Merge e8ba2ba into 7eef255

DarkGhostHunter · Jul 11, 2020 · 35b2921 · 35b2921
2 parents 7eef255 + e8ba2ba
commit 35b2921
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 3 deletions.
diff --git a/src/Http/AuthenticatesWebAuthn.php b/src/Http/AuthenticatesWebAuthn.php
@@ -96,7 +96,8 @@ public function login(Request $request)
      */
     protected function hasRemember(Request $request)
     {
-        return $request->filled('remember') || $request->header('WebAuthn-Remember');
+        return filter_var($request->header('WebAuthn-Remember'), FILTER_VALIDATE_BOOLEAN)
+            ?: $request->filled('remember');
     }
 
     /**

diff --git a/src/Http/RecoversWebAuthn.php b/src/Http/RecoversWebAuthn.php
@@ -120,7 +120,7 @@ protected function register(Request $request, WebAuthnAuthenticatable $user)
     protected function shouldDisableAllCredentials(Request $request)
     {
         return filter_var($request->header('WebAuthn-Unique'), FILTER_VALIDATE_BOOLEAN)
-            ?? $request->filled('unique');
+            ?: $request->filled('unique');
     }
 
     /**
@@ -176,4 +176,4 @@ public function redirectPath()
 
         return property_exists($this, 'redirectTo') ? $this->redirectTo : '/home';
     }
-}
+}
diff --git a/tests/Http/WebAuthnConfirmTest.php b/tests/Http/WebAuthnConfirmTest.php
@@ -105,6 +105,10 @@ public function test_asks_for_confirmation()
             ->get('intended')
             ->assertRedirect('webauthn/confirm');
 
+        $this->actingAs($this->user)
+            ->getJson('intended')
+            ->assertSeeText('Authenticator assertion required.');
+
         $this->actingAs($this->user)
             ->followingRedirects()
             ->get('intended')

diff --git a/tests/Http/WebAuthnDeviceLostTest.php b/tests/Http/WebAuthnDeviceLostTest.php
@@ -125,6 +125,22 @@ public function test_sends_recovery_email()
         ]);
     }
 
+    public function test_sends_recovery_email_using_json()
+    {
+        $notification = Notification::fake();
+
+        $this->postJson('webauthn/lost', [
+            'email' => 'john.doe@mail.com'
+        ])
+            ->assertSeeText(trans('larapass::recovery.sent'));
+
+        $notification->assertSentTo(TestWebAuthnUser::first(), AccountRecoveryNotification::class);
+
+        $this->assertDatabaseHas('web_authn_recoveries', [
+            'email' => 'john.doe@mail.com'
+        ]);
+    }
+
     public function test_error_if_email_invalid()
     {
         $notification = Notification::fake();
@@ -137,6 +153,11 @@ public function test_error_if_email_invalid()
             ->assertRedirect(route('webauthn.lost.form'))
             ->assertSessionHasErrors(['email']);
 
+        $this->postJson('webauthn/lost', [
+            'email' => 'invalid'
+        ])
+            ->assertSeeText('The given data was invalid');
+
         $notification->assertNothingSent();
 
         $this->assertDatabaseMissing('web_authn_recoveries', [
@@ -156,6 +177,11 @@ public function test_error_if_user_email_doesnt_exists()
             ->assertRedirect(route('webauthn.lost.form'))
             ->assertSessionHasErrors(['email']);
 
+        $this->postJson('webauthn/lost', [
+            'email' => 'foo@bar.com'
+        ])
+            ->assertSeeText('The given data was invalid');
+
         $notification->assertNothingSent();
 
         $this->assertDatabaseMissing('web_authn_recoveries', [
@@ -190,6 +216,11 @@ public function test_throttled_on_resend()
         ])
             ->assertRedirect(route('webauthn.lost.form'))
             ->assertSessionHasErrors(['email']);
+
+        $this->postJson('webauthn/lost', [
+            'email' => 'john.doe@mail.com'
+        ])
+            ->assertSeeText(trans('larapass::recovery.throttled'));
     }
 
     public function test_error_if_no_broker_is_set()