public function testCompile()
{
$field = new Honeypot("test", "Test");
$expected = "<div class=\"honeypot\" style=\"display: none;\"><input type=\"text\" name=\"test\" value=\"\" /></div>";
$value = $field->compile();
$this->assertEquals($expected, $value);
}
/**
* @test
*/
public function it_allows_send_a_contact_message()
{
MailThief::hijack();
Honeypot::disable();
$this->visit(route('contact.show'))->type('John Doe', 'name')->type('*****@*****.**', 'email')->type('Contract', 'subject')->type('PHP Interfaces are important.', 'text')->press('Send')->see(trans('contact::contact.send_successfully'));
$this->assertTrue(MailThief::hasMessageFor('*****@*****.**'));
$this->assertEquals('Contract', MailThief::lastMessage()->subject);
$this->assertEquals('*****@*****.**', MailThief::lastMessage()->data['email']);
}
/**
* @test
*/
public function it_not_allow_to_login_without_verify()
{
// register a user
Honeypot::disable();
$formUser = $this->registerUser();
// login
$this->visit('/login')->type($formUser->email, 'email')->type($formUser->password, 'password')->press(trans('user::user.login'))->see('alert-danger');
$this->assertTrue(Auth::guest(), 'User is logged in');
}
private function doLogIn()
{
if (!AntiForgeryToken::getInstance()->validate()) {
return Response::fiveHundred();
}
if (!Honeypot::getInstance()->validate()) {
return Response::fiveHundred();
}
$hookEngine = HookEngine::getInstance();
$hookEngine->runAction('userIsLoggingIn');
$user = CurrentUser::getUserSession();
if ($user->isLoggedIn()) {
return Response::redirect(new Link(""));
}
$username = Request::getPostParameter("username");
$password = Request::getPostParameter("password");
if (!$username) {
return $this->showErrorMessage();
}
if (!$password) {
return $this->showErrorMessage();
}
$lockoutEngine = LockoutEngine::getInstance();
if ($lockoutEngine->isLockedOut($_SERVER['REMOTE_ADDR'])) {
return Response::redirect(new Link("users/login"));
}
$logger = Logger::getInstance();
$username = preg_replace('/\\s+/', '', strip_tags($username));
if (!$user->logIn($username, $password)) {
$logger->logIt(new LogEntry(0, logEntryType::warning, 'Someone failed to log into ' . $username . '\'s account from IP:' . $_SERVER['REMOTE_ADDR'], 0, new DateTime()));
return $this->showErrorMessage();
}
$user = CurrentUser::getUserSession();
$logger->logIt(new LogEntry(0, logEntryType::info, 'A new session was opened for ' . $user->getFullName() . ', who has an IP of ' . $_SERVER['REMOTE_ADDR'] . '.', $user->getUserID(), new DateTime()));
$hookEngine->runAction('userLoggedIn');
return Response::redirect(new Link(""));
}
public function Honeypot()
{
return Honeypot::getInstance();
}
/**
* @test
*/
public function it_allows_to_register_user()
{
Honeypot::disable();
$user = factory(User::class, 'form')->make();
$this->visit('/register')->see('Register')->type($user->username, 'username')->type($user->email, 'email')->type($user->password, 'password')->type($user->password, 'password_confirmation')->press(trans('user::user.register'))->see('alert-success');
}
private function secondStepPost($inParam2)
{
if (!$this->request->isPostRequest()) {
$this->response = Response::fourOhFour();
return;
}
if (!AntiForgeryToken::getInstance()->validate()) {
$this->response = Response::fiveHundred();
return;
}
if (!Honeypot::getInstance()->validate()) {
$this->response = Response::fiveHundred();
return;
}
$token = Request::getPostParameter('token');
$email = Request::getPostParameter('email');
$newPassword = Request::getPostParameter('newPassword');
$confirmNewPassword = Request::getPostParameter('confirmNewPassword');
if ($token === false) {
$this->response = Response::fiveHundred();
return;
}
if ($email === false) {
$this->response = Response::fiveHundred();
return;
}
if ($newPassword === false) {
$this->response = Response::fiveHundred();
return;
}
if ($confirmNewPassword === false) {
$this->response = Response::fiveHundred();
return;
}
$token = preg_replace('/\\s+/', '', strip_tags($token));
if ($inParam2 !== $token) {
$this->response = Response::fiveHundred();
return;
}
$forgotPasswordEngine = ForgotPasswordEngine::getInstance();
$forgotPassword1 = $forgotPasswordEngine->getForgotPasswordByToken($token);
if ($forgotPassword1 === false) {
$this->response = Response::fiveHundred();
return;
}
if (!$forgotPasswordEngine->forgotPasswordIsOfValidAge($forgotPassword1)) {
$this->response = Response::fourOhFour();
return;
}
$username = preg_replace('/\\s+/', '', strip_tags($email));
$validator = new emailValidator();
if (!$validator->validate($username)) {
$this->showErrorMessageForForgotPasswordIdentity();
$this->redirectOnError($inParam2);
return;
}
$user = UserEngine::getInstance()->getUserByEmail($username);
if ($user === false) {
$this->showErrorMessageForForgotPasswordIdentity();
$this->redirectOnError($inParam2);
return;
}
$forgotPassword2 = $forgotPasswordEngine->getForgotPasswordByUserID($user->getUserID());
if ($forgotPassword2 === false) {
$this->showErrorMessageForForgotPasswordIdentity();
$this->redirectOnError($inParam2);
return;
}
if (!$forgotPasswordEngine->forgotPasswordIsOfValidAge($forgotPassword2)) {
$this->showErrorMessageForForgotPasswordIdentity();
$this->redirectOnError($inParam2);
return;
}
if ($forgotPassword1->getID() !== $forgotPassword2->getID()) {
$this->showErrorMessageForForgotPasswordIdentity();
$this->redirectOnError($inParam2);
return;
}
if (!$forgotPassword1->verify($forgotPassword2->getToken(), $forgotPassword2->getUserID())) {
$this->showErrorMessageForForgotPasswordIdentity();
$this->redirectOnError($inParam2);
return;
}
if (!$forgotPassword2->verify($forgotPassword1->getToken(), $forgotPassword1->getUserID())) {
$this->showErrorMessageForForgotPasswordIdentity();
$this->redirectOnError($inParam2);
return;
}
$minimumPasswordLength = $forgotPasswordEngine->getMinimumPasswordLength();
if ($newPassword !== $confirmNewPassword) {
$this->showErrorMessageForForgotPasswordNonMatch($minimumPasswordLength);
$this->redirectOnError($inParam2);
return;
}
if (!$forgotPasswordEngine->resetUsersPassword($forgotPassword1->getToken(), $forgotPassword2->getUserID(), $newPassword, $confirmNewPassword)) {
$this->showErrorMessageForForgotPasswordNonMatch($minimumPasswordLength);
$this->redirectOnError($inParam2);
return;
}
$forgotPasswordEngine->removeForgotPassword($forgotPassword1);
$this->showSuccessMessageForForgotPasswordChange();
$this->response = Response::redirect(new Link("users/login"));
}
