From 2b36f0fdfa99e87bb3335abecc4d87a97a64c9f4 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Wed, 30 Aug 2023 10:33:38 +0200
Subject: fix(page): Add integration test

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 .../features/bootstrap/FeatureContext.php          | 24 ++++++++++++++++++++++
 .../conversation/bruteforce-protection.feature     | 18 +++++++++++++++-
 2 files changed, 41 insertions(+), 1 deletion(-)

(limited to 'tests')

diff --git a/tests/integration/features/bootstrap/FeatureContext.php b/tests/integration/features/bootstrap/FeatureContext.php
index 2881f3b9a..bce4742d8 100644
--- a/tests/integration/features/bootstrap/FeatureContext.php
+++ b/tests/integration/features/bootstrap/FeatureContext.php
@@ -1088,6 +1088,30 @@ class FeatureContext implements Context, SnippetAcceptingContext {
 		}
 	}
 
+	/**
+	 * @Then /^user "([^"]*)" views URL "([^"]*)" with query parameters and status code (\d+)$/
+	 *
+	 * @param string $user
+	 * @param string $page
+	 * @param int $statusCode
+	 * @param null|TableNode $formData
+	 */
+	public function userViewsURLWithQuery(string $user, string $page, int $statusCode, TableNode $formData = null): void {
+		$parameters = [];
+		if ($formData instanceof TableNode) {
+			foreach ($formData->getRowsHash() as $key => $value) {
+				$parameters[$key] = $key === 'token' ? (self::$identifierToToken[$value] ?? $value) : $value;
+			}
+		}
+
+		$this->setCurrentUser($user);
+		$this->sendFrontpageRequest(
+			'GET', '/' . $page . '?' . http_build_query($parameters)
+		);
+
+		$this->assertStatusCode($this->response, $statusCode);
+	}
+
 	/**
 	 * @Then /^user "([^"]*)" sets notifications to (default|disabled|mention|all) for room "([^"]*)" \((v4)\)$/
 	 *
diff --git a/tests/integration/features/conversation/bruteforce-protection.feature b/tests/integration/features/conversation/bruteforce-protection.feature
index ce0880977..7f15ee33c 100644
--- a/tests/integration/features/conversation/bruteforce-protection.feature
+++ b/tests/integration/features/conversation/bruteforce-protection.feature
@@ -63,7 +63,6 @@ Feature: conversation/bruteforce-protection
     Then the following brute force attempts are registered
     And disable brute force protection
 
-  # Note: This test takes quite long …
   Scenario: User gets blocked after some attempts
     Given enable brute force protection
     Then the following brute force attempts are registered
@@ -81,3 +80,20 @@ Feature: conversation/bruteforce-protection
     Then the following brute force attempts are registered
       | talkRoomToken | 11 |
     And disable brute force protection
+
+  Scenario: Prevent brute forcing on an endpoint that is not meant to handle the password
+    Given enable brute force protection
+    And user "participant1" creates room "room" (v4)
+      | roomType | 3 |
+      | roomName | room |
+    And user "participant1" sets password "foobar" for room "room" with 200 (v4)
+    Then the following brute force attempts are registered
+    And user "participant2" joins room "room" with 403 (v4)
+    Then the following brute force attempts are registered
+      | talkRoomPassword | 1 |
+    When user "participant2" views URL "apps/spreed" with query parameters and status code 200
+      | token | room |
+      | password | foobar |
+    Then the following brute force attempts are registered
+      | talkRoomPassword | 1 |
+    And disable brute force protection
-- 
cgit v1.2.3