2022-09-20 21:59:52 +02:00
|
|
|
<?php
|
|
|
|
|
|
|
|
|
|
use App\Models\User;
|
Email spam security (#641)
* Add hCaptcha on register page
* register page captcha test cases
* Refactor integration validation rules to include form context
- Updated the `getValidationRules` method in various integration handlers (Discord, Email, Google Sheets, Slack, Webhook, Zapier) to accept an optional `Form` parameter, allowing for context-aware validation.
- Enhanced the `EmailIntegration` handler to enforce restrictions based on user plans, ensuring free users can only create one email integration per form and can only send to a single email address.
- Added a new test suite for `EmailIntegration` to validate the new restrictions and ensure proper functionality for both free and pro users.
- Introduced loading state management in the `IntegrationModal` component to improve user experience during save operations.
These changes improve the flexibility and user experience of form integrations, particularly for email handling.
* for self-hosted ignore emil validation for spam
* fix pint
* ignore register throttle for testing env
* support new migration for mysql also
* Register page captcha enable if captcha key set
* fix test case
* fix test case
* fix test case
* fix pint
* Refactor RegisterController middleware and update TestCase setup
- Removed environment check for throttling middleware in RegisterController, ensuring consistent rate limiting for the registration endpoint.
- Updated TestCase to disable throttle middleware during tests, allowing for more flexible testing scenarios without rate limiting interference.
* Enhance hCaptcha integration in tests and configuration
- Added hCaptcha site and secret keys to phpunit.xml for testing purposes.
- Updated RegisterTest to configure hCaptcha secret key dynamically, ensuring proper token validation in production environment.
These changes improve the testing setup for hCaptcha, facilitating more accurate simulation of production conditions.
---------
Co-authored-by: Julien Nahum <julien@nahum.net>
2024-12-18 13:16:27 +01:00
|
|
|
use App\Rules\ValidHCaptcha;
|
|
|
|
|
use Illuminate\Support\Facades\Http;
|
2024-02-23 11:54:12 +01:00
|
|
|
|
2022-09-20 21:59:52 +02:00
|
|
|
it('can register', function () {
|
Email spam security (#641)
* Add hCaptcha on register page
* register page captcha test cases
* Refactor integration validation rules to include form context
- Updated the `getValidationRules` method in various integration handlers (Discord, Email, Google Sheets, Slack, Webhook, Zapier) to accept an optional `Form` parameter, allowing for context-aware validation.
- Enhanced the `EmailIntegration` handler to enforce restrictions based on user plans, ensuring free users can only create one email integration per form and can only send to a single email address.
- Added a new test suite for `EmailIntegration` to validate the new restrictions and ensure proper functionality for both free and pro users.
- Introduced loading state management in the `IntegrationModal` component to improve user experience during save operations.
These changes improve the flexibility and user experience of form integrations, particularly for email handling.
* for self-hosted ignore emil validation for spam
* fix pint
* ignore register throttle for testing env
* support new migration for mysql also
* Register page captcha enable if captcha key set
* fix test case
* fix test case
* fix test case
* fix pint
* Refactor RegisterController middleware and update TestCase setup
- Removed environment check for throttling middleware in RegisterController, ensuring consistent rate limiting for the registration endpoint.
- Updated TestCase to disable throttle middleware during tests, allowing for more flexible testing scenarios without rate limiting interference.
* Enhance hCaptcha integration in tests and configuration
- Added hCaptcha site and secret keys to phpunit.xml for testing purposes.
- Updated RegisterTest to configure hCaptcha secret key dynamically, ensuring proper token validation in production environment.
These changes improve the testing setup for hCaptcha, facilitating more accurate simulation of production conditions.
---------
Co-authored-by: Julien Nahum <julien@nahum.net>
2024-12-18 13:16:27 +01:00
|
|
|
|
|
|
|
|
Http::fake([
|
|
|
|
|
ValidHCaptcha::H_CAPTCHA_VERIFY_URL => Http::response(['success' => true])
|
|
|
|
|
]);
|
|
|
|
|
|
2024-01-14 20:52:14 +01:00
|
|
|
$this->postJson('/register', [
|
2022-09-20 21:59:52 +02:00
|
|
|
'name' => 'Test User',
|
|
|
|
|
'email' => 'test@test.app',
|
|
|
|
|
'hear_about_us' => 'google',
|
|
|
|
|
'password' => 'secret',
|
|
|
|
|
'password_confirmation' => 'secret',
|
2024-02-23 11:54:12 +01:00
|
|
|
'agree_terms' => true,
|
Email spam security (#641)
* Add hCaptcha on register page
* register page captcha test cases
* Refactor integration validation rules to include form context
- Updated the `getValidationRules` method in various integration handlers (Discord, Email, Google Sheets, Slack, Webhook, Zapier) to accept an optional `Form` parameter, allowing for context-aware validation.
- Enhanced the `EmailIntegration` handler to enforce restrictions based on user plans, ensuring free users can only create one email integration per form and can only send to a single email address.
- Added a new test suite for `EmailIntegration` to validate the new restrictions and ensure proper functionality for both free and pro users.
- Introduced loading state management in the `IntegrationModal` component to improve user experience during save operations.
These changes improve the flexibility and user experience of form integrations, particularly for email handling.
* for self-hosted ignore emil validation for spam
* fix pint
* ignore register throttle for testing env
* support new migration for mysql also
* Register page captcha enable if captcha key set
* fix test case
* fix test case
* fix test case
* fix pint
* Refactor RegisterController middleware and update TestCase setup
- Removed environment check for throttling middleware in RegisterController, ensuring consistent rate limiting for the registration endpoint.
- Updated TestCase to disable throttle middleware during tests, allowing for more flexible testing scenarios without rate limiting interference.
* Enhance hCaptcha integration in tests and configuration
- Added hCaptcha site and secret keys to phpunit.xml for testing purposes.
- Updated RegisterTest to configure hCaptcha secret key dynamically, ensuring proper token validation in production environment.
These changes improve the testing setup for hCaptcha, facilitating more accurate simulation of production conditions.
---------
Co-authored-by: Julien Nahum <julien@nahum.net>
2024-12-18 13:16:27 +01:00
|
|
|
'h-captcha-response' => 'test-token', // Mock token for testing
|
2022-09-20 21:59:52 +02:00
|
|
|
])
|
|
|
|
|
->assertSuccessful()
|
|
|
|
|
->assertJsonStructure(['id', 'name', 'email']);
|
Email spam security (#641)
* Add hCaptcha on register page
* register page captcha test cases
* Refactor integration validation rules to include form context
- Updated the `getValidationRules` method in various integration handlers (Discord, Email, Google Sheets, Slack, Webhook, Zapier) to accept an optional `Form` parameter, allowing for context-aware validation.
- Enhanced the `EmailIntegration` handler to enforce restrictions based on user plans, ensuring free users can only create one email integration per form and can only send to a single email address.
- Added a new test suite for `EmailIntegration` to validate the new restrictions and ensure proper functionality for both free and pro users.
- Introduced loading state management in the `IntegrationModal` component to improve user experience during save operations.
These changes improve the flexibility and user experience of form integrations, particularly for email handling.
* for self-hosted ignore emil validation for spam
* fix pint
* ignore register throttle for testing env
* support new migration for mysql also
* Register page captcha enable if captcha key set
* fix test case
* fix test case
* fix test case
* fix pint
* Refactor RegisterController middleware and update TestCase setup
- Removed environment check for throttling middleware in RegisterController, ensuring consistent rate limiting for the registration endpoint.
- Updated TestCase to disable throttle middleware during tests, allowing for more flexible testing scenarios without rate limiting interference.
* Enhance hCaptcha integration in tests and configuration
- Added hCaptcha site and secret keys to phpunit.xml for testing purposes.
- Updated RegisterTest to configure hCaptcha secret key dynamically, ensuring proper token validation in production environment.
These changes improve the testing setup for hCaptcha, facilitating more accurate simulation of production conditions.
---------
Co-authored-by: Julien Nahum <julien@nahum.net>
2024-12-18 13:16:27 +01:00
|
|
|
|
|
|
|
|
$user = User::where('email', 'test@test.app')->first();
|
|
|
|
|
expect($user)->not->toBeNull();
|
|
|
|
|
expect($user->meta)->toHaveKey('registration_ip');
|
|
|
|
|
expect($user->meta['registration_ip'])->toBe(request()->ip());
|
2022-09-20 21:59:52 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
it('cannot register with existing email', function () {
|
|
|
|
|
User::factory()->create(['email' => 'test@test.app']);
|
|
|
|
|
|
2024-01-14 20:52:14 +01:00
|
|
|
$this->postJson('/register', [
|
2022-09-20 21:59:52 +02:00
|
|
|
'name' => 'Test User',
|
|
|
|
|
'email' => 'test@test.app',
|
|
|
|
|
'password' => 'secret',
|
|
|
|
|
'password_confirmation' => 'secret',
|
Email spam security (#641)
* Add hCaptcha on register page
* register page captcha test cases
* Refactor integration validation rules to include form context
- Updated the `getValidationRules` method in various integration handlers (Discord, Email, Google Sheets, Slack, Webhook, Zapier) to accept an optional `Form` parameter, allowing for context-aware validation.
- Enhanced the `EmailIntegration` handler to enforce restrictions based on user plans, ensuring free users can only create one email integration per form and can only send to a single email address.
- Added a new test suite for `EmailIntegration` to validate the new restrictions and ensure proper functionality for both free and pro users.
- Introduced loading state management in the `IntegrationModal` component to improve user experience during save operations.
These changes improve the flexibility and user experience of form integrations, particularly for email handling.
* for self-hosted ignore emil validation for spam
* fix pint
* ignore register throttle for testing env
* support new migration for mysql also
* Register page captcha enable if captcha key set
* fix test case
* fix test case
* fix test case
* fix pint
* Refactor RegisterController middleware and update TestCase setup
- Removed environment check for throttling middleware in RegisterController, ensuring consistent rate limiting for the registration endpoint.
- Updated TestCase to disable throttle middleware during tests, allowing for more flexible testing scenarios without rate limiting interference.
* Enhance hCaptcha integration in tests and configuration
- Added hCaptcha site and secret keys to phpunit.xml for testing purposes.
- Updated RegisterTest to configure hCaptcha secret key dynamically, ensuring proper token validation in production environment.
These changes improve the testing setup for hCaptcha, facilitating more accurate simulation of production conditions.
---------
Co-authored-by: Julien Nahum <julien@nahum.net>
2024-12-18 13:16:27 +01:00
|
|
|
'h-captcha-response' => 'test-token',
|
2022-09-20 21:59:52 +02:00
|
|
|
])
|
|
|
|
|
->assertStatus(422)
|
|
|
|
|
->assertJsonValidationErrors(['email']);
|
|
|
|
|
});
|
2023-04-28 11:37:39 +02:00
|
|
|
|
|
|
|
|
it('cannot register with disposable email', function () {
|
Email spam security (#641)
* Add hCaptcha on register page
* register page captcha test cases
* Refactor integration validation rules to include form context
- Updated the `getValidationRules` method in various integration handlers (Discord, Email, Google Sheets, Slack, Webhook, Zapier) to accept an optional `Form` parameter, allowing for context-aware validation.
- Enhanced the `EmailIntegration` handler to enforce restrictions based on user plans, ensuring free users can only create one email integration per form and can only send to a single email address.
- Added a new test suite for `EmailIntegration` to validate the new restrictions and ensure proper functionality for both free and pro users.
- Introduced loading state management in the `IntegrationModal` component to improve user experience during save operations.
These changes improve the flexibility and user experience of form integrations, particularly for email handling.
* for self-hosted ignore emil validation for spam
* fix pint
* ignore register throttle for testing env
* support new migration for mysql also
* Register page captcha enable if captcha key set
* fix test case
* fix test case
* fix test case
* fix pint
* Refactor RegisterController middleware and update TestCase setup
- Removed environment check for throttling middleware in RegisterController, ensuring consistent rate limiting for the registration endpoint.
- Updated TestCase to disable throttle middleware during tests, allowing for more flexible testing scenarios without rate limiting interference.
* Enhance hCaptcha integration in tests and configuration
- Added hCaptcha site and secret keys to phpunit.xml for testing purposes.
- Updated RegisterTest to configure hCaptcha secret key dynamically, ensuring proper token validation in production environment.
These changes improve the testing setup for hCaptcha, facilitating more accurate simulation of production conditions.
---------
Co-authored-by: Julien Nahum <julien@nahum.net>
2024-12-18 13:16:27 +01:00
|
|
|
Http::fake([
|
|
|
|
|
ValidHCaptcha::H_CAPTCHA_VERIFY_URL => Http::response(['success' => true])
|
|
|
|
|
]);
|
|
|
|
|
|
2023-04-28 11:37:39 +02:00
|
|
|
// Select random email
|
2024-06-10 16:10:14 +02:00
|
|
|
$email = [
|
2024-01-14 20:52:14 +01:00
|
|
|
'dumliyupse@gufum.com',
|
|
|
|
|
'kcs79722@zslsz.com',
|
|
|
|
|
'pfizexwxtdifxupdhr@tpwlb.com',
|
2024-02-23 11:54:12 +01:00
|
|
|
'qvj86ypqfm@email.edu.pl',
|
2024-06-10 16:10:14 +02:00
|
|
|
][rand(0, 3)];
|
2023-04-28 11:37:39 +02:00
|
|
|
|
2024-01-14 20:52:14 +01:00
|
|
|
$this->postJson('/register', [
|
2024-02-23 11:54:12 +01:00
|
|
|
'name' => 'Test disposable',
|
|
|
|
|
'email' => $email,
|
|
|
|
|
'hear_about_us' => 'google',
|
|
|
|
|
'password' => 'secret',
|
|
|
|
|
'password_confirmation' => 'secret',
|
|
|
|
|
'agree_terms' => true,
|
Email spam security (#641)
* Add hCaptcha on register page
* register page captcha test cases
* Refactor integration validation rules to include form context
- Updated the `getValidationRules` method in various integration handlers (Discord, Email, Google Sheets, Slack, Webhook, Zapier) to accept an optional `Form` parameter, allowing for context-aware validation.
- Enhanced the `EmailIntegration` handler to enforce restrictions based on user plans, ensuring free users can only create one email integration per form and can only send to a single email address.
- Added a new test suite for `EmailIntegration` to validate the new restrictions and ensure proper functionality for both free and pro users.
- Introduced loading state management in the `IntegrationModal` component to improve user experience during save operations.
These changes improve the flexibility and user experience of form integrations, particularly for email handling.
* for self-hosted ignore emil validation for spam
* fix pint
* ignore register throttle for testing env
* support new migration for mysql also
* Register page captcha enable if captcha key set
* fix test case
* fix test case
* fix test case
* fix pint
* Refactor RegisterController middleware and update TestCase setup
- Removed environment check for throttling middleware in RegisterController, ensuring consistent rate limiting for the registration endpoint.
- Updated TestCase to disable throttle middleware during tests, allowing for more flexible testing scenarios without rate limiting interference.
* Enhance hCaptcha integration in tests and configuration
- Added hCaptcha site and secret keys to phpunit.xml for testing purposes.
- Updated RegisterTest to configure hCaptcha secret key dynamically, ensuring proper token validation in production environment.
These changes improve the testing setup for hCaptcha, facilitating more accurate simulation of production conditions.
---------
Co-authored-by: Julien Nahum <julien@nahum.net>
2024-12-18 13:16:27 +01:00
|
|
|
'h-captcha-response' => 'test-token',
|
2024-02-23 11:54:12 +01:00
|
|
|
])
|
2023-04-28 11:37:39 +02:00
|
|
|
->assertStatus(422)
|
|
|
|
|
->assertJsonValidationErrors(['email'])
|
|
|
|
|
->assertJson([
|
|
|
|
|
'message' => 'Disposable email addresses are not allowed.',
|
|
|
|
|
'errors' => [
|
|
|
|
|
'email' => [
|
|
|
|
|
'Disposable email addresses are not allowed.',
|
|
|
|
|
],
|
|
|
|
|
],
|
|
|
|
|
]);
|
2024-01-14 20:52:14 +01:00
|
|
|
});
|
Email spam security (#641)
* Add hCaptcha on register page
* register page captcha test cases
* Refactor integration validation rules to include form context
- Updated the `getValidationRules` method in various integration handlers (Discord, Email, Google Sheets, Slack, Webhook, Zapier) to accept an optional `Form` parameter, allowing for context-aware validation.
- Enhanced the `EmailIntegration` handler to enforce restrictions based on user plans, ensuring free users can only create one email integration per form and can only send to a single email address.
- Added a new test suite for `EmailIntegration` to validate the new restrictions and ensure proper functionality for both free and pro users.
- Introduced loading state management in the `IntegrationModal` component to improve user experience during save operations.
These changes improve the flexibility and user experience of form integrations, particularly for email handling.
* for self-hosted ignore emil validation for spam
* fix pint
* ignore register throttle for testing env
* support new migration for mysql also
* Register page captcha enable if captcha key set
* fix test case
* fix test case
* fix test case
* fix pint
* Refactor RegisterController middleware and update TestCase setup
- Removed environment check for throttling middleware in RegisterController, ensuring consistent rate limiting for the registration endpoint.
- Updated TestCase to disable throttle middleware during tests, allowing for more flexible testing scenarios without rate limiting interference.
* Enhance hCaptcha integration in tests and configuration
- Added hCaptcha site and secret keys to phpunit.xml for testing purposes.
- Updated RegisterTest to configure hCaptcha secret key dynamically, ensuring proper token validation in production environment.
These changes improve the testing setup for hCaptcha, facilitating more accurate simulation of production conditions.
---------
Co-authored-by: Julien Nahum <julien@nahum.net>
2024-12-18 13:16:27 +01:00
|
|
|
|
|
|
|
|
it('requires hcaptcha token in production', function () {
|
|
|
|
|
config(['services.h_captcha.secret_key' => 'test-key']);
|
|
|
|
|
|
|
|
|
|
Http::fake([
|
|
|
|
|
ValidHCaptcha::H_CAPTCHA_VERIFY_URL => Http::response(['success' => true])
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
$this->postJson('/register', [
|
|
|
|
|
'name' => 'Test User',
|
|
|
|
|
'email' => 'test@test.app',
|
|
|
|
|
'hear_about_us' => 'google',
|
|
|
|
|
'password' => 'secret',
|
|
|
|
|
'password_confirmation' => 'secret',
|
|
|
|
|
'agree_terms' => true,
|
|
|
|
|
])
|
|
|
|
|
->assertStatus(422)
|
|
|
|
|
->assertJsonValidationErrors(['h-captcha-response']);
|
|
|
|
|
});
|
