diff --git a/src/Http/AuthenticatesWebAuthn.php b/src/Http/AuthenticatesWebAuthn.php index bb992a9..29a4696 100644 --- a/src/Http/AuthenticatesWebAuthn.php +++ b/src/Http/AuthenticatesWebAuthn.php @@ -96,7 +96,8 @@ public function login(Request $request) */ protected function hasRemember(Request $request) { - return $request->filled('remember') || $request->header('WebAuthn-Remember'); + return filter_var($request->header('WebAuthn-Remember'), FILTER_VALIDATE_BOOLEAN) + ?: $request->filled('remember'); } /** diff --git a/src/Http/RecoversWebAuthn.php b/src/Http/RecoversWebAuthn.php index 4546ffc..1398cce 100644 --- a/src/Http/RecoversWebAuthn.php +++ b/src/Http/RecoversWebAuthn.php @@ -120,7 +120,7 @@ protected function register(Request $request, WebAuthnAuthenticatable $user) protected function shouldDisableAllCredentials(Request $request) { return filter_var($request->header('WebAuthn-Unique'), FILTER_VALIDATE_BOOLEAN) - ?? $request->filled('unique'); + ?: $request->filled('unique'); } /** @@ -176,4 +176,4 @@ public function redirectPath() return property_exists($this, 'redirectTo') ? $this->redirectTo : '/home'; } -} \ No newline at end of file +} diff --git a/tests/Http/WebAuthnConfirmTest.php b/tests/Http/WebAuthnConfirmTest.php index 04f0a4c..6e44c28 100644 --- a/tests/Http/WebAuthnConfirmTest.php +++ b/tests/Http/WebAuthnConfirmTest.php @@ -105,6 +105,10 @@ public function test_asks_for_confirmation() ->get('intended') ->assertRedirect('webauthn/confirm'); + $this->actingAs($this->user) + ->getJson('intended') + ->assertSeeText('Authenticator assertion required.'); + $this->actingAs($this->user) ->followingRedirects() ->get('intended') diff --git a/tests/Http/WebAuthnDeviceLostTest.php b/tests/Http/WebAuthnDeviceLostTest.php index e8b9311..4bd8ab6 100644 --- a/tests/Http/WebAuthnDeviceLostTest.php +++ b/tests/Http/WebAuthnDeviceLostTest.php @@ -125,6 +125,22 @@ public function test_sends_recovery_email() ]); } + public function test_sends_recovery_email_using_json() + { + $notification = Notification::fake(); + + $this->postJson('webauthn/lost', [ + 'email' => 'john.doe@mail.com' + ]) + ->assertSeeText(trans('larapass::recovery.sent')); + + $notification->assertSentTo(TestWebAuthnUser::first(), AccountRecoveryNotification::class); + + $this->assertDatabaseHas('web_authn_recoveries', [ + 'email' => 'john.doe@mail.com' + ]); + } + public function test_error_if_email_invalid() { $notification = Notification::fake(); @@ -137,6 +153,11 @@ public function test_error_if_email_invalid() ->assertRedirect(route('webauthn.lost.form')) ->assertSessionHasErrors(['email']); + $this->postJson('webauthn/lost', [ + 'email' => 'invalid' + ]) + ->assertSeeText('The given data was invalid'); + $notification->assertNothingSent(); $this->assertDatabaseMissing('web_authn_recoveries', [ @@ -156,6 +177,11 @@ public function test_error_if_user_email_doesnt_exists() ->assertRedirect(route('webauthn.lost.form')) ->assertSessionHasErrors(['email']); + $this->postJson('webauthn/lost', [ + 'email' => 'foo@bar.com' + ]) + ->assertSeeText('The given data was invalid'); + $notification->assertNothingSent(); $this->assertDatabaseMissing('web_authn_recoveries', [ @@ -190,6 +216,11 @@ public function test_throttled_on_resend() ]) ->assertRedirect(route('webauthn.lost.form')) ->assertSessionHasErrors(['email']); + + $this->postJson('webauthn/lost', [ + 'email' => 'john.doe@mail.com' + ]) + ->assertSeeText(trans('larapass::recovery.throttled')); } public function test_error_if_no_broker_is_set()