From d1467b4dbedc68174ac4da07bf069f3765a5d1da Mon Sep 17 00:00:00 2001
From: Joel Butcher <joelbutcher@users.noreply.github.com>
Date: Fri, 19 Jul 2024 12:36:13 +0100
Subject: [PATCH] test 2FA is respected

---
 .../RedirectIfTwoFactorAuthenticatable.php    |  1 -
 testbench.yaml                                |  5 +-
 tests/Feature/SocialstreamTest.php            | 58 +++++++++++++++++++
 tests/Fixtures/User.php                       |  7 +--
 4 files changed, 62 insertions(+), 9 deletions(-)

diff --git a/src/Actions/RedirectIfTwoFactorAuthenticatable.php b/src/Actions/RedirectIfTwoFactorAuthenticatable.php
index 306290ff..24d285ad 100644
--- a/src/Actions/RedirectIfTwoFactorAuthenticatable.php
+++ b/src/Actions/RedirectIfTwoFactorAuthenticatable.php
@@ -8,7 +8,6 @@
 use JoelButcher\Socialstream\Socialstream;
 use Laravel\Fortify\Actions\RedirectIfTwoFactorAuthenticatable as BaseAction;
 use Laravel\Fortify\Fortify;
-use Laravel\Fortify\TwoFactorAuthenticatable;
 
 class RedirectIfTwoFactorAuthenticatable extends BaseAction
 {
diff --git a/testbench.yaml b/testbench.yaml
index 7d3c1105..c5f2395b 100644
--- a/testbench.yaml
+++ b/testbench.yaml
@@ -6,10 +6,9 @@ providers:
   - JoelButcher\Socialstream\SocialstreamServiceProvider
 
 migrations:
-  - database/migrations/0001_01_01_000000_make_password_nullable_on_users_table.php
-  - database/migrations/0001_01_01_000001_create_connected_accounts_table.php
-  - vendor/laravel/fortify/database/migrations
   - vendor/laravel/jetstream/database/migrations
+  - database/migrations
+  - vendor/laravel/fortify/database/migrations
 
 workbench:
   install: false
diff --git a/tests/Feature/SocialstreamTest.php b/tests/Feature/SocialstreamTest.php
index a453c5d0..93805750 100644
--- a/tests/Feature/SocialstreamTest.php
+++ b/tests/Feature/SocialstreamTest.php
@@ -5,12 +5,15 @@
 use App\Models\User;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Support\Facades\Config;
+use Illuminate\Support\Facades\DB;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Route;
 use Illuminate\Support\Facades\Session;
 use Illuminate\Support\Str;
 use JoelButcher\Socialstream\Contracts\GeneratesProviderRedirect;
+use JoelButcher\Socialstream\Providers;
 use JoelButcher\Socialstream\Socialstream;
+use Laravel\Fortify\Features;
 use Laravel\Socialite\Facades\Socialite;
 use Laravel\Socialite\Two\GithubProvider;
 use Laravel\Socialite\Two\User as SocialiteUser;
@@ -151,6 +154,61 @@ public function generate(string $provider): RedirectResponse
     $this->assertAuthenticated();
 });
 
+test('existing users with 2FA enabled are redirected', function (): void {
+    Config::set('socialstream.providers', [Providers::github()]);
+    Config::set('fortify.features', array_merge(Config::get('fortify.features'), [
+        Features::twoFactorAuthentication(options: [
+            'confirm' => false,
+            'confirmPassword' => true,
+        ]),
+    ]));
+
+    $user = Socialstream::$userModel::create([
+        'name' => 'Joel Butcher',
+        'email' => 'joel@socialstream.dev',
+        'password' => Hash::make('password'),
+        'two_factor_secret' => 'foo',
+        'two_factor_recovery_codes' => 'bar',
+    ]);
+
+    $user->connectedAccounts()->create([
+        'provider' => 'github',
+        'provider_id' => $githubId = fake()->numerify('########'),
+        'email' => 'joel@socialstream.dev',
+        'token' => Str::random(64),
+    ]);
+
+    $this->assertDatabaseHas('users', ['email' => 'joel@socialstream.dev']);
+    $this->assertDatabaseHas('connected_accounts', [
+        'provider' => 'github',
+        'provider_id' => $githubId,
+        'email' => 'joel@socialstream.dev',
+    ]);
+
+    $user = (new SocialiteUser())
+        ->map([
+            'id' => $githubId,
+            'nickname' => 'joel',
+            'name' => 'Joel',
+            'email' => 'joel@socialstream.dev',
+            'avatar' => null,
+            'avatar_original' => null,
+        ])
+        ->setToken('user-token')
+        ->setRefreshToken('refresh-token')
+        ->setExpiresIn(3600);
+
+    $provider = Mockery::mock(GithubProvider::class);
+    $provider->shouldReceive('user')->andReturn($user);
+
+    Socialite::shouldReceive('driver')->with('github')->andReturn($provider);
+
+    Session::put('socialstream.previous_url', route('login'));
+
+    get('http://localhost/oauth/github/callback')
+        ->assertRedirect(route('two-factor.login'));
+});
+
 test('authenticated users can link to provider', function (): void {
     $this->actingAs(User::create([
         'name' => 'Joel Butcher',
diff --git a/tests/Fixtures/User.php b/tests/Fixtures/User.php
index 720c34cb..ae26f759 100644
--- a/tests/Fixtures/User.php
+++ b/tests/Fixtures/User.php
@@ -11,10 +11,7 @@ class User extends BaseUser
 {
     use HasApiTokens, HasTeams, HasProfilePhoto;
 
-    /**
-     * The attributes that aren't mass assignable.
-     *
-     * @var array
-     */
     protected $guarded = [];
+
+    protected $fillable = [];
 }