Change how API keys are validated (#771)
This commit is contained in:
Dane Everitt
GitHub
parent
df7a857929
commit
285485d7b0
24 changed files with 774 additions and 383 deletions
90
tests/Unit/Http/Middleware/API/AuthenticateKeyTest.php
Normal file
90
tests/Unit/Http/Middleware/API/AuthenticateKeyTest.php
Normal file
|
|
@ -0,0 +1,90 @@
|
|||
<?php
|
||||
|
||||
namespace Tests\Unit\Http\Middleware\API;
|
||||
|
||||
use Mockery as m;
|
||||
use Pterodactyl\Models\APIKey;
|
||||
use Illuminate\Auth\AuthManager;
|
||||
use Tests\Unit\Http\Middleware\MiddlewareTestCase;
|
||||
use Pterodactyl\Http\Middleware\API\AuthenticateKey;
|
||||
use Symfony\Component\HttpKernel\Exception\HttpException;
|
||||
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
|
||||
use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface;
|
||||
|
||||
class AuthenticateKeyTest extends MiddlewareTestCase
|
||||
{
|
||||
/**
|
||||
* @var \Illuminate\Auth\AuthManager|\Mockery\Mock
|
||||
*/
|
||||
private $auth;
|
||||
|
||||
/**
|
||||
* @var \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface|\Mockery\Mock
|
||||
*/
|
||||
private $repository;
|
||||
|
||||
/**
|
||||
* Setup tests.
|
||||
*/
|
||||
public function setUp()
|
||||
{
|
||||
parent::setUp();
|
||||
|
||||
$this->auth = m::mock(AuthManager::class);
|
||||
$this->repository = m::mock(ApiKeyRepositoryInterface::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that a missing bearer token will throw an exception.
|
||||
*/
|
||||
public function testMissingBearerTokenThrowsException()
|
||||
{
|
||||
$this->request->shouldReceive('bearerToken')->withNoArgs()->once()->andReturnNull();
|
||||
|
||||
try {
|
||||
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
|
||||
} catch (HttpException $exception) {
|
||||
$this->assertEquals(401, $exception->getStatusCode());
|
||||
$this->assertEquals(['WWW-Authenticate' => 'Bearer'], $exception->getHeaders());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that an invalid API token throws an exception.
|
||||
*
|
||||
* @expectedException \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
|
||||
*/
|
||||
public function testInvalidTokenThrowsException()
|
||||
{
|
||||
$this->request->shouldReceive('bearerToken')->withNoArgs()->twice()->andReturn('abcd1234');
|
||||
$this->repository->shouldReceive('findFirstWhere')->andThrow(new RecordNotFoundException);
|
||||
|
||||
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that a valid token can continue past the middleware.
|
||||
*/
|
||||
public function testValidToken()
|
||||
{
|
||||
$model = factory(APIKey::class)->make();
|
||||
|
||||
$this->request->shouldReceive('bearerToken')->withNoArgs()->twice()->andReturn($model->token);
|
||||
$this->repository->shouldReceive('findFirstWhere')->with([['token', '=', $model->token]])->once()->andReturn($model);
|
||||
|
||||
$this->auth->shouldReceive('guard->loginUsingId')->with($model->user_id)->once()->andReturnNull();
|
||||
|
||||
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
|
||||
$this->assertEquals($model, $this->request->attributes->get('api_key'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Return an instance of the middleware with mocked dependencies for testing.
|
||||
*
|
||||
* @return \Pterodactyl\Http\Middleware\API\AuthenticateKey
|
||||
*/
|
||||
private function getMiddleware(): AuthenticateKey
|
||||
{
|
||||
return new AuthenticateKey($this->repository, $this->auth);
|
||||
}
|
||||
}
|
||||
Reference in a new issue