lucas.mathieu/cachet-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Signup routes are actually whitelisted

Browse Source
This commit is contained in:
Nico Stapelbroek
2018-03-06 23:30:53 +01:00
parent f545d65a38
commit e424c2638b
2 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/Foundation/Providers/RouteServiceProvider.php
+2
View File
@@ -19,6 +19,7 @@ use CachetHQ\Cachet\Http\Routes\ApiSystemRoutes;
use CachetHQ\Cachet\Http\Routes\AuthRoutes; use CachetHQ\Cachet\Http\Routes\AuthRoutes;
use CachetHQ\Cachet\Http\Routes\Setup\ApiRoutes as ApiSetupRoutes; use CachetHQ\Cachet\Http\Routes\Setup\ApiRoutes as ApiSetupRoutes;
use CachetHQ\Cachet\Http\Routes\SetupRoutes; use CachetHQ\Cachet\Http\Routes\SetupRoutes;
use CachetHQ\Cachet\Http\Routes\SignupRoutes;
use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse; use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
use Illuminate\Cookie\Middleware\EncryptCookies; use Illuminate\Cookie\Middleware\EncryptCookies;
use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken; use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
@@ -56,6 +57,7 @@ class RouteServiceProvider extends ServiceProvider
protected $whitelistedAuthRoutes = [ protected $whitelistedAuthRoutes = [
AuthRoutes::class, AuthRoutes::class,
SetupRoutes::class, SetupRoutes::class,
SignupRoutes::class,
ApiSystemRoutes::class, ApiSystemRoutes::class,
ApiSetupRoutes::class, ApiSetupRoutes::class,
]; ];
tests/Foundation/Providers/RouteServiceProviderTest.php
+9 -10
View File
@@ -11,9 +11,9 @@
namespace CachetHQ\Tests\Cachet\Foundation\Providers; namespace CachetHQ\Tests\Cachet\Foundation\Providers;
use CachetHQ\Cachet\Http\Middleware\Authenticate;
use AltThree\TestBench\ServiceProviderTrait; use AltThree\TestBench\ServiceProviderTrait;
use CachetHQ\Cachet\Foundation\Providers\RouteServiceProvider; use CachetHQ\Cachet\Foundation\Providers\RouteServiceProvider;
use CachetHQ\Cachet\Http\Middleware\Authenticate;
use CachetHQ\Tests\Cachet\AbstractTestCase; use CachetHQ\Tests\Cachet\AbstractTestCase;
use Illuminate\Routing\Route; use Illuminate\Routing\Route;
use Illuminate\Routing\RouteCollection; use Illuminate\Routing\RouteCollection;
@@ -37,7 +37,9 @@ class RouteServiceProviderTest extends AbstractTestCase
'core::get:auth.login', 'core::get:auth.login',
'core::post:auth.login', 'core::post:auth.login',
'core::post:auth.two-factor', 'core::post:auth.two-factor',
'core::get:auth.logout' 'core::get:auth.logout',
'core::get:signup.invite',
'core::post:signup.invite',
]; ];
$this->assertRoutesDontHaveAuthMiddleware($loginRoutes, $this->bootRouter(true)); $this->assertRoutesDontHaveAuthMiddleware($loginRoutes, $this->bootRouter(true));
@@ -113,7 +115,6 @@ class RouteServiceProviderTest extends AbstractTestCase
} }
} }
/** /**
* When enabling the always authenticate setting, the core frontpage routes require authentication. * When enabling the always authenticate setting, the core frontpage routes require authentication.
*/ */
@@ -127,8 +128,6 @@ class RouteServiceProviderTest extends AbstractTestCase
'core::get:component_shield', 'core::get:component_shield',
'core::get:feed.atom', 'core::get:feed.atom',
'core::get:feed.rss', 'core::get:feed.rss',
'core::get:signup.invite',
'core::post:signup.invite',
'core::get:subscribe', 'core::get:subscribe',
'core::post:subscribe', 'core::post:subscribe',
'core::get:subscribe.manage', 'core::get:subscribe.manage',
@@ -154,8 +153,6 @@ class RouteServiceProviderTest extends AbstractTestCase
'core::get:component_shield', 'core::get:component_shield',
'core::get:feed.atom', 'core::get:feed.atom',
'core::get:feed.rss', 'core::get:feed.rss',
'core::get:signup.invite',
'core::post:signup.invite',
'core::get:subscribe', 'core::get:subscribe',
'core::post:subscribe', 'core::post:subscribe',
'core::get:subscribe.manage', 'core::get:subscribe.manage',
@@ -170,7 +167,8 @@ class RouteServiceProviderTest extends AbstractTestCase
/** /**
* A helper method that will execute the RouteProvider's map function and return a clean router. * A helper method that will execute the RouteProvider's map function and return a clean router.
* *
* @param boolean $alwaysAuthenticate * @param bool $alwaysAuthenticate
*
* @return Router * @return Router
*/ */
private function bootRouter($alwaysAuthenticate) private function bootRouter($alwaysAuthenticate)
@@ -181,6 +179,7 @@ class RouteServiceProviderTest extends AbstractTestCase
$routeServiceProvider = new RouteServiceProvider($this->app); $routeServiceProvider = new RouteServiceProvider($this->app);
$routeServiceProvider->map($router); $routeServiceProvider->map($router);
return $router; return $router;
} }
@@ -188,7 +187,7 @@ class RouteServiceProviderTest extends AbstractTestCase
* Assertion helper that asserts if the authentication middleware has not been injected onto * Assertion helper that asserts if the authentication middleware has not been injected onto
* the collection of named routes. * the collection of named routes.
* *
* @param array $routeNames * @param array $routeNames
* @param Router $router * @param Router $router
*/ */
private function assertRoutesDontHaveAuthMiddleware(array $routeNames, Router $router) private function assertRoutesDontHaveAuthMiddleware(array $routeNames, Router $router)
@@ -206,7 +205,7 @@ class RouteServiceProviderTest extends AbstractTestCase
* Assertion helper that asserts if the authentication middleware has been injected onto * Assertion helper that asserts if the authentication middleware has been injected onto
* the collection of named routes. * the collection of named routes.
* *
* @param array $routeNames * @param array $routeNames
* @param Router $router * @param Router $router
*/ */
private function assertRoutesHaveAuthMiddleware(array $routeNames, Router $router) private function assertRoutesHaveAuthMiddleware(array $routeNames, Router $router)