klevze/SkinbaseNova
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(auth): complete registration anti-spam and quota hardening

Browse Source
This commit is contained in:
Gregor Klevže
2026-02-21 12:13:01 +01:00
parent 4fb95c872b
commit b239af9619
33 changed files with 1288 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
tests/Feature/Auth/RegistrationNoticeResendTest.php
View File

@@ -1,15 +1,14 @@
<?php
use App\Mail\RegistrationVerificationMail;
use App\Jobs\SendVerificationEmailJob;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Facades\Queue;
uses(RefreshDatabase::class);
it('shows registration notice with email after first step', function () {
Mail::fake();
Queue::fake();
$this->post('/register', [
'email' => 'notice@example.com',
@@ -28,33 +27,40 @@ it('prefills register form email from query string', function () {
});
it('blocks resend while cooldown is active', function () {
Mail::fake();
Queue::fake();
$this->post('/register', [
'email' => 'cooldown@example.com',
])->assertRedirect('/register/notice');
$this->from('/register/notice')->post('/register/resend-verification', [
$response = $this->from('/register/notice')->post('/register/resend-verification', [
'email' => 'cooldown@example.com',
])->assertRedirect('/register/notice')
->assertSessionHasErrors('email');
]);
$response->assertRedirect('/register/notice');
$response->assertSessionHasNoErrors();
$response->assertSessionHas('status', 'If that email is valid, we sent a verification link.');
Queue::assertPushed(SendVerificationEmailJob::class, 1);
});
it('resends verification after cooldown expires', function () {
Mail::fake();
Queue::fake();
$this->post('/register', [
'email' => 'resend@example.com',
])->assertRedirect('/register/notice');
$key = 'register:resend:cooldown:' . sha1('resend@example.com');
Cache::forget($key);
$user = User::query()->where('email', 'resend@example.com')->firstOrFail();
$user->forceFill([
'last_verification_sent_at' => now()->subMinutes(31),
])->save();
$this->post('/register/resend-verification', [
'email' => 'resend@example.com',
])->assertRedirect('/register/notice');
Mail::assertQueued(RegistrationVerificationMail::class, 2);
Queue::assertPushed(SendVerificationEmailJob::class, 2);
expect(User::query()->where('email', 'resend@example.com')->exists())->toBeTrue();
});