StarMC/Astral-nook
StarMC/Astral-nook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Update to Laravel 8

Browse source 
Co-authored-by: Matthew Penner <me@matthewp.io>
This commit is contained in:
Dane Everitt 2021-01-23 12:09:16 -08:00
parent 028921b42a
commit a043071e3c
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
211 changed files with 4394 additions and 2933 deletions
Download patch file Download diff file Expand all files Collapse all files

8
tests/Integration/Api/Application/ApplicationApiIntegrationTestCase.php
View file

@ -6,12 +6,12 @@ use Pterodactyl\Models\User;
use PHPUnit\Framework\Assert;
use Pterodactyl\Models\ApiKey;
use Pterodactyl\Services\Acl\Api\AdminAcl;
use Tests\Traits\Integration\CreatesTestModels;
use Pterodactyl\Tests\Integration\IntegrationTestCase;
use Illuminate\Foundation\Testing\DatabaseTransactions;
use Tests\Traits\Http\IntegrationJsonRequestAssertions;
use Pterodactyl\Tests\Traits\Integration\CreatesTestModels;
use Pterodactyl\Transformers\Api\Application\BaseTransformer;
use Pterodactyl\Transformers\Api\Client\BaseClientTransformer;
use Pterodactyl\Tests\Traits\Http\IntegrationJsonRequestAssertions;
abstract class ApplicationApiIntegrationTestCase extends IntegrationTestCase
{
@ -92,7 +92,7 @@ abstract class ApplicationApiIntegrationTestCase extends IntegrationTestCase
*/
protected function createApiUser(): User
{
return factory(User::class)->create([
return User::factory()->create([
'root_admin' => true,
]);
}
@ -106,7 +106,7 @@ abstract class ApplicationApiIntegrationTestCase extends IntegrationTestCase
*/
protected function createApiKey(User $user, array $permissions = []): ApiKey
{
return factory(ApiKey::class)->create(array_merge([
return ApiKey::factory()->create(array_merge([
'user_id' => $user->id,
'key_type' => ApiKey::TYPE_APPLICATION,
'r_servers' => AdminAcl::READ | AdminAcl::WRITE,

12
tests/Integration/Api/Application/Location/LocationControllerTest.php
View file

@ -16,7 +16,7 @@ class LocationControllerTest extends ApplicationApiIntegrationTestCase
*/
public function testGetLocations()
{
$locations = factory(Location::class)->times(2)->create();
$locations = Location::factory()->times(2)->create();
$response = $this->getJson('/api/application/locations');
$response->assertStatus(Response::HTTP_OK);
@ -70,7 +70,7 @@ class LocationControllerTest extends ApplicationApiIntegrationTestCase
*/
public function testGetSingleLocation()
{
$location = factory(Location::class)->create();
$location = Location::factory()->create();
$response = $this->getJson('/api/application/locations/' . $location->id);
$response->assertStatus(Response::HTTP_OK);
@ -93,7 +93,7 @@ class LocationControllerTest extends ApplicationApiIntegrationTestCase
*/
public function testRelationshipsCanBeLoaded()
{
$location = factory(Location::class)->create();
$location = Location::factory()->create();
$server = $this->createServerModel(['user_id' => $this->getApiUser()->id, 'location_id' => $location->id]);
$response = $this->getJson('/api/application/locations/' . $location->id . '?include=servers,nodes');
@ -143,8 +143,8 @@ class LocationControllerTest extends ApplicationApiIntegrationTestCase
{
$this->createNewDefaultApiKey($this->getApiUser(), ['r_nodes' => 0]);
$location = factory(Location::class)->create();
factory(Node::class)->create(['location_id' => $location->id]);
$location = Location::factory()->create();
Node::factory()->create(['location_id' => $location->id]);
$response = $this->getJson('/api/application/locations/' . $location->id . '?include=nodes');
$response->assertStatus(Response::HTTP_OK);
@ -187,7 +187,7 @@ class LocationControllerTest extends ApplicationApiIntegrationTestCase
*/
public function testErrorReturnedIfNoPermission()
{
$location = factory(Location::class)->create();
$location = Location::factory()->create();
$this->createNewDefaultApiKey($this->getApiUser(), ['r_locations' => 0]);
$response = $this->getJson('/api/application/locations/' . $location->id);

4
tests/Integration/Api/Application/Users/ExternalUserControllerTest.php
View file

@ -13,7 +13,7 @@ class ExternalUserControllerTest extends ApplicationApiIntegrationTestCase
*/
public function testGetRemoteUser()
{
$user = factory(User::class)->create();
$user = User::factory()->create();
$response = $this->getJson('/api/application/users/external/' . $user->external_id);
$response->assertStatus(Response::HTTP_OK);
@ -60,7 +60,7 @@ class ExternalUserControllerTest extends ApplicationApiIntegrationTestCase
*/
public function testErrorReturnedIfNoPermission()
{
$user = factory(User::class)->create();
$user = User::factory()->create();
$this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => 0]);
$response = $this->getJson('/api/application/users/external/' . $user->external_id);

16
tests/Integration/Api/Application/Users/UserControllerTest.php
View file

@ -16,7 +16,7 @@ class UserControllerTest extends ApplicationApiIntegrationTestCase
*/
public function testGetUsers()
{
$user = factory(User::class)->create();
$user = User::factory()->create();
$response = $this->getJson('/api/application/users');
$response->assertStatus(Response::HTTP_OK);
@ -85,7 +85,7 @@ class UserControllerTest extends ApplicationApiIntegrationTestCase
*/
public function testGetSingleUser()
{
$user = factory(User::class)->create();
$user = User::factory()->create();
$response = $this->getJson('/api/application/users/' . $user->id);
$response->assertStatus(Response::HTTP_OK);
@ -119,7 +119,7 @@ class UserControllerTest extends ApplicationApiIntegrationTestCase
*/
public function testRelationshipsCanBeLoaded()
{
$user = factory(User::class)->create();
$user = User::factory()->create();
$server = $this->createServerModel(['user_id' => $user->id]);
$response = $this->getJson('/api/application/users/' . $user->id . '?include=servers');
@ -152,7 +152,7 @@ class UserControllerTest extends ApplicationApiIntegrationTestCase
{
$this->createNewDefaultApiKey($this->getApiUser(), ['r_servers' => 0]);
$user = factory(User::class)->create();
$user = User::factory()->create();
$this->createServerModel(['user_id' => $user->id]);
$response = $this->getJson('/api/application/users/' . $user->id . '?include=servers');
@ -194,7 +194,7 @@ class UserControllerTest extends ApplicationApiIntegrationTestCase
*/
public function testErrorReturnedIfNoPermission()
{
$user = factory(User::class)->create();
$user = User::factory()->create();
$this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => 0]);
$response = $this->getJson('/api/application/users/' . $user->id);
@ -250,7 +250,7 @@ class UserControllerTest extends ApplicationApiIntegrationTestCase
*/
public function testUpdateUser()
{
$user = factory(User::class)->create();
$user = User::factory()->create();
$response = $this->patchJson('/api/application/users/' . $user->id, [
'username' => 'new.test.name',
@ -279,7 +279,7 @@ class UserControllerTest extends ApplicationApiIntegrationTestCase
*/
public function testDeleteUser()
{
$user = factory(User::class)->create();
$user = User::factory()->create();
$this->assertDatabaseHas('users', ['id' => $user->id]);
$response = $this->delete('/api/application/users/' . $user->id);
@ -302,7 +302,7 @@ class UserControllerTest extends ApplicationApiIntegrationTestCase
$this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => AdminAcl::READ]);
if (str_contains($url, '{id}')) {
$user = factory(User::class)->create();
$user = User::factory()->create();
$url = str_replace('{id}', $user->id, $url);
}

16
tests/Integration/Api/Client/AccountControllerTest.php
View file

@ -15,7 +15,7 @@ class AccountControllerTest extends ClientApiIntegrationTestCase
public function testAccountDetailsAreReturned()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create();
$user = User::factory()->create();
$response = $this->actingAs($user)->get('/api/client/account');
@ -39,7 +39,7 @@ class AccountControllerTest extends ClientApiIntegrationTestCase
public function testEmailIsUpdated()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create();
$user = User::factory()->create();
$response = $this->actingAs($user)->putJson('/api/client/account/email', [
'email' => 'hodor@example.com',
@ -58,7 +58,7 @@ class AccountControllerTest extends ClientApiIntegrationTestCase
public function testEmailIsNotUpdatedWhenPasswordIsInvalid()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create();
$user = User::factory()->create();
$response = $this->actingAs($user)->putJson('/api/client/account/email', [
'email' => 'hodor@example.com',
@ -77,7 +77,7 @@ class AccountControllerTest extends ClientApiIntegrationTestCase
public function testEmailIsNotUpdatedWhenNotValid()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create();
$user = User::factory()->create();
$response = $this->actingAs($user)->putJson('/api/client/account/email', [
'email' => '',
@ -104,7 +104,7 @@ class AccountControllerTest extends ClientApiIntegrationTestCase
public function testPasswordIsUpdated()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create();
$user = User::factory()->create();
$mock = Mockery::mock(AuthManager::class);
$mock->expects('logoutOtherDevices')->with('New_Password1');
@ -127,7 +127,7 @@ class AccountControllerTest extends ClientApiIntegrationTestCase
public function testPasswordIsNotUpdatedIfCurrentPasswordIsInvalid()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create();
$user = User::factory()->create();
$response = $this->actingAs($user)->putJson('/api/client/account/password', [
'current_password' => 'invalid',
@ -146,7 +146,7 @@ class AccountControllerTest extends ClientApiIntegrationTestCase
*/
public function testErrorIsReturnedForInvalidRequestData()
{
$user = factory(User::class)->create();
$user = User::factory()->create();
$this->actingAs($user)->putJson('/api/client/account/password', [
'current_password' => 'password',
@ -170,7 +170,7 @@ class AccountControllerTest extends ClientApiIntegrationTestCase
public function testErrorIsReturnedIfPasswordIsNotConfirmed()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create();
$user = User::factory()->create();
$response = $this->actingAs($user)->putJson('/api/client/account/password', [
'current_password' => 'password',

34
tests/Integration/Api/Client/ApiKeyControllerTest.php
View file

@ -24,9 +24,9 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
public function testApiKeysAreReturned()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create();
$user = User::factory()->create();
/** @var \Pterodactyl\Models\ApiKey $key */
$key = factory(ApiKey::class)->create([
$key = ApiKey::factory()->create([
'user_id' => $user->id,
'key_type' => ApiKey::TYPE_ACCOUNT,
]);
@ -59,13 +59,13 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
public function testApiKeyCanBeCreatedForAccount()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create();
$user = User::factory()->create();
// Small sub-test to ensure we're always comparing the number of keys to the
// specific logged in account, and not just the total number of keys stored in
// the database.
factory(ApiKey::class)->times(10)->create([
'user_id' => factory(User::class)->create()->id,
ApiKey::factory()->times(10)->create([
'user_id' => User::factory()->create()->id,
'key_type' => ApiKey::TYPE_ACCOUNT,
]);
@ -103,8 +103,8 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
public function testNoMoreThanFiveApiKeysCanBeCreatedForAnAccount()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create();
factory(ApiKey::class)->times(5)->create([
$user = User::factory()->create();
ApiKey::factory()->times(5)->create([
'user_id' => $user->id,
'key_type' => ApiKey::TYPE_ACCOUNT,
]);
@ -127,7 +127,7 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
public function testValidationErrorIsReturnedForBadRequests()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create();
$user = User::factory()->create();
$response = $this->actingAs($user)->postJson('/api/client/account/api-keys', [
'description' => '',
@ -154,9 +154,9 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
public function testApiKeyCanBeDeleted()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create();
$user = User::factory()->create();
/** @var \Pterodactyl\Models\ApiKey $key */
$key = factory(ApiKey::class)->create([
$key = ApiKey::factory()->create([
'user_id' => $user->id,
'key_type' => ApiKey::TYPE_ACCOUNT,
]);
@ -173,9 +173,9 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
public function testNonExistentApiKeyDeletionReturns404Error()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create();
$user = User::factory()->create();
/** @var \Pterodactyl\Models\ApiKey $key */
$key = factory(ApiKey::class)->create([
$key = ApiKey::factory()->create([
'user_id' => $user->id,
'key_type' => ApiKey::TYPE_ACCOUNT,
]);
@ -193,11 +193,11 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
public function testApiKeyBelongingToAnotherUserCannotBeDeleted()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create();
$user = User::factory()->create();
/** @var \Pterodactyl\Models\User $user2 */
$user2 = factory(User::class)->create();
$user2 = User::factory()->create();
/** @var \Pterodactyl\Models\ApiKey $key */
$key = factory(ApiKey::class)->create([
$key = ApiKey::factory()->create([
'user_id' => $user2->id,
'key_type' => ApiKey::TYPE_ACCOUNT,
]);
@ -215,9 +215,9 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
public function testApplicationApiKeyCannotBeDeleted()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create();
$user = User::factory()->create();
/** @var \Pterodactyl\Models\ApiKey $key */
$key = factory(ApiKey::class)->create([
$key = ApiKey::factory()->create([
'user_id' => $user->id,
'key_type' => ApiKey::TYPE_APPLICATION,
]);

22
tests/Integration/Api/Client/ClientApiIntegrationTestCase.php
View file

@ -2,19 +2,17 @@
namespace Pterodactyl\Tests\Integration\Api\Client;
use Carbon\Carbon;
use ReflectionClass;
use Carbon\CarbonImmutable;
use Pterodactyl\Models\Node;
use Pterodactyl\Models\Task;
use Pterodactyl\Models\User;
use Webmozart\Assert\Assert;
use Pterodactyl\Models\Server;
use Pterodactyl\Models\Backup;
use Pterodactyl\Models\Server;
use Pterodactyl\Models\Subuser;
use Pterodactyl\Models\Database;
use Pterodactyl\Models\Location;
use Pterodactyl\Models\Schedule;
use Pterodactyl\Models\Database;
use Illuminate\Support\Collection;
use Pterodactyl\Models\Allocation;
use Pterodactyl\Models\DatabaseHost;
@ -40,17 +38,6 @@ abstract class ClientApiIntegrationTestCase extends IntegrationTestCase
parent::tearDown();
}
/**
* Setup tests and ensure all of the times are always the same.
*/
public function setUp(): void
{
parent::setUp();
Carbon::setTestNow(Carbon::now());
CarbonImmutable::setTestNow(Carbon::now());
}
/**
* Override the default createTestResponse from Illuminate so that we can
* just dump 500-level errors to the screen in the tests without having
@ -69,6 +56,7 @@ abstract class ClientApiIntegrationTestCase extends IntegrationTestCase
*
* @param mixed $model
* @param string|null $append
*
* @return string
*/
protected function link($model, $append = null): string
@ -99,17 +87,19 @@ abstract class ClientApiIntegrationTestCase extends IntegrationTestCase
* is assumed that the user is actually a subuser of the server.
*
* @param string[] $permissions
*
* @return array
*/
protected function generateTestAccount(array $permissions = []): array
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create();
$user = User::factory()->create();
if (empty($permissions)) {
return [$user, $this->createServerModel(['user_id' => $user->id])];
}
/** @var \Pterodactyl\Models\Server $server */
$server = $this->createServerModel();
Subuser::query()->create([

24
tests/Integration/Api/Client/ClientControllerTest.php
View file

@ -5,8 +5,8 @@ namespace Pterodactyl\Tests\Integration\Api\Client;
use Pterodactyl\Models\User;
use Pterodactyl\Models\Server;
use Pterodactyl\Models\Subuser;
use Pterodactyl\Models\Permission;
use Pterodactyl\Models\Allocation;
use Pterodactyl\Models\Permission;
class ClientControllerTest extends ClientApiIntegrationTestCase
{
@ -19,7 +19,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
public function testOnlyLoggedInUsersServersAreReturned()
{
/** @var \Pterodactyl\Models\User[] $users */
$users = factory(User::class)->times(3)->create();
$users = User::factory()->times(3)->create();
/** @var \Pterodactyl\Models\Server[] $servers */
$servers = [
@ -46,7 +46,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
public function testServersAreFilteredUsingNameAndUuidInformation()
{
/** @var \Pterodactyl\Models\User[] $users */
$users = factory(User::class)->times(2)->create();
$users = User::factory()->times(2)->create();
$users[0]->update(['root_admin' => true]);
/** @var \Pterodactyl\Models\Server[] $servers */
@ -106,8 +106,8 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount();
$server2 = $this->createServerModel(['user_id' => $user->id, 'node_id' => $server->node_id]);
$allocation = factory(Allocation::class)->create(['node_id' => $server->node_id, 'server_id' => $server->id, 'ip' => '192.168.1.1', 'port' => 25565]);
$allocation2 = factory(Allocation::class)->create(['node_id' => $server->node_id, 'server_id' => $server2->id, 'ip' => '192.168.1.1', 'port' => 25570]);
$allocation = Allocation::factory()->create(['node_id' => $server->node_id, 'server_id' => $server->id, 'ip' => '192.168.1.1', 'port' => 25565]);
$allocation2 = Allocation::factory()->create(['node_id' => $server->node_id, 'server_id' => $server2->id, 'ip' => '192.168.1.1', 'port' => 25570]);
$server->update(['allocation_id' => $allocation->id]);
$server2->update(['allocation_id' => $allocation2->id]);
@ -144,7 +144,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
public function testServersUserIsASubuserOfAreReturned()
{
/** @var \Pterodactyl\Models\User[] $users */
$users = factory(User::class)->times(3)->create();
$users = User::factory()->times(3)->create();
$servers = [
$this->createServerModel(['user_id' => $users[0]->id]),
$this->createServerModel(['user_id' => $users[1]->id]),
@ -175,7 +175,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
public function testFilterOnlyOwnerServers()
{
/** @var \Pterodactyl\Models\User[] $users */
$users = factory(User::class)->times(3)->create();
$users = User::factory()->times(3)->create();
$servers = [
$this->createServerModel(['user_id' => $users[0]->id]),
$this->createServerModel(['user_id' => $users[1]->id]),
@ -204,7 +204,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
public function testPermissionsAreReturned()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create();
$user = User::factory()->create();
$this->actingAs($user)
->getJson('/api/client/permissions')
@ -224,7 +224,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
public function testOnlyAdminLevelServersAreReturned()
{
/** @var \Pterodactyl\Models\User[] $users */
$users = factory(User::class)->times(4)->create();
$users = User::factory()->times(4)->create();
$users[0]->update(['root_admin' => true]);
$servers = [
@ -259,7 +259,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
public function testAllServersAreReturnedToAdmin()
{
/** @var \Pterodactyl\Models\User[] $users */
$users = factory(User::class)->times(4)->create();
$users = User::factory()->times(4)->create();
$users[0]->update(['root_admin' => true]);
$servers = [
@ -292,7 +292,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
public function testNoServersAreReturnedIfAdminFilterIsPassedByRegularUser($type)
{
/** @var \Pterodactyl\Models\User[] $users */
$users = factory(User::class)->times(3)->create();
$users = User::factory()->times(3)->create();
$this->createServerModel(['user_id' => $users[0]->id]);
$this->createServerModel(['user_id' => $users[1]->id]);
@ -315,7 +315,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
$server->allocation->notes = 'Test notes';
$server->allocation->save();
factory(Allocation::class)->times(2)->create([
Allocation::factory()->times(2)->create([
'node_id' => $server->node_id,
'server_id' => $server->id,
]);

27
tests/Integration/Api/Client/Server/Allocation/AllocationAuthorizationTest.php
View file

@ -3,7 +3,6 @@
namespace Pterodactyl\Tests\Integration\Api\Client\Server\Allocation;
use Pterodactyl\Models\Subuser;
use Pterodactyl\Models\Schedule;
use Pterodactyl\Models\Allocation;
use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
@ -25,28 +24,28 @@ class AllocationAuthorizationTest extends ClientApiIntegrationTestCase
// Set the API $user as a subuser of server 2, but with no permissions
// to do anything with the allocations for that server.
factory(Subuser::class)->create(['server_id' => $server2->id, 'user_id' => $user->id]);
Subuser::factory()->create(['server_id' => $server2->id, 'user_id' => $user->id]);
$allocation1 = factory(Allocation::class)->create(['server_id' => $server1->id, 'node_id' => $server1->node_id]);
$allocation2 = factory(Allocation::class)->create(['server_id' => $server2->id, 'node_id' => $server2->node_id]);
$allocation3 = factory(Allocation::class)->create(['server_id' => $server3->id, 'node_id' => $server3->node_id]);
$allocation1 = Allocation::factory()->create(['server_id' => $server1->id, 'node_id' => $server1->node_id]);
$allocation2 = Allocation::factory()->create(['server_id' => $server2->id, 'node_id' => $server2->node_id]);
$allocation3 = Allocation::factory()->create(['server_id' => $server3->id, 'node_id' => $server3->node_id]);
// This is the only valid call for this test, accessing the allocation for the same
// server that the API user is the owner of.
$response = $this->actingAs($user)->json($method, $this->link($server1, "/network/allocations/" . $allocation1->id . $endpoint));
$response = $this->actingAs($user)->json($method, $this->link($server1, '/network/allocations/' . $allocation1->id . $endpoint));
$this->assertTrue($response->status() <= 204 || $response->status() === 400 || $response->status() === 422);
// This request fails because the allocation is valid for that server but the user
// making the request is not authorized to perform that action.
$this->actingAs($user)->json($method, $this->link($server2, "/network/allocations/" . $allocation2->id . $endpoint))->assertForbidden();
$this->actingAs($user)->json($method, $this->link($server2, '/network/allocations/' . $allocation2->id . $endpoint))->assertForbidden();
// Both of these should report a 404 error due to the allocations being linked to
// servers that are not the same as the server in the request, or are assigned
// to a server for which the user making the request has no access to.
$this->actingAs($user)->json($method, $this->link($server1, "/network/allocations/" . $allocation2->id . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server1, "/network/allocations/" . $allocation3->id . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server2, "/network/allocations/" . $allocation3->id . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server3, "/network/allocations/" . $allocation3->id . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server1, '/network/allocations/' . $allocation2->id . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server1, '/network/allocations/' . $allocation3->id . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server2, '/network/allocations/' . $allocation3->id . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server3, '/network/allocations/' . $allocation3->id . $endpoint))->assertNotFound();
}
/**
@ -55,9 +54,9 @@ class AllocationAuthorizationTest extends ClientApiIntegrationTestCase
public function methodDataProvider(): array
{
return [
["POST", ""],
["DELETE", ""],
["POST", "/primary"],
['POST', ''],
['DELETE', ''],
['POST', '/primary'],
];
}
}

10
tests/Integration/Api/Client/Server/Allocation/CreateNewAllocationTest.php
View file

@ -3,8 +3,8 @@
namespace Pterodactyl\Tests\Integration\Api\Client\Server\Allocation;
use Illuminate\Http\Response;
use Pterodactyl\Models\Permission;
use Pterodactyl\Models\Allocation;
use Pterodactyl\Models\Permission;
use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
class CreateNewAllocationTest extends ClientApiIntegrationTestCase
@ -33,7 +33,7 @@ class CreateNewAllocationTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount($permission);
$server->update(['allocation_limit' => 2]);
$response = $this->actingAs($user)->postJson($this->link($server, "/network/allocations"));
$response = $this->actingAs($user)->postJson($this->link($server, '/network/allocations'));
$response->assertJsonPath('object', Allocation::RESOURCE_NAME);
$matched = Allocation::query()->findOrFail($response->json('attributes.id'));
@ -52,7 +52,7 @@ class CreateNewAllocationTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount([Permission::ACTION_ALLOCATION_UPDATE]);
$server->update(['allocation_limit' => 2]);
$this->actingAs($user)->postJson($this->link($server, "/network/allocations"))->assertForbidden();
$this->actingAs($user)->postJson($this->link($server, '/network/allocations'))->assertForbidden();
}
/**
@ -66,7 +66,7 @@ class CreateNewAllocationTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount();
$server->update(['allocation_limit' => 2]);
$this->actingAs($user)->postJson($this->link($server, "/network/allocations"))
$this->actingAs($user)->postJson($this->link($server, '/network/allocations'))
->assertStatus(Response::HTTP_BAD_REQUEST)
->assertJsonPath('errors.0.code', 'AutoAllocationNotEnabledException')
->assertJsonPath('errors.0.detail', 'Server auto-allocation is not enabled for this instance.');
@ -81,7 +81,7 @@ class CreateNewAllocationTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount();
$server->update(['allocation_limit' => 1]);
$this->actingAs($user)->postJson($this->link($server, "/network/allocations"))
$this->actingAs($user)->postJson($this->link($server, '/network/allocations'))
->assertStatus(Response::HTTP_BAD_REQUEST)
->assertJsonPath('errors.0.code', 'DisplayException')
->assertJsonPath('errors.0.detail', 'Cannot assign additional allocations to this server: limit has been reached.');

6
tests/Integration/Api/Client/Server/Allocation/DeleteAllocationTest.php
View file

@ -3,8 +3,8 @@
namespace Pterodactyl\Tests\Integration\Api\Client\Server\Allocation;
use Illuminate\Http\Response;
use Pterodactyl\Models\Permission;
use Pterodactyl\Models\Allocation;
use Pterodactyl\Models\Permission;
use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
class DeleteAllocationTest extends ClientApiIntegrationTestCase
@ -22,7 +22,7 @@ class DeleteAllocationTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount($permission);
/** @var \Pterodactyl\Models\Allocation $allocation */
$allocation = factory(Allocation::class)->create([
$allocation = Allocation::factory()->create([
'server_id' => $server->id,
'node_id' => $server->node_id,
'notes' => 'hodor',
@ -42,7 +42,7 @@ class DeleteAllocationTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount([Permission::ACTION_ALLOCATION_CREATE]);
/** @var \Pterodactyl\Models\Allocation $allocation */
$allocation = factory(Allocation::class)->create([
$allocation = Allocation::factory()->create([
'server_id' => $server->id,
'node_id' => $server->node_id,
'notes' => 'hodor',

26
tests/Integration/Api/Client/Server/Backup/BackupAuthorizationTest.php
View file

@ -27,11 +27,11 @@ class BackupAuthorizationTest extends ClientApiIntegrationTestCase
// Set the API $user as a subuser of server 2, but with no permissions
// to do anything with the backups for that server.
factory(Subuser::class)->create(['server_id' => $server2->id, 'user_id' => $user->id]);
Subuser::factory()->create(['server_id' => $server2->id, 'user_id' => $user->id]);
$backup1 = factory(Backup::class)->create(['server_id' => $server1->id, 'completed_at' => CarbonImmutable::now()]);
$backup2 = factory(Backup::class)->create(['server_id' => $server2->id, 'completed_at' => CarbonImmutable::now()]);
$backup3 = factory(Backup::class)->create(['server_id' => $server3->id, 'completed_at' => CarbonImmutable::now()]);
$backup1 = Backup::factory()->create(['server_id' => $server1->id, 'completed_at' => CarbonImmutable::now()]);
$backup2 = Backup::factory()->create(['server_id' => $server2->id, 'completed_at' => CarbonImmutable::now()]);
$backup3 = Backup::factory()->create(['server_id' => $server3->id, 'completed_at' => CarbonImmutable::now()]);
$this->instance(DeleteBackupService::class, $mock = Mockery::mock(DeleteBackupService::class));
@ -41,20 +41,20 @@ class BackupAuthorizationTest extends ClientApiIntegrationTestCase
// This is the only valid call for this test, accessing the backup for the same
// server that the API user is the owner of.
$this->actingAs($user)->json($method, $this->link($server1, "/backups/" . $backup1->uuid . $endpoint))
$this->actingAs($user)->json($method, $this->link($server1, '/backups/' . $backup1->uuid . $endpoint))
->assertStatus($method === 'DELETE' ? 204 : 200);
// This request fails because the backup is valid for that server but the user
// making the request is not authorized to perform that action.
$this->actingAs($user)->json($method, $this->link($server2, "/backups/" . $backup2->uuid . $endpoint))->assertForbidden();
$this->actingAs($user)->json($method, $this->link($server2, '/backups/' . $backup2->uuid . $endpoint))->assertForbidden();
// Both of these should report a 404 error due to the backup being linked to
// servers that are not the same as the server in the request, or are assigned
// to a server for which the user making the request has no access to.
$this->actingAs($user)->json($method, $this->link($server1, "/backups/" . $backup2->uuid . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server1, "/backups/" . $backup3->uuid . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server2, "/backups/" . $backup3->uuid . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server3, "/backups/" . $backup3->uuid . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server1, '/backups/' . $backup2->uuid . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server1, '/backups/' . $backup3->uuid . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server2, '/backups/' . $backup3->uuid . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server3, '/backups/' . $backup3->uuid . $endpoint))->assertNotFound();
}
/**
@ -63,9 +63,9 @@ class BackupAuthorizationTest extends ClientApiIntegrationTestCase
public function methodDataProvider(): array
{
return [
["GET", ""],
["GET", "/download"],
["DELETE", ""],
['GET', ''],
['GET', '/download'],
['DELETE', ''],
];
}
}

26
tests/Integration/Api/Client/Server/Database/DatabaseAuthorizationTest.php
View file

@ -27,15 +27,15 @@ class DatabaseAuthorizationTest extends ClientApiIntegrationTestCase
// And as no access to $server3.
$server3 = $this->createServerModel();
$host = factory(DatabaseHost::class)->create([]);
$host = DatabaseHost::factory()->create([]);
// Set the API $user as a subuser of server 2, but with no permissions
// to do anything with the databases for that server.
factory(Subuser::class)->create(['server_id' => $server2->id, 'user_id' => $user->id]);
Subuser::factory()->create(['server_id' => $server2->id, 'user_id' => $user->id]);
$database1 = factory(Database::class)->create(['server_id' => $server1->id, 'database_host_id' => $host->id]);
$database2 = factory(Database::class)->create(['server_id' => $server2->id, 'database_host_id' => $host->id]);
$database3 = factory(Database::class)->create(['server_id' => $server3->id, 'database_host_id' => $host->id]);
$database1 = Database::factory()->create(['server_id' => $server1->id, 'database_host_id' => $host->id]);
$database2 = Database::factory()->create(['server_id' => $server2->id, 'database_host_id' => $host->id]);
$database3 = Database::factory()->create(['server_id' => $server3->id, 'database_host_id' => $host->id]);
$this->instance(DatabasePasswordService::class, $mock = Mockery::mock(DatabasePasswordService::class));
$this->instance(DatabaseManagementService::class, $mock2 = Mockery::mock(DatabaseManagementService::class));
@ -49,20 +49,20 @@ class DatabaseAuthorizationTest extends ClientApiIntegrationTestCase
$hashids = $this->app->make(HashidsInterface::class);
// This is the only valid call for this test, accessing the database for the same
// server that the API user is the owner of.
$this->actingAs($user)->json($method, $this->link($server1, "/databases/" . $hashids->encode($database1->id) . $endpoint))
$this->actingAs($user)->json($method, $this->link($server1, '/databases/' . $hashids->encode($database1->id) . $endpoint))
->assertStatus($method === 'DELETE' ? 204 : 200);
// This request fails because the database is valid for that server but the user
// making the request is not authorized to perform that action.
$this->actingAs($user)->json($method, $this->link($server2, "/databases/" . $hashids->encode($database2->id) . $endpoint))->assertForbidden();
$this->actingAs($user)->json($method, $this->link($server2, '/databases/' . $hashids->encode($database2->id) . $endpoint))->assertForbidden();
// Both of these should report a 404 error due to the database being linked to
// servers that are not the same as the server in the request, or are assigned
// to a server for which the user making the request has no access to.
$this->actingAs($user)->json($method, $this->link($server1, "/databases/" . $hashids->encode($database2->id) . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server1, "/databases/" . $hashids->encode($database3->id) . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server2, "/databases/" . $hashids->encode($database3->id) . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server3, "/databases/" . $hashids->encode($database3->id) . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server1, '/databases/' . $hashids->encode($database2->id) . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server1, '/databases/' . $hashids->encode($database3->id) . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server2, '/databases/' . $hashids->encode($database3->id) . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server3, '/databases/' . $hashids->encode($database3->id) . $endpoint))->assertNotFound();
}
/**
@ -71,8 +71,8 @@ class DatabaseAuthorizationTest extends ClientApiIntegrationTestCase
public function methodDataProvider(): array
{
return [
["POST", "/rotate-password"],
["DELETE", ""],
['POST', '/rotate-password'],
['DELETE', ''],
];
}
}

8
tests/Integration/Api/Client/Server/NetworkAllocationControllerTest.php
View file

@ -32,7 +32,7 @@ class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
public function testServerAllocationsAreNotReturnedWithoutPermission()
{
[$user, $server] = $this->generateTestAccount();
$user2 = factory(User::class)->create();
$user2 = User::factory()->create();
$server->owner_id = $user2->id;
$server->save();
@ -85,7 +85,7 @@ class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
public function testAllocationNotesCannotBeUpdatedByInvalidUsers()
{
[$user, $server] = $this->generateTestAccount();
$user2 = factory(User::class)->create();
$user2 = User::factory()->create();
$server->owner_id = $user2->id;
$server->save();
@ -105,7 +105,7 @@ class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
{
[$user, $server] = $this->generateTestAccount($permissions);
$allocation = $server->allocation;
$allocation2 = factory(Allocation::class)->create(['node_id' => $server->node_id, 'server_id' => $server->id]);
$allocation2 = Allocation::factory()->create(['node_id' => $server->node_id, 'server_id' => $server->id]);
$server->allocation_id = $allocation->id;
$server->save();
@ -121,7 +121,7 @@ class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
public function testPrimaryAllocationCannotBeModifiedByInvalidUser()
{
[$user, $server] = $this->generateTestAccount();
$user2 = factory(User::class)->create();
$user2 = User::factory()->create();
$server->owner_id = $user2->id;
$server->save();

8
tests/Integration/Api/Client/Server/Schedule/DeleteServerScheduleTest.php
View file

@ -20,8 +20,8 @@ class DeleteServerScheduleTest extends ClientApiIntegrationTestCase
{
[$user, $server] = $this->generateTestAccount($permissions);
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
$task = factory(Task::class)->create(['schedule_id' => $schedule->id]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
$task = Task::factory()->create(['schedule_id' => $schedule->id]);
$this->actingAs($user)
->deleteJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}")
@ -52,7 +52,7 @@ class DeleteServerScheduleTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount();
[, $server2] = $this->generateTestAccount(['user_id' => $user->id]);
$schedule = factory(Schedule::class)->create(['server_id' => $server2->id]);
$schedule = Schedule::factory()->create(['server_id' => $server2->id]);
$this->actingAs($user)
->deleteJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}")
@ -69,7 +69,7 @@ class DeleteServerScheduleTest extends ClientApiIntegrationTestCase
{
[$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_UPDATE]);
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
$this->actingAs($user)
->deleteJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}")

10
tests/Integration/Api/Client/Server/Schedule/ExecuteScheduleTest.php
View file

@ -25,7 +25,7 @@ class ExecuteScheduleTest extends ClientApiIntegrationTestCase
Bus::fake();
/** @var \Pterodactyl\Models\Schedule $schedule */
$schedule = factory(Schedule::class)->create([
$schedule = Schedule::factory()->create([
'server_id' => $server->id,
]);
@ -35,7 +35,7 @@ class ExecuteScheduleTest extends ClientApiIntegrationTestCase
$response->assertJsonPath('errors.0.detail', 'Cannot process schedule for task execution: no tasks are registered.');
/** @var \Pterodactyl\Models\Task $task */
$task = factory(Task::class)->create([
$task = Task::factory()->create([
'schedule_id' => $schedule->id,
'sequence_id' => 1,
'time_offset' => 2,
@ -60,12 +60,12 @@ class ExecuteScheduleTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount();
/** @var \Pterodactyl\Models\Schedule $schedule */
$schedule = factory(Schedule::class)->create([
$schedule = Schedule::factory()->create([
'server_id' => $server->id,
'is_active' => false,
]);
$response = $this->actingAs($user)->postJson($this->link($schedule, "/execute"));
$response = $this->actingAs($user)->postJson($this->link($schedule, '/execute'));
$response->assertStatus(Response::HTTP_BAD_REQUEST);
$response->assertJsonPath('errors.0.code', 'BadRequestHttpException');
@ -80,7 +80,7 @@ class ExecuteScheduleTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_CREATE]);
/** @var \Pterodactyl\Models\Schedule $schedule */
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
$this->actingAs($user)->postJson($this->link($schedule, '/execute'))->assertForbidden();
}

8
tests/Integration/Api/Client/Server/Schedule/GetServerSchedulesTest.php
View file

@ -32,9 +32,9 @@ class GetServerSchedulesTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount($permissions);
/** @var \Pterodactyl\Models\Schedule $schedule */
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
/** @var \Pterodactyl\Models\Task $task */
$task = factory(Task::class)->create(['schedule_id' => $schedule->id, 'sequence_id' => 1, 'time_offset' => 0]);
$task = Task::factory()->create(['schedule_id' => $schedule->id, 'sequence_id' => 1, 'time_offset' => 0]);
$response = $this->actingAs($user)
->getJson(
@ -66,7 +66,7 @@ class GetServerSchedulesTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount();
[, $server2] = $this->generateTestAccount(['user_id' => $user->id]);
$schedule = factory(Schedule::class)->create(['server_id' => $server2->id]);
$schedule = Schedule::factory()->create(['server_id' => $server2->id]);
$this->actingAs($user)
->getJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}")
@ -84,7 +84,7 @@ class GetServerSchedulesTest extends ClientApiIntegrationTestCase
->getJson("/api/client/servers/{$server->uuid}/schedules")
->assertForbidden();
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
$this->actingAs($user)
->getJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}")

30
tests/Integration/Api/Client/Server/Schedule/ScheduleAuthorizationTest.php
View file

@ -32,28 +32,28 @@ class ScheduleAuthorizationTest extends ClientApiIntegrationTestCase
// Set the API $user as a subuser of server 2, but with no permissions
// to do anything with the schedules for that server.
factory(Subuser::class)->create(['server_id' => $server2->id, 'user_id' => $user->id]);
Subuser::factory()->create(['server_id' => $server2->id, 'user_id' => $user->id]);
$schedule1 = factory(Schedule::class)->create(['server_id' => $server1->id]);
$schedule2 = factory(Schedule::class)->create(['server_id' => $server2->id]);
$schedule3 = factory(Schedule::class)->create(['server_id' => $server3->id]);
$schedule1 = Schedule::factory()->create(['server_id' => $server1->id]);
$schedule2 = Schedule::factory()->create(['server_id' => $server2->id]);
$schedule3 = Schedule::factory()->create(['server_id' => $server3->id]);
// This is the only valid call for this test, accessing the schedule for the same
// server that the API user is the owner of.
$response = $this->actingAs($user)->json($method, $this->link($server1, "/schedules/" . $schedule1->id . $endpoint));
$response = $this->actingAs($user)->json($method, $this->link($server1, '/schedules/' . $schedule1->id . $endpoint));
$this->assertTrue($response->status() <= 204 || $response->status() === 400 || $response->status() === 422);
// This request fails because the schedule is valid for that server but the user
// making the request is not authorized to perform that action.
$this->actingAs($user)->json($method, $this->link($server2, "/schedules/" . $schedule2->id . $endpoint))->assertForbidden();
$this->actingAs($user)->json($method, $this->link($server2, '/schedules/' . $schedule2->id . $endpoint))->assertForbidden();
// Both of these should report a 404 error due to the schedules being linked to
// servers that are not the same as the server in the request, or are assigned
// to a server for which the user making the request has no access to.
$this->actingAs($user)->json($method, $this->link($server1, "/schedules/" . $schedule2->id . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server1, "/schedules/" . $schedule3->id . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server2, "/schedules/" . $schedule3->id . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server3, "/schedules/" . $schedule3->id . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server1, '/schedules/' . $schedule2->id . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server1, '/schedules/' . $schedule3->id . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server2, '/schedules/' . $schedule3->id . $endpoint))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server3, '/schedules/' . $schedule3->id . $endpoint))->assertNotFound();
}
/**
@ -62,11 +62,11 @@ class ScheduleAuthorizationTest extends ClientApiIntegrationTestCase
public function methodDataProvider(): array
{
return [
["GET", ""],
["POST", ""],
["DELETE", ""],
["POST", "/execute"],
["POST", "/tasks"],
['GET', ''],
['POST', ''],
['DELETE', ''],
['POST', '/execute'],
['POST', '/tasks'],
];
}
}

8
tests/Integration/Api/Client/Server/Schedule/UpdateServerScheduleTest.php
View file

@ -35,7 +35,7 @@ class UpdateServerScheduleTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount($permissions);
/** @var \Pterodactyl\Models\Schedule $schedule */
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
$expected = Utilities::getScheduleNextRunDate('5', '*', '*', '*', '*');
$response = $this->actingAs($user)
@ -60,7 +60,7 @@ class UpdateServerScheduleTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount();
[, $server2] = $this->generateTestAccount(['user_id' => $user->id]);
$schedule = factory(Schedule::class)->create(['server_id' => $server2->id]);
$schedule = Schedule::factory()->create(['server_id' => $server2->id]);
$this->actingAs($user)
->postJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}")
@ -75,7 +75,7 @@ class UpdateServerScheduleTest extends ClientApiIntegrationTestCase
{
[$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_CREATE]);
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
$this->actingAs($user)
->postJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}")
@ -93,7 +93,7 @@ class UpdateServerScheduleTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount();
/** @var \Pterodactyl\Models\Schedule $schedule */
$schedule = factory(Schedule::class)->create([
$schedule = Schedule::factory()->create([
'server_id' => $server->id,
'is_active' => true,
'is_processing' => true,

14
tests/Integration/Api/Client/Server/ScheduleTask/CreateServerScheduleTaskTest.php
View file

@ -21,7 +21,7 @@ class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount($permissions);
/** @var \Pterodactyl\Models\Schedule $schedule */
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
$this->assertEmpty($schedule->tasks);
$response = $this->actingAs($user)->postJson($this->link($schedule, '/tasks'), [
@ -51,7 +51,7 @@ class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount();
/** @var \Pterodactyl\Models\Schedule $schedule */
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
$response = $this->actingAs($user)->postJson($this->link($schedule, '/tasks'))->assertStatus(Response::HTTP_UNPROCESSABLE_ENTITY);
@ -96,7 +96,7 @@ class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount();
/** @var \Pterodactyl\Models\Schedule $schedule */
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
$this->actingAs($user)->postJson($this->link($schedule, '/tasks'), [
'action' => 'backup',
@ -121,8 +121,8 @@ class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount();
/** @var \Pterodactyl\Models\Schedule $schedule */
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
factory(Task::class)->times(2)->create(['schedule_id' => $schedule->id]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
Task::factory()->times(2)->create(['schedule_id' => $schedule->id]);
$this->actingAs($user)->postJson($this->link($schedule, '/tasks'), [
'action' => 'command',
@ -144,7 +144,7 @@ class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
[, $server2] = $this->generateTestAccount(['user_id' => $user->id]);
/** @var \Pterodactyl\Models\Schedule $schedule */
$schedule = factory(Schedule::class)->create(['server_id' => $server2->id]);
$schedule = Schedule::factory()->create(['server_id' => $server2->id]);
$this->actingAs($user)
->postJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}/tasks")
@ -160,7 +160,7 @@ class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_CREATE]);
/** @var \Pterodactyl\Models\Schedule $schedule */
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
$this->actingAs($user)
->postJson($this->link($schedule, '/tasks'))

26
tests/Integration/Api/Client/Server/ScheduleTask/DeleteScheduleTaskTest.php
View file

@ -19,8 +19,8 @@ class DeleteScheduleTaskTest extends ClientApiIntegrationTestCase
$server2 = $this->createServerModel();
[$user] = $this->generateTestAccount();
$schedule = factory(Schedule::class)->create(['server_id' => $server2->id]);
$task = factory(Task::class)->create(['schedule_id' => $schedule->id]);
$schedule = Schedule::factory()->create(['server_id' => $server2->id]);
$task = Task::factory()->create(['schedule_id' => $schedule->id]);
$this->actingAs($user)->deleteJson($this->link($task))->assertNotFound();
}
@ -33,9 +33,9 @@ class DeleteScheduleTaskTest extends ClientApiIntegrationTestCase
{
[$user, $server] = $this->generateTestAccount();
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
$schedule2 = factory(Schedule::class)->create(['server_id' => $server->id]);
$task = factory(Task::class)->create(['schedule_id' => $schedule->id]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
$schedule2 = Schedule::factory()->create(['server_id' => $server->id]);
$task = Task::factory()->create(['schedule_id' => $schedule->id]);
$this->actingAs($user)->deleteJson("/api/client/servers/{$server->uuid}/schedules/{$schedule2->id}/tasks/{$task->id}")->assertNotFound();
}
@ -47,12 +47,12 @@ class DeleteScheduleTaskTest extends ClientApiIntegrationTestCase
{
[$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_CREATE]);
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
$task = factory(Task::class)->create(['schedule_id' => $schedule->id]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
$task = Task::factory()->create(['schedule_id' => $schedule->id]);
$this->actingAs($user)->deleteJson($this->link($task))->assertForbidden();
$user2 = factory(User::class)->create();
$user2 = User::factory()->create();
$this->actingAs($user2)->deleteJson($this->link($task))->assertNotFound();
}
@ -65,12 +65,12 @@ class DeleteScheduleTaskTest extends ClientApiIntegrationTestCase
{
[$user, $server] = $this->generateTestAccount();
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
$tasks = [
factory(Task::class)->create(['schedule_id' => $schedule->id, 'sequence_id' => 1]),
factory(Task::class)->create(['schedule_id' => $schedule->id, 'sequence_id' => 2]),
factory(Task::class)->create(['schedule_id' => $schedule->id, 'sequence_id' => 3]),
factory(Task::class)->create(['schedule_id' => $schedule->id, 'sequence_id' => 4]),
Task::factory()->create(['schedule_id' => $schedule->id, 'sequence_id' => 1]),
Task::factory()->create(['schedule_id' => $schedule->id, 'sequence_id' => 2]),
Task::factory()->create(['schedule_id' => $schedule->id, 'sequence_id' => 3]),
Task::factory()->create(['schedule_id' => $schedule->id, 'sequence_id' => 4]),
];
$response = $this->actingAs($user)->deleteJson($this->link($tasks[1]));

8
tests/Integration/Api/Client/Server/Startup/GetStartupAndVariablesTest.php
View file

@ -34,7 +34,7 @@ class GetStartupAndVariablesTest extends ClientApiIntegrationTestCase
])->save();
$server = $server->refresh();
$response = $this->actingAs($user)->getJson($this->link($server) . "/startup");
$response = $this->actingAs($user)->getJson($this->link($server) . '/startup');
$response->assertOk();
$response->assertJsonPath('meta.startup_command', 'java bungeecord.jar --version [hidden]');
@ -53,10 +53,10 @@ class GetStartupAndVariablesTest extends ClientApiIntegrationTestCase
public function testStartupDataIsNotReturnedWithoutPermission()
{
[$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
$this->actingAs($user)->getJson($this->link($server) . "/startup")->assertForbidden();
$this->actingAs($user)->getJson($this->link($server) . '/startup')->assertForbidden();
$user2 = factory(User::class)->create();
$this->actingAs($user2)->getJson($this->link($server) . "/startup")->assertNotFound();
$user2 = User::factory()->create();
$this->actingAs($user2)->getJson($this->link($server) . '/startup')->assertNotFound();
}
/**

6
tests/Integration/Api/Client/Server/Startup/UpdateStartupVariableTest.php
View file

@ -145,10 +145,10 @@ class UpdateStartupVariableTest extends ClientApiIntegrationTestCase
public function testStartupVariableCannotBeUpdatedIfNotUserViewable()
{
[$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
$this->actingAs($user)->putJson($this->link($server) . "/startup/variable")->assertForbidden();
$this->actingAs($user)->putJson($this->link($server) . '/startup/variable')->assertForbidden();
$user2 = factory(User::class)->create();
$this->actingAs($user2)->putJson($this->link($server) . "/startup/variable")->assertNotFound();
$user2 = User::factory()->create();
$this->actingAs($user2)->putJson($this->link($server) . '/startup/variable')->assertNotFound();
}
/**

16
tests/Integration/Api/Client/Server/Subuser/CreateServerSubuserTest.php
View file

@ -24,7 +24,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
{
[$user, $server] = $this->generateTestAccount($permissions);
$response = $this->actingAs($user)->postJson($this->link($server) . "/users", [
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
'email' => $email = $this->faker->email,
'permissions' => [
Permission::ACTION_USER_CREATE,
@ -61,7 +61,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
Permission::ACTION_CONTROL_CONSOLE,
]);
$response = $this->actingAs($user)->postJson($this->link($server) . "/users", [
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
'email' => $email = $this->faker->email,
'permissions' => [
Permission::ACTION_USER_CREATE,
@ -83,7 +83,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
$email = str_repeat(Str::random(20), 9) . '1@gmail.com'; // 191 is the hard limit for the column in MySQL.
$response = $this->actingAs($user)->postJson($this->link($server) . "/users", [
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
'email' => $email,
'permissions' => [
Permission::ACTION_USER_CREATE,
@ -92,7 +92,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
$response->assertOk();
$response = $this->actingAs($user)->postJson($this->link($server) . "/users", [
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
'email' => $email . '.au',
'permissions' => [
Permission::ACTION_USER_CREATE,
@ -113,9 +113,9 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount();
/** @var \Pterodactyl\Models\User $existing */
$existing = factory(User::class)->create(['email' => $this->faker->email]);
$existing = User::factory()->create(['email' => $this->faker->email]);
$response = $this->actingAs($user)->postJson($this->link($server) . "/users", [
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
'email' => $existing->email,
'permissions' => [
Permission::ACTION_USER_CREATE,
@ -135,7 +135,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
{
[$user, $server] = $this->generateTestAccount();
$response = $this->actingAs($user)->postJson($this->link($server) . "/users", [
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
'email' => $email = $this->faker->email,
'permissions' => [
Permission::ACTION_USER_CREATE,
@ -144,7 +144,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
$response->assertOk();
$response = $this->actingAs($user)->postJson($this->link($server) . "/users", [
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
'email' => $email,
'permissions' => [
Permission::ACTION_USER_CREATE,

8
tests/Integration/Api/Client/Server/Subuser/DeleteSubuserTest.php
View file

@ -30,13 +30,13 @@ class DeleteSubuserTest extends ClientApiIntegrationTestCase
[$user, $server] = $this->generateTestAccount();
/** @var \Pterodactyl\Models\User $differentUser */
$differentUser = factory(User::class)->create();
$differentUser = User::factory()->create();
// Generate a UUID that lines up with a user in the database if it were to be cast to an int.
$uuid = $differentUser->id . str_repeat('a', strlen((string)$differentUser->id)) . substr(Uuid::uuid4()->toString(), 8);
$uuid = $differentUser->id . str_repeat('a', strlen((string) $differentUser->id)) . substr(Uuid::uuid4()->toString(), 8);
/** @var \Pterodactyl\Models\User $subuser */
$subuser = factory(User::class)->create(['uuid' => $uuid]);
$subuser = User::factory()->create(['uuid' => $uuid]);
Subuser::query()->forceCreate([
'user_id' => $subuser->id,
@ -52,7 +52,7 @@ class DeleteSubuserTest extends ClientApiIntegrationTestCase
// anything in the database.
$uuid = '18180000' . substr(Uuid::uuid4()->toString(), 8);
/** @var \Pterodactyl\Models\User $subuser */
$subuser = factory(User::class)->create(['uuid' => $uuid]);
$subuser = User::factory()->create(['uuid' => $uuid]);
Subuser::query()->forceCreate([
'user_id' => $subuser->id,

18
tests/Integration/Api/Client/Server/Subuser/SubuserAuthorizationTest.php
View file

@ -20,7 +20,7 @@ class SubuserAuthorizationTest extends ClientApiIntegrationTestCase
{
// Generic subuser, the specific resource we're trying to access.
/** @var \Pterodactyl\Models\User $internal */
$internal = factory(User::class)->create();
$internal = User::factory()->create();
// The API $user is the owner of $server1.
[$user, $server1] = $this->generateTestAccount();
@ -31,11 +31,11 @@ class SubuserAuthorizationTest extends ClientApiIntegrationTestCase
// Set the API $user as a subuser of server 2, but with no permissions
// to do anything with the subusers for that server.
factory(Subuser::class)->create(['server_id' => $server2->id, 'user_id' => $user->id]);
Subuser::factory()->create(['server_id' => $server2->id, 'user_id' => $user->id]);
factory(Subuser::class)->create(['server_id' => $server1->id, 'user_id' => $internal->id]);
factory(Subuser::class)->create(['server_id' => $server2->id, 'user_id' => $internal->id]);
factory(Subuser::class)->create(['server_id' => $server3->id, 'user_id' => $internal->id]);
Subuser::factory()->create(['server_id' => $server1->id, 'user_id' => $internal->id]);
Subuser::factory()->create(['server_id' => $server2->id, 'user_id' => $internal->id]);
Subuser::factory()->create(['server_id' => $server3->id, 'user_id' => $internal->id]);
$this->instance(DaemonServerRepository::class, $mock = Mockery::mock(DaemonServerRepository::class));
if ($method === 'DELETE') {
@ -43,12 +43,12 @@ class SubuserAuthorizationTest extends ClientApiIntegrationTestCase
}
// This route is acceptable since they're accessing a subuser on their own server.
$this->actingAs($user)->json($method, $this->link($server1, "/users/" . $internal->uuid))->assertStatus($method === 'POST' ? 422 : ($method === 'DELETE' ? 204 : 200));
$this->actingAs($user)->json($method, $this->link($server1, '/users/' . $internal->uuid))->assertStatus($method === 'POST' ? 422 : ($method === 'DELETE' ? 204 : 200));
// This route can be revealed since the subuser belongs to the correct server, but
// errors out with a 403 since $user does not have the right permissions for this.
$this->actingAs($user)->json($method, $this->link($server2, "/users/" . $internal->uuid))->assertForbidden();
$this->actingAs($user)->json($method, $this->link($server3, "/users/" . $internal->uuid))->assertNotFound();
$this->actingAs($user)->json($method, $this->link($server2, '/users/' . $internal->uuid))->assertForbidden();
$this->actingAs($user)->json($method, $this->link($server3, '/users/' . $internal->uuid))->assertNotFound();
}
/**
@ -56,6 +56,6 @@ class SubuserAuthorizationTest extends ClientApiIntegrationTestCase
*/
public function methodDataProvider(): array
{
return [["GET"], ["POST"], ["DELETE"]];
return [['GET'], ['POST'], ['DELETE']];
}
}

47
tests/Integration/Api/Client/Server/WebsocketControllerTest.php
View file

@ -2,12 +2,13 @@
namespace Pterodactyl\Tests\Integration\Api\Client\Server;
use Carbon\Carbon;
use Lcobucci\JWT\Parser;
use Carbon\CarbonImmutable;
use Illuminate\Http\Response;
use Lcobucci\JWT\Configuration;
use Pterodactyl\Models\Permission;
use Lcobucci\JWT\Signer\Hmac\Sha256;
use Lcobucci\JWT\Signer\Key\InMemory;
use Lcobucci\JWT\Validation\Constraint\SignedWith;
use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
class WebsocketControllerTest extends ClientApiIntegrationTestCase
@ -32,8 +33,6 @@ class WebsocketControllerTest extends ClientApiIntegrationTestCase
*/
public function testJwtAndWebsocketUrlAreReturnedForServerOwner()
{
CarbonImmutable::setTestNow(Carbon::now());
/** @var \Pterodactyl\Models\User $user */
/** @var \Pterodactyl\Models\Server $server */
[$user, $server] = $this->generateTestAccount();
@ -51,22 +50,33 @@ class WebsocketControllerTest extends ClientApiIntegrationTestCase
$this->assertStringStartsWith('wss://', $connection, 'Failed asserting that websocket connection address has expected "wss://" prefix.');
$this->assertStringEndsWith("/api/servers/{$server->uuid}/ws", $connection, 'Failed asserting that websocket connection address uses expected Wings endpoint.');
$token = (new Parser)->parse($response->json('data.token'));
$config = Configuration::forSymmetricSigner(new Sha256, $key = InMemory::plainText($server->node->getDecryptedKey()));
$config->setValidationConstraints(new SignedWith(new Sha256, $key));
/** @var \Lcobucci\JWT\Token\Plain $token */
$token = $config->parser()->parse($response->json('data.token'));
$this->assertTrue(
$token->verify(new Sha256, $server->node->getDecryptedKey()),
$config->validator()->validate($token, ...$config->validationConstraints()),
'Failed to validate that the JWT data returned was signed using the Node\'s secret key.'
);
// The way we generate times for the JWT will truncate the microseconds from the
// time, but CarbonImmutable::now() will include them, thus causing test failures.
//
// This little chunk of logic just strips those out by generating a new CarbonImmutable
// instance from the current timestamp, which is how the JWT works. We also need to
// switch to UTC here for consistency.
$expect = CarbonImmutable::createFromTimestamp(CarbonImmutable::now()->getTimestamp())->timezone('UTC');
// Check that the claims are generated correctly.
$this->assertSame(config('app.url'), $token->getClaim('iss'));
$this->assertSame($server->node->getConnectionAddress(), $token->getClaim('aud'));
$this->assertSame(CarbonImmutable::now()->getTimestamp(), $token->getClaim('iat'));
$this->assertSame(CarbonImmutable::now()->subMinutes(5)->getTimestamp(), $token->getClaim('nbf'));
$this->assertSame(CarbonImmutable::now()->addMinutes(10)->getTimestamp(), $token->getClaim('exp'));
$this->assertSame($user->id, $token->getClaim('user_id'));
$this->assertSame($server->uuid, $token->getClaim('server_uuid'));
$this->assertSame(['*'], $token->getClaim('permissions'));
$this->assertTrue($token->hasBeenIssuedBy(config('app.url')));
$this->assertTrue($token->isPermittedFor($server->node->getConnectionAddress()));
$this->assertEquals($expect, $token->claims()->get('iat'));
$this->assertEquals($expect->subMinutes(5), $token->claims()->get('nbf'));
$this->assertEquals($expect->addMinutes(10), $token->claims()->get('exp'));
$this->assertSame($user->id, $token->claims()->get('user_id'));
$this->assertSame($server->uuid, $token->claims()->get('server_uuid'));
$this->assertSame(['*'], $token->claims()->get('permissions'));
}
/**
@ -85,14 +95,17 @@ class WebsocketControllerTest extends ClientApiIntegrationTestCase
$response->assertOk();
$response->assertJsonStructure(['data' => ['token', 'socket']]);
$token = (new Parser)->parse($response->json('data.token'));
$config = Configuration::forSymmetricSigner(new Sha256, $key = InMemory::plainText($server->node->getDecryptedKey()));
$config->setValidationConstraints(new SignedWith(new Sha256, $key));
/** @var \Lcobucci\JWT\Token\Plain $token */
$token = $config->parser()->parse($response->json('data.token'));
$this->assertTrue(
$token->verify(new Sha256, $server->node->getDecryptedKey()),
$config->validator()->validate($token, ...$config->validationConstraints()),
'Failed to validate that the JWT data returned was signed using the Node\'s secret key.'
);
// Check that the claims are generated correctly.
$this->assertSame($permissions, $token->getClaim('permissions'));
$this->assertSame($permissions, $token->claims()->get('permissions'));
}
}

12
tests/Integration/Api/Client/TwoFactorControllerTest.php
View file

@ -18,7 +18,7 @@ class TwoFactorControllerTest extends ClientApiIntegrationTestCase
public function testTwoFactorImageDataIsReturned()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create(['use_totp' => false]);
$user = User::factory()->create(['use_totp' => false]);
$this->assertFalse($user->use_totp);
$this->assertEmpty($user->totp_secret);
@ -42,7 +42,7 @@ class TwoFactorControllerTest extends ClientApiIntegrationTestCase
public function testErrorIsReturnedWhenTwoFactorIsAlreadyEnabled()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create(['use_totp' => true]);
$user = User::factory()->create(['use_totp' => true]);
$response = $this->actingAs($user)->getJson('/api/client/account/two-factor');
@ -57,7 +57,7 @@ class TwoFactorControllerTest extends ClientApiIntegrationTestCase
public function testValidationErrorIsReturnedIfInvalidDataIsPassedToEnabled2FA()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create(['use_totp' => false]);
$user = User::factory()->create(['use_totp' => false]);
$response = $this->actingAs($user)->postJson('/api/client/account/two-factor', [
'code' => '',
@ -74,7 +74,7 @@ class TwoFactorControllerTest extends ClientApiIntegrationTestCase
public function testTwoFactorCanBeEnabledOnAccount()
{
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create(['use_totp' => false]);
$user = User::factory()->create(['use_totp' => false]);
// Make the initial call to get the account setup for 2FA.
$this->actingAs($user)->getJson('/api/client/account/two-factor')->assertOk();
@ -126,7 +126,7 @@ class TwoFactorControllerTest extends ClientApiIntegrationTestCase
Carbon::setTestNow(Carbon::now());
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create(['use_totp' => true]);
$user = User::factory()->create(['use_totp' => true]);
$response = $this->actingAs($user)->deleteJson('/api/client/account/two-factor', [
'password' => 'invalid',
@ -157,7 +157,7 @@ class TwoFactorControllerTest extends ClientApiIntegrationTestCase
Carbon::setTestNow(Carbon::now());
/** @var \Pterodactyl\Models\User $user */
$user = factory(User::class)->create(['use_totp' => false]);
$user = User::factory()->create(['use_totp' => false]);
$response = $this->actingAs($user)->deleteJson('/api/client/account/two-factor', [
'password' => 'password',