Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

API key UI changes and backend storage of the keys

Browse source
This commit is contained in:
Dane Everitt 2017-11-19 13:32:17 -06:00
parent 69e67b5e2d
commit 47e14ccaae
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
11 changed files with 136 additions and 160 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -3,6 +3,10 @@ This file is a running track of new features and fixes to each version of the pa
This project follows [Semantic Versioning](http://semver.org) guidelines. This project follows [Semantic Versioning](http://semver.org) guidelines.
## v0.7.0-beta.3 (Derelict Dermodactylus)
### Changed
* API keys have been changed to only use a single public key passed in a bearer token. All existing keys can continue being used, however only the first 32 characters should be sent.
## v0.7.0-beta.2 (Derelict Dermodactylus) ## v0.7.0-beta.2 (Derelict Dermodactylus)
### Fixed ### Fixed
* `[beta.1]` — Fixes a CORS header issue due to a wrong API endpoint being provided in the administrative node listing. * `[beta.1]` — Fixes a CORS header issue due to a wrong API endpoint being provided in the administrative node listing.

27
app/Http/Controllers/Base/APIController.php
View file

@ -1,27 +1,4 @@
<?php <?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>
* Some Modifications (c) 2015 Dylan Seidt <dylan.seidt@gmail.com>.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
namespace Pterodactyl\Http\Controllers\Base; namespace Pterodactyl\Http\Controllers\Base;
@ -120,7 +97,7 @@ class APIController extends Controller
'memo' => $request->input('memo'), 'memo' => $request->input('memo'),
], $request->input('permissions', []), $adminPermissions); ], $request->input('permissions', []), $adminPermissions);
$this->alert->success(trans('base.api.index.keypair_created', ['token' => $secret]))->flash(); $this->alert->success(trans('base.api.index.keypair_created'))->flash();
return redirect()->route('account.api'); return redirect()->route('account.api');
} }
@ -136,7 +113,7 @@ class APIController extends Controller
{ {
$this->repository->deleteWhere([ $this->repository->deleteWhere([
['user_id', '=', $request->user()->id], ['user_id', '=', $request->user()->id],
['public', '=', $key], ['token', '=', $key],
]); ]);
return response('', 204); return response('', 204);

40
app/Http/Middleware/API/AuthenticateKey.php Normal file
View file

@ -0,0 +1,40 @@
<?php
namespace Pterodactyl\Http\Middleware\API;
use Closure;
use Illuminate\Http\Request;
use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface;
class AuthenticateKey
{
/**
* @var \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface
*/
private $repository;
/**
* AuthenticateKey constructor.
*
* @param \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface $repository
*/
public function __construct(ApiKeyRepositoryInterface $repository)
{
$this->repository = $repository;
}
/**
* Handle an API request by verifying that the provided API key
* is in a valid format, and the route being accessed is allowed
* for the given key.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*/
public function handle(Request $request, Closure $next)
{
$this->repository->findFirstWhere([
'',
]);
}
}

15
app/Models/APIKey.php
View file

@ -19,6 +19,8 @@ class APIKey extends Model implements CleansAttributes, ValidableContract
{ {
use Eloquence, Validable; use Eloquence, Validable;
const KEY_LENGTH = 32;
/** /**
* The table associated with the model. * The table associated with the model.
* *
@ -26,13 +28,6 @@ class APIKey extends Model implements CleansAttributes, ValidableContract
*/ */
protected $table = 'api_keys'; protected $table = 'api_keys';
/**
* The attributes excluded from the model's JSON form.
*
* @var array
*/
protected $hidden = ['secret'];
/** /**
* Cast values to correct type. * Cast values to correct type.
* *
@ -57,8 +52,7 @@ class APIKey extends Model implements CleansAttributes, ValidableContract
protected static $applicationRules = [ protected static $applicationRules = [
'memo' => 'required', 'memo' => 'required',
'user_id' => 'required', 'user_id' => 'required',
'secret' => 'required', 'token' => 'required',
'public' => 'required',
]; ];
/** /**
@ -68,8 +62,7 @@ class APIKey extends Model implements CleansAttributes, ValidableContract
*/ */
protected static $dataIntegrityRules = [ protected static $dataIntegrityRules = [
'user_id' => 'exists:users,id', 'user_id' => 'exists:users,id',
'public' => 'string|size:16', 'token' => 'string|size:32',
'secret' => 'string',
'memo' => 'nullable|string|max:500', 'memo' => 'nullable|string|max:500',
'allowed_ips' => 'nullable|json', 'allowed_ips' => 'nullable|json',
'expires_at' => 'nullable|datetime', 'expires_at' => 'nullable|datetime',

43
app/Services/Api/KeyCreationService.php
View file

@ -1,60 +1,42 @@
<?php <?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
namespace Pterodactyl\Services\Api; namespace Pterodactyl\Services\Api;
use Pterodactyl\Models\APIKey;
use Illuminate\Database\ConnectionInterface; use Illuminate\Database\ConnectionInterface;
use Illuminate\Contracts\Encryption\Encrypter;
use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface; use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface;
class KeyCreationService class KeyCreationService
{ {
const PUB_CRYPTO_LENGTH = 16;
const PRIV_CRYPTO_LENGTH = 64;
/** /**
* @var \Illuminate\Database\ConnectionInterface * @var \Illuminate\Database\ConnectionInterface
*/ */
protected $connection; private $connection;
/**
* @var \Illuminate\Contracts\Encryption\Encrypter
*/
protected $encrypter;
/** /**
* @var \Pterodactyl\Services\Api\PermissionService * @var \Pterodactyl\Services\Api\PermissionService
*/ */
protected $permissionService; private $permissionService;
/** /**
* @var \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface * @var \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface
*/ */
protected $repository; private $repository;
/** /**
* ApiKeyService constructor. * ApiKeyService constructor.
* *
* @param \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface $repository * @param \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface $repository
* @param \Illuminate\Database\ConnectionInterface $connection * @param \Illuminate\Database\ConnectionInterface $connection
* @param \Illuminate\Contracts\Encryption\Encrypter $encrypter
* @param \Pterodactyl\Services\Api\PermissionService $permissionService * @param \Pterodactyl\Services\Api\PermissionService $permissionService
*/ */
public function __construct( public function __construct(
ApiKeyRepositoryInterface $repository, ApiKeyRepositoryInterface $repository,
ConnectionInterface $connection, ConnectionInterface $connection,
Encrypter $encrypter,
PermissionService $permissionService PermissionService $permissionService
) { ) {
$this->repository = $repository; $this->repository = $repository;
$this->connection = $connection; $this->connection = $connection;
$this->encrypter = $encrypter;
$this->permissionService = $permissionService; $this->permissionService = $permissionService;
} }
@ -64,24 +46,17 @@ class KeyCreationService
* @param array $data * @param array $data
* @param array $permissions * @param array $permissions
* @param array $administrative * @param array $administrative
* @return string * @return \Pterodactyl\Models\APIKey
* *
* @throws \Exception * @throws \Exception
* @throws \Pterodactyl\Exceptions\Model\DataValidationException * @throws \Pterodactyl\Exceptions\Model\DataValidationException
*/ */
public function handle(array $data, array $permissions, array $administrative = []) public function handle(array $data, array $permissions, array $administrative = []): APIKey
{ {
$publicKey = str_random(self::PUB_CRYPTO_LENGTH); $token = str_random(APIKey::KEY_LENGTH);
$secretKey = str_random(self::PRIV_CRYPTO_LENGTH); $data = array_merge($data, ['token' => $token]);
// Start a Transaction
$this->connection->beginTransaction(); $this->connection->beginTransaction();
$data = array_merge($data, [
'public' => $publicKey,
'secret' => $this->encrypter->encrypt($secretKey),
]);
$instance = $this->repository->create($data, true, true); $instance = $this->repository->create($data, true, true);
$nodes = $this->permissionService->getPermissions(); $nodes = $this->permissionService->getPermissions();
@ -115,6 +90,6 @@ class KeyCreationService
$this->connection->commit(); $this->connection->commit();
return $secretKey; return $instance;
} }
} }

11
database/factories/ModelFactory.php
View file

@ -221,3 +221,14 @@ $factory->define(Pterodactyl\Models\DaemonKey::class, function (Faker\Generator
'expires_at' => \Carbon\Carbon::now()->addMinutes(10)->toDateTimeString(), 'expires_at' => \Carbon\Carbon::now()->addMinutes(10)->toDateTimeString(),
]; ];
}); });
$factory->define(Pterodactyl\Models\APIKey::class, function (Faker\Generator $faker) {
return [
'id' => $faker->unique()->randomNumber(),
'user_id' => $faker->randomNumber(),
'token' => str_random(Pterodactyl\Models\APIKey::KEY_LENGTH),
'memo' => 'Test Function Key',
'created_at' => \Carbon\Carbon::now()->toDateTimeString(),
'updated_at' => \Carbon\Carbon::now()->toDateTimeString(),
];
});

2
resources/lang/en/base.php
View file

@ -33,7 +33,7 @@ return [
'header_sub' => 'Manage your API access keys.', 'header_sub' => 'Manage your API access keys.',
'list' => 'API Keys', 'list' => 'API Keys',
'create_new' => 'Create New API key', 'create_new' => 'Create New API key',
'keypair_created' => 'An API Key-Pair has been generated. Your API secret token is <code>:token</code>. Please take note of this key as it will not be displayed again.', 'keypair_created' => 'An API Key-Pair has been generated and is listed below.',
], ],
'new' => [ 'new' => [
'header' => 'New API Key', 'header' => 'New API Key',

2
resources/lang/en/strings.php
View file

@ -32,7 +32,7 @@ return [
'memo' => 'Memo', 'memo' => 'Memo',
'created' => 'Created', 'created' => 'Created',
'expires' => 'Expires', 'expires' => 'Expires',
'public_key' => 'Public key', 'public_key' => 'Token',
'api_access' => 'Api Access', 'api_access' => 'Api Access',
'never' => 'never', 'never' => 'never',
'sign_out' => 'Sign out', 'sign_out' => 'Sign out',

9
resources/themes/pterodactyl/base/api/index.blade.php
View file

@ -20,12 +20,7 @@
@section('content') @section('content')
<div class="row"> <div class="row">
<div class="col-xs-12"> <div class="col-xs-12">
<div class="alert alert-danger">
API functionality is disabled in this beta release.
</div>
<div class="box"> <div class="box">
<div class="overlay"></div>
<div class="box-header"> <div class="box-header">
<h3 class="box-title">@lang('base.api.index.list')</h3> <h3 class="box-title">@lang('base.api.index.list')</h3>
<div class="box-tools"> <div class="box-tools">
@ -44,7 +39,7 @@
</tr> </tr>
@foreach ($keys as $key) @foreach ($keys as $key)
<tr> <tr>
<td><code>{{ $key->public }}</code></td> <td><code>{{ $key->token }}</code></td>
<td>{{ $key->memo }}</td> <td>{{ $key->memo }}</td>
<td class="text-center hidden-sm hidden-xs"> <td class="text-center hidden-sm hidden-xs">
{{ (new Carbon($key->created_at))->toDayDateTimeString() }} {{ (new Carbon($key->created_at))->toDayDateTimeString() }}
@ -57,7 +52,7 @@
@endif @endif
</td> </td>
<td class="text-center"> <td class="text-center">
<a href="#delete" class="text-danger" data-action="delete" data-attr="{{ $key->public}}"><i class="fa fa-trash"></i></a> <a href="#delete" class="text-danger" data-action="delete" data-attr="{{ $key->token }}"><i class="fa fa-trash"></i></a>
</td> </td>
</tr> </tr>
@endforeach @endforeach

75
tests/Unit/Http/Controllers/Base/APIControllerTest.php
View file

@ -1,54 +1,34 @@
<?php <?php
/**
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
namespace Tests\Unit\Http\Controllers\Base; namespace Tests\Unit\Http\Controllers\Base;
use Mockery as m; use Mockery as m;
use Tests\TestCase;
use Illuminate\Http\Request;
use Pterodactyl\Models\User; use Pterodactyl\Models\User;
use Pterodactyl\Models\APIKey;
use Prologue\Alerts\AlertsMessageBag; use Prologue\Alerts\AlertsMessageBag;
use Tests\Assertions\ControllerAssertionsTrait;
use Pterodactyl\Services\Api\KeyCreationService; use Pterodactyl\Services\Api\KeyCreationService;
use Tests\Unit\Http\Controllers\ControllerTestCase;
use Pterodactyl\Http\Controllers\Base\APIController; use Pterodactyl\Http\Controllers\Base\APIController;
use Pterodactyl\Http\Requests\Base\ApiKeyFormRequest; use Pterodactyl\Http\Requests\Base\ApiKeyFormRequest;
use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface; use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface;
class APIControllerTest extends TestCase class APIControllerTest extends ControllerTestCase
{ {
use ControllerAssertionsTrait;
/** /**
* @var \Prologue\Alerts\AlertsMessageBag * @var \Prologue\Alerts\AlertsMessageBag|\Mockery\Mock
*/ */
protected $alert; protected $alert;
/** /**
* @var \Pterodactyl\Http\Controllers\Base\APIController * @var \Pterodactyl\Services\Api\KeyCreationService|\Mockery\Mock
*/
protected $controller;
/**
* @var \Pterodactyl\Services\Api\KeyCreationService
*/ */
protected $keyService; protected $keyService;
/** /**
* @var \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface * @var \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface|\Mockery\Mock
*/ */
protected $repository; protected $repository;
/**
* @var \Illuminate\Http\Request
*/
protected $request;
/** /**
* Setup tests. * Setup tests.
*/ */
@ -59,9 +39,6 @@ class APIControllerTest extends TestCase
$this->alert = m::mock(AlertsMessageBag::class); $this->alert = m::mock(AlertsMessageBag::class);
$this->keyService = m::mock(KeyCreationService::class); $this->keyService = m::mock(KeyCreationService::class);
$this->repository = m::mock(ApiKeyRepositoryInterface::class); $this->repository = m::mock(ApiKeyRepositoryInterface::class);
$this->request = m::mock(Request::class);
$this->controller = new APIController($this->alert, $this->repository, $this->keyService);
} }
/** /**
@ -69,12 +46,11 @@ class APIControllerTest extends TestCase
*/ */
public function testIndexController() public function testIndexController()
{ {
$model = factory(User::class)->make(); $model = $this->setRequestUser();
$this->request->shouldReceive('user')->withNoArgs()->once()->andReturn($model);
$this->repository->shouldReceive('findWhere')->with([['user_id', '=', $model->id]])->once()->andReturn(['testkeys']); $this->repository->shouldReceive('findWhere')->with([['user_id', '=', $model->id]])->once()->andReturn(['testkeys']);
$response = $this->controller->index($this->request); $response = $this->getController()->index($this->request);
$this->assertIsViewResponse($response); $this->assertIsViewResponse($response);
$this->assertViewNameEquals('base.api.index', $response); $this->assertViewNameEquals('base.api.index', $response);
$this->assertViewHasKey('keys', $response); $this->assertViewHasKey('keys', $response);
@ -88,10 +64,9 @@ class APIControllerTest extends TestCase
*/ */
public function testCreateController($admin) public function testCreateController($admin)
{ {
$model = factory(User::class)->make(['root_admin' => $admin]); $this->setRequestUser(factory(User::class)->make(['root_admin' => $admin]));
$this->request->shouldReceive('user')->withNoArgs()->once()->andReturn($model);
$response = $this->controller->create($this->request); $response = $this->getController()->create($this->request);
$this->assertIsViewResponse($response); $this->assertIsViewResponse($response);
$this->assertViewNameEquals('base.api.new', $response); $this->assertViewNameEquals('base.api.new', $response);
$this->assertViewHasKey('permissions.user', $response); $this->assertViewHasKey('permissions.user', $response);
@ -111,8 +86,9 @@ class APIControllerTest extends TestCase
*/ */
public function testStoreController($admin) public function testStoreController($admin)
{ {
$this->request = m::mock(ApiKeyFormRequest::class); $this->setRequestMockClass(ApiKeyFormRequest::class);
$model = factory(User::class)->make(['root_admin' => $admin]); $model = $this->setRequestUser(factory(User::class)->make(['root_admin' => $admin]));
$keyModel = factory(APIKey::class)->make();
if ($admin) { if ($admin) {
$this->request->shouldReceive('input')->with('admin_permissions', [])->once()->andReturn(['admin.permission']); $this->request->shouldReceive('input')->with('admin_permissions', [])->once()->andReturn(['admin.permission']);
@ -127,12 +103,12 @@ class APIControllerTest extends TestCase
'user_id' => $model->id, 'user_id' => $model->id,
'allowed_ips' => null, 'allowed_ips' => null,
'memo' => null, 'memo' => null,
], ['test.permission'], ($admin) ? ['admin.permission'] : [])->once()->andReturn('testToken'); ], ['test.permission'], ($admin) ? ['admin.permission'] : [])->once()->andReturn($keyModel);
$this->alert->shouldReceive('success')->with(trans('base.api.index.keypair_created', ['token' => 'testToken']))->once()->andReturnSelf() $this->alert->shouldReceive('success')->with(trans('base.api.index.keypair_created'))->once()->andReturnSelf();
->shouldReceive('flash')->withNoArgs()->once()->andReturnNull(); $this->alert->shouldReceive('flash')->withNoArgs()->once()->andReturnNull();
$response = $this->controller->store($this->request); $response = $this->getController()->store($this->request);
$this->assertIsRedirectResponse($response); $this->assertIsRedirectResponse($response);
$this->assertRedirectRouteEquals('account.api', $response); $this->assertRedirectRouteEquals('account.api', $response);
} }
@ -142,15 +118,14 @@ class APIControllerTest extends TestCase
*/ */
public function testRevokeController() public function testRevokeController()
{ {
$model = factory(User::class)->make(); $model = $this->setRequestUser();
$this->request->shouldReceive('user')->withNoArgs()->once()->andReturn($model);
$this->repository->shouldReceive('deleteWhere')->with([ $this->repository->shouldReceive('deleteWhere')->with([
['user_id', '=', $model->id], ['user_id', '=', $model->id],
['public', '=', 'testKey123'], ['token', '=', 'testKey123'],
])->once()->andReturnNull(); ])->once()->andReturnNull();
$response = $this->controller->revoke($this->request, 'testKey123'); $response = $this->getController()->revoke($this->request, 'testKey123');
$this->assertIsResponse($response); $this->assertIsResponse($response);
$this->assertEmpty($response->getContent()); $this->assertEmpty($response->getContent());
$this->assertResponseCodeEquals(204, $response); $this->assertResponseCodeEquals(204, $response);
@ -165,4 +140,14 @@ class APIControllerTest extends TestCase
{ {
return [[0], [1]]; return [[0], [1]];
} }
/**
* Return an instance of the controller with mocked dependencies for testing.
*
* @return \Pterodactyl\Http\Controllers\Base\APIController
*/
private function getController(): APIController
{
return new APIController($this->alert, $this->repository, $this->keyService);
}
} }

68
tests/Unit/Services/Api/KeyCreationServiceTest.php
View file

@ -12,8 +12,8 @@ namespace Tests\Unit\Services\Api;
use Mockery as m; use Mockery as m;
use Tests\TestCase; use Tests\TestCase;
use phpmock\phpunit\PHPMock; use phpmock\phpunit\PHPMock;
use Pterodactyl\Models\APIKey;
use Illuminate\Database\ConnectionInterface; use Illuminate\Database\ConnectionInterface;
use Illuminate\Contracts\Encryption\Encrypter;
use Pterodactyl\Services\Api\PermissionService; use Pterodactyl\Services\Api\PermissionService;
use Pterodactyl\Services\Api\KeyCreationService; use Pterodactyl\Services\Api\KeyCreationService;
use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface; use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface;
@ -23,45 +23,30 @@ class KeyCreationServiceTest extends TestCase
use PHPMock; use PHPMock;
/** /**
* @var \Illuminate\Database\ConnectionInterface * @var \Illuminate\Database\ConnectionInterface|\Mockery\Mock
*/ */
protected $connection; private $connection;
/** /**
* @var \Illuminate\Contracts\Encryption\Encrypter * @var \Pterodactyl\Services\Api\PermissionService|\Mockery\Mock
*/ */
protected $encrypter; private $permissionService;
/** /**
* @var \Pterodactyl\Services\Api\PermissionService * @var \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface|\Mockery\Mock
*/ */
protected $permissions; private $repository;
/** /**
* @var \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface * Setup tests.
*/ */
protected $repository;
/**
* @var \Pterodactyl\Services\Api\KeyCreationService
*/
protected $service;
public function setUp() public function setUp()
{ {
parent::setUp(); parent::setUp();
$this->connection = m::mock(ConnectionInterface::class); $this->connection = m::mock(ConnectionInterface::class);
$this->encrypter = m::mock(Encrypter::class); $this->permissionService = m::mock(PermissionService::class);
$this->permissions = m::mock(PermissionService::class);
$this->repository = m::mock(ApiKeyRepositoryInterface::class); $this->repository = m::mock(ApiKeyRepositoryInterface::class);
$this->service = new KeyCreationService(
$this->repository,
$this->connection,
$this->encrypter,
$this->permissions
);
} }
/** /**
@ -69,37 +54,48 @@ class KeyCreationServiceTest extends TestCase
*/ */
public function testKeyIsCreated() public function testKeyIsCreated()
{ {
$model = factory(APIKey::class)->make();
$this->getFunctionMock('\\Pterodactyl\\Services\\Api', 'str_random') $this->getFunctionMock('\\Pterodactyl\\Services\\Api', 'str_random')
->expects($this->exactly(2))->willReturn('random_string'); ->expects($this->exactly(1))->with(APIKey::KEY_LENGTH)->willReturn($model->token);
$this->connection->shouldReceive('beginTransaction')->withNoArgs()->once()->andReturnNull(); $this->connection->shouldReceive('beginTransaction')->withNoArgs()->once()->andReturnNull();
$this->encrypter->shouldReceive('encrypt')->with('random_string')->once()->andReturn('encrypted-secret');
$this->repository->shouldReceive('create')->with([ $this->repository->shouldReceive('create')->with([
'test-data' => 'test', 'test-data' => 'test',
'public' => 'random_string', 'token' => $model->token,
'secret' => 'encrypted-secret', ], true, true)->once()->andReturn($model);
], true, true)->once()->andReturn((object) ['id' => 1]);
$this->permissions->shouldReceive('getPermissions')->withNoArgs()->once()->andReturn([ $this->permissionService->shouldReceive('getPermissions')->withNoArgs()->once()->andReturn([
'_user' => ['server' => ['list', 'multiple-dash-test']], '_user' => ['server' => ['list', 'multiple-dash-test']],
'server' => ['create', 'admin-dash-test'], 'server' => ['create', 'admin-dash-test'],
]); ]);
$this->permissions->shouldReceive('create')->with(1, 'user.server-list')->once()->andReturnNull(); $this->permissionService->shouldReceive('create')->with($model->id, 'user.server-list')->once()->andReturnNull();
$this->permissions->shouldReceive('create')->with(1, 'user.server-multiple-dash-test')->once()->andReturnNull(); $this->permissionService->shouldReceive('create')->with($model->id, 'user.server-multiple-dash-test')->once()->andReturnNull();
$this->permissions->shouldReceive('create')->with(1, 'server-create')->once()->andReturnNull(); $this->permissionService->shouldReceive('create')->with($model->id, 'server-create')->once()->andReturnNull();
$this->permissions->shouldReceive('create')->with(1, 'server-admin-dash-test')->once()->andReturnNull(); $this->permissionService->shouldReceive('create')->with($model->id, 'server-admin-dash-test')->once()->andReturnNull();
$this->connection->shouldReceive('commit')->withNoArgs()->once()->andReturnNull(); $this->connection->shouldReceive('commit')->withNoArgs()->once()->andReturnNull();
$response = $this->service->handle( $response = $this->getService()->handle(
['test-data' => 'test'], ['test-data' => 'test'],
['invalid-node', 'server-list', 'server-multiple-dash-test'], ['invalid-node', 'server-list', 'server-multiple-dash-test'],
['invalid-node', 'server-create', 'server-admin-dash-test'] ['invalid-node', 'server-create', 'server-admin-dash-test']
); );
$this->assertNotEmpty($response); $this->assertNotEmpty($response);
$this->assertEquals('random_string', $response); $this->assertInstanceOf(APIKey::class, $response);
$this->assertSame($model, $response);
}
/**
* Return an instance of the service with mocked dependencies for testing.
*
* @return \Pterodactyl\Services\Api\KeyCreationService
*/
private function getService(): KeyCreationService
{
return new KeyCreationService($this->repository, $this->connection, $this->permissionService);
} }
} }