cms/tests/Routing/RouteMiddlewareTest.php at 784b1754a0955798d04de0129a0958f09ab72171 · statamic/cms · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
<?php

namespace Tests\Routing;

use Illuminate\Routing\Middleware\ThrottleRequests;
use Orchestra\Testbench\Attributes\DefineEnvironment;
use PHPUnit\Framework\Attributes\Test;
use Statamic\Facades\Blueprint;
use Statamic\Facades\Form;
use Tests\PreventSavingStacheItemsToDisk;
use Tests\TestCase;

class RouteMiddlewareTest extends TestCase
{
    use PreventSavingStacheItemsToDisk;

    protected function withAuthThrottleMiddleware($app)
    {
        $app['config']->set('statamic.routes.auth_middleware', [ThrottleRequests::class.':2,1']);
    }

    protected function withFormsThrottleMiddleware($app)
    {
        $app['config']->set('statamic.routes.forms_middleware', [ThrottleRequests::class.':2,1']);
    }

    #[Test]
    public function no_extra_middleware_is_applied_to_auth_routes_by_default()
    {
        for ($i = 0; $i < 5; $i++) {
            $this->post('/!/auth/login', ['email' => 'test@example.com', 'password' => 'wrong'])
                ->assertStatus(302);
        }
    }

    #[Test]
    #[DefineEnvironment('withAuthThrottleMiddleware')]
    public function custom_middleware_is_applied_to_auth_login_route()
    {
        $this->post('/!/auth/login', ['email' => 'test@example.com', 'password' => 'wrong'])->assertStatus(302);
        $this->post('/!/auth/login', ['email' => 'test@example.com', 'password' => 'wrong'])->assertStatus(302);
        $this->post('/!/auth/login', ['email' => 'test@example.com', 'password' => 'wrong'])->assertStatus(429);
    }

    #[Test]
    #[DefineEnvironment('withAuthThrottleMiddleware')]
    public function custom_auth_middleware_is_applied_to_all_auth_routes()
    {
        $this->post('/!/auth/password/email', ['email' => 'test@example.com'])->assertStatus(302);
        $this->post('/!/auth/password/email', ['email' => 'test@example.com'])->assertStatus(302);
        $this->post('/!/auth/password/email', ['email' => 'test@example.com'])->assertStatus(429);
    }

    #[Test]
    #[DefineEnvironment('withAuthThrottleMiddleware')]
    public function custom_auth_middleware_does_not_affect_forms_route()
    {
        $this->createContactForm();

        // Auth routes reach the throttle limit
        $this->post('/!/auth/login', ['email' => 'test@example.com', 'password' => 'wrong'])->assertStatus(302);
        $this->post('/!/auth/login', ['email' => 'test@example.com', 'password' => 'wrong'])->assertStatus(302);
        $this->post('/!/auth/login', ['email' => 'test@example.com', 'password' => 'wrong'])->assertStatus(429);

        // Forms route is unaffected
        $this->post('/!/forms/contact', ['email' => 'test@example.com'])->assertStatus(302);
        $this->post('/!/forms/contact', ['email' => 'test@example.com'])->assertStatus(302);
        $this->post('/!/forms/contact', ['email' => 'test@example.com'])->assertStatus(302);
    }

    #[Test]
    public function no_extra_middleware_is_applied_to_forms_route_by_default()
    {
        $this->createContactForm();

        for ($i = 0; $i < 5; $i++) {
            $this->post('/!/forms/contact', ['email' => 'test@example.com'])->assertStatus(302);
        }
    }

    #[Test]
    #[DefineEnvironment('withFormsThrottleMiddleware')]
    public function custom_middleware_is_applied_to_forms_route()
    {
        $this->createContactForm();

        $this->post('/!/forms/contact', ['email' => 'test@example.com'])->assertStatus(302);
        $this->post('/!/forms/contact', ['email' => 'test@example.com'])->assertStatus(302);
        $this->post('/!/forms/contact', ['email' => 'test@example.com'])->assertStatus(429);
    }

    #[Test]
    #[DefineEnvironment('withFormsThrottleMiddleware')]
    public function custom_forms_middleware_does_not_affect_auth_routes()
    {
        $this->createContactForm();

        // Forms route reaches the throttle limit
        $this->post('/!/forms/contact', ['email' => 'test@example.com'])->assertStatus(302);
        $this->post('/!/forms/contact', ['email' => 'test@example.com'])->assertStatus(302);
        $this->post('/!/forms/contact', ['email' => 'test@example.com'])->assertStatus(429);

        // Auth routes are unaffected
        $this->post('/!/auth/login', ['email' => 'test@example.com', 'password' => 'wrong'])->assertStatus(302);
        $this->post('/!/auth/login', ['email' => 'test@example.com', 'password' => 'wrong'])->assertStatus(302);
        $this->post('/!/auth/login', ['email' => 'test@example.com', 'password' => 'wrong'])->assertStatus(302);
    }

    private function createContactForm(): void
    {
        $blueprint = Blueprint::make()->setContents([
            'fields' => [
                ['handle' => 'email', 'field' => ['type' => 'text', 'validate' => 'required|email']],
            ],
        ]);

        Blueprint::shouldReceive('find')->with('forms.contact')->andReturn($blueprint);
        Blueprint::makePartial();

        $form = Form::make()->handle('contact');
        Form::shouldReceive('find')->with('contact')->andReturn($form);
        Form::makePartial();
    }
}