klevze/SkinbaseNova
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df67252078af1176127e432dca2aaba053551253
SkinbaseNova/tests/Feature/Auth/RegistrationAntiSpamTest.php

75 lines
2.4 KiB
PHP
Raw Blame History

<?php
use App\Services\Security\RecaptchaVerifier;
use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Facades\RateLimiter;
uses(RefreshDatabase::class);
it('rejects registration when honeypot field is filled', function () {
Mail::fake();
$response = $this->from('/register')->post('/register', [
'email' => 'bot1@example.com',
'website' => 'https://spam.example',
]);
$response->assertRedirect('/register');
$response->assertSessionHasErrors('website');
$this->assertDatabaseMissing('users', ['email' => 'bot1@example.com']);
});
it('throttles excessive registration attempts by ip', function () {
Mail::fake();
config()->set('antispam.register.ip_per_minute', 2);
config()->set('antispam.register.email_per_minute', 20);
for ($i = 0; $i < 2; $i++) {
$this->post('/register', [
'email' => 'user-rate-' . $i . '@example.com',
])->assertRedirect('/register/notice');
}
$this->post('/register', [
'email' => 'user-rate-3@example.com',
])->assertStatus(429);
RateLimiter::clear('register:ip:127.0.0.1');
});
it('rejects registration when recaptcha is enabled and verification fails', function () {
Mail::fake();
$mock = \Mockery::mock(RecaptchaVerifier::class);
$mock->shouldReceive('isEnabled')->andReturn(true);
$mock->shouldReceive('verify')->once()->andReturn(false);
$this->app->instance(RecaptchaVerifier::class, $mock);
$response = $this->from('/register')->post('/register', [
'email' => 'captcha-user@example.com',
'g-recaptcha-response' => 'bad-token',
]);
$response->assertRedirect('/register');
$response->assertSessionHasErrors('captcha');
$this->assertDatabaseMissing('users', ['email' => 'captcha-user@example.com']);
});
it('allows registration when recaptcha is enabled and verification succeeds', function () {
Mail::fake();
$mock = \Mockery::mock(RecaptchaVerifier::class);
$mock->shouldReceive('isEnabled')->andReturn(true);
$mock->shouldReceive('verify')->once()->andReturn(true);
$this->app->instance(RecaptchaVerifier::class, $mock);
$response = $this->post('/register', [
'email' => 'captcha-pass@example.com',
'g-recaptcha-response' => 'good-token',
]);
$response->assertRedirect('/register/notice');
$this->assertDatabaseHas('users', ['email' => 'captcha-pass@example.com']);
});
Reference in New Issue View Git Blame Copy Permalink