Update to Laravel 8
Co-authored-by: Matthew Penner <me@matthewp.io>
This commit is contained in:
Dane Everitt
parent
028921b42a
commit
a043071e3c
211 changed files with 4394 additions and 2933 deletions
|
|
@ -3,7 +3,6 @@
|
|||
namespace Pterodactyl\Tests\Integration\Api\Client\Server\Allocation;
|
||||
|
||||
use Pterodactyl\Models\Subuser;
|
||||
use Pterodactyl\Models\Schedule;
|
||||
use Pterodactyl\Models\Allocation;
|
||||
use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
|
||||
|
|
@ -25,28 +24,28 @@ class AllocationAuthorizationTest extends ClientApiIntegrationTestCase
|
|||
|
||||
// Set the API $user as a subuser of server 2, but with no permissions
|
||||
// to do anything with the allocations for that server.
|
||||
factory(Subuser::class)->create(['server_id' => $server2->id, 'user_id' => $user->id]);
|
||||
Subuser::factory()->create(['server_id' => $server2->id, 'user_id' => $user->id]);
|
||||
|
||||
$allocation1 = factory(Allocation::class)->create(['server_id' => $server1->id, 'node_id' => $server1->node_id]);
|
||||
$allocation2 = factory(Allocation::class)->create(['server_id' => $server2->id, 'node_id' => $server2->node_id]);
|
||||
$allocation3 = factory(Allocation::class)->create(['server_id' => $server3->id, 'node_id' => $server3->node_id]);
|
||||
$allocation1 = Allocation::factory()->create(['server_id' => $server1->id, 'node_id' => $server1->node_id]);
|
||||
$allocation2 = Allocation::factory()->create(['server_id' => $server2->id, 'node_id' => $server2->node_id]);
|
||||
$allocation3 = Allocation::factory()->create(['server_id' => $server3->id, 'node_id' => $server3->node_id]);
|
||||
|
||||
// This is the only valid call for this test, accessing the allocation for the same
|
||||
// server that the API user is the owner of.
|
||||
$response = $this->actingAs($user)->json($method, $this->link($server1, "/network/allocations/" . $allocation1->id . $endpoint));
|
||||
$response = $this->actingAs($user)->json($method, $this->link($server1, '/network/allocations/' . $allocation1->id . $endpoint));
|
||||
$this->assertTrue($response->status() <= 204 || $response->status() === 400 || $response->status() === 422);
|
||||
|
||||
// This request fails because the allocation is valid for that server but the user
|
||||
// making the request is not authorized to perform that action.
|
||||
$this->actingAs($user)->json($method, $this->link($server2, "/network/allocations/" . $allocation2->id . $endpoint))->assertForbidden();
|
||||
$this->actingAs($user)->json($method, $this->link($server2, '/network/allocations/' . $allocation2->id . $endpoint))->assertForbidden();
|
||||
|
||||
// Both of these should report a 404 error due to the allocations being linked to
|
||||
// servers that are not the same as the server in the request, or are assigned
|
||||
// to a server for which the user making the request has no access to.
|
||||
$this->actingAs($user)->json($method, $this->link($server1, "/network/allocations/" . $allocation2->id . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server1, "/network/allocations/" . $allocation3->id . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server2, "/network/allocations/" . $allocation3->id . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server3, "/network/allocations/" . $allocation3->id . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server1, '/network/allocations/' . $allocation2->id . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server1, '/network/allocations/' . $allocation3->id . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server2, '/network/allocations/' . $allocation3->id . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server3, '/network/allocations/' . $allocation3->id . $endpoint))->assertNotFound();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -55,9 +54,9 @@ class AllocationAuthorizationTest extends ClientApiIntegrationTestCase
|
|||
public function methodDataProvider(): array
|
||||
{
|
||||
return [
|
||||
["POST", ""],
|
||||
["DELETE", ""],
|
||||
["POST", "/primary"],
|
||||
['POST', ''],
|
||||
['DELETE', ''],
|
||||
['POST', '/primary'],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
namespace Pterodactyl\Tests\Integration\Api\Client\Server\Allocation;
|
||||
|
||||
use Illuminate\Http\Response;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Models\Allocation;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
|
||||
class CreateNewAllocationTest extends ClientApiIntegrationTestCase
|
||||
|
|
@ -33,7 +33,7 @@ class CreateNewAllocationTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount($permission);
|
||||
$server->update(['allocation_limit' => 2]);
|
||||
|
||||
$response = $this->actingAs($user)->postJson($this->link($server, "/network/allocations"));
|
||||
$response = $this->actingAs($user)->postJson($this->link($server, '/network/allocations'));
|
||||
$response->assertJsonPath('object', Allocation::RESOURCE_NAME);
|
||||
|
||||
$matched = Allocation::query()->findOrFail($response->json('attributes.id'));
|
||||
|
|
@ -52,7 +52,7 @@ class CreateNewAllocationTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_ALLOCATION_UPDATE]);
|
||||
$server->update(['allocation_limit' => 2]);
|
||||
|
||||
$this->actingAs($user)->postJson($this->link($server, "/network/allocations"))->assertForbidden();
|
||||
$this->actingAs($user)->postJson($this->link($server, '/network/allocations'))->assertForbidden();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -66,7 +66,7 @@ class CreateNewAllocationTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount();
|
||||
$server->update(['allocation_limit' => 2]);
|
||||
|
||||
$this->actingAs($user)->postJson($this->link($server, "/network/allocations"))
|
||||
$this->actingAs($user)->postJson($this->link($server, '/network/allocations'))
|
||||
->assertStatus(Response::HTTP_BAD_REQUEST)
|
||||
->assertJsonPath('errors.0.code', 'AutoAllocationNotEnabledException')
|
||||
->assertJsonPath('errors.0.detail', 'Server auto-allocation is not enabled for this instance.');
|
||||
|
|
@ -81,7 +81,7 @@ class CreateNewAllocationTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount();
|
||||
$server->update(['allocation_limit' => 1]);
|
||||
|
||||
$this->actingAs($user)->postJson($this->link($server, "/network/allocations"))
|
||||
$this->actingAs($user)->postJson($this->link($server, '/network/allocations'))
|
||||
->assertStatus(Response::HTTP_BAD_REQUEST)
|
||||
->assertJsonPath('errors.0.code', 'DisplayException')
|
||||
->assertJsonPath('errors.0.detail', 'Cannot assign additional allocations to this server: limit has been reached.');
|
||||
|
|
|
|||
|
|
@ -3,8 +3,8 @@
|
|||
namespace Pterodactyl\Tests\Integration\Api\Client\Server\Allocation;
|
||||
|
||||
use Illuminate\Http\Response;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Models\Allocation;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
|
||||
class DeleteAllocationTest extends ClientApiIntegrationTestCase
|
||||
|
|
@ -22,7 +22,7 @@ class DeleteAllocationTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount($permission);
|
||||
|
||||
/** @var \Pterodactyl\Models\Allocation $allocation */
|
||||
$allocation = factory(Allocation::class)->create([
|
||||
$allocation = Allocation::factory()->create([
|
||||
'server_id' => $server->id,
|
||||
'node_id' => $server->node_id,
|
||||
'notes' => 'hodor',
|
||||
|
|
@ -42,7 +42,7 @@ class DeleteAllocationTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_ALLOCATION_CREATE]);
|
||||
|
||||
/** @var \Pterodactyl\Models\Allocation $allocation */
|
||||
$allocation = factory(Allocation::class)->create([
|
||||
$allocation = Allocation::factory()->create([
|
||||
'server_id' => $server->id,
|
||||
'node_id' => $server->node_id,
|
||||
'notes' => 'hodor',
|
||||
|
|
|
|||
|
|
@ -27,11 +27,11 @@ class BackupAuthorizationTest extends ClientApiIntegrationTestCase
|
|||
|
||||
// Set the API $user as a subuser of server 2, but with no permissions
|
||||
// to do anything with the backups for that server.
|
||||
factory(Subuser::class)->create(['server_id' => $server2->id, 'user_id' => $user->id]);
|
||||
Subuser::factory()->create(['server_id' => $server2->id, 'user_id' => $user->id]);
|
||||
|
||||
$backup1 = factory(Backup::class)->create(['server_id' => $server1->id, 'completed_at' => CarbonImmutable::now()]);
|
||||
$backup2 = factory(Backup::class)->create(['server_id' => $server2->id, 'completed_at' => CarbonImmutable::now()]);
|
||||
$backup3 = factory(Backup::class)->create(['server_id' => $server3->id, 'completed_at' => CarbonImmutable::now()]);
|
||||
$backup1 = Backup::factory()->create(['server_id' => $server1->id, 'completed_at' => CarbonImmutable::now()]);
|
||||
$backup2 = Backup::factory()->create(['server_id' => $server2->id, 'completed_at' => CarbonImmutable::now()]);
|
||||
$backup3 = Backup::factory()->create(['server_id' => $server3->id, 'completed_at' => CarbonImmutable::now()]);
|
||||
|
||||
$this->instance(DeleteBackupService::class, $mock = Mockery::mock(DeleteBackupService::class));
|
||||
|
||||
|
|
@ -41,20 +41,20 @@ class BackupAuthorizationTest extends ClientApiIntegrationTestCase
|
|||
|
||||
// This is the only valid call for this test, accessing the backup for the same
|
||||
// server that the API user is the owner of.
|
||||
$this->actingAs($user)->json($method, $this->link($server1, "/backups/" . $backup1->uuid . $endpoint))
|
||||
$this->actingAs($user)->json($method, $this->link($server1, '/backups/' . $backup1->uuid . $endpoint))
|
||||
->assertStatus($method === 'DELETE' ? 204 : 200);
|
||||
|
||||
// This request fails because the backup is valid for that server but the user
|
||||
// making the request is not authorized to perform that action.
|
||||
$this->actingAs($user)->json($method, $this->link($server2, "/backups/" . $backup2->uuid . $endpoint))->assertForbidden();
|
||||
$this->actingAs($user)->json($method, $this->link($server2, '/backups/' . $backup2->uuid . $endpoint))->assertForbidden();
|
||||
|
||||
// Both of these should report a 404 error due to the backup being linked to
|
||||
// servers that are not the same as the server in the request, or are assigned
|
||||
// to a server for which the user making the request has no access to.
|
||||
$this->actingAs($user)->json($method, $this->link($server1, "/backups/" . $backup2->uuid . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server1, "/backups/" . $backup3->uuid . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server2, "/backups/" . $backup3->uuid . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server3, "/backups/" . $backup3->uuid . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server1, '/backups/' . $backup2->uuid . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server1, '/backups/' . $backup3->uuid . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server2, '/backups/' . $backup3->uuid . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server3, '/backups/' . $backup3->uuid . $endpoint))->assertNotFound();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -63,9 +63,9 @@ class BackupAuthorizationTest extends ClientApiIntegrationTestCase
|
|||
public function methodDataProvider(): array
|
||||
{
|
||||
return [
|
||||
["GET", ""],
|
||||
["GET", "/download"],
|
||||
["DELETE", ""],
|
||||
['GET', ''],
|
||||
['GET', '/download'],
|
||||
['DELETE', ''],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,15 +27,15 @@ class DatabaseAuthorizationTest extends ClientApiIntegrationTestCase
|
|||
// And as no access to $server3.
|
||||
$server3 = $this->createServerModel();
|
||||
|
||||
$host = factory(DatabaseHost::class)->create([]);
|
||||
$host = DatabaseHost::factory()->create([]);
|
||||
|
||||
// Set the API $user as a subuser of server 2, but with no permissions
|
||||
// to do anything with the databases for that server.
|
||||
factory(Subuser::class)->create(['server_id' => $server2->id, 'user_id' => $user->id]);
|
||||
Subuser::factory()->create(['server_id' => $server2->id, 'user_id' => $user->id]);
|
||||
|
||||
$database1 = factory(Database::class)->create(['server_id' => $server1->id, 'database_host_id' => $host->id]);
|
||||
$database2 = factory(Database::class)->create(['server_id' => $server2->id, 'database_host_id' => $host->id]);
|
||||
$database3 = factory(Database::class)->create(['server_id' => $server3->id, 'database_host_id' => $host->id]);
|
||||
$database1 = Database::factory()->create(['server_id' => $server1->id, 'database_host_id' => $host->id]);
|
||||
$database2 = Database::factory()->create(['server_id' => $server2->id, 'database_host_id' => $host->id]);
|
||||
$database3 = Database::factory()->create(['server_id' => $server3->id, 'database_host_id' => $host->id]);
|
||||
|
||||
$this->instance(DatabasePasswordService::class, $mock = Mockery::mock(DatabasePasswordService::class));
|
||||
$this->instance(DatabaseManagementService::class, $mock2 = Mockery::mock(DatabaseManagementService::class));
|
||||
|
|
@ -49,20 +49,20 @@ class DatabaseAuthorizationTest extends ClientApiIntegrationTestCase
|
|||
$hashids = $this->app->make(HashidsInterface::class);
|
||||
// This is the only valid call for this test, accessing the database for the same
|
||||
// server that the API user is the owner of.
|
||||
$this->actingAs($user)->json($method, $this->link($server1, "/databases/" . $hashids->encode($database1->id) . $endpoint))
|
||||
$this->actingAs($user)->json($method, $this->link($server1, '/databases/' . $hashids->encode($database1->id) . $endpoint))
|
||||
->assertStatus($method === 'DELETE' ? 204 : 200);
|
||||
|
||||
// This request fails because the database is valid for that server but the user
|
||||
// making the request is not authorized to perform that action.
|
||||
$this->actingAs($user)->json($method, $this->link($server2, "/databases/" . $hashids->encode($database2->id) . $endpoint))->assertForbidden();
|
||||
$this->actingAs($user)->json($method, $this->link($server2, '/databases/' . $hashids->encode($database2->id) . $endpoint))->assertForbidden();
|
||||
|
||||
// Both of these should report a 404 error due to the database being linked to
|
||||
// servers that are not the same as the server in the request, or are assigned
|
||||
// to a server for which the user making the request has no access to.
|
||||
$this->actingAs($user)->json($method, $this->link($server1, "/databases/" . $hashids->encode($database2->id) . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server1, "/databases/" . $hashids->encode($database3->id) . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server2, "/databases/" . $hashids->encode($database3->id) . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server3, "/databases/" . $hashids->encode($database3->id) . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server1, '/databases/' . $hashids->encode($database2->id) . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server1, '/databases/' . $hashids->encode($database3->id) . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server2, '/databases/' . $hashids->encode($database3->id) . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server3, '/databases/' . $hashids->encode($database3->id) . $endpoint))->assertNotFound();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -71,8 +71,8 @@ class DatabaseAuthorizationTest extends ClientApiIntegrationTestCase
|
|||
public function methodDataProvider(): array
|
||||
{
|
||||
return [
|
||||
["POST", "/rotate-password"],
|
||||
["DELETE", ""],
|
||||
['POST', '/rotate-password'],
|
||||
['DELETE', ''],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
|
|||
public function testServerAllocationsAreNotReturnedWithoutPermission()
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount();
|
||||
$user2 = factory(User::class)->create();
|
||||
$user2 = User::factory()->create();
|
||||
|
||||
$server->owner_id = $user2->id;
|
||||
$server->save();
|
||||
|
|
@ -85,7 +85,7 @@ class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
|
|||
public function testAllocationNotesCannotBeUpdatedByInvalidUsers()
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount();
|
||||
$user2 = factory(User::class)->create();
|
||||
$user2 = User::factory()->create();
|
||||
|
||||
$server->owner_id = $user2->id;
|
||||
$server->save();
|
||||
|
|
@ -105,7 +105,7 @@ class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
|
|||
{
|
||||
[$user, $server] = $this->generateTestAccount($permissions);
|
||||
$allocation = $server->allocation;
|
||||
$allocation2 = factory(Allocation::class)->create(['node_id' => $server->node_id, 'server_id' => $server->id]);
|
||||
$allocation2 = Allocation::factory()->create(['node_id' => $server->node_id, 'server_id' => $server->id]);
|
||||
|
||||
$server->allocation_id = $allocation->id;
|
||||
$server->save();
|
||||
|
|
@ -121,7 +121,7 @@ class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
|
|||
public function testPrimaryAllocationCannotBeModifiedByInvalidUser()
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount();
|
||||
$user2 = factory(User::class)->create();
|
||||
$user2 = User::factory()->create();
|
||||
|
||||
$server->owner_id = $user2->id;
|
||||
$server->save();
|
||||
|
|
|
|||
|
|
@ -20,8 +20,8 @@ class DeleteServerScheduleTest extends ClientApiIntegrationTestCase
|
|||
{
|
||||
[$user, $server] = $this->generateTestAccount($permissions);
|
||||
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
|
||||
$task = factory(Task::class)->create(['schedule_id' => $schedule->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
$task = Task::factory()->create(['schedule_id' => $schedule->id]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->deleteJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}")
|
||||
|
|
@ -52,7 +52,7 @@ class DeleteServerScheduleTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount();
|
||||
[, $server2] = $this->generateTestAccount(['user_id' => $user->id]);
|
||||
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server2->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server2->id]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->deleteJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}")
|
||||
|
|
@ -69,7 +69,7 @@ class DeleteServerScheduleTest extends ClientApiIntegrationTestCase
|
|||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_UPDATE]);
|
||||
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->deleteJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}")
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ class ExecuteScheduleTest extends ClientApiIntegrationTestCase
|
|||
Bus::fake();
|
||||
|
||||
/** @var \Pterodactyl\Models\Schedule $schedule */
|
||||
$schedule = factory(Schedule::class)->create([
|
||||
$schedule = Schedule::factory()->create([
|
||||
'server_id' => $server->id,
|
||||
]);
|
||||
|
||||
|
|
@ -35,7 +35,7 @@ class ExecuteScheduleTest extends ClientApiIntegrationTestCase
|
|||
$response->assertJsonPath('errors.0.detail', 'Cannot process schedule for task execution: no tasks are registered.');
|
||||
|
||||
/** @var \Pterodactyl\Models\Task $task */
|
||||
$task = factory(Task::class)->create([
|
||||
$task = Task::factory()->create([
|
||||
'schedule_id' => $schedule->id,
|
||||
'sequence_id' => 1,
|
||||
'time_offset' => 2,
|
||||
|
|
@ -60,12 +60,12 @@ class ExecuteScheduleTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount();
|
||||
|
||||
/** @var \Pterodactyl\Models\Schedule $schedule */
|
||||
$schedule = factory(Schedule::class)->create([
|
||||
$schedule = Schedule::factory()->create([
|
||||
'server_id' => $server->id,
|
||||
'is_active' => false,
|
||||
]);
|
||||
|
||||
$response = $this->actingAs($user)->postJson($this->link($schedule, "/execute"));
|
||||
$response = $this->actingAs($user)->postJson($this->link($schedule, '/execute'));
|
||||
|
||||
$response->assertStatus(Response::HTTP_BAD_REQUEST);
|
||||
$response->assertJsonPath('errors.0.code', 'BadRequestHttpException');
|
||||
|
|
@ -80,7 +80,7 @@ class ExecuteScheduleTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_CREATE]);
|
||||
|
||||
/** @var \Pterodactyl\Models\Schedule $schedule */
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
|
||||
$this->actingAs($user)->postJson($this->link($schedule, '/execute'))->assertForbidden();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -32,9 +32,9 @@ class GetServerSchedulesTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount($permissions);
|
||||
|
||||
/** @var \Pterodactyl\Models\Schedule $schedule */
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
/** @var \Pterodactyl\Models\Task $task */
|
||||
$task = factory(Task::class)->create(['schedule_id' => $schedule->id, 'sequence_id' => 1, 'time_offset' => 0]);
|
||||
$task = Task::factory()->create(['schedule_id' => $schedule->id, 'sequence_id' => 1, 'time_offset' => 0]);
|
||||
|
||||
$response = $this->actingAs($user)
|
||||
->getJson(
|
||||
|
|
@ -66,7 +66,7 @@ class GetServerSchedulesTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount();
|
||||
[, $server2] = $this->generateTestAccount(['user_id' => $user->id]);
|
||||
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server2->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server2->id]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->getJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}")
|
||||
|
|
@ -84,7 +84,7 @@ class GetServerSchedulesTest extends ClientApiIntegrationTestCase
|
|||
->getJson("/api/client/servers/{$server->uuid}/schedules")
|
||||
->assertForbidden();
|
||||
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->getJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}")
|
||||
|
|
|
|||
|
|
@ -32,28 +32,28 @@ class ScheduleAuthorizationTest extends ClientApiIntegrationTestCase
|
|||
|
||||
// Set the API $user as a subuser of server 2, but with no permissions
|
||||
// to do anything with the schedules for that server.
|
||||
factory(Subuser::class)->create(['server_id' => $server2->id, 'user_id' => $user->id]);
|
||||
Subuser::factory()->create(['server_id' => $server2->id, 'user_id' => $user->id]);
|
||||
|
||||
$schedule1 = factory(Schedule::class)->create(['server_id' => $server1->id]);
|
||||
$schedule2 = factory(Schedule::class)->create(['server_id' => $server2->id]);
|
||||
$schedule3 = factory(Schedule::class)->create(['server_id' => $server3->id]);
|
||||
$schedule1 = Schedule::factory()->create(['server_id' => $server1->id]);
|
||||
$schedule2 = Schedule::factory()->create(['server_id' => $server2->id]);
|
||||
$schedule3 = Schedule::factory()->create(['server_id' => $server3->id]);
|
||||
|
||||
// This is the only valid call for this test, accessing the schedule for the same
|
||||
// server that the API user is the owner of.
|
||||
$response = $this->actingAs($user)->json($method, $this->link($server1, "/schedules/" . $schedule1->id . $endpoint));
|
||||
$response = $this->actingAs($user)->json($method, $this->link($server1, '/schedules/' . $schedule1->id . $endpoint));
|
||||
$this->assertTrue($response->status() <= 204 || $response->status() === 400 || $response->status() === 422);
|
||||
|
||||
// This request fails because the schedule is valid for that server but the user
|
||||
// making the request is not authorized to perform that action.
|
||||
$this->actingAs($user)->json($method, $this->link($server2, "/schedules/" . $schedule2->id . $endpoint))->assertForbidden();
|
||||
$this->actingAs($user)->json($method, $this->link($server2, '/schedules/' . $schedule2->id . $endpoint))->assertForbidden();
|
||||
|
||||
// Both of these should report a 404 error due to the schedules being linked to
|
||||
// servers that are not the same as the server in the request, or are assigned
|
||||
// to a server for which the user making the request has no access to.
|
||||
$this->actingAs($user)->json($method, $this->link($server1, "/schedules/" . $schedule2->id . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server1, "/schedules/" . $schedule3->id . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server2, "/schedules/" . $schedule3->id . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server3, "/schedules/" . $schedule3->id . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server1, '/schedules/' . $schedule2->id . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server1, '/schedules/' . $schedule3->id . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server2, '/schedules/' . $schedule3->id . $endpoint))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server3, '/schedules/' . $schedule3->id . $endpoint))->assertNotFound();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -62,11 +62,11 @@ class ScheduleAuthorizationTest extends ClientApiIntegrationTestCase
|
|||
public function methodDataProvider(): array
|
||||
{
|
||||
return [
|
||||
["GET", ""],
|
||||
["POST", ""],
|
||||
["DELETE", ""],
|
||||
["POST", "/execute"],
|
||||
["POST", "/tasks"],
|
||||
['GET', ''],
|
||||
['POST', ''],
|
||||
['DELETE', ''],
|
||||
['POST', '/execute'],
|
||||
['POST', '/tasks'],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ class UpdateServerScheduleTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount($permissions);
|
||||
|
||||
/** @var \Pterodactyl\Models\Schedule $schedule */
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
$expected = Utilities::getScheduleNextRunDate('5', '*', '*', '*', '*');
|
||||
|
||||
$response = $this->actingAs($user)
|
||||
|
|
@ -60,7 +60,7 @@ class UpdateServerScheduleTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount();
|
||||
[, $server2] = $this->generateTestAccount(['user_id' => $user->id]);
|
||||
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server2->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server2->id]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->postJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}")
|
||||
|
|
@ -75,7 +75,7 @@ class UpdateServerScheduleTest extends ClientApiIntegrationTestCase
|
|||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_CREATE]);
|
||||
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->postJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}")
|
||||
|
|
@ -93,7 +93,7 @@ class UpdateServerScheduleTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount();
|
||||
|
||||
/** @var \Pterodactyl\Models\Schedule $schedule */
|
||||
$schedule = factory(Schedule::class)->create([
|
||||
$schedule = Schedule::factory()->create([
|
||||
'server_id' => $server->id,
|
||||
'is_active' => true,
|
||||
'is_processing' => true,
|
||||
|
|
|
|||
|
|
@ -21,7 +21,7 @@ class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount($permissions);
|
||||
|
||||
/** @var \Pterodactyl\Models\Schedule $schedule */
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
$this->assertEmpty($schedule->tasks);
|
||||
|
||||
$response = $this->actingAs($user)->postJson($this->link($schedule, '/tasks'), [
|
||||
|
|
@ -51,7 +51,7 @@ class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount();
|
||||
|
||||
/** @var \Pterodactyl\Models\Schedule $schedule */
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
|
||||
$response = $this->actingAs($user)->postJson($this->link($schedule, '/tasks'))->assertStatus(Response::HTTP_UNPROCESSABLE_ENTITY);
|
||||
|
||||
|
|
@ -96,7 +96,7 @@ class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount();
|
||||
|
||||
/** @var \Pterodactyl\Models\Schedule $schedule */
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
|
||||
$this->actingAs($user)->postJson($this->link($schedule, '/tasks'), [
|
||||
'action' => 'backup',
|
||||
|
|
@ -121,8 +121,8 @@ class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount();
|
||||
|
||||
/** @var \Pterodactyl\Models\Schedule $schedule */
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
|
||||
factory(Task::class)->times(2)->create(['schedule_id' => $schedule->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
Task::factory()->times(2)->create(['schedule_id' => $schedule->id]);
|
||||
|
||||
$this->actingAs($user)->postJson($this->link($schedule, '/tasks'), [
|
||||
'action' => 'command',
|
||||
|
|
@ -144,7 +144,7 @@ class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
|
|||
[, $server2] = $this->generateTestAccount(['user_id' => $user->id]);
|
||||
|
||||
/** @var \Pterodactyl\Models\Schedule $schedule */
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server2->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server2->id]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->postJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}/tasks")
|
||||
|
|
@ -160,7 +160,7 @@ class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_CREATE]);
|
||||
|
||||
/** @var \Pterodactyl\Models\Schedule $schedule */
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
|
||||
$this->actingAs($user)
|
||||
->postJson($this->link($schedule, '/tasks'))
|
||||
|
|
|
|||
|
|
@ -19,8 +19,8 @@ class DeleteScheduleTaskTest extends ClientApiIntegrationTestCase
|
|||
$server2 = $this->createServerModel();
|
||||
[$user] = $this->generateTestAccount();
|
||||
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server2->id]);
|
||||
$task = factory(Task::class)->create(['schedule_id' => $schedule->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server2->id]);
|
||||
$task = Task::factory()->create(['schedule_id' => $schedule->id]);
|
||||
|
||||
$this->actingAs($user)->deleteJson($this->link($task))->assertNotFound();
|
||||
}
|
||||
|
|
@ -33,9 +33,9 @@ class DeleteScheduleTaskTest extends ClientApiIntegrationTestCase
|
|||
{
|
||||
[$user, $server] = $this->generateTestAccount();
|
||||
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
|
||||
$schedule2 = factory(Schedule::class)->create(['server_id' => $server->id]);
|
||||
$task = factory(Task::class)->create(['schedule_id' => $schedule->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
$schedule2 = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
$task = Task::factory()->create(['schedule_id' => $schedule->id]);
|
||||
|
||||
$this->actingAs($user)->deleteJson("/api/client/servers/{$server->uuid}/schedules/{$schedule2->id}/tasks/{$task->id}")->assertNotFound();
|
||||
}
|
||||
|
|
@ -47,12 +47,12 @@ class DeleteScheduleTaskTest extends ClientApiIntegrationTestCase
|
|||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_CREATE]);
|
||||
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
|
||||
$task = factory(Task::class)->create(['schedule_id' => $schedule->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
$task = Task::factory()->create(['schedule_id' => $schedule->id]);
|
||||
|
||||
$this->actingAs($user)->deleteJson($this->link($task))->assertForbidden();
|
||||
|
||||
$user2 = factory(User::class)->create();
|
||||
$user2 = User::factory()->create();
|
||||
|
||||
$this->actingAs($user2)->deleteJson($this->link($task))->assertNotFound();
|
||||
}
|
||||
|
|
@ -65,12 +65,12 @@ class DeleteScheduleTaskTest extends ClientApiIntegrationTestCase
|
|||
{
|
||||
[$user, $server] = $this->generateTestAccount();
|
||||
|
||||
$schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
|
||||
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
|
||||
$tasks = [
|
||||
factory(Task::class)->create(['schedule_id' => $schedule->id, 'sequence_id' => 1]),
|
||||
factory(Task::class)->create(['schedule_id' => $schedule->id, 'sequence_id' => 2]),
|
||||
factory(Task::class)->create(['schedule_id' => $schedule->id, 'sequence_id' => 3]),
|
||||
factory(Task::class)->create(['schedule_id' => $schedule->id, 'sequence_id' => 4]),
|
||||
Task::factory()->create(['schedule_id' => $schedule->id, 'sequence_id' => 1]),
|
||||
Task::factory()->create(['schedule_id' => $schedule->id, 'sequence_id' => 2]),
|
||||
Task::factory()->create(['schedule_id' => $schedule->id, 'sequence_id' => 3]),
|
||||
Task::factory()->create(['schedule_id' => $schedule->id, 'sequence_id' => 4]),
|
||||
];
|
||||
|
||||
$response = $this->actingAs($user)->deleteJson($this->link($tasks[1]));
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ class GetStartupAndVariablesTest extends ClientApiIntegrationTestCase
|
|||
])->save();
|
||||
$server = $server->refresh();
|
||||
|
||||
$response = $this->actingAs($user)->getJson($this->link($server) . "/startup");
|
||||
$response = $this->actingAs($user)->getJson($this->link($server) . '/startup');
|
||||
|
||||
$response->assertOk();
|
||||
$response->assertJsonPath('meta.startup_command', 'java bungeecord.jar --version [hidden]');
|
||||
|
|
@ -53,10 +53,10 @@ class GetStartupAndVariablesTest extends ClientApiIntegrationTestCase
|
|||
public function testStartupDataIsNotReturnedWithoutPermission()
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
|
||||
$this->actingAs($user)->getJson($this->link($server) . "/startup")->assertForbidden();
|
||||
$this->actingAs($user)->getJson($this->link($server) . '/startup')->assertForbidden();
|
||||
|
||||
$user2 = factory(User::class)->create();
|
||||
$this->actingAs($user2)->getJson($this->link($server) . "/startup")->assertNotFound();
|
||||
$user2 = User::factory()->create();
|
||||
$this->actingAs($user2)->getJson($this->link($server) . '/startup')->assertNotFound();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -145,10 +145,10 @@ class UpdateStartupVariableTest extends ClientApiIntegrationTestCase
|
|||
public function testStartupVariableCannotBeUpdatedIfNotUserViewable()
|
||||
{
|
||||
[$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
|
||||
$this->actingAs($user)->putJson($this->link($server) . "/startup/variable")->assertForbidden();
|
||||
$this->actingAs($user)->putJson($this->link($server) . '/startup/variable')->assertForbidden();
|
||||
|
||||
$user2 = factory(User::class)->create();
|
||||
$this->actingAs($user2)->putJson($this->link($server) . "/startup/variable")->assertNotFound();
|
||||
$user2 = User::factory()->create();
|
||||
$this->actingAs($user2)->putJson($this->link($server) . '/startup/variable')->assertNotFound();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
|
|||
{
|
||||
[$user, $server] = $this->generateTestAccount($permissions);
|
||||
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . "/users", [
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
|
||||
'email' => $email = $this->faker->email,
|
||||
'permissions' => [
|
||||
Permission::ACTION_USER_CREATE,
|
||||
|
|
@ -61,7 +61,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
|
|||
Permission::ACTION_CONTROL_CONSOLE,
|
||||
]);
|
||||
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . "/users", [
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
|
||||
'email' => $email = $this->faker->email,
|
||||
'permissions' => [
|
||||
Permission::ACTION_USER_CREATE,
|
||||
|
|
@ -83,7 +83,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
|
|||
|
||||
$email = str_repeat(Str::random(20), 9) . '1@gmail.com'; // 191 is the hard limit for the column in MySQL.
|
||||
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . "/users", [
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
|
||||
'email' => $email,
|
||||
'permissions' => [
|
||||
Permission::ACTION_USER_CREATE,
|
||||
|
|
@ -92,7 +92,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
|
|||
|
||||
$response->assertOk();
|
||||
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . "/users", [
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
|
||||
'email' => $email . '.au',
|
||||
'permissions' => [
|
||||
Permission::ACTION_USER_CREATE,
|
||||
|
|
@ -113,9 +113,9 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount();
|
||||
|
||||
/** @var \Pterodactyl\Models\User $existing */
|
||||
$existing = factory(User::class)->create(['email' => $this->faker->email]);
|
||||
$existing = User::factory()->create(['email' => $this->faker->email]);
|
||||
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . "/users", [
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
|
||||
'email' => $existing->email,
|
||||
'permissions' => [
|
||||
Permission::ACTION_USER_CREATE,
|
||||
|
|
@ -135,7 +135,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
|
|||
{
|
||||
[$user, $server] = $this->generateTestAccount();
|
||||
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . "/users", [
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
|
||||
'email' => $email = $this->faker->email,
|
||||
'permissions' => [
|
||||
Permission::ACTION_USER_CREATE,
|
||||
|
|
@ -144,7 +144,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
|
|||
|
||||
$response->assertOk();
|
||||
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . "/users", [
|
||||
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
|
||||
'email' => $email,
|
||||
'permissions' => [
|
||||
Permission::ACTION_USER_CREATE,
|
||||
|
|
|
|||
|
|
@ -30,13 +30,13 @@ class DeleteSubuserTest extends ClientApiIntegrationTestCase
|
|||
[$user, $server] = $this->generateTestAccount();
|
||||
|
||||
/** @var \Pterodactyl\Models\User $differentUser */
|
||||
$differentUser = factory(User::class)->create();
|
||||
$differentUser = User::factory()->create();
|
||||
|
||||
// Generate a UUID that lines up with a user in the database if it were to be cast to an int.
|
||||
$uuid = $differentUser->id . str_repeat('a', strlen((string)$differentUser->id)) . substr(Uuid::uuid4()->toString(), 8);
|
||||
$uuid = $differentUser->id . str_repeat('a', strlen((string) $differentUser->id)) . substr(Uuid::uuid4()->toString(), 8);
|
||||
|
||||
/** @var \Pterodactyl\Models\User $subuser */
|
||||
$subuser = factory(User::class)->create(['uuid' => $uuid]);
|
||||
$subuser = User::factory()->create(['uuid' => $uuid]);
|
||||
|
||||
Subuser::query()->forceCreate([
|
||||
'user_id' => $subuser->id,
|
||||
|
|
@ -52,7 +52,7 @@ class DeleteSubuserTest extends ClientApiIntegrationTestCase
|
|||
// anything in the database.
|
||||
$uuid = '18180000' . substr(Uuid::uuid4()->toString(), 8);
|
||||
/** @var \Pterodactyl\Models\User $subuser */
|
||||
$subuser = factory(User::class)->create(['uuid' => $uuid]);
|
||||
$subuser = User::factory()->create(['uuid' => $uuid]);
|
||||
|
||||
Subuser::query()->forceCreate([
|
||||
'user_id' => $subuser->id,
|
||||
|
|
|
|||
|
|
@ -20,7 +20,7 @@ class SubuserAuthorizationTest extends ClientApiIntegrationTestCase
|
|||
{
|
||||
// Generic subuser, the specific resource we're trying to access.
|
||||
/** @var \Pterodactyl\Models\User $internal */
|
||||
$internal = factory(User::class)->create();
|
||||
$internal = User::factory()->create();
|
||||
|
||||
// The API $user is the owner of $server1.
|
||||
[$user, $server1] = $this->generateTestAccount();
|
||||
|
|
@ -31,11 +31,11 @@ class SubuserAuthorizationTest extends ClientApiIntegrationTestCase
|
|||
|
||||
// Set the API $user as a subuser of server 2, but with no permissions
|
||||
// to do anything with the subusers for that server.
|
||||
factory(Subuser::class)->create(['server_id' => $server2->id, 'user_id' => $user->id]);
|
||||
Subuser::factory()->create(['server_id' => $server2->id, 'user_id' => $user->id]);
|
||||
|
||||
factory(Subuser::class)->create(['server_id' => $server1->id, 'user_id' => $internal->id]);
|
||||
factory(Subuser::class)->create(['server_id' => $server2->id, 'user_id' => $internal->id]);
|
||||
factory(Subuser::class)->create(['server_id' => $server3->id, 'user_id' => $internal->id]);
|
||||
Subuser::factory()->create(['server_id' => $server1->id, 'user_id' => $internal->id]);
|
||||
Subuser::factory()->create(['server_id' => $server2->id, 'user_id' => $internal->id]);
|
||||
Subuser::factory()->create(['server_id' => $server3->id, 'user_id' => $internal->id]);
|
||||
|
||||
$this->instance(DaemonServerRepository::class, $mock = Mockery::mock(DaemonServerRepository::class));
|
||||
if ($method === 'DELETE') {
|
||||
|
|
@ -43,12 +43,12 @@ class SubuserAuthorizationTest extends ClientApiIntegrationTestCase
|
|||
}
|
||||
|
||||
// This route is acceptable since they're accessing a subuser on their own server.
|
||||
$this->actingAs($user)->json($method, $this->link($server1, "/users/" . $internal->uuid))->assertStatus($method === 'POST' ? 422 : ($method === 'DELETE' ? 204 : 200));
|
||||
$this->actingAs($user)->json($method, $this->link($server1, '/users/' . $internal->uuid))->assertStatus($method === 'POST' ? 422 : ($method === 'DELETE' ? 204 : 200));
|
||||
|
||||
// This route can be revealed since the subuser belongs to the correct server, but
|
||||
// errors out with a 403 since $user does not have the right permissions for this.
|
||||
$this->actingAs($user)->json($method, $this->link($server2, "/users/" . $internal->uuid))->assertForbidden();
|
||||
$this->actingAs($user)->json($method, $this->link($server3, "/users/" . $internal->uuid))->assertNotFound();
|
||||
$this->actingAs($user)->json($method, $this->link($server2, '/users/' . $internal->uuid))->assertForbidden();
|
||||
$this->actingAs($user)->json($method, $this->link($server3, '/users/' . $internal->uuid))->assertNotFound();
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -56,6 +56,6 @@ class SubuserAuthorizationTest extends ClientApiIntegrationTestCase
|
|||
*/
|
||||
public function methodDataProvider(): array
|
||||
{
|
||||
return [["GET"], ["POST"], ["DELETE"]];
|
||||
return [['GET'], ['POST'], ['DELETE']];
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,12 +2,13 @@
|
|||
|
||||
namespace Pterodactyl\Tests\Integration\Api\Client\Server;
|
||||
|
||||
use Carbon\Carbon;
|
||||
use Lcobucci\JWT\Parser;
|
||||
use Carbon\CarbonImmutable;
|
||||
use Illuminate\Http\Response;
|
||||
use Lcobucci\JWT\Configuration;
|
||||
use Pterodactyl\Models\Permission;
|
||||
use Lcobucci\JWT\Signer\Hmac\Sha256;
|
||||
use Lcobucci\JWT\Signer\Key\InMemory;
|
||||
use Lcobucci\JWT\Validation\Constraint\SignedWith;
|
||||
use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
|
||||
|
||||
class WebsocketControllerTest extends ClientApiIntegrationTestCase
|
||||
|
|
@ -32,8 +33,6 @@ class WebsocketControllerTest extends ClientApiIntegrationTestCase
|
|||
*/
|
||||
public function testJwtAndWebsocketUrlAreReturnedForServerOwner()
|
||||
{
|
||||
CarbonImmutable::setTestNow(Carbon::now());
|
||||
|
||||
/** @var \Pterodactyl\Models\User $user */
|
||||
/** @var \Pterodactyl\Models\Server $server */
|
||||
[$user, $server] = $this->generateTestAccount();
|
||||
|
|
@ -51,22 +50,33 @@ class WebsocketControllerTest extends ClientApiIntegrationTestCase
|
|||
$this->assertStringStartsWith('wss://', $connection, 'Failed asserting that websocket connection address has expected "wss://" prefix.');
|
||||
$this->assertStringEndsWith("/api/servers/{$server->uuid}/ws", $connection, 'Failed asserting that websocket connection address uses expected Wings endpoint.');
|
||||
|
||||
$token = (new Parser)->parse($response->json('data.token'));
|
||||
$config = Configuration::forSymmetricSigner(new Sha256, $key = InMemory::plainText($server->node->getDecryptedKey()));
|
||||
$config->setValidationConstraints(new SignedWith(new Sha256, $key));
|
||||
/** @var \Lcobucci\JWT\Token\Plain $token */
|
||||
$token = $config->parser()->parse($response->json('data.token'));
|
||||
|
||||
$this->assertTrue(
|
||||
$token->verify(new Sha256, $server->node->getDecryptedKey()),
|
||||
$config->validator()->validate($token, ...$config->validationConstraints()),
|
||||
'Failed to validate that the JWT data returned was signed using the Node\'s secret key.'
|
||||
);
|
||||
|
||||
// The way we generate times for the JWT will truncate the microseconds from the
|
||||
// time, but CarbonImmutable::now() will include them, thus causing test failures.
|
||||
//
|
||||
// This little chunk of logic just strips those out by generating a new CarbonImmutable
|
||||
// instance from the current timestamp, which is how the JWT works. We also need to
|
||||
// switch to UTC here for consistency.
|
||||
$expect = CarbonImmutable::createFromTimestamp(CarbonImmutable::now()->getTimestamp())->timezone('UTC');
|
||||
|
||||
// Check that the claims are generated correctly.
|
||||
$this->assertSame(config('app.url'), $token->getClaim('iss'));
|
||||
$this->assertSame($server->node->getConnectionAddress(), $token->getClaim('aud'));
|
||||
$this->assertSame(CarbonImmutable::now()->getTimestamp(), $token->getClaim('iat'));
|
||||
$this->assertSame(CarbonImmutable::now()->subMinutes(5)->getTimestamp(), $token->getClaim('nbf'));
|
||||
$this->assertSame(CarbonImmutable::now()->addMinutes(10)->getTimestamp(), $token->getClaim('exp'));
|
||||
$this->assertSame($user->id, $token->getClaim('user_id'));
|
||||
$this->assertSame($server->uuid, $token->getClaim('server_uuid'));
|
||||
$this->assertSame(['*'], $token->getClaim('permissions'));
|
||||
$this->assertTrue($token->hasBeenIssuedBy(config('app.url')));
|
||||
$this->assertTrue($token->isPermittedFor($server->node->getConnectionAddress()));
|
||||
$this->assertEquals($expect, $token->claims()->get('iat'));
|
||||
$this->assertEquals($expect->subMinutes(5), $token->claims()->get('nbf'));
|
||||
$this->assertEquals($expect->addMinutes(10), $token->claims()->get('exp'));
|
||||
$this->assertSame($user->id, $token->claims()->get('user_id'));
|
||||
$this->assertSame($server->uuid, $token->claims()->get('server_uuid'));
|
||||
$this->assertSame(['*'], $token->claims()->get('permissions'));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -85,14 +95,17 @@ class WebsocketControllerTest extends ClientApiIntegrationTestCase
|
|||
$response->assertOk();
|
||||
$response->assertJsonStructure(['data' => ['token', 'socket']]);
|
||||
|
||||
$token = (new Parser)->parse($response->json('data.token'));
|
||||
$config = Configuration::forSymmetricSigner(new Sha256, $key = InMemory::plainText($server->node->getDecryptedKey()));
|
||||
$config->setValidationConstraints(new SignedWith(new Sha256, $key));
|
||||
/** @var \Lcobucci\JWT\Token\Plain $token */
|
||||
$token = $config->parser()->parse($response->json('data.token'));
|
||||
|
||||
$this->assertTrue(
|
||||
$token->verify(new Sha256, $server->node->getDecryptedKey()),
|
||||
$config->validator()->validate($token, ...$config->validationConstraints()),
|
||||
'Failed to validate that the JWT data returned was signed using the Node\'s secret key.'
|
||||
);
|
||||
|
||||
// Check that the claims are generated correctly.
|
||||
$this->assertSame($permissions, $token->getClaim('permissions'));
|
||||
$this->assertSame($permissions, $token->claims()->get('permissions'));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue