Update transformers and controllers to no longer pull an API key attribute
This commit is contained in:
DaneEveritt
parent
bd37978a98
commit
e9c633fd03
9 changed files with 91 additions and 173 deletions
|
|
@ -3,6 +3,7 @@
|
|||
namespace Pterodactyl\Tests\Integration\Api\Application;
|
||||
|
||||
use Pterodactyl\Models\User;
|
||||
use Illuminate\Http\Request;
|
||||
use PHPUnit\Framework\Assert;
|
||||
use Pterodactyl\Models\ApiKey;
|
||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||
|
|
@ -110,9 +111,12 @@ abstract class ApplicationApiIntegrationTestCase extends IntegrationTestCase
|
|||
*/
|
||||
protected function getTransformer(string $abstract): BaseTransformer
|
||||
{
|
||||
/** @var \Pterodactyl\Transformers\Api\Application\BaseTransformer $transformer */
|
||||
$transformer = $this->app->make($abstract);
|
||||
$transformer->setKey($this->getApiKey());
|
||||
$request = Request::createFromGlobals();
|
||||
$request->setUserResolver(function () {
|
||||
return $this->getApiKey()->user;
|
||||
});
|
||||
|
||||
$transformer = $abstract::fromRequest($request);
|
||||
|
||||
Assert::assertInstanceOf(BaseTransformer::class, $transformer);
|
||||
Assert::assertNotInstanceOf(BaseClientTransformer::class, $transformer);
|
||||
|
|
|
|||
|
|
@ -1,73 +0,0 @@
|
|||
<?php
|
||||
|
||||
namespace Pterodactyl\Tests\Unit\Http\Middleware\Api;
|
||||
|
||||
use Pterodactyl\Models\ApiKey;
|
||||
use Pterodactyl\Http\Middleware\Api\AuthenticateIPAccess;
|
||||
use Pterodactyl\Tests\Unit\Http\Middleware\MiddlewareTestCase;
|
||||
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
||||
|
||||
class AuthenticateIPAccessTest extends MiddlewareTestCase
|
||||
{
|
||||
/**
|
||||
* Test middleware when there are no IP restrictions.
|
||||
*/
|
||||
public function testWithNoIPRestrictions()
|
||||
{
|
||||
$model = ApiKey::factory()->make(['allowed_ips' => []]);
|
||||
$this->setRequestAttribute('api_key', $model);
|
||||
|
||||
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
|
||||
}
|
||||
|
||||
/**
|
||||
* Test middleware works correctly when a valid IP accesses
|
||||
* and there is an IP restriction.
|
||||
*/
|
||||
public function testWithValidIP()
|
||||
{
|
||||
$model = ApiKey::factory()->make(['allowed_ips' => ['127.0.0.1']]);
|
||||
$this->setRequestAttribute('api_key', $model);
|
||||
|
||||
$this->request->shouldReceive('ip')->withNoArgs()->once()->andReturn('127.0.0.1');
|
||||
|
||||
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that a CIDR range can be used.
|
||||
*/
|
||||
public function testValidIPAgainstCIDRRange()
|
||||
{
|
||||
$model = ApiKey::factory()->make(['allowed_ips' => ['192.168.1.1/28']]);
|
||||
$this->setRequestAttribute('api_key', $model);
|
||||
|
||||
$this->request->shouldReceive('ip')->withNoArgs()->once()->andReturn('192.168.1.15');
|
||||
|
||||
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
|
||||
}
|
||||
|
||||
/**
|
||||
* Test that an exception is thrown when an invalid IP address
|
||||
* tries to connect and there is an IP restriction.
|
||||
*/
|
||||
public function testWithInvalidIP()
|
||||
{
|
||||
$this->expectException(AccessDeniedHttpException::class);
|
||||
|
||||
$model = ApiKey::factory()->make(['allowed_ips' => ['127.0.0.1']]);
|
||||
$this->setRequestAttribute('api_key', $model);
|
||||
|
||||
$this->request->shouldReceive('ip')->withNoArgs()->twice()->andReturn('127.0.0.2');
|
||||
|
||||
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
|
||||
}
|
||||
|
||||
/**
|
||||
* Return an instance of the middleware to be used when testing.
|
||||
*/
|
||||
private function getMiddleware(): AuthenticateIPAccess
|
||||
{
|
||||
return new AuthenticateIPAccess();
|
||||
}
|
||||
}
|
||||
Reference in a new issue