooldown per address', function () {
it('rejects registration for existing completed emails', function () {
Queue::fake();
config()->set('services.turnstile.enabled', false);
User::factory()->create([
'email' => 'existing@example.com',
@@ -133,30 +151,36 @@ it('rejects registration for existing completed emails', function () {
it('still allows registration when turnstile passes', function () {
Queue::fake();
config()->set('registration.enable_turnstile', true);
config()->set('registration.turnstile_suspicious_attempts', 1);
config()->set('services.turnstile.enabled', true);
config()->set('services.turnstile.site_key', 'site-key');
config()->set('services.turnstile.secret_key', 'secret-key');
$mock = \Mockery::mock(TurnstileVerifier::class);
$mock->shouldReceive('isEnabled')->andReturn(true);
$mock->shouldReceive('verify')->once()->andReturn(false);
$mock->shouldReceive('verify')->once()->andReturn(true);
$this->app->instance(TurnstileVerifier::class, $mock);
$first = $this->from('/register')->post('/register', [
'email' => 'captcha-block@example.com',
Http::fake([
'https://challenges.cloudflare.com/turnstile/v0/siteverify' => Http::response([
'success' => true,
'hostname' => 'skinbase.org',
], 200),
]);
$first->assertRedirect('/register');
$first->assertSessionHasErrors('captcha');
$response = $this->post('/register', [
'email' => 'captcha-pass@example.com',
'cf-turnstile-response' => 'good-token',
'turnstile_token' => 'good-token',
]);
$response->assertRedirect('/setup/password');
$this->assertDatabaseHas('users', ['email' => 'captcha-pass@example.com']);
Queue::assertNothingPushed();
Http::assertSentCount(1);
});
it('does not require turnstile when disabled', function () {
Queue::fake();
config()->set('services.turnstile.enabled', false);
$response = $this->post('/register', [
'email' => 'turnstile-disabled@example.com',
]);
$response->assertRedirect('/setup/password');
$this->assertDatabaseHas('users', ['email' => 'turnstile-disabled@example.com']);
});