public function test_user_password_update()
{
$user = \BookStack\User::all()->last();
$userProfilePage = '/users/' . $user->id;
$this->asAdmin()->visit($userProfilePage)->type('newpassword', '#password')->press('Save')->seePageIs($userProfilePage)->see('Password confirmation required')->type('newpassword', '#password')->type('newpassword', '#password-confirm')->press('Save')->seePageIs('/users');
$userPassword = \BookStack\User::find($user->id)->password;
$this->assertTrue(Hash::check('newpassword', $userPassword));
}
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::create('users', function (Blueprint $table) {
$table->increments('id');
$table->string('name');
$table->string('email')->unique();
$table->string('password', 60);
$table->rememberToken();
$table->timestamps();
});
\BookStack\User::create(['name' => 'Admin', 'email' => '*****@*****.**', 'password' => \Illuminate\Support\Facades\Hash::make('password')]);
}
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
Schema::create('users', function (Blueprint $table) {
$table->increments('id');
$table->string('name');
$table->string('email')->unique();
$table->string('password', 60);
$table->rememberToken();
$table->timestamps();
});
\BookStack\User::forceCreate(['name' => 'Admin', 'email' => '*****@*****.**', 'password' => bcrypt('password')]);
}
/**
* Controller constructor.
*/
public function __construct()
{
// Get a user instance for the current user
$user = auth()->user();
if (!$user) {
$user = User::getDefault();
}
// Share variables with views
view()->share('signedIn', auth()->check());
view()->share('currentUser', $user);
// Share variables with controllers
$this->currentUser = $user;
$this->signedIn = auth()->check();
}
public function test_public_page_creation()
{
$this->setSettings(['app-public' => 'true']);
$publicRole = \BookStack\Role::getSystemRole('public');
// Grant all permissions to public
$publicRole->permissions()->detach();
foreach (\BookStack\RolePermission::all() as $perm) {
$publicRole->attachPermission($perm);
}
$this->app[\BookStack\Services\PermissionService::class]->buildJointPermissionForRole($publicRole);
$chapter = \BookStack\Chapter::first();
$this->visit($chapter->book->getUrl());
$this->visit($chapter->getUrl())->click('New Page')->see('Create Page')->seePageIs($chapter->getUrl('/create-page'));
$this->submitForm('Continue', ['name' => 'My guest page'])->seePageIs($chapter->book->getUrl('/page/my-guest-page/edit'));
$user = \BookStack\User::getDefault();
$this->seeInDatabase('pages', ['name' => 'My guest page', 'chapter_id' => $chapter->id, 'created_by' => $user->id, 'updated_by' => $user->id]);
}
/**
* Run the migrations.
*
* @return void
*/
public function up()
{
// Create table for storing roles
Schema::create('roles', function (Blueprint $table) {
$table->increments('id');
$table->string('name')->unique();
$table->string('display_name')->nullable();
$table->string('description')->nullable();
$table->timestamps();
});
// Create table for associating roles to users (Many-to-Many)
Schema::create('role_user', function (Blueprint $table) {
$table->integer('user_id')->unsigned();
$table->integer('role_id')->unsigned();
$table->foreign('user_id')->references('id')->on('users')->onUpdate('cascade')->onDelete('cascade');
$table->foreign('role_id')->references('id')->on('roles')->onUpdate('cascade')->onDelete('cascade');
$table->primary(['user_id', 'role_id']);
});
// Create table for storing permissions
Schema::create('permissions', function (Blueprint $table) {
$table->increments('id');
$table->string('name')->unique();
$table->string('display_name')->nullable();
$table->string('description')->nullable();
$table->timestamps();
});
// Create table for associating permissions to roles (Many-to-Many)
Schema::create('permission_role', function (Blueprint $table) {
$table->integer('permission_id')->unsigned();
$table->integer('role_id')->unsigned();
$table->foreign('permission_id')->references('id')->on('permissions')->onUpdate('cascade')->onDelete('cascade');
$table->foreign('role_id')->references('id')->on('roles')->onUpdate('cascade')->onDelete('cascade');
$table->primary(['permission_id', 'role_id']);
});
// Create default roles
$admin = new \BookStack\Role();
$admin->name = 'admin';
$admin->display_name = 'Admin';
$admin->description = 'Administrator of the whole application';
$admin->save();
$editor = new \BookStack\Role();
$editor->name = 'editor';
$editor->display_name = 'Editor';
$editor->description = 'User can edit Books, Chapters & Pages';
$editor->save();
$viewer = new \BookStack\Role();
$viewer->name = 'viewer';
$viewer->display_name = 'Viewer';
$viewer->description = 'User can view books & their content behind authentication';
$viewer->save();
// Create default CRUD permissions and allocate to admins and editors
$entities = ['Book', 'Page', 'Chapter', 'Image'];
$ops = ['Create', 'Update', 'Delete'];
foreach ($entities as $entity) {
foreach ($ops as $op) {
$newPermission = new \BookStack\Permission();
$newPermission->name = strtolower($entity) . '-' . strtolower($op);
$newPermission->display_name = $op . ' ' . $entity . 's';
$newPermission->save();
$admin->attachPermission($newPermission);
$editor->attachPermission($newPermission);
}
}
// Create admin permissions
$entities = ['Settings', 'User'];
$ops = ['Create', 'Update', 'Delete'];
foreach ($entities as $entity) {
foreach ($ops as $op) {
$newPermission = new \BookStack\Permission();
$newPermission->name = strtolower($entity) . '-' . strtolower($op);
$newPermission->display_name = $op . ' ' . $entity;
$newPermission->save();
$admin->attachPermission($newPermission);
}
}
// Set all current users as admins
// (At this point only the initially create user should be an admin)
$users = \BookStack\User::all();
foreach ($users as $user) {
$user->attachRole($admin);
}
}
/**
* Remove the given user from storage, Delete all related content.
* @param User $user
*/
public function destroy(User $user)
{
$user->socialAccounts()->delete();
$user->delete();
}
public function test_non_admins_cannot_change_auth_id()
{
$testUser = User::all()->last();
$this->actingAs($testUser)->visit('/users/' . $testUser->id)->dontSee('External Authentication');
}
/**
* Helper method to get the current User.
* Defaults to public 'Guest' user if not logged in.
* @return \BookStack\User
*/
function user()
{
return auth()->user() ?: \BookStack\User::getDefault();
}
public function test_public_role_visible_in_user_edit_screen()
{
$user = \BookStack\User::first();
$this->asAdmin()->visit('/settings/users/' . $user->id)->seeElement('#roles-admin')->seeElement('#roles-public');
}
public function setUp()
{
parent::setUp();
$this->user = \BookStack\User::all()->last();
}
/**
* Create a new user instance after a valid registration.
* @param array $data
* @return User
*/
protected function create(array $data)
{
return User::create(['name' => $data['name'], 'email' => $data['email'], 'password' => bcrypt($data['password'])]);
}
/**
* Get a user that's not a system user such as the guest user.
*/
public function getNormalUser()
{
return \BookStack\User::where('system_name', '=', null)->get()->last();
}
