Signup routes are actually whitelisted

2018-03-06 23:30:53 +01:00
parent f545d65a38
commit e424c2638b
2 changed files with 11 additions and 10 deletions
--- a/app/Foundation/Providers/RouteServiceProvider.php
+++ b/app/Foundation/Providers/RouteServiceProvider.php
@@ -19,6 +19,7 @@ use CachetHQ\Cachet\Http\Routes\ApiSystemRoutes;
 use CachetHQ\Cachet\Http\Routes\AuthRoutes;
 use CachetHQ\Cachet\Http\Routes\Setup\ApiRoutes as ApiSetupRoutes;
 use CachetHQ\Cachet\Http\Routes\SetupRoutes;
+use CachetHQ\Cachet\Http\Routes\SignupRoutes;
 use Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse;
 use Illuminate\Cookie\Middleware\EncryptCookies;
 use Illuminate\Foundation\Http\Middleware\VerifyCsrfToken;
@@ -56,6 +57,7 @@ class RouteServiceProvider extends ServiceProvider
    protected $whitelistedAuthRoutes = [
        AuthRoutes::class,
        SetupRoutes::class,
+        SignupRoutes::class,
        ApiSystemRoutes::class,
        ApiSetupRoutes::class,
    ];
--- a/tests/Foundation/Providers/RouteServiceProviderTest.php
+++ b/tests/Foundation/Providers/RouteServiceProviderTest.php
@@ -11,9 +11,9 @@

 namespace CachetHQ\Tests\Cachet\Foundation\Providers;

-use CachetHQ\Cachet\Http\Middleware\Authenticate;
 use AltThree\TestBench\ServiceProviderTrait;
 use CachetHQ\Cachet\Foundation\Providers\RouteServiceProvider;
+use CachetHQ\Cachet\Http\Middleware\Authenticate;
 use CachetHQ\Tests\Cachet\AbstractTestCase;
 use Illuminate\Routing\Route;
 use Illuminate\Routing\RouteCollection;
@@ -37,7 +37,9 @@ class RouteServiceProviderTest extends AbstractTestCase
            'core::get:auth.login',
            'core::post:auth.login',
            'core::post:auth.two-factor',
-            'core::get:auth.logout'
+            'core::get:auth.logout',
+            'core::get:signup.invite',
+            'core::post:signup.invite',
        ];

        $this->assertRoutesDontHaveAuthMiddleware($loginRoutes, $this->bootRouter(true));
@@ -113,7 +115,6 @@ class RouteServiceProviderTest extends AbstractTestCase
        }
    }

-
    /**
     * When enabling the always authenticate setting, the core frontpage routes require authentication.
     */
@@ -127,8 +128,6 @@ class RouteServiceProviderTest extends AbstractTestCase
            'core::get:component_shield',
            'core::get:feed.atom',
            'core::get:feed.rss',
-            'core::get:signup.invite',
-            'core::post:signup.invite',
            'core::get:subscribe',
            'core::post:subscribe',
            'core::get:subscribe.manage',
@@ -154,8 +153,6 @@ class RouteServiceProviderTest extends AbstractTestCase
            'core::get:component_shield',
            'core::get:feed.atom',
            'core::get:feed.rss',
-            'core::get:signup.invite',
-            'core::post:signup.invite',
            'core::get:subscribe',
            'core::post:subscribe',
            'core::get:subscribe.manage',
@@ -170,7 +167,8 @@ class RouteServiceProviderTest extends AbstractTestCase
    /**
     * A helper method that will execute the RouteProvider's map function and return a clean router.
     *
-     * @param boolean $alwaysAuthenticate
+     * @param bool $alwaysAuthenticate
+     *
     * @return Router
     */
    private function bootRouter($alwaysAuthenticate)
@@ -181,6 +179,7 @@ class RouteServiceProviderTest extends AbstractTestCase

        $routeServiceProvider = new RouteServiceProvider($this->app);
        $routeServiceProvider->map($router);
+
        return $router;
    }