banquise/pelican-panel-mirror
3
0
Fork 1
mirror of https://github.com/pelican-dev/panel.git synced 2025-05-20 08:44:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

Only check first token

Browse Source
This commit is contained in:
Lance Pioch 2024-03-23 11:20:15 -04:00
parent 146965fcba
commit e3947e4b50
1 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
tests/Integration/Api/Client/TwoFactorControllerTest.php
View File

@ -102,21 +102,21 @@ class TwoFactorControllerTest extends ClientApiIntegrationTestCase
$tokens = RecoveryToken::query()->where('user_id', $user->id)->get(); $tokens = RecoveryToken::query()->where('user_id', $user->id)->get();
$this->assertCount(10, $tokens); $this->assertCount(10, $tokens);
$this->assertStringStartsWith('$2y$10$', $tokens[0]->token); $this->assertStringStartsWith('$2y$10$', $tokens[0]->token);
// Ensure the recovery tokens that were created include a "created_at" timestamp
// value on them. // Ensure the recovery tokens that were created include a "created_at" timestamp value on them.
$this->assertNotNull($tokens[0]->created_at); $this->assertNotNull($tokens[0]->created_at);
$tokens = $tokens->pluck('token')->toArray(); $tokens = $tokens->pluck('token')->toArray();
foreach ($response->json('attributes.tokens') as $raw) { $rawTokens = $response->json('attributes.tokens');
foreach ($tokens as $hashed) { $rawToken = reset($rawTokens);
if (password_verify($raw, $hashed)) {
continue 2;
}
}
throw new ExpectationFailedException(sprintf('Failed asserting that token [%s] exists as a hashed value in recovery_tokens table.', $raw)); $working = false;
foreach ($tokens as $hashed) {
$working = $working || password_verify($rawToken, $hashed);
} }
throw_unless($working, new ExpectationFailedException(sprintf('Failed asserting that token [%s] exists as a hashed value in recovery_tokens table.', $rawToken)));
} }
/** /**