From c0a3fa42d83d937752349b79c30056ee1675b11d Mon Sep 17 00:00:00 2001
From: Italo <DarkGhostHunter@Gmail.com>
Date: Fri, 10 Jul 2020 19:26:53 -0400
Subject: [PATCH 1/4] Minor fix to the unique detection.

---
 src/Http/RecoversWebAuthn.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Http/RecoversWebAuthn.php b/src/Http/RecoversWebAuthn.php
index 4546ffc..1398cce 100644
--- a/src/Http/RecoversWebAuthn.php
+++ b/src/Http/RecoversWebAuthn.php
@@ -120,7 +120,7 @@ protected function register(Request $request, WebAuthnAuthenticatable $user)
     protected function shouldDisableAllCredentials(Request $request)
     {
         return filter_var($request->header('WebAuthn-Unique'), FILTER_VALIDATE_BOOLEAN)
-            ?? $request->filled('unique');
+            ?: $request->filled('unique');
     }
 
     /**
@@ -176,4 +176,4 @@ public function redirectPath()
 
         return property_exists($this, 'redirectTo') ? $this->redirectTo : '/home';
     }
-}
\ No newline at end of file
+}

From 443625671a75378438f4443269a70e3d7395690e Mon Sep 17 00:00:00 2001
From: Italo <DarkGhostHunter@Gmail.com>
Date: Fri, 10 Jul 2020 19:27:05 -0400
Subject: [PATCH 2/4] Minor fix to the remember detection.

---
 src/Http/AuthenticatesWebAuthn.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/Http/AuthenticatesWebAuthn.php b/src/Http/AuthenticatesWebAuthn.php
index bb992a9..991cb6a 100644
--- a/src/Http/AuthenticatesWebAuthn.php
+++ b/src/Http/AuthenticatesWebAuthn.php
@@ -96,7 +96,8 @@ public function login(Request $request)
      */
     protected function hasRemember(Request $request)
     {
-        return $request->filled('remember') || $request->header('WebAuthn-Remember');
+        return filter_var($request->header('WebAuthn-Remember'), FILTER_VALIDATE_BOOLEAN)
+            ?: $request->filled('remember')
     }
 
     /**

From 409745ae563462080663e122487eb07a7e92317f Mon Sep 17 00:00:00 2001
From: DarkGhostHunter <DarkGhostHunter@Gmail.com>
Date: Fri, 10 Jul 2020 22:59:19 -0400
Subject: [PATCH 3/4] Fixed remember detection.

---
 src/Http/AuthenticatesWebAuthn.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Http/AuthenticatesWebAuthn.php b/src/Http/AuthenticatesWebAuthn.php
index 991cb6a..29a4696 100644
--- a/src/Http/AuthenticatesWebAuthn.php
+++ b/src/Http/AuthenticatesWebAuthn.php
@@ -97,7 +97,7 @@ public function login(Request $request)
     protected function hasRemember(Request $request)
     {
         return filter_var($request->header('WebAuthn-Remember'), FILTER_VALIDATE_BOOLEAN)
-            ?: $request->filled('remember')
+            ?: $request->filled('remember');
     }
 
     /**

From e8ba2ba3a7f8e637863c8887aa747fae9eb70113 Mon Sep 17 00:00:00 2001
From: DarkGhostHunter <DarkGhostHunter@Gmail.com>
Date: Fri, 10 Jul 2020 23:10:18 -0400
Subject: [PATCH 4/4] Added JSON tests.

---
 tests/Http/WebAuthnConfirmTest.php    |  4 ++++
 tests/Http/WebAuthnDeviceLostTest.php | 31 +++++++++++++++++++++++++++
 2 files changed, 35 insertions(+)

diff --git a/tests/Http/WebAuthnConfirmTest.php b/tests/Http/WebAuthnConfirmTest.php
index 04f0a4c..6e44c28 100644
--- a/tests/Http/WebAuthnConfirmTest.php
+++ b/tests/Http/WebAuthnConfirmTest.php
@@ -105,6 +105,10 @@ public function test_asks_for_confirmation()
             ->get('intended')
             ->assertRedirect('webauthn/confirm');
 
+        $this->actingAs($this->user)
+            ->getJson('intended')
+            ->assertSeeText('Authenticator assertion required.');
+
         $this->actingAs($this->user)
             ->followingRedirects()
             ->get('intended')
diff --git a/tests/Http/WebAuthnDeviceLostTest.php b/tests/Http/WebAuthnDeviceLostTest.php
index e8b9311..4bd8ab6 100644
--- a/tests/Http/WebAuthnDeviceLostTest.php
+++ b/tests/Http/WebAuthnDeviceLostTest.php
@@ -125,6 +125,22 @@ public function test_sends_recovery_email()
         ]);
     }
 
+    public function test_sends_recovery_email_using_json()
+    {
+        $notification = Notification::fake();
+
+        $this->postJson('webauthn/lost', [
+            'email' => 'john.doe@mail.com'
+        ])
+            ->assertSeeText(trans('larapass::recovery.sent'));
+
+        $notification->assertSentTo(TestWebAuthnUser::first(), AccountRecoveryNotification::class);
+
+        $this->assertDatabaseHas('web_authn_recoveries', [
+            'email' => 'john.doe@mail.com'
+        ]);
+    }
+
     public function test_error_if_email_invalid()
     {
         $notification = Notification::fake();
@@ -137,6 +153,11 @@ public function test_error_if_email_invalid()
             ->assertRedirect(route('webauthn.lost.form'))
             ->assertSessionHasErrors(['email']);
 
+        $this->postJson('webauthn/lost', [
+            'email' => 'invalid'
+        ])
+            ->assertSeeText('The given data was invalid');
+
         $notification->assertNothingSent();
 
         $this->assertDatabaseMissing('web_authn_recoveries', [
@@ -156,6 +177,11 @@ public function test_error_if_user_email_doesnt_exists()
             ->assertRedirect(route('webauthn.lost.form'))
             ->assertSessionHasErrors(['email']);
 
+        $this->postJson('webauthn/lost', [
+            'email' => 'foo@bar.com'
+        ])
+            ->assertSeeText('The given data was invalid');
+
         $notification->assertNothingSent();
 
         $this->assertDatabaseMissing('web_authn_recoveries', [
@@ -190,6 +216,11 @@ public function test_throttled_on_resend()
         ])
             ->assertRedirect(route('webauthn.lost.form'))
             ->assertSessionHasErrors(['email']);
+
+        $this->postJson('webauthn/lost', [
+            'email' => 'john.doe@mail.com'
+        ])
+            ->assertSeeText(trans('larapass::recovery.throttled'));
     }
 
     public function test_error_if_no_broker_is_set()