Pop some tests for new middleware in there.

This commit is contained in:
Dane Everitt 2017-11-19 14:34:55 -06:00
parent 45a153427e
commit 49379bd115
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
4 changed files with 245 additions and 10 deletions

View file

@ -7,7 +7,6 @@ use Illuminate\Http\Request;
use Illuminate\Auth\AuthManager; use Illuminate\Auth\AuthManager;
use Symfony\Component\HttpKernel\Exception\HttpException; use Symfony\Component\HttpKernel\Exception\HttpException;
use Pterodactyl\Exceptions\Repository\RecordNotFoundException; use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
use Illuminate\Contracts\Config\Repository as ConfigRepository;
use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface; use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
@ -18,11 +17,6 @@ class AuthenticateKey
*/ */
private $auth; private $auth;
/**
* @var \Illuminate\Contracts\Config\Repository
*/
private $config;
/** /**
* @var \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface * @var \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface
*/ */
@ -33,15 +27,12 @@ class AuthenticateKey
* *
* @param \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface $repository * @param \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface $repository
* @param \Illuminate\Auth\AuthManager $auth * @param \Illuminate\Auth\AuthManager $auth
* @param \Illuminate\Contracts\Config\Repository $config
*/ */
public function __construct( public function __construct(
ApiKeyRepositoryInterface $repository, ApiKeyRepositoryInterface $repository,
AuthManager $auth, AuthManager $auth
ConfigRepository $config
) { ) {
$this->auth = $auth; $this->auth = $auth;
$this->config = $config;
$this->repository = $repository; $this->repository = $repository;
} }
@ -53,6 +44,9 @@ class AuthenticateKey
* @param \Illuminate\Http\Request $request * @param \Illuminate\Http\Request $request
* @param \Closure $next * @param \Closure $next
* @return mixed * @return mixed
*
* @throws \Symfony\Component\HttpKernel\Exception\HttpException
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
*/ */
public function handle(Request $request, Closure $next) public function handle(Request $request, Closure $next)
{ {

View file

@ -0,0 +1,82 @@
<?php
namespace Tests\Unit\Http\Middleware\API;
use Pterodactyl\Models\APIKey;
use Tests\Unit\Http\Middleware\MiddlewareTestCase;
use Pterodactyl\Http\Middleware\API\AuthenticateIPAccess;
class AuthenticateIPAccessTest extends MiddlewareTestCase
{
/**
* Setup tests.
*/
public function setUp()
{
parent::setUp();
}
/**
* Test middleware when there are no IP restrictions.
*/
public function testWithNoIPRestrictions()
{
$model = factory(APIKey::class)->make(['allowed_ips' => []]);
$this->setRequestAttribute('api_key', $model);
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
}
/**
* Test middleware works correctly when a valid IP accesses
* and there is an IP restriction.
*/
public function testWithValidIP()
{
$model = factory(APIKey::class)->make(['allowed_ips' => ['127.0.0.1']]);
$this->setRequestAttribute('api_key', $model);
$this->request->shouldReceive('ip')->withNoArgs()->once()->andReturn('127.0.0.1');
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
}
/**
* Test that a CIDR range can be used.
*/
public function testValidIPAganistCIDRRange()
{
$model = factory(APIKey::class)->make(['allowed_ips' => ['192.168.1.1/28']]);
$this->setRequestAttribute('api_key', $model);
$this->request->shouldReceive('ip')->withNoArgs()->once()->andReturn('192.168.1.15');
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
}
/**
* Test that an exception is thrown when an invalid IP address
* tries to connect and there is an IP restriction.
*
* @expectedException \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
*/
public function testWithInvalidIP()
{
$model = factory(APIKey::class)->make(['allowed_ips' => ['127.0.0.1']]);
$this->setRequestAttribute('api_key', $model);
$this->request->shouldReceive('ip')->withNoArgs()->once()->andReturn('127.0.0.2');
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
}
/**
* Return an instance of the middleware to be used when testing.
*
* @return \Pterodactyl\Http\Middleware\API\AuthenticateIPAccess
*/
private function getMiddleware(): AuthenticateIPAccess
{
return new AuthenticateIPAccess();
}
}

View file

@ -0,0 +1,90 @@
<?php
namespace Tests\Unit\Http\Middleware\API;
use Mockery as m;
use Pterodactyl\Models\APIKey;
use Illuminate\Auth\AuthManager;
use Tests\Unit\Http\Middleware\MiddlewareTestCase;
use Pterodactyl\Http\Middleware\API\AuthenticateKey;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
use Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface;
class AuthenticateKeyTest extends MiddlewareTestCase
{
/**
* @var \Illuminate\Auth\AuthManager|\Mockery\Mock
*/
private $auth;
/**
* @var \Pterodactyl\Contracts\Repository\ApiKeyRepositoryInterface|\Mockery\Mock
*/
private $repository;
/**
* Setup tests.
*/
public function setUp()
{
parent::setUp();
$this->auth = m::mock(AuthManager::class);
$this->repository = m::mock(ApiKeyRepositoryInterface::class);
}
/**
* Test that a missing bearer token will throw an exception.
*/
public function testMissingBearerTokenThrowsException()
{
$this->request->shouldReceive('bearerToken')->withNoArgs()->once()->andReturnNull();
try {
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
} catch (HttpException $exception) {
$this->assertEquals(401, $exception->getStatusCode());
$this->assertEquals(['WWW-Authenticate' => 'Bearer'], $exception->getHeaders());
}
}
/**
* Test that an invalid API token throws an exception.
*
* @expectedException \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
*/
public function testInvalidTokenThrowsException()
{
$this->request->shouldReceive('bearerToken')->withNoArgs()->twice()->andReturn('abcd1234');
$this->repository->shouldReceive('findFirstWhere')->andThrow(new RecordNotFoundException);
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
}
/**
* Test that a valid token can continue past the middleware.
*/
public function testValidToken()
{
$model = factory(APIKey::class)->make();
$this->request->shouldReceive('bearerToken')->withNoArgs()->twice()->andReturn($model->token);
$this->repository->shouldReceive('findFirstWhere')->with([['token', '=', $model->token]])->once()->andReturn($model);
$this->auth->shouldReceive('guard->loginUsingId')->with($model->user_id)->once()->andReturnNull();
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
$this->assertEquals($model, $this->request->attributes->get('api_key'));
}
/**
* Return an instance of the middleware with mocked dependencies for testing.
*
* @return \Pterodactyl\Http\Middleware\API\AuthenticateKey
*/
private function getMiddleware(): AuthenticateKey
{
return new AuthenticateKey($this->repository, $this->auth);
}
}

View file

@ -0,0 +1,69 @@
<?php
namespace Tests\Unit\Http\Middleware\API;
use Mockery as m;
use Barryvdh\Debugbar\LaravelDebugbar;
use Illuminate\Contracts\Config\Repository;
use Illuminate\Contracts\Foundation\Application;
use Tests\Unit\Http\Middleware\MiddlewareTestCase;
use Pterodactyl\Http\Middleware\API\SetSessionDriver;
class SetSessionDriverTest extends MiddlewareTestCase
{
/**
* @var \Illuminate\Contracts\Foundation\Application|\Mockery\Mock
*/
private $appMock;
/**
* @var \Illuminate\Contracts\Config\Repository|\Mockery\Mock
*/
private $config;
/**
* Setup tests.
*/
public function setUp()
{
parent::setUp();
$this->appMock = m::mock(Application::class);
$this->config = m::mock(Repository::class);
}
/**
* Test that a production environment does not try to disable debug bar.
*/
public function testProductionEnvironment()
{
$this->appMock->shouldReceive('environment')->withNoArgs()->once()->andReturn('production');
$this->config->shouldReceive('set')->with('session.driver', 'array')->once()->andReturnNull();
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
}
/**
* Test that a local environment does disable debug bar.
*/
public function testLocalEnvironment()
{
$this->appMock->shouldReceive('environment')->withNoArgs()->once()->andReturn('local');
$this->appMock->shouldReceive('make')->with(LaravelDebugbar::class)->once()->andReturnSelf();
$this->appMock->shouldReceive('disable')->withNoArgs()->once()->andReturnNull();
$this->config->shouldReceive('set')->with('session.driver', 'array')->once()->andReturnNull();
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
}
/**
* Return an instance of the middleware with mocked dependencies for testing.
*
* @return \Pterodactyl\Http\Middleware\API\SetSessionDriver
*/
private function getMiddleware(): SetSessionDriver
{
return new SetSessionDriver($this->appMock, $this->config);
}
}