diff options
author | Joas Schilling <coding@schilljs.com> | 2023-08-30 10:33:38 +0200 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2023-09-21 11:36:55 +0200 |
commit | 2b36f0fdfa99e87bb3335abecc4d87a97a64c9f4 (patch) | |
tree | 830b142adcaeb7927fd00dee98af620e594e8187 /tests | |
parent | 61775fd6c61ff23b0be37bad467c1c447ea8c3ed (diff) |
fix(page): Add integration test
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/integration/features/bootstrap/FeatureContext.php | 24 | ||||
-rw-r--r-- | tests/integration/features/conversation/bruteforce-protection.feature | 18 |
2 files changed, 41 insertions, 1 deletions
diff --git a/tests/integration/features/bootstrap/FeatureContext.php b/tests/integration/features/bootstrap/FeatureContext.php index 2881f3b9a..bce4742d8 100644 --- a/tests/integration/features/bootstrap/FeatureContext.php +++ b/tests/integration/features/bootstrap/FeatureContext.php @@ -1089,6 +1089,30 @@ class FeatureContext implements Context, SnippetAcceptingContext { } /** + * @Then /^user "([^"]*)" views URL "([^"]*)" with query parameters and status code (\d+)$/ + * + * @param string $user + * @param string $page + * @param int $statusCode + * @param null|TableNode $formData + */ + public function userViewsURLWithQuery(string $user, string $page, int $statusCode, TableNode $formData = null): void { + $parameters = []; + if ($formData instanceof TableNode) { + foreach ($formData->getRowsHash() as $key => $value) { + $parameters[$key] = $key === 'token' ? (self::$identifierToToken[$value] ?? $value) : $value; + } + } + + $this->setCurrentUser($user); + $this->sendFrontpageRequest( + 'GET', '/' . $page . '?' . http_build_query($parameters) + ); + + $this->assertStatusCode($this->response, $statusCode); + } + + /** * @Then /^user "([^"]*)" sets notifications to (default|disabled|mention|all) for room "([^"]*)" \((v4)\)$/ * * @param string $user diff --git a/tests/integration/features/conversation/bruteforce-protection.feature b/tests/integration/features/conversation/bruteforce-protection.feature index ce0880977..7f15ee33c 100644 --- a/tests/integration/features/conversation/bruteforce-protection.feature +++ b/tests/integration/features/conversation/bruteforce-protection.feature @@ -63,7 +63,6 @@ Feature: conversation/bruteforce-protection Then the following brute force attempts are registered And disable brute force protection - # Note: This test takes quite long … Scenario: User gets blocked after some attempts Given enable brute force protection Then the following brute force attempts are registered @@ -81,3 +80,20 @@ Feature: conversation/bruteforce-protection Then the following brute force attempts are registered | talkRoomToken | 11 | And disable brute force protection + + Scenario: Prevent brute forcing on an endpoint that is not meant to handle the password + Given enable brute force protection + And user "participant1" creates room "room" (v4) + | roomType | 3 | + | roomName | room | + And user "participant1" sets password "foobar" for room "room" with 200 (v4) + Then the following brute force attempts are registered + And user "participant2" joins room "room" with 403 (v4) + Then the following brute force attempts are registered + | talkRoomPassword | 1 | + When user "participant2" views URL "apps/spreed" with query parameters and status code 200 + | token | room | + | password | foobar | + Then the following brute force attempts are registered + | talkRoomPassword | 1 | + And disable brute force protection |