From e424c2638b7fd86e8fd619d1f26898295a1aad65 Mon Sep 17 00:00:00 2001
From: Nico Stapelbroek <nstapelbroek@gmail.com>
Date: Tue, 6 Mar 2018 23:30:53 +0100
Subject: [PATCH] Signup routes are actually whitelisted

---
 .../Providers/RouteServiceProvider.php        |  2 ++
 .../Providers/RouteServiceProviderTest.php    | 19 +++++++++----------
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/app/Foundation/Providers/RouteServiceProvider.php b/app/Foundation/Providers/RouteServiceProvider.php
index 99179da5..9a17c2a6 100644
--- a/app/Foundation/Providers/RouteServiceProvider.php
+++ b/app/Foundation/Providers/RouteServiceProvider.php
@@ -19,6 +19,7 @@ use CachetHQ\Cachet\Http\Routes\ApiSystemRoutes;
 use CachetHQ\Cachet\Http\Routes\AuthRoutes;
 use CachetHQ\Cachet\Http\Routes\Setup\ApiRoutes as ApiSetupRoutes;
 use CachetHQ\Cachet\Http\Routes\SetupRoutes;
+use CachetHQ\Cachet\Http\Routes\SignupRoutes;
 use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
 use Illuminate\Cookie\Middleware\EncryptCookies;
 use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
@@ -56,6 +57,7 @@ class RouteServiceProvider extends ServiceProvider
     protected $whitelistedAuthRoutes = [
         AuthRoutes::class,
         SetupRoutes::class,
+        SignupRoutes::class,
         ApiSystemRoutes::class,
         ApiSetupRoutes::class,
     ];
diff --git a/tests/Foundation/Providers/RouteServiceProviderTest.php b/tests/Foundation/Providers/RouteServiceProviderTest.php
index 356bf534..f88f03f8 100644
--- a/tests/Foundation/Providers/RouteServiceProviderTest.php
+++ b/tests/Foundation/Providers/RouteServiceProviderTest.php
@@ -11,9 +11,9 @@
 
 namespace CachetHQ\Tests\Cachet\Foundation\Providers;
 
-use CachetHQ\Cachet\Http\Middleware\Authenticate;
 use AltThree\TestBench\ServiceProviderTrait;
 use CachetHQ\Cachet\Foundation\Providers\RouteServiceProvider;
+use CachetHQ\Cachet\Http\Middleware\Authenticate;
 use CachetHQ\Tests\Cachet\AbstractTestCase;
 use Illuminate\Routing\Route;
 use Illuminate\Routing\RouteCollection;
@@ -37,7 +37,9 @@ class RouteServiceProviderTest extends AbstractTestCase
             'core::get:auth.login',
             'core::post:auth.login',
             'core::post:auth.two-factor',
-            'core::get:auth.logout'
+            'core::get:auth.logout',
+            'core::get:signup.invite',
+            'core::post:signup.invite',
         ];
 
         $this->assertRoutesDontHaveAuthMiddleware($loginRoutes, $this->bootRouter(true));
@@ -113,7 +115,6 @@ class RouteServiceProviderTest extends AbstractTestCase
         }
     }
 
-
     /**
      * When enabling the always authenticate setting, the core frontpage routes require authentication.
      */
@@ -127,8 +128,6 @@ class RouteServiceProviderTest extends AbstractTestCase
             'core::get:component_shield',
             'core::get:feed.atom',
             'core::get:feed.rss',
-            'core::get:signup.invite',
-            'core::post:signup.invite',
             'core::get:subscribe',
             'core::post:subscribe',
             'core::get:subscribe.manage',
@@ -154,8 +153,6 @@ class RouteServiceProviderTest extends AbstractTestCase
             'core::get:component_shield',
             'core::get:feed.atom',
             'core::get:feed.rss',
-            'core::get:signup.invite',
-            'core::post:signup.invite',
             'core::get:subscribe',
             'core::post:subscribe',
             'core::get:subscribe.manage',
@@ -170,7 +167,8 @@ class RouteServiceProviderTest extends AbstractTestCase
     /**
      * A helper method that will execute the RouteProvider's map function and return a clean router.
      *
-     * @param boolean $alwaysAuthenticate
+     * @param bool $alwaysAuthenticate
+     *
      * @return Router
      */
     private function bootRouter($alwaysAuthenticate)
@@ -181,6 +179,7 @@ class RouteServiceProviderTest extends AbstractTestCase
 
         $routeServiceProvider = new RouteServiceProvider($this->app);
         $routeServiceProvider->map($router);
+
         return $router;
     }
 
@@ -188,7 +187,7 @@ class RouteServiceProviderTest extends AbstractTestCase
      * Assertion helper that asserts if the authentication middleware has not been injected onto
      * the collection of named routes.
      *
-     * @param array $routeNames
+     * @param array  $routeNames
      * @param Router $router
      */
     private function assertRoutesDontHaveAuthMiddleware(array $routeNames, Router $router)
@@ -206,7 +205,7 @@ class RouteServiceProviderTest extends AbstractTestCase
      * Assertion helper that asserts if the authentication middleware has been injected onto
      * the collection of named routes.
      *
-     * @param array $routeNames
+     * @param array  $routeNames
      * @param Router $router
      */
     private function assertRoutesHaveAuthMiddleware(array $routeNames, Router $router)