klevze/SkinbaseNova
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Save workspace changes

Browse Source
This commit is contained in:
Gregor Klevže
2026-04-18 17:02:56 +02:00
parent f02ea9a711
commit 87d60af5a9
4220 changed files with 1388603 additions and 1554 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
tests/Feature/Auth/RegistrationAntiSpamTest.php
View File

@@ -30,7 +30,9 @@ it('throttles excessive registration attempts by ip', function () {
for ($i = 0; $i < 2; $i++) {
$this->post('/register', [
'email' => 'user-rate-' . $i . '@example.com',
])->assertRedirect('/register/notice');
])->assertRedirect('/setup/password');
auth()->logout();
}
$this->post('/register', [
@@ -94,20 +96,23 @@ it('shows turnstile when ip is in rate-limited state', function () {
it('enforces verification email cooldown per address', function () {
Queue::fake();
$this->post('/register', [
$first = $this->post('/register', [
'email' => 'cooldown2@example.com',
])->assertRedirect('/register/notice');
]);
$first->assertRedirect('/setup/password');
auth()->logout();
$response = $this->post('/register', [
'email' => 'cooldown2@example.com',
]);
$response->assertRedirect('/register/notice');
$response->assertSessionHas('status', 'If that email is valid, we sent a verification link.');
Queue::assertPushed(SendVerificationEmailJob::class, 1);
$response->assertRedirect('/setup/password');
$response->assertSessionHas('status', 'Continue with password setup.');
Queue::assertNothingPushed();
});
it('returns generic success for existing verified emails (anti-enumeration)', function () {
it('rejects registration for existing completed emails', function () {
Queue::fake();
User::factory()->create([
@@ -117,12 +122,12 @@ it('returns generic success for existing verified emails (anti-enumeration)', fu
'is_active' => true,
]);
$response = $this->post('/register', [
$response = $this->from('/register')->post('/register', [
'email' => 'existing@example.com',
]);
$response->assertRedirect('/register/notice');
$response->assertSessionHas('status', 'If that email is valid, we sent a verification link.');
$response->assertRedirect('/register');
$response->assertSessionHasErrors('email');
Queue::assertNothingPushed();
});
@@ -151,6 +156,7 @@ it('still allows registration when turnstile passes', function () {
'cf-turnstile-response' => 'good-token',
]);
$response->assertRedirect('/register/notice');
$response->assertRedirect('/setup/password');
$this->assertDatabaseHas('users', ['email' => 'captcha-pass@example.com']);
Queue::assertNothingPushed();
});