Merge branch 'feature/api-integration-testing' into develop
This commit is contained in:
commit
68f0811273
30 changed files with 1374 additions and 80 deletions
|
@ -5,10 +5,10 @@ APP_THEME=pterodactyl
|
||||||
APP_TIMEZONE=UTC
|
APP_TIMEZONE=UTC
|
||||||
APP_URL=http://localhost/
|
APP_URL=http://localhost/
|
||||||
|
|
||||||
DB_HOST=127.0.0.1
|
TESTING_DB_HOST=127.0.0.1
|
||||||
DB_DATABASE=travis
|
TESTING_DB_DATABASE=travis
|
||||||
DB_USERNAME=root
|
TESTING_DB_USERNAME=root
|
||||||
DB_PASSWORD=""
|
TESTING_DB_PASSWORD=""
|
||||||
|
|
||||||
CACHE_DRIVER=array
|
CACHE_DRIVER=array
|
||||||
SESSION_DRIVER=array
|
SESSION_DRIVER=array
|
||||||
|
|
|
@ -14,9 +14,9 @@ before_script:
|
||||||
- echo 'opcache.enable_cli=1' >> ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d/travis.ini
|
- echo 'opcache.enable_cli=1' >> ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d/travis.ini
|
||||||
- cp .env.travis .env
|
- cp .env.travis .env
|
||||||
- travis_retry composer install --no-interaction --prefer-dist --no-suggest
|
- travis_retry composer install --no-interaction --prefer-dist --no-suggest
|
||||||
- php artisan migrate --seed
|
|
||||||
script:
|
script:
|
||||||
- vendor/bin/phpunit --coverage-clover coverage.xml
|
- vendor/bin/phpunit --bootstrap vendor/autoload.php --coverage-clover coverage.xml tests/Unit
|
||||||
|
- vendor/bin/phpunit tests/Integration
|
||||||
notifications:
|
notifications:
|
||||||
email: false
|
email: false
|
||||||
webhooks:
|
webhooks:
|
||||||
|
|
|
@ -17,6 +17,13 @@ use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
|
||||||
|
|
||||||
class Handler extends ExceptionHandler
|
class Handler extends ExceptionHandler
|
||||||
{
|
{
|
||||||
|
/**
|
||||||
|
* Laravel's validation parser formats custom rules using the class name
|
||||||
|
* resulting in some weird rule names. This string will be parsed out and
|
||||||
|
* replaced with 'p_' in the response code.
|
||||||
|
*/
|
||||||
|
private const PTERODACTYL_RULE_STRING = 'pterodactyl\_rules\_';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A list of the exception types that should not be reported.
|
* A list of the exception types that should not be reported.
|
||||||
*
|
*
|
||||||
|
@ -156,7 +163,9 @@ class Handler extends ExceptionHandler
|
||||||
$response = [];
|
$response = [];
|
||||||
foreach ($errors as $key => $error) {
|
foreach ($errors as $key => $error) {
|
||||||
$response[] = [
|
$response[] = [
|
||||||
'code' => array_get($codes, str_replace('.', '_', $field) . '.' . $key),
|
'code' => str_replace(self::PTERODACTYL_RULE_STRING, 'p_', array_get(
|
||||||
|
$codes, str_replace('.', '_', $field) . '.' . $key
|
||||||
|
)),
|
||||||
'detail' => $error,
|
'detail' => $error,
|
||||||
'source' => ['field' => $field],
|
'source' => ['field' => $field],
|
||||||
];
|
];
|
||||||
|
|
|
@ -9,19 +9,14 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Services\Helpers;
|
namespace Pterodactyl\Services\Helpers;
|
||||||
|
|
||||||
|
use Ramsey\Uuid\Uuid;
|
||||||
use Illuminate\Contracts\Hashing\Hasher;
|
use Illuminate\Contracts\Hashing\Hasher;
|
||||||
use Illuminate\Database\ConnectionInterface;
|
use Illuminate\Database\ConnectionInterface;
|
||||||
use Illuminate\Contracts\Config\Repository as ConfigRepository;
|
|
||||||
|
|
||||||
class TemporaryPasswordService
|
class TemporaryPasswordService
|
||||||
{
|
{
|
||||||
const HMAC_ALGO = 'sha256';
|
const HMAC_ALGO = 'sha256';
|
||||||
|
|
||||||
/**
|
|
||||||
* @var \Illuminate\Contracts\Config\Repository
|
|
||||||
*/
|
|
||||||
protected $config;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var \Illuminate\Database\ConnectionInterface
|
* @var \Illuminate\Database\ConnectionInterface
|
||||||
*/
|
*/
|
||||||
|
@ -35,16 +30,11 @@ class TemporaryPasswordService
|
||||||
/**
|
/**
|
||||||
* TemporaryPasswordService constructor.
|
* TemporaryPasswordService constructor.
|
||||||
*
|
*
|
||||||
* @param \Illuminate\Contracts\Config\Repository $config
|
|
||||||
* @param \Illuminate\Database\ConnectionInterface $connection
|
* @param \Illuminate\Database\ConnectionInterface $connection
|
||||||
* @param \Illuminate\Contracts\Hashing\Hasher $hasher
|
* @param \Illuminate\Contracts\Hashing\Hasher $hasher
|
||||||
*/
|
*/
|
||||||
public function __construct(
|
public function __construct(ConnectionInterface $connection, Hasher $hasher)
|
||||||
ConfigRepository $config,
|
{
|
||||||
ConnectionInterface $connection,
|
|
||||||
Hasher $hasher
|
|
||||||
) {
|
|
||||||
$this->config = $config;
|
|
||||||
$this->connection = $connection;
|
$this->connection = $connection;
|
||||||
$this->hasher = $hasher;
|
$this->hasher = $hasher;
|
||||||
}
|
}
|
||||||
|
@ -57,7 +47,7 @@ class TemporaryPasswordService
|
||||||
*/
|
*/
|
||||||
public function handle($email)
|
public function handle($email)
|
||||||
{
|
{
|
||||||
$token = hash_hmac(self::HMAC_ALGO, str_random(40), $this->config->get('app.key'));
|
$token = hash_hmac(self::HMAC_ALGO, Uuid::uuid4()->toString(), config('app.key'));
|
||||||
|
|
||||||
$this->connection->table('password_resets')->insert([
|
$this->connection->table('password_resets')->insert([
|
||||||
'email' => $email,
|
'email' => $email,
|
||||||
|
|
|
@ -5,10 +5,15 @@ namespace Pterodactyl\Transformers\Api\Application;
|
||||||
use Cake\Chronos\Chronos;
|
use Cake\Chronos\Chronos;
|
||||||
use Pterodactyl\Models\ApiKey;
|
use Pterodactyl\Models\ApiKey;
|
||||||
use Illuminate\Container\Container;
|
use Illuminate\Container\Container;
|
||||||
|
use Illuminate\Database\Eloquent\Model;
|
||||||
use League\Fractal\TransformerAbstract;
|
use League\Fractal\TransformerAbstract;
|
||||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||||
|
use Pterodactyl\Transformers\Api\Client\BaseClientTransformer;
|
||||||
use Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException;
|
use Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @method array transform(Model $model)
|
||||||
|
*/
|
||||||
abstract class BaseTransformer extends TransformerAbstract
|
abstract class BaseTransformer extends TransformerAbstract
|
||||||
{
|
{
|
||||||
const RESPONSE_TIMEZONE = 'UTC';
|
const RESPONSE_TIMEZONE = 'UTC';
|
||||||
|
@ -88,7 +93,7 @@ abstract class BaseTransformer extends TransformerAbstract
|
||||||
$transformer = Container::getInstance()->makeWith($abstract, $parameters);
|
$transformer = Container::getInstance()->makeWith($abstract, $parameters);
|
||||||
$transformer->setKey($this->getKey());
|
$transformer->setKey($this->getKey());
|
||||||
|
|
||||||
if (! $transformer instanceof self) {
|
if (! $transformer instanceof self || $transformer instanceof BaseClientTransformer) {
|
||||||
throw new InvalidTransformerLevelException('Calls to ' . __METHOD__ . ' must return a transformer that is an instance of ' . __CLASS__);
|
throw new InvalidTransformerLevelException('Calls to ' . __METHOD__ . ' must return a transformer that is an instance of ' . __CLASS__);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -46,10 +46,10 @@ class EggTransformer extends BaseTransformer
|
||||||
'description' => $model->description,
|
'description' => $model->description,
|
||||||
'docker_image' => $model->docker_image,
|
'docker_image' => $model->docker_image,
|
||||||
'config' => [
|
'config' => [
|
||||||
'files' => json_decode($model->config_files),
|
'files' => json_decode($model->config_files, true),
|
||||||
'startup' => json_decode($model->config_startup),
|
'startup' => json_decode($model->config_startup, true),
|
||||||
'stop' => $model->config_stop,
|
'stop' => $model->config_stop,
|
||||||
'logs' => json_decode($model->config_logs),
|
'logs' => json_decode($model->config_logs, true),
|
||||||
'extends' => $model->config_from,
|
'extends' => $model->config_from,
|
||||||
],
|
],
|
||||||
'startup' => $model->startup,
|
'startup' => $model->startup,
|
||||||
|
|
|
@ -32,7 +32,13 @@ class LocationTransformer extends BaseTransformer
|
||||||
*/
|
*/
|
||||||
public function transform(Location $location): array
|
public function transform(Location $location): array
|
||||||
{
|
{
|
||||||
return $location->toArray();
|
return [
|
||||||
|
'id' => $location->id,
|
||||||
|
'short' => $location->short,
|
||||||
|
'long' => $location->long,
|
||||||
|
$location->getUpdatedAtColumn() => $this->formatTimestamp($location->updated_at),
|
||||||
|
$location->getCreatedAtColumn() => $this->formatTimestamp($location->created_at),
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -40,6 +46,8 @@ class LocationTransformer extends BaseTransformer
|
||||||
*
|
*
|
||||||
* @param \Pterodactyl\Models\Location $location
|
* @param \Pterodactyl\Models\Location $location
|
||||||
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
|
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
|
||||||
|
*
|
||||||
|
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
|
||||||
*/
|
*/
|
||||||
public function includeServers(Location $location)
|
public function includeServers(Location $location)
|
||||||
{
|
{
|
||||||
|
@ -57,6 +65,8 @@ class LocationTransformer extends BaseTransformer
|
||||||
*
|
*
|
||||||
* @param \Pterodactyl\Models\Location $location
|
* @param \Pterodactyl\Models\Location $location
|
||||||
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
|
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
|
||||||
|
*
|
||||||
|
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
|
||||||
*/
|
*/
|
||||||
public function includeNodes(Location $location)
|
public function includeNodes(Location $location)
|
||||||
{
|
{
|
||||||
|
|
|
@ -4,6 +4,7 @@ namespace Pterodactyl\Transformers\Api\Application;
|
||||||
|
|
||||||
use Pterodactyl\Models\Egg;
|
use Pterodactyl\Models\Egg;
|
||||||
use Pterodactyl\Models\Nest;
|
use Pterodactyl\Models\Nest;
|
||||||
|
use Pterodactyl\Models\Server;
|
||||||
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||||
|
|
||||||
class NestTransformer extends BaseTransformer
|
class NestTransformer extends BaseTransformer
|
||||||
|
@ -49,6 +50,8 @@ class NestTransformer extends BaseTransformer
|
||||||
*
|
*
|
||||||
* @param \Pterodactyl\Models\Nest $model
|
* @param \Pterodactyl\Models\Nest $model
|
||||||
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
|
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
|
||||||
|
*
|
||||||
|
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
|
||||||
*/
|
*/
|
||||||
public function includeEggs(Nest $model)
|
public function includeEggs(Nest $model)
|
||||||
{
|
{
|
||||||
|
@ -60,4 +63,23 @@ class NestTransformer extends BaseTransformer
|
||||||
|
|
||||||
return $this->collection($model->getRelation('eggs'), $this->makeTransformer(EggTransformer::class), Egg::RESOURCE_NAME);
|
return $this->collection($model->getRelation('eggs'), $this->makeTransformer(EggTransformer::class), Egg::RESOURCE_NAME);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Include the servers relationship on the given Nest model.
|
||||||
|
*
|
||||||
|
* @param \Pterodactyl\Models\Nest $model
|
||||||
|
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
|
||||||
|
*
|
||||||
|
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
|
||||||
|
*/
|
||||||
|
public function includeServers(Nest $model)
|
||||||
|
{
|
||||||
|
if (! $this->authorize(AdminAcl::RESOURCE_SERVERS)) {
|
||||||
|
return $this->null();
|
||||||
|
}
|
||||||
|
|
||||||
|
$model->loadMissing('servers');
|
||||||
|
|
||||||
|
return $this->collection($model->getRelation('servers'), $this->makeTransformer(ServerTransformer::class), Server::RESOURCE_NAME);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -53,6 +53,8 @@ class UserTransformer extends BaseTransformer
|
||||||
*
|
*
|
||||||
* @param \Pterodactyl\Models\User $user
|
* @param \Pterodactyl\Models\User $user
|
||||||
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
|
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
|
||||||
|
*
|
||||||
|
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
|
||||||
*/
|
*/
|
||||||
public function includeServers(User $user)
|
public function includeServers(User $user)
|
||||||
{
|
{
|
||||||
|
|
28
bootstrap/tests.php
Normal file
28
bootstrap/tests.php
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
use Illuminate\Contracts\Console\Kernel;
|
||||||
|
use Symfony\Component\Console\Output\ConsoleOutput;
|
||||||
|
|
||||||
|
require __DIR__ . '/../vendor/autoload.php';
|
||||||
|
|
||||||
|
$app = require __DIR__ . '/app.php';
|
||||||
|
|
||||||
|
/** @var \Pterodactyl\Console\Kernel $kernel */
|
||||||
|
$kernel = $app->make(Kernel::class);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Bootstrap the kernel and prepare application for testing.
|
||||||
|
*/
|
||||||
|
$kernel->bootstrap();
|
||||||
|
|
||||||
|
$output = new ConsoleOutput;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Perform database migrations and reseeding before continuing with
|
||||||
|
* running the tests.
|
||||||
|
*/
|
||||||
|
$output->writeln(PHP_EOL . '<comment>Refreshing database for Integration tests...</comment>');
|
||||||
|
$kernel->call('migrate:fresh', ['--database' => 'testing']);
|
||||||
|
|
||||||
|
$output->writeln('<comment>Seeding database for Integration tests...</comment>' . PHP_EOL);
|
||||||
|
$kernel->call('db:seed', ['--database' => 'testing']);
|
|
@ -65,6 +65,7 @@
|
||||||
},
|
},
|
||||||
"autoload-dev": {
|
"autoload-dev": {
|
||||||
"psr-4": {
|
"psr-4": {
|
||||||
|
"Pterodactyl\\Tests\\Integration\\": "tests/Integration",
|
||||||
"Tests\\": "tests/"
|
"Tests\\": "tests/"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
|
|
@ -43,6 +43,28 @@ return [
|
||||||
'prefix' => env('DB_PREFIX', ''),
|
'prefix' => env('DB_PREFIX', ''),
|
||||||
'strict' => env('DB_STRICT_MODE', false),
|
'strict' => env('DB_STRICT_MODE', false),
|
||||||
],
|
],
|
||||||
|
|
||||||
|
/*
|
||||||
|
| -------------------------------------------------------------------------
|
||||||
|
| Test Database Connection
|
||||||
|
| -------------------------------------------------------------------------
|
||||||
|
|
|
||||||
|
| This connection is used by the integration and HTTP tests for Pterodactyl
|
||||||
|
| development. Normal users of the Panel do not need to adjust any settings
|
||||||
|
| in here.
|
||||||
|
*/
|
||||||
|
'testing' => [
|
||||||
|
'driver' => 'mysql',
|
||||||
|
'host' => env('TESTING_DB_HOST', '127.0.0.1'),
|
||||||
|
'port' => env('TESTING_DB_PORT', '3306'),
|
||||||
|
'database' => env('TESTING_DB_DATABASE', 'panel_test'),
|
||||||
|
'username' => env('TESTING_DB_USERNAME', 'pterodactyl_test'),
|
||||||
|
'password' => env('TESTING_DB_PASSWORD', ''),
|
||||||
|
'charset' => 'utf8mb4',
|
||||||
|
'collation' => 'utf8mb4_unicode_ci',
|
||||||
|
'prefix' => '',
|
||||||
|
'strict' => false,
|
||||||
|
],
|
||||||
],
|
],
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
|
@ -1,6 +1,8 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
use Cake\Chronos\Chronos;
|
||||||
use Faker\Generator as Faker;
|
use Faker\Generator as Faker;
|
||||||
|
use Pterodactyl\Models\ApiKey;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|--------------------------------------------------------------------------
|
|--------------------------------------------------------------------------
|
||||||
|
@ -34,6 +36,8 @@ $factory->define(Pterodactyl\Models\Server::class, function (Faker $faker) {
|
||||||
'egg_id' => $faker->randomNumber(),
|
'egg_id' => $faker->randomNumber(),
|
||||||
'pack_id' => null,
|
'pack_id' => null,
|
||||||
'installed' => 1,
|
'installed' => 1,
|
||||||
|
'database_limit' => null,
|
||||||
|
'allocation_limit' => null,
|
||||||
'created_at' => \Carbon\Carbon::now(),
|
'created_at' => \Carbon\Carbon::now(),
|
||||||
'updated_at' => \Carbon\Carbon::now(),
|
'updated_at' => \Carbon\Carbon::now(),
|
||||||
];
|
];
|
||||||
|
@ -44,7 +48,7 @@ $factory->define(Pterodactyl\Models\User::class, function (Faker $faker) {
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'id' => $faker->unique()->randomNumber(),
|
'id' => $faker->unique()->randomNumber(),
|
||||||
'external_id' => null,
|
'external_id' => $faker->unique()->isbn10,
|
||||||
'uuid' => $faker->uuid,
|
'uuid' => $faker->uuid,
|
||||||
'username' => $faker->userName,
|
'username' => $faker->userName,
|
||||||
'email' => $faker->safeEmail,
|
'email' => $faker->safeEmail,
|
||||||
|
@ -54,6 +58,8 @@ $factory->define(Pterodactyl\Models\User::class, function (Faker $faker) {
|
||||||
'language' => 'en',
|
'language' => 'en',
|
||||||
'root_admin' => false,
|
'root_admin' => false,
|
||||||
'use_totp' => false,
|
'use_totp' => false,
|
||||||
|
'created_at' => Chronos::now(),
|
||||||
|
'updated_at' => Chronos::now(),
|
||||||
];
|
];
|
||||||
});
|
});
|
||||||
|
|
||||||
|
@ -66,7 +72,7 @@ $factory->state(Pterodactyl\Models\User::class, 'admin', function () {
|
||||||
$factory->define(Pterodactyl\Models\Location::class, function (Faker $faker) {
|
$factory->define(Pterodactyl\Models\Location::class, function (Faker $faker) {
|
||||||
return [
|
return [
|
||||||
'id' => $faker->unique()->randomNumber(),
|
'id' => $faker->unique()->randomNumber(),
|
||||||
'short' => $faker->domainWord,
|
'short' => $faker->unique()->domainWord,
|
||||||
'long' => $faker->catchPhrase,
|
'long' => $faker->catchPhrase,
|
||||||
];
|
];
|
||||||
});
|
});
|
||||||
|
@ -74,7 +80,6 @@ $factory->define(Pterodactyl\Models\Location::class, function (Faker $faker) {
|
||||||
$factory->define(Pterodactyl\Models\Node::class, function (Faker $faker) {
|
$factory->define(Pterodactyl\Models\Node::class, function (Faker $faker) {
|
||||||
return [
|
return [
|
||||||
'id' => $faker->unique()->randomNumber(),
|
'id' => $faker->unique()->randomNumber(),
|
||||||
'uuid' => $faker->unique()->uuid,
|
|
||||||
'public' => true,
|
'public' => true,
|
||||||
'name' => $faker->firstName,
|
'name' => $faker->firstName,
|
||||||
'fqdn' => $faker->ipv4,
|
'fqdn' => $faker->ipv4,
|
||||||
|
@ -224,21 +229,17 @@ $factory->define(Pterodactyl\Models\DaemonKey::class, function (Faker $faker) {
|
||||||
});
|
});
|
||||||
|
|
||||||
$factory->define(Pterodactyl\Models\ApiKey::class, function (Faker $faker) {
|
$factory->define(Pterodactyl\Models\ApiKey::class, function (Faker $faker) {
|
||||||
|
static $token;
|
||||||
|
|
||||||
return [
|
return [
|
||||||
'id' => $faker->unique()->randomNumber(),
|
'id' => $faker->unique()->randomNumber(),
|
||||||
'user_id' => $faker->randomNumber(),
|
'user_id' => $faker->randomNumber(),
|
||||||
|
'key_type' => ApiKey::TYPE_APPLICATION,
|
||||||
'identifier' => str_random(Pterodactyl\Models\ApiKey::IDENTIFIER_LENGTH),
|
'identifier' => str_random(Pterodactyl\Models\ApiKey::IDENTIFIER_LENGTH),
|
||||||
'token' => 'encrypted_string',
|
'token' => $token ?: $token = encrypt(str_random(Pterodactyl\Models\ApiKey::KEY_LENGTH)),
|
||||||
|
'allowed_ips' => null,
|
||||||
'memo' => 'Test Function Key',
|
'memo' => 'Test Function Key',
|
||||||
'created_at' => \Carbon\Carbon::now()->toDateTimeString(),
|
'created_at' => \Carbon\Carbon::now()->toDateTimeString(),
|
||||||
'updated_at' => \Carbon\Carbon::now()->toDateTimeString(),
|
'updated_at' => \Carbon\Carbon::now()->toDateTimeString(),
|
||||||
];
|
];
|
||||||
});
|
});
|
||||||
|
|
||||||
$factory->define(Pterodactyl\Models\APIPermission::class, function (Faker $faker) {
|
|
||||||
return [
|
|
||||||
'id' => $faker->unique()->randomNumber(),
|
|
||||||
'key_id' => $faker->randomNumber(),
|
|
||||||
'permission' => mb_strtolower($faker->word),
|
|
||||||
];
|
|
||||||
});
|
|
||||||
|
|
|
@ -36,8 +36,8 @@ class UpgradeTaskSystem extends Migration
|
||||||
public function down()
|
public function down()
|
||||||
{
|
{
|
||||||
Schema::table('tasks', function (Blueprint $table) {
|
Schema::table('tasks', function (Blueprint $table) {
|
||||||
$table->dropForeign(['server_id']);
|
// $table->dropForeign(['server_id']);
|
||||||
$table->dropForeign(['user_id']);
|
// $table->dropForeign(['user_id']);
|
||||||
|
|
||||||
$table->renameColumn('server_id', 'server');
|
$table->renameColumn('server_id', 'server');
|
||||||
$table->dropColumn('user_id');
|
$table->dropColumn('user_id');
|
||||||
|
|
|
@ -23,10 +23,6 @@ class DeleteTaskWhenParentServerIsDeleted extends Migration
|
||||||
*/
|
*/
|
||||||
public function down()
|
public function down()
|
||||||
{
|
{
|
||||||
Schema::table('tasks', function (Blueprint $table) {
|
//
|
||||||
$table->dropForeign(['server_id']);
|
|
||||||
|
|
||||||
$table->foreign('server_id')->references('id')->on('servers');
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -41,7 +41,7 @@ class AddApiKeyPermissionColumns extends Migration
|
||||||
$table->unsignedInteger('key_id');
|
$table->unsignedInteger('key_id');
|
||||||
$table->string('permission');
|
$table->string('permission');
|
||||||
|
|
||||||
$table->foreign('key_id')->references('id')->on('keys')->onDelete('cascade');
|
$table->foreign('key_id')->references('id')->on('api_keys')->onDelete('cascade');
|
||||||
});
|
});
|
||||||
|
|
||||||
Schema::table('api_keys', function (Blueprint $table) {
|
Schema::table('api_keys', function (Blueprint $table) {
|
||||||
|
|
|
@ -26,7 +26,10 @@ class EnsureUniqueAllocationIdOnServersTable extends Migration
|
||||||
public function down()
|
public function down()
|
||||||
{
|
{
|
||||||
Schema::table('servers', function (Blueprint $table) {
|
Schema::table('servers', function (Blueprint $table) {
|
||||||
|
$table->dropForeign(['allocation_id']);
|
||||||
$table->dropUnique(['allocation_id']);
|
$table->dropUnique(['allocation_id']);
|
||||||
|
|
||||||
|
$table->foreign('allocation_id')->references('id')->on('allocations');
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
11
phpunit.xml
11
phpunit.xml
|
@ -1,7 +1,7 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<phpunit backupGlobals="false"
|
<phpunit backupGlobals="false"
|
||||||
backupStaticAttributes="false"
|
backupStaticAttributes="false"
|
||||||
bootstrap="vendor/autoload.php"
|
bootstrap="bootstrap/tests.php"
|
||||||
colors="true"
|
colors="true"
|
||||||
convertErrorsToExceptions="true"
|
convertErrorsToExceptions="true"
|
||||||
convertNoticesToExceptions="true"
|
convertNoticesToExceptions="true"
|
||||||
|
@ -10,8 +10,8 @@
|
||||||
processIsolation="false"
|
processIsolation="false"
|
||||||
stopOnFailure="false">
|
stopOnFailure="false">
|
||||||
<testsuites>
|
<testsuites>
|
||||||
<testsuite name="Feature">
|
<testsuite name="Integration">
|
||||||
<directory suffix="Test.php">./tests/Feature</directory>
|
<directory suffix="Test.php">./tests/Integration</directory>
|
||||||
</testsuite>
|
</testsuite>
|
||||||
<testsuite name="Unit">
|
<testsuite name="Unit">
|
||||||
<directory suffix="Test.php">./tests/Unit</directory>
|
<directory suffix="Test.php">./tests/Unit</directory>
|
||||||
|
@ -24,10 +24,7 @@
|
||||||
</filter>
|
</filter>
|
||||||
<php>
|
<php>
|
||||||
<env name="APP_ENV" value="testing"/>
|
<env name="APP_ENV" value="testing"/>
|
||||||
<env name="DB_CONNECTION" value="mysql"/>
|
<env name="DB_CONNECTION" value="testing"/>
|
||||||
<env name="DB_USERNAME" value="root"/>
|
|
||||||
<env name="DB_PASSWORD" value=""/>
|
|
||||||
<env name="DB_DATABASE" value="travis"/>
|
|
||||||
<env name="CACHE_DRIVER" value="array"/>
|
<env name="CACHE_DRIVER" value="array"/>
|
||||||
<env name="SESSION_DRIVER" value="array"/>
|
<env name="SESSION_DRIVER" value="array"/>
|
||||||
<env name="QUEUE_DRIVER" value="sync"/>
|
<env name="QUEUE_DRIVER" value="sync"/>
|
||||||
|
|
|
@ -0,0 +1,142 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Pterodactyl\Tests\Integration\Api\Application;
|
||||||
|
|
||||||
|
use Pterodactyl\Models\User;
|
||||||
|
use PHPUnit\Framework\Assert;
|
||||||
|
use Pterodactyl\Models\ApiKey;
|
||||||
|
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||||
|
use Tests\Traits\Integration\CreatesTestModels;
|
||||||
|
use Tests\Traits\IntegrationJsonRequestAssertions;
|
||||||
|
use Pterodactyl\Tests\Integration\IntegrationTestCase;
|
||||||
|
use Illuminate\Foundation\Testing\DatabaseTransactions;
|
||||||
|
use Pterodactyl\Transformers\Api\Application\BaseTransformer;
|
||||||
|
use Pterodactyl\Transformers\Api\Client\BaseClientTransformer;
|
||||||
|
|
||||||
|
abstract class ApplicationApiIntegrationTestCase extends IntegrationTestCase
|
||||||
|
{
|
||||||
|
use CreatesTestModels, DatabaseTransactions, IntegrationJsonRequestAssertions;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var \Pterodactyl\Models\ApiKey
|
||||||
|
*/
|
||||||
|
private $key;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var \Pterodactyl\Models\User
|
||||||
|
*/
|
||||||
|
private $user;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Bootstrap application API tests. Creates a default admin user and associated API key
|
||||||
|
* and also sets some default headers required for accessing the API.
|
||||||
|
*/
|
||||||
|
public function setUp()
|
||||||
|
{
|
||||||
|
parent::setUp();
|
||||||
|
|
||||||
|
$this->user = $this->createApiUser();
|
||||||
|
$this->key = $this->createApiKey($this->user);
|
||||||
|
|
||||||
|
$this->withHeader('Accept', 'application/vnd.pterodactyl.v1+json');
|
||||||
|
$this->withHeader('Authorization', 'Bearer ' . $this->getApiKey()->identifier . decrypt($this->getApiKey()->token));
|
||||||
|
|
||||||
|
$this->withMiddleware('api..key:' . ApiKey::TYPE_APPLICATION);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return \Pterodactyl\Models\User
|
||||||
|
*/
|
||||||
|
public function getApiUser(): User
|
||||||
|
{
|
||||||
|
return $this->user;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return \Pterodactyl\Models\ApiKey
|
||||||
|
*/
|
||||||
|
public function getApiKey(): ApiKey
|
||||||
|
{
|
||||||
|
return $this->key;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a new default API key and refreshes the headers using it.
|
||||||
|
*
|
||||||
|
* @param \Pterodactyl\Models\User $user
|
||||||
|
* @param array $permissions
|
||||||
|
* @return \Pterodactyl\Models\ApiKey
|
||||||
|
*/
|
||||||
|
protected function createNewDefaultApiKey(User $user, array $permissions = []): ApiKey
|
||||||
|
{
|
||||||
|
$this->key = $this->createApiKey($user, $permissions);
|
||||||
|
$this->refreshHeaders($this->key);
|
||||||
|
|
||||||
|
return $this->key;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Refresh the authorization header for a request to use a different API key.
|
||||||
|
*
|
||||||
|
* @param \Pterodactyl\Models\ApiKey $key
|
||||||
|
*/
|
||||||
|
protected function refreshHeaders(ApiKey $key)
|
||||||
|
{
|
||||||
|
$this->withHeader('Authorization', 'Bearer ' . $key->identifier . decrypt($key->token));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create an administrative user.
|
||||||
|
*
|
||||||
|
* @return \Pterodactyl\Models\User
|
||||||
|
*/
|
||||||
|
protected function createApiUser(): User
|
||||||
|
{
|
||||||
|
return factory(User::class)->create([
|
||||||
|
'root_admin' => true,
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create a new application API key for a given user model.
|
||||||
|
*
|
||||||
|
* @param \Pterodactyl\Models\User $user
|
||||||
|
* @param array $permissions
|
||||||
|
* @return \Pterodactyl\Models\ApiKey
|
||||||
|
*/
|
||||||
|
protected function createApiKey(User $user, array $permissions = []): ApiKey
|
||||||
|
{
|
||||||
|
return factory(ApiKey::class)->create(array_merge([
|
||||||
|
'user_id' => $user->id,
|
||||||
|
'key_type' => ApiKey::TYPE_APPLICATION,
|
||||||
|
'r_servers' => AdminAcl::READ | AdminAcl::WRITE,
|
||||||
|
'r_nodes' => AdminAcl::READ | AdminAcl::WRITE,
|
||||||
|
'r_allocations' => AdminAcl::READ | AdminAcl::WRITE,
|
||||||
|
'r_users' => AdminAcl::READ | AdminAcl::WRITE,
|
||||||
|
'r_locations' => AdminAcl::READ | AdminAcl::WRITE,
|
||||||
|
'r_nests' => AdminAcl::READ | AdminAcl::WRITE,
|
||||||
|
'r_eggs' => AdminAcl::READ | AdminAcl::WRITE,
|
||||||
|
'r_database_hosts' => AdminAcl::READ | AdminAcl::WRITE,
|
||||||
|
'r_server_databases' => AdminAcl::READ | AdminAcl::WRITE,
|
||||||
|
'r_packs' => AdminAcl::READ | AdminAcl::WRITE,
|
||||||
|
], $permissions));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return a transformer that can be used for testing purposes.
|
||||||
|
*
|
||||||
|
* @param string $abstract
|
||||||
|
* @return \Pterodactyl\Transformers\Api\Application\BaseTransformer
|
||||||
|
*/
|
||||||
|
protected function getTransformer(string $abstract): BaseTransformer
|
||||||
|
{
|
||||||
|
/** @var \Pterodactyl\Transformers\Api\Application\BaseTransformer $transformer */
|
||||||
|
$transformer = $this->app->make($abstract);
|
||||||
|
$transformer->setKey($this->getApiKey());
|
||||||
|
|
||||||
|
Assert::assertInstanceOf(BaseTransformer::class, $transformer);
|
||||||
|
Assert::assertNotInstanceOf(BaseClientTransformer::class, $transformer);
|
||||||
|
|
||||||
|
return $transformer;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,208 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Pterodactyl\Tests\Integration\Api\Application\Location;
|
||||||
|
|
||||||
|
use Pterodactyl\Models\Node;
|
||||||
|
use Illuminate\Http\Response;
|
||||||
|
use Pterodactyl\Models\Location;
|
||||||
|
use Pterodactyl\Transformers\Api\Application\NodeTransformer;
|
||||||
|
use Pterodactyl\Transformers\Api\Application\ServerTransformer;
|
||||||
|
use Pterodactyl\Tests\Integration\Api\Application\ApplicationApiIntegrationTestCase;
|
||||||
|
|
||||||
|
class LocationControllerTest extends ApplicationApiIntegrationTestCase
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Test getting all locations through the API.
|
||||||
|
*/
|
||||||
|
public function testGetLocations()
|
||||||
|
{
|
||||||
|
$locations = factory(Location::class)->times(2)->create();
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/locations');
|
||||||
|
$response->assertStatus(Response::HTTP_OK);
|
||||||
|
$response->assertJsonCount(2, 'data');
|
||||||
|
$response->assertJsonStructure([
|
||||||
|
'object',
|
||||||
|
'data' => [
|
||||||
|
['object', 'attributes' => ['id', 'short', 'long', 'created_at', 'updated_at']],
|
||||||
|
['object', 'attributes' => ['id', 'short', 'long', 'created_at', 'updated_at']],
|
||||||
|
],
|
||||||
|
'meta' => ['pagination' => ['total', 'count', 'per_page', 'current_page', 'total_pages']],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response
|
||||||
|
->assertJson([
|
||||||
|
'object' => 'list',
|
||||||
|
'data' => [[], []],
|
||||||
|
'meta' => [
|
||||||
|
'pagination' => [
|
||||||
|
'total' => 2,
|
||||||
|
'count' => 2,
|
||||||
|
'per_page' => 50,
|
||||||
|
'current_page' => 1,
|
||||||
|
'total_pages' => 1,
|
||||||
|
],
|
||||||
|
],
|
||||||
|
])
|
||||||
|
->assertJsonFragment([
|
||||||
|
'object' => 'location',
|
||||||
|
'attributes' => [
|
||||||
|
'id' => $locations[0]->id,
|
||||||
|
'short' => $locations[0]->short,
|
||||||
|
'long' => $locations[0]->long,
|
||||||
|
'created_at' => $this->formatTimestamp($locations[0]->created_at),
|
||||||
|
'updated_at' => $this->formatTimestamp($locations[0]->updated_at),
|
||||||
|
],
|
||||||
|
])->assertJsonFragment([
|
||||||
|
'object' => 'location',
|
||||||
|
'attributes' => [
|
||||||
|
'id' => $locations[1]->id,
|
||||||
|
'short' => $locations[1]->short,
|
||||||
|
'long' => $locations[1]->long,
|
||||||
|
'created_at' => $this->formatTimestamp($locations[1]->created_at),
|
||||||
|
'updated_at' => $this->formatTimestamp($locations[1]->updated_at),
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test getting a single location on the API.
|
||||||
|
*/
|
||||||
|
public function testGetSingleLocation()
|
||||||
|
{
|
||||||
|
$location = factory(Location::class)->create();
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/locations/' . $location->id);
|
||||||
|
$response->assertStatus(Response::HTTP_OK);
|
||||||
|
$response->assertJsonCount(2);
|
||||||
|
$response->assertJsonStructure(['object', 'attributes' => ['id', 'short', 'long', 'created_at', 'updated_at']]);
|
||||||
|
$response->assertJson([
|
||||||
|
'object' => 'location',
|
||||||
|
'attributes' => [
|
||||||
|
'id' => $location->id,
|
||||||
|
'short' => $location->short,
|
||||||
|
'long' => $location->long,
|
||||||
|
'created_at' => $this->formatTimestamp($location->created_at),
|
||||||
|
'updated_at' => $this->formatTimestamp($location->updated_at),
|
||||||
|
],
|
||||||
|
], true);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that all of the defined relationships for a location can be loaded successfully.
|
||||||
|
*/
|
||||||
|
public function testRelationshipsCanBeLoaded()
|
||||||
|
{
|
||||||
|
$location = factory(Location::class)->create();
|
||||||
|
$server = $this->createServerModel(['user_id' => $this->getApiUser()->id, 'location_id' => $location->id]);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/locations/' . $location->id . '?include=servers,nodes');
|
||||||
|
$response->assertStatus(Response::HTTP_OK);
|
||||||
|
$response->assertJsonCount(2)->assertJsonCount(2, 'attributes.relationships');
|
||||||
|
$response->assertJsonStructure([
|
||||||
|
'attributes' => [
|
||||||
|
'relationships' => [
|
||||||
|
'nodes' => ['object', 'data' => [['attributes' => ['id']]]],
|
||||||
|
'servers' => ['object', 'data' => [['attributes' => ['id']]]],
|
||||||
|
],
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
|
||||||
|
// Just assert that we see the expected relationship IDs in the response.
|
||||||
|
$response->assertJson([
|
||||||
|
'attributes' => [
|
||||||
|
'relationships' => [
|
||||||
|
'nodes' => [
|
||||||
|
'object' => 'list',
|
||||||
|
'data' => [
|
||||||
|
[
|
||||||
|
'object' => 'node',
|
||||||
|
'attributes' => $this->getTransformer(NodeTransformer::class)->transform($server->getRelation('node')),
|
||||||
|
],
|
||||||
|
],
|
||||||
|
],
|
||||||
|
'servers' => [
|
||||||
|
'object' => 'list',
|
||||||
|
'data' => [
|
||||||
|
[
|
||||||
|
'object' => 'server',
|
||||||
|
'attributes' => $this->getTransformer(ServerTransformer::class)->transform($server),
|
||||||
|
],
|
||||||
|
],
|
||||||
|
],
|
||||||
|
],
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that a relationship that an API key does not have permission to access
|
||||||
|
* cannot be loaded onto the model.
|
||||||
|
*/
|
||||||
|
public function testKeyWithoutPermissionCannotLoadRelationship()
|
||||||
|
{
|
||||||
|
$this->createNewDefaultApiKey($this->getApiUser(), ['r_nodes' => 0]);
|
||||||
|
|
||||||
|
$location = factory(Location::class)->create();
|
||||||
|
factory(Node::class)->create(['location_id' => $location->id]);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/locations/' . $location->id . '?include=nodes');
|
||||||
|
$response->assertStatus(Response::HTTP_OK);
|
||||||
|
$response->assertJsonCount(2)->assertJsonCount(1, 'attributes.relationships');
|
||||||
|
$response->assertJsonStructure([
|
||||||
|
'attributes' => [
|
||||||
|
'relationships' => [
|
||||||
|
'nodes' => ['object', 'attributes'],
|
||||||
|
],
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
|
||||||
|
// Just assert that we see the expected relationship IDs in the response.
|
||||||
|
$response->assertJson([
|
||||||
|
'attributes' => [
|
||||||
|
'relationships' => [
|
||||||
|
'nodes' => [
|
||||||
|
'object' => 'null_resource',
|
||||||
|
'attributes' => null,
|
||||||
|
],
|
||||||
|
],
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that a missing location returns a 404 error.
|
||||||
|
*
|
||||||
|
* GET /api/application/locations/:id
|
||||||
|
*/
|
||||||
|
public function testGetMissingLocation()
|
||||||
|
{
|
||||||
|
$response = $this->getJson('/api/application/locations/nil');
|
||||||
|
$this->assertNotFoundJson($response);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that an authentication error occurs if a key does not have permission
|
||||||
|
* to access a resource.
|
||||||
|
*/
|
||||||
|
public function testErrorReturnedIfNoPermission()
|
||||||
|
{
|
||||||
|
$location = factory(Location::class)->create();
|
||||||
|
$this->createNewDefaultApiKey($this->getApiUser(), ['r_locations' => 0]);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/locations/' . $location->id);
|
||||||
|
$this->assertAccessDeniedJson($response);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that a location's existence is not exposed unless an API key has permission
|
||||||
|
* to access the resource.
|
||||||
|
*/
|
||||||
|
public function testResourceIsNotExposedWithoutPermissions()
|
||||||
|
{
|
||||||
|
$this->createNewDefaultApiKey($this->getApiUser(), ['r_locations' => 0]);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/locations/nil');
|
||||||
|
$this->assertAccessDeniedJson($response);
|
||||||
|
}
|
||||||
|
}
|
149
tests/Integration/Api/Application/Nests/EggControllerTest.php
Normal file
149
tests/Integration/Api/Application/Nests/EggControllerTest.php
Normal file
|
@ -0,0 +1,149 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Pterodactyl\Tests\Integration\Api\Application\Nests;
|
||||||
|
|
||||||
|
use Illuminate\Support\Arr;
|
||||||
|
use Illuminate\Http\Response;
|
||||||
|
use Pterodactyl\Contracts\Repository\EggRepositoryInterface;
|
||||||
|
use Pterodactyl\Transformers\Api\Application\EggTransformer;
|
||||||
|
use Pterodactyl\Tests\Integration\Api\Application\ApplicationApiIntegrationTestCase;
|
||||||
|
|
||||||
|
class EggControllerTest extends ApplicationApiIntegrationTestCase
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* @var \Pterodactyl\Contracts\Repository\EggRepositoryInterface
|
||||||
|
*/
|
||||||
|
private $repository;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Setup tests.
|
||||||
|
*/
|
||||||
|
public function setUp()
|
||||||
|
{
|
||||||
|
parent::setUp();
|
||||||
|
|
||||||
|
$this->repository = $this->app->make(EggRepositoryInterface::class);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that all of the eggs belonging to a given nest can be returned.
|
||||||
|
*/
|
||||||
|
public function testListAllEggsInNest()
|
||||||
|
{
|
||||||
|
$eggs = $this->repository->findWhere([['nest_id', '=', 1]]);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/nests/' . $eggs->first()->nest_id . '/eggs');
|
||||||
|
$response->assertStatus(Response::HTTP_OK);
|
||||||
|
$response->assertJsonCount(count($eggs), 'data');
|
||||||
|
$response->assertJsonStructure([
|
||||||
|
'object',
|
||||||
|
'data' => [
|
||||||
|
[
|
||||||
|
'object',
|
||||||
|
'attributes' => [
|
||||||
|
'id', 'uuid', 'nest', 'author', 'description', 'docker_image', 'startup', 'created_at', 'updated_at',
|
||||||
|
'script' => ['privileged', 'install', 'entry', 'container', 'extends'],
|
||||||
|
'config' => [
|
||||||
|
'files' => [],
|
||||||
|
'startup' => ['done', 'userInteraction' => []],
|
||||||
|
'stop',
|
||||||
|
'logs' => ['custom', 'location'],
|
||||||
|
'extends',
|
||||||
|
],
|
||||||
|
],
|
||||||
|
],
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
|
||||||
|
foreach (array_get($response->json(), 'data') as $datum) {
|
||||||
|
$egg = $eggs->where('id', '=', $datum['attributes']['id'])->first();
|
||||||
|
|
||||||
|
$expected = json_encode(Arr::sortRecursive($datum['attributes']));
|
||||||
|
$actual = json_encode(Arr::sortRecursive($this->getTransformer(EggTransformer::class)->transform($egg)));
|
||||||
|
|
||||||
|
$this->assertSame($expected, $actual,
|
||||||
|
'Unable to find JSON fragment: ' . PHP_EOL . PHP_EOL . "[{$expected}]" . PHP_EOL . PHP_EOL . 'within' . PHP_EOL . PHP_EOL . "[{$actual}]."
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that a single egg can be returned.
|
||||||
|
*/
|
||||||
|
public function testReturnSingleEgg()
|
||||||
|
{
|
||||||
|
$egg = $this->repository->find(1);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/nests/' . $egg->nest_id . '/eggs/' . $egg->id);
|
||||||
|
$response->assertStatus(Response::HTTP_OK);
|
||||||
|
$response->assertJsonStructure([
|
||||||
|
'object',
|
||||||
|
'attributes' => [
|
||||||
|
'id', 'uuid', 'nest', 'author', 'description', 'docker_image', 'startup', 'script' => [], 'config' => [], 'created_at', 'updated_at',
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response->assertJson([
|
||||||
|
'object' => 'egg',
|
||||||
|
'attributes' => $this->getTransformer(EggTransformer::class)->transform($egg),
|
||||||
|
], true);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that a single egg and all of the defined relationships can be returned.
|
||||||
|
*/
|
||||||
|
public function testReturnSingleEggWithRelationships()
|
||||||
|
{
|
||||||
|
$egg = $this->repository->find(1);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/nests/' . $egg->nest_id . '/eggs/' . $egg->id . '?include=servers,variables,nest');
|
||||||
|
$response->assertStatus(Response::HTTP_OK);
|
||||||
|
$response->assertJsonStructure([
|
||||||
|
'object',
|
||||||
|
'attributes' => [
|
||||||
|
'relationships' => [
|
||||||
|
'nest' => ['object', 'attributes'],
|
||||||
|
'servers' => ['object', 'data' => []],
|
||||||
|
'variables' => ['object', 'data' => []],
|
||||||
|
],
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that a missing egg returns a 404 error.
|
||||||
|
*/
|
||||||
|
public function testGetMissingEgg()
|
||||||
|
{
|
||||||
|
$egg = $this->repository->find(1);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/nests/' . $egg->nest_id . '/eggs/nil');
|
||||||
|
$this->assertNotFoundJson($response);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that an authentication error occurs if a key does not have permission
|
||||||
|
* to access a resource.
|
||||||
|
*/
|
||||||
|
public function testErrorReturnedIfNoPermission()
|
||||||
|
{
|
||||||
|
$egg = $this->repository->find(1);
|
||||||
|
$this->createNewDefaultApiKey($this->getApiUser(), ['r_eggs' => 0]);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/nests/' . $egg->nest_id . '/eggs');
|
||||||
|
$this->assertAccessDeniedJson($response);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that a nests's existence is not exposed unless an API key has permission
|
||||||
|
* to access the resource.
|
||||||
|
*/
|
||||||
|
public function testResourceIsNotExposedWithoutPermissions()
|
||||||
|
{
|
||||||
|
$egg = $this->repository->find(1);
|
||||||
|
$this->createNewDefaultApiKey($this->getApiUser(), ['r_eggs' => 0]);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/nests/' . $egg->nest_id . '/eggs/nil');
|
||||||
|
$this->assertAccessDeniedJson($response);
|
||||||
|
}
|
||||||
|
}
|
143
tests/Integration/Api/Application/Nests/NestControllerTest.php
Normal file
143
tests/Integration/Api/Application/Nests/NestControllerTest.php
Normal file
|
@ -0,0 +1,143 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Pterodactyl\Tests\Integration\Api\Application\Nests;
|
||||||
|
|
||||||
|
use Illuminate\Http\Response;
|
||||||
|
use Pterodactyl\Contracts\Repository\NestRepositoryInterface;
|
||||||
|
use Pterodactyl\Transformers\Api\Application\NestTransformer;
|
||||||
|
use Pterodactyl\Tests\Integration\Api\Application\ApplicationApiIntegrationTestCase;
|
||||||
|
|
||||||
|
class NestControllerTest extends ApplicationApiIntegrationTestCase
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* @var \Pterodactyl\Contracts\Repository\NestRepositoryInterface
|
||||||
|
*/
|
||||||
|
private $repository;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Setup tests.
|
||||||
|
*/
|
||||||
|
public function setUp()
|
||||||
|
{
|
||||||
|
parent::setUp();
|
||||||
|
|
||||||
|
$this->repository = $this->app->make(NestRepositoryInterface::class);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that the expected nests are returned in the request.
|
||||||
|
*/
|
||||||
|
public function testNestResponse()
|
||||||
|
{
|
||||||
|
/** @var \Pterodactyl\Models\Nest[] $nests */
|
||||||
|
$nests = $this->repository->all();
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/nests');
|
||||||
|
$response->assertStatus(Response::HTTP_OK);
|
||||||
|
$response->assertJsonCount(count($nests), 'data');
|
||||||
|
$response->assertJsonStructure([
|
||||||
|
'object',
|
||||||
|
'data' => [['object', 'attributes' => ['id', 'uuid', 'author', 'name', 'description', 'created_at', 'updated_at']]],
|
||||||
|
'meta' => ['pagination' => ['total', 'count', 'per_page', 'current_page', 'total_pages']],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response->assertJson([
|
||||||
|
'object' => 'list',
|
||||||
|
'data' => [],
|
||||||
|
'meta' => [
|
||||||
|
'pagination' => [
|
||||||
|
'total' => 4,
|
||||||
|
'count' => 4,
|
||||||
|
'per_page' => 50,
|
||||||
|
'current_page' => 1,
|
||||||
|
'total_pages' => 1,
|
||||||
|
],
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
|
||||||
|
foreach ($nests as $nest) {
|
||||||
|
$response->assertJsonFragment([
|
||||||
|
'object' => 'nest',
|
||||||
|
'attributes' => $this->getTransformer(NestTransformer::class)->transform($nest),
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that getting a single nest returns the expected result.
|
||||||
|
*/
|
||||||
|
public function testSingleNestResponse()
|
||||||
|
{
|
||||||
|
$nest = $this->repository->find(1);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/nests/' . $nest->id);
|
||||||
|
$response->assertStatus(Response::HTTP_OK);
|
||||||
|
$response->assertJsonStructure([
|
||||||
|
'object',
|
||||||
|
'attributes' => ['id', 'uuid', 'author', 'name', 'description', 'created_at', 'updated_at'],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response->assertJson([
|
||||||
|
'object' => 'nest',
|
||||||
|
'attributes' => $this->getTransformer(NestTransformer::class)->transform($nest),
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that including eggs in the response works as expected.
|
||||||
|
*/
|
||||||
|
public function testSingleNestWithEggsIncluded()
|
||||||
|
{
|
||||||
|
$nest = $this->repository->find(1);
|
||||||
|
$nest->loadMissing('eggs');
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/nests/' . $nest->id . '?include=servers,eggs');
|
||||||
|
$response->assertStatus(Response::HTTP_OK);
|
||||||
|
$response->assertJsonStructure([
|
||||||
|
'object',
|
||||||
|
'attributes' => [
|
||||||
|
'relationships' => [
|
||||||
|
'eggs' => ['object', 'data' => []],
|
||||||
|
'servers' => ['object', 'data' => []],
|
||||||
|
],
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response->assertJsonCount(count($nest->getRelation('eggs')), 'attributes.relationships.eggs.data');
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that a missing nest returns a 404 error.
|
||||||
|
*/
|
||||||
|
public function testGetMissingNest()
|
||||||
|
{
|
||||||
|
$response = $this->getJson('/api/application/nests/nil');
|
||||||
|
$this->assertNotFoundJson($response);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that an authentication error occurs if a key does not have permission
|
||||||
|
* to access a resource.
|
||||||
|
*/
|
||||||
|
public function testErrorReturnedIfNoPermission()
|
||||||
|
{
|
||||||
|
$nest = $this->repository->find(1);
|
||||||
|
$this->createNewDefaultApiKey($this->getApiUser(), ['r_nests' => 0]);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/nests/' . $nest->id);
|
||||||
|
$this->assertAccessDeniedJson($response);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that a nest's existence is not exposed unless an API key has permission
|
||||||
|
* to access the resource.
|
||||||
|
*/
|
||||||
|
public function testResourceIsNotExposedWithoutPermissions()
|
||||||
|
{
|
||||||
|
$nest = $this->repository->find(1);
|
||||||
|
$this->createNewDefaultApiKey($this->getApiUser(), ['r_nests' => 0]);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/nests/' . $nest->id);
|
||||||
|
$this->assertAccessDeniedJson($response);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,81 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Pterodactyl\Tests\Integration\Api\Application\Users;
|
||||||
|
|
||||||
|
use Pterodactyl\Models\User;
|
||||||
|
use Illuminate\Http\Response;
|
||||||
|
use Pterodactyl\Tests\Integration\Api\Application\ApplicationApiIntegrationTestCase;
|
||||||
|
|
||||||
|
class ExternalUserControllerTest extends ApplicationApiIntegrationTestCase
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Test that a user can be retrieved by their external ID.
|
||||||
|
*/
|
||||||
|
public function testGetRemoteUser()
|
||||||
|
{
|
||||||
|
$user = factory(User::class)->create();
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/users/external/' . $user->external_id);
|
||||||
|
$response->assertStatus(Response::HTTP_OK);
|
||||||
|
$response->assertJsonCount(2);
|
||||||
|
$response->assertJsonStructure([
|
||||||
|
'object',
|
||||||
|
'attributes' => [
|
||||||
|
'id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name',
|
||||||
|
'language', 'root_admin', '2fa', 'created_at', 'updated_at',
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response->assertJson([
|
||||||
|
'object' => 'user',
|
||||||
|
'attributes' => [
|
||||||
|
'id' => $user->id,
|
||||||
|
'external_id' => $user->external_id,
|
||||||
|
'uuid' => $user->uuid,
|
||||||
|
'username' => $user->username,
|
||||||
|
'email' => $user->email,
|
||||||
|
'first_name' => $user->name_first,
|
||||||
|
'last_name' => $user->name_last,
|
||||||
|
'language' => $user->language,
|
||||||
|
'root_admin' => (bool) $user->root_admin,
|
||||||
|
'2fa' => (bool) $user->totp_enabled,
|
||||||
|
'created_at' => $this->formatTimestamp($user->created_at),
|
||||||
|
'updated_at' => $this->formatTimestamp($user->updated_at),
|
||||||
|
],
|
||||||
|
], true);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that an invalid external ID returns a 404 error.
|
||||||
|
*/
|
||||||
|
public function testGetMissingUser()
|
||||||
|
{
|
||||||
|
$response = $this->getJson('/api/application/users/external/nil');
|
||||||
|
$this->assertNotFoundJson($response);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that an authentication error occurs if a key does not have permission
|
||||||
|
* to access a resource.
|
||||||
|
*/
|
||||||
|
public function testErrorReturnedIfNoPermission()
|
||||||
|
{
|
||||||
|
$user = factory(User::class)->create();
|
||||||
|
$this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => 0]);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/users/external/' . $user->external_id);
|
||||||
|
$this->assertAccessDeniedJson($response);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that a users's existence is not exposed unless an API key has permission
|
||||||
|
* to access the resource.
|
||||||
|
*/
|
||||||
|
public function testResourceIsNotExposedWithoutPermissions()
|
||||||
|
{
|
||||||
|
$this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => 0]);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/users/external/nil');
|
||||||
|
$this->assertAccessDeniedJson($response);
|
||||||
|
}
|
||||||
|
}
|
327
tests/Integration/Api/Application/Users/UserControllerTest.php
Normal file
327
tests/Integration/Api/Application/Users/UserControllerTest.php
Normal file
|
@ -0,0 +1,327 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Pterodactyl\Tests\Integration\Api\Application\Users;
|
||||||
|
|
||||||
|
use Pterodactyl\Models\User;
|
||||||
|
use Illuminate\Http\Response;
|
||||||
|
use Pterodactyl\Services\Acl\Api\AdminAcl;
|
||||||
|
use Pterodactyl\Transformers\Api\Application\UserTransformer;
|
||||||
|
use Pterodactyl\Transformers\Api\Application\ServerTransformer;
|
||||||
|
use Pterodactyl\Tests\Integration\Api\Application\ApplicationApiIntegrationTestCase;
|
||||||
|
|
||||||
|
class UserControllerTest extends ApplicationApiIntegrationTestCase
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Test the response when requesting all users on the panel.
|
||||||
|
*/
|
||||||
|
public function testGetUsers()
|
||||||
|
{
|
||||||
|
$user = factory(User::class)->create();
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/users');
|
||||||
|
$response->assertStatus(Response::HTTP_OK);
|
||||||
|
$response->assertJsonCount(2, 'data');
|
||||||
|
$response->assertJsonStructure([
|
||||||
|
'object',
|
||||||
|
'data' => [
|
||||||
|
['object', 'attributes' => ['id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at']],
|
||||||
|
['object', 'attributes' => ['id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at']],
|
||||||
|
],
|
||||||
|
'meta' => ['pagination' => ['total', 'count', 'per_page', 'current_page', 'total_pages']],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response
|
||||||
|
->assertJson([
|
||||||
|
'object' => 'list',
|
||||||
|
'data' => [[], []],
|
||||||
|
'meta' => [
|
||||||
|
'pagination' => [
|
||||||
|
'total' => 2,
|
||||||
|
'count' => 2,
|
||||||
|
'per_page' => 50,
|
||||||
|
'current_page' => 1,
|
||||||
|
'total_pages' => 1,
|
||||||
|
],
|
||||||
|
],
|
||||||
|
])
|
||||||
|
->assertJsonFragment([
|
||||||
|
'object' => 'user',
|
||||||
|
'attributes' => [
|
||||||
|
'id' => $this->getApiUser()->id,
|
||||||
|
'external_id' => $this->getApiUser()->external_id,
|
||||||
|
'uuid' => $this->getApiUser()->uuid,
|
||||||
|
'username' => $this->getApiUser()->username,
|
||||||
|
'email' => $this->getApiUser()->email,
|
||||||
|
'first_name' => $this->getApiUser()->name_first,
|
||||||
|
'last_name' => $this->getApiUser()->name_last,
|
||||||
|
'language' => $this->getApiUser()->language,
|
||||||
|
'root_admin' => (bool) $this->getApiUser()->root_admin,
|
||||||
|
'2fa' => (bool) $this->getApiUser()->totp_enabled,
|
||||||
|
'created_at' => $this->formatTimestamp($this->getApiUser()->created_at),
|
||||||
|
'updated_at' => $this->formatTimestamp($this->getApiUser()->updated_at),
|
||||||
|
],
|
||||||
|
])
|
||||||
|
->assertJsonFragment([
|
||||||
|
'object' => 'user',
|
||||||
|
'attributes' => [
|
||||||
|
'id' => $user->id,
|
||||||
|
'external_id' => $user->external_id,
|
||||||
|
'uuid' => $user->uuid,
|
||||||
|
'username' => $user->username,
|
||||||
|
'email' => $user->email,
|
||||||
|
'first_name' => $user->name_first,
|
||||||
|
'last_name' => $user->name_last,
|
||||||
|
'language' => $user->language,
|
||||||
|
'root_admin' => (bool) $user->root_admin,
|
||||||
|
'2fa' => (bool) $user->totp_enabled,
|
||||||
|
'created_at' => $this->formatTimestamp($user->created_at),
|
||||||
|
'updated_at' => $this->formatTimestamp($user->updated_at),
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test getting a single user.
|
||||||
|
*/
|
||||||
|
public function testGetSingleUser()
|
||||||
|
{
|
||||||
|
$user = factory(User::class)->create();
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/users/' . $user->id);
|
||||||
|
$response->assertStatus(Response::HTTP_OK);
|
||||||
|
$response->assertJsonCount(2);
|
||||||
|
$response->assertJsonStructure([
|
||||||
|
'object',
|
||||||
|
'attributes' => ['id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at'],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response->assertJson([
|
||||||
|
'object' => 'user',
|
||||||
|
'attributes' => [
|
||||||
|
'id' => $user->id,
|
||||||
|
'external_id' => $user->external_id,
|
||||||
|
'uuid' => $user->uuid,
|
||||||
|
'username' => $user->username,
|
||||||
|
'email' => $user->email,
|
||||||
|
'first_name' => $user->name_first,
|
||||||
|
'last_name' => $user->name_last,
|
||||||
|
'language' => $user->language,
|
||||||
|
'root_admin' => (bool) $user->root_admin,
|
||||||
|
'2fa' => (bool) $user->totp_enabled,
|
||||||
|
'created_at' => $this->formatTimestamp($user->created_at),
|
||||||
|
'updated_at' => $this->formatTimestamp($user->updated_at),
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that the correct relationships can be loaded.
|
||||||
|
*/
|
||||||
|
public function testRelationshipsCanBeLoaded()
|
||||||
|
{
|
||||||
|
$user = factory(User::class)->create();
|
||||||
|
$server = $this->createServerModel(['user_id' => $user->id]);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/users/' . $user->id . '?include=servers');
|
||||||
|
$response->assertStatus(Response::HTTP_OK);
|
||||||
|
$response->assertJsonCount(2);
|
||||||
|
$response->assertJsonStructure([
|
||||||
|
'object',
|
||||||
|
'attributes' => [
|
||||||
|
'id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at',
|
||||||
|
'relationships' => ['servers' => ['object', 'data' => [['object', 'attributes' => []]]]],
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response->assertJsonFragment([
|
||||||
|
'object' => 'list',
|
||||||
|
'data' => [
|
||||||
|
[
|
||||||
|
'object' => 'server',
|
||||||
|
'attributes' => $this->getTransformer(ServerTransformer::class)->transform($server),
|
||||||
|
],
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that attempting to load a relationship that the key does not have permission
|
||||||
|
* for returns a null object.
|
||||||
|
*/
|
||||||
|
public function testKeyWithoutPermissionCannotLoadRelationship()
|
||||||
|
{
|
||||||
|
$this->createNewDefaultApiKey($this->getApiUser(), ['r_servers' => 0]);
|
||||||
|
|
||||||
|
$user = factory(User::class)->create();
|
||||||
|
$this->createServerModel(['user_id' => $user->id]);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/users/' . $user->id . '?include=servers');
|
||||||
|
$response->assertStatus(Response::HTTP_OK);
|
||||||
|
$response->assertJsonCount(2)->assertJsonCount(1, 'attributes.relationships');
|
||||||
|
$response->assertJsonStructure([
|
||||||
|
'attributes' => [
|
||||||
|
'relationships' => [
|
||||||
|
'servers' => ['object', 'attributes'],
|
||||||
|
],
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
|
||||||
|
// Just assert that we see the expected relationship IDs in the response.
|
||||||
|
$response->assertJson([
|
||||||
|
'attributes' => [
|
||||||
|
'relationships' => [
|
||||||
|
'servers' => [
|
||||||
|
'object' => 'null_resource',
|
||||||
|
'attributes' => null,
|
||||||
|
],
|
||||||
|
],
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that an invalid external ID returns a 404 error.
|
||||||
|
*/
|
||||||
|
public function testGetMissingUser()
|
||||||
|
{
|
||||||
|
$response = $this->getJson('/api/application/users/nil');
|
||||||
|
$this->assertNotFoundJson($response);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that an authentication error occurs if a key does not have permission
|
||||||
|
* to access a resource.
|
||||||
|
*/
|
||||||
|
public function testErrorReturnedIfNoPermission()
|
||||||
|
{
|
||||||
|
$user = factory(User::class)->create();
|
||||||
|
$this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => 0]);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/users/' . $user->id);
|
||||||
|
$this->assertAccessDeniedJson($response);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that a users's existence is not exposed unless an API key has permission
|
||||||
|
* to access the resource.
|
||||||
|
*/
|
||||||
|
public function testResourceIsNotExposedWithoutPermissions()
|
||||||
|
{
|
||||||
|
$this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => 0]);
|
||||||
|
|
||||||
|
$response = $this->getJson('/api/application/users/nil');
|
||||||
|
$this->assertAccessDeniedJson($response);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that a user can be created.
|
||||||
|
*/
|
||||||
|
public function testCreateUser()
|
||||||
|
{
|
||||||
|
$response = $this->postJson('/api/application/users', [
|
||||||
|
'username' => 'testuser',
|
||||||
|
'email' => 'test@example.com',
|
||||||
|
'first_name' => 'Test',
|
||||||
|
'last_name' => 'User',
|
||||||
|
]);
|
||||||
|
|
||||||
|
$response->assertStatus(Response::HTTP_CREATED);
|
||||||
|
$response->assertJsonCount(3);
|
||||||
|
$response->assertJsonStructure([
|
||||||
|
'object',
|
||||||
|
'attributes' => ['id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at'],
|
||||||
|
'meta' => ['resource'],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$this->assertDatabaseHas('users', ['username' => 'testuser', 'email' => 'test@example.com']);
|
||||||
|
|
||||||
|
$user = User::where('username', 'testuser')->first();
|
||||||
|
$response->assertJson([
|
||||||
|
'object' => 'user',
|
||||||
|
'attributes' => $this->getTransformer(UserTransformer::class)->transform($user),
|
||||||
|
'meta' => [
|
||||||
|
'resource' => route('api.application.users.view', $user->id),
|
||||||
|
],
|
||||||
|
], true);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that a user can be updated.
|
||||||
|
*/
|
||||||
|
public function testUpdateUser()
|
||||||
|
{
|
||||||
|
$user = factory(User::class)->create();
|
||||||
|
|
||||||
|
$response = $this->patchJson('/api/application/users/' . $user->id, [
|
||||||
|
'username' => 'new.test.name',
|
||||||
|
'email' => 'new@emailtest.com',
|
||||||
|
'first_name' => $user->name_first,
|
||||||
|
'last_name' => $user->name_last,
|
||||||
|
]);
|
||||||
|
$response->assertStatus(Response::HTTP_OK);
|
||||||
|
$response->assertJsonCount(2);
|
||||||
|
$response->assertJsonStructure([
|
||||||
|
'object',
|
||||||
|
'attributes' => ['id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at'],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$this->assertDatabaseHas('users', ['username' => 'new.test.name', 'email' => 'new@emailtest.com']);
|
||||||
|
$user = $user->fresh();
|
||||||
|
|
||||||
|
$response->assertJson([
|
||||||
|
'object' => 'user',
|
||||||
|
'attributes' => $this->getTransformer(UserTransformer::class)->transform($user),
|
||||||
|
]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that a user can be deleted from the database.
|
||||||
|
*/
|
||||||
|
public function testDeleteUser()
|
||||||
|
{
|
||||||
|
$user = factory(User::class)->create();
|
||||||
|
$this->assertDatabaseHas('users', ['id' => $user->id]);
|
||||||
|
|
||||||
|
$response = $this->delete('/api/application/users/' . $user->id);
|
||||||
|
$response->assertStatus(Response::HTTP_NO_CONTENT);
|
||||||
|
|
||||||
|
$this->assertDatabaseMissing('users', ['id' => $user->id]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that an API key without write permissions cannot create, update, or
|
||||||
|
* delete a user model.
|
||||||
|
*
|
||||||
|
* @param string $method
|
||||||
|
* @param string $url
|
||||||
|
*
|
||||||
|
* @dataProvider userWriteEndpointsDataProvider
|
||||||
|
*/
|
||||||
|
public function testApiKeyWithoutWritePermissions(string $method, string $url)
|
||||||
|
{
|
||||||
|
$this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => AdminAcl::READ]);
|
||||||
|
|
||||||
|
if (str_contains($url, '{id}')) {
|
||||||
|
$user = factory(User::class)->create();
|
||||||
|
$url = str_replace('{id}', $user->id, $url);
|
||||||
|
}
|
||||||
|
|
||||||
|
$response = $this->$method($url);
|
||||||
|
$this->assertAccessDeniedJson($response);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Endpoints that should return a 403 error when the key does not have write
|
||||||
|
* permissions for user management.
|
||||||
|
*
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
public function userWriteEndpointsDataProvider(): array
|
||||||
|
{
|
||||||
|
return [
|
||||||
|
['postJson', '/api/application/users'],
|
||||||
|
['patchJson', '/api/application/users/{id}'],
|
||||||
|
['delete', '/api/application/users/{id}'],
|
||||||
|
];
|
||||||
|
}
|
||||||
|
}
|
46
tests/Integration/IntegrationTestCase.php
Normal file
46
tests/Integration/IntegrationTestCase.php
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Pterodactyl\Tests\Integration;
|
||||||
|
|
||||||
|
use Tests\TestCase;
|
||||||
|
use Cake\Chronos\Chronos;
|
||||||
|
use Illuminate\Database\Eloquent\Model;
|
||||||
|
use Pterodactyl\Transformers\Api\Application\BaseTransformer;
|
||||||
|
|
||||||
|
abstract class IntegrationTestCase extends TestCase
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Setup base integration test cases.
|
||||||
|
*/
|
||||||
|
public function setUp()
|
||||||
|
{
|
||||||
|
parent::setUp();
|
||||||
|
|
||||||
|
// Disable event dispatcher to prevent eloquence from trying to
|
||||||
|
// perform validation on models going into the database. If this is
|
||||||
|
// not disabled, eloquence validation errors get swallowed and
|
||||||
|
// the tests cannot complete because nothing is put into the database.
|
||||||
|
Model::unsetEventDispatcher();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return array
|
||||||
|
*/
|
||||||
|
protected function connectionsToTransact()
|
||||||
|
{
|
||||||
|
return ['testing'];
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return an ISO-8601 formatted timestamp to use in the API response.
|
||||||
|
*
|
||||||
|
* @param string $timestamp
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
protected function formatTimestamp(string $timestamp): string
|
||||||
|
{
|
||||||
|
return Chronos::createFromFormat(Chronos::DEFAULT_TO_STRING_FORMAT, $timestamp)
|
||||||
|
->setTimezone(BaseTransformer::RESPONSE_TIMEZONE)
|
||||||
|
->toIso8601String();
|
||||||
|
}
|
||||||
|
}
|
51
tests/Traits/Http/IntegrationJsonRequestAssertions.php
Normal file
51
tests/Traits/Http/IntegrationJsonRequestAssertions.php
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Tests\Traits;
|
||||||
|
|
||||||
|
use Illuminate\Http\Response;
|
||||||
|
use Illuminate\Foundation\Testing\TestResponse;
|
||||||
|
|
||||||
|
trait IntegrationJsonRequestAssertions
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Make assertions about a 404 response on the API.
|
||||||
|
*
|
||||||
|
* @param \Illuminate\Foundation\Testing\TestResponse $response
|
||||||
|
*/
|
||||||
|
public function assertNotFoundJson(TestResponse $response)
|
||||||
|
{
|
||||||
|
$response->assertStatus(Response::HTTP_NOT_FOUND);
|
||||||
|
$response->assertJsonStructure(['errors' => [['code', 'status', 'detail']]]);
|
||||||
|
$response->assertJsonCount(1, 'errors');
|
||||||
|
$response->assertJson([
|
||||||
|
'errors' => [
|
||||||
|
[
|
||||||
|
'code' => 'NotFoundHttpException',
|
||||||
|
'status' => '404',
|
||||||
|
'detail' => 'The requested resource does not exist on this server.',
|
||||||
|
],
|
||||||
|
],
|
||||||
|
], true);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Make assertions about a 403 error returned by the API.
|
||||||
|
*
|
||||||
|
* @param \Illuminate\Foundation\Testing\TestResponse $response
|
||||||
|
*/
|
||||||
|
public function assertAccessDeniedJson(TestResponse $response)
|
||||||
|
{
|
||||||
|
$response->assertStatus(Response::HTTP_FORBIDDEN);
|
||||||
|
$response->assertJsonStructure(['errors' => [['code', 'status', 'detail']]]);
|
||||||
|
$response->assertJsonCount(1, 'errors');
|
||||||
|
$response->assertJson([
|
||||||
|
'errors' => [
|
||||||
|
[
|
||||||
|
'code' => 'AccessDeniedHttpException',
|
||||||
|
'status' => '403',
|
||||||
|
'detail' => 'This action is unauthorized.',
|
||||||
|
],
|
||||||
|
],
|
||||||
|
], true);
|
||||||
|
}
|
||||||
|
}
|
77
tests/Traits/Integration/CreatesTestModels.php
Normal file
77
tests/Traits/Integration/CreatesTestModels.php
Normal file
|
@ -0,0 +1,77 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Tests\Traits\Integration;
|
||||||
|
|
||||||
|
use Pterodactyl\Models\Egg;
|
||||||
|
use Pterodactyl\Models\Nest;
|
||||||
|
use Pterodactyl\Models\Node;
|
||||||
|
use Pterodactyl\Models\User;
|
||||||
|
use Pterodactyl\Models\Server;
|
||||||
|
use Pterodactyl\Models\Location;
|
||||||
|
use Pterodactyl\Models\Allocation;
|
||||||
|
use Illuminate\Database\Eloquent\Factory as EloquentFactory;
|
||||||
|
|
||||||
|
trait CreatesTestModels
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Creates a server model in the databases for the purpose of testing. If an attribute
|
||||||
|
* is passed in that normally requires this function to create a model no model will be
|
||||||
|
* created and that attribute's value will be used.
|
||||||
|
*
|
||||||
|
* The returned server model will have all of the relationships loaded onto it.
|
||||||
|
*
|
||||||
|
* @param array $attributes
|
||||||
|
* @return \Pterodactyl\Models\Server
|
||||||
|
*/
|
||||||
|
public function createServerModel(array $attributes = []): Server
|
||||||
|
{
|
||||||
|
/** @var \Illuminate\Database\Eloquent\Factory $factory */
|
||||||
|
$factory = $this->app->make(EloquentFactory::class);
|
||||||
|
|
||||||
|
if (isset($attributes['user_id'])) {
|
||||||
|
$attributes['owner_id'] = $attributes['user_id'];
|
||||||
|
}
|
||||||
|
|
||||||
|
if (! isset($attributes['owner_id'])) {
|
||||||
|
$user = $factory->of(User::class)->create();
|
||||||
|
$attributes['owner_id'] = $user->id;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (! isset($attributes['node_id'])) {
|
||||||
|
if (! isset($attributes['location_id'])) {
|
||||||
|
$location = $factory->of(Location::class)->create();
|
||||||
|
$attributes['location_id'] = $location->id;
|
||||||
|
}
|
||||||
|
|
||||||
|
$node = $factory->of(Node::class)->create(['location_id' => $attributes['location_id']]);
|
||||||
|
$attributes['node_id'] = $node->id;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (! isset($attributes['allocation_id'])) {
|
||||||
|
$allocation = $factory->of(Allocation::class)->create(['node_id' => $attributes['node_id']]);
|
||||||
|
$attributes['allocation_id'] = $allocation->id;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (! isset($attributes['nest_id'])) {
|
||||||
|
$nest = Nest::with('eggs')->first();
|
||||||
|
$attributes['nest_id'] = $nest->id;
|
||||||
|
|
||||||
|
if (! isset($attributes['egg_id'])) {
|
||||||
|
$attributes['egg_id'] = $nest->getRelation('eggs')->first()->id;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (! isset($attributes['egg_id'])) {
|
||||||
|
$egg = Egg::where('nest_id', $attributes['nest_id'])->first();
|
||||||
|
$attributes['egg_id'] = $egg->id;
|
||||||
|
}
|
||||||
|
|
||||||
|
unset($attributes['user_id'], $attributes['location_id']);
|
||||||
|
|
||||||
|
$server = $factory->of(Server::class)->create($attributes);
|
||||||
|
|
||||||
|
return Server::with([
|
||||||
|
'location', 'user', 'node', 'allocation', 'nest', 'egg',
|
||||||
|
])->findOrFail($server->id);
|
||||||
|
}
|
||||||
|
}
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
namespace Tests\Unit\Http\Middleware;
|
namespace Tests\Unit\Http\Middleware;
|
||||||
|
|
||||||
|
use Illuminate\Http\Request;
|
||||||
use Pterodactyl\Models\User;
|
use Pterodactyl\Models\User;
|
||||||
use Pterodactyl\Http\Middleware\AdminAuthenticate;
|
use Pterodactyl\Http\Middleware\AdminAuthenticate;
|
||||||
|
|
||||||
|
|
|
@ -29,12 +29,12 @@ class DaemonAuthenticateTest extends MiddlewareTestCase
|
||||||
*/
|
*/
|
||||||
public function testValidDaemonConnection()
|
public function testValidDaemonConnection()
|
||||||
{
|
{
|
||||||
|
$this->setRequestRouteName('random.name');
|
||||||
$node = factory(Node::class)->make();
|
$node = factory(Node::class)->make();
|
||||||
|
|
||||||
$this->request->shouldReceive('route->getName')->withNoArgs()->once()->andReturn('random.name');
|
$this->request->shouldReceive('header')->with('X-Access-Node')->twice()->andReturn($node->daemonSecret);
|
||||||
$this->request->shouldReceive('header')->with('X-Access-Node')->twice()->andReturn($node->uuid);
|
|
||||||
|
|
||||||
$this->repository->shouldReceive('findFirstWhere')->with(['daemonSecret' => $node->uuid])->once()->andReturn($node);
|
$this->repository->shouldReceive('findFirstWhere')->with(['daemonSecret' => $node->daemonSecret])->once()->andReturn($node);
|
||||||
|
|
||||||
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
|
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
|
||||||
$this->assertRequestHasAttribute('node');
|
$this->assertRequestHasAttribute('node');
|
||||||
|
@ -46,7 +46,7 @@ class DaemonAuthenticateTest extends MiddlewareTestCase
|
||||||
*/
|
*/
|
||||||
public function testIgnoredRouteShouldContinue()
|
public function testIgnoredRouteShouldContinue()
|
||||||
{
|
{
|
||||||
$this->request->shouldReceive('route->getName')->withNoArgs()->once()->andReturn('daemon.configuration');
|
$this->setRequestRouteName('daemon.configuration');
|
||||||
|
|
||||||
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
|
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
|
||||||
$this->assertRequestMissingAttribute('node');
|
$this->assertRequestMissingAttribute('node');
|
||||||
|
@ -59,7 +59,8 @@ class DaemonAuthenticateTest extends MiddlewareTestCase
|
||||||
*/
|
*/
|
||||||
public function testExceptionThrownIfMissingHeader()
|
public function testExceptionThrownIfMissingHeader()
|
||||||
{
|
{
|
||||||
$this->request->shouldReceive('route->getName')->withNoArgs()->once()->andReturn('random.name');
|
$this->setRequestRouteName('random.name');
|
||||||
|
|
||||||
$this->request->shouldReceive('header')->with('X-Access-Node')->once()->andReturn(false);
|
$this->request->shouldReceive('header')->with('X-Access-Node')->once()->andReturn(false);
|
||||||
|
|
||||||
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
|
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
|
||||||
|
|
|
@ -1,30 +1,17 @@
|
||||||
<?php
|
<?php
|
||||||
/*
|
|
||||||
* Pterodactyl - Panel
|
|
||||||
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
|
|
||||||
*
|
|
||||||
* This software is licensed under the terms of the MIT license.
|
|
||||||
* https://opensource.org/licenses/MIT
|
|
||||||
*/
|
|
||||||
|
|
||||||
namespace Tests\Unit\Services\Helpers;
|
namespace Tests\Unit\Services\Helpers;
|
||||||
|
|
||||||
use Mockery as m;
|
use Mockery as m;
|
||||||
use Tests\TestCase;
|
use Tests\TestCase;
|
||||||
use phpmock\phpunit\PHPMock;
|
use Tests\Traits\MocksUuids;
|
||||||
use Illuminate\Contracts\Hashing\Hasher;
|
use Illuminate\Contracts\Hashing\Hasher;
|
||||||
use Illuminate\Contracts\Config\Repository;
|
|
||||||
use Illuminate\Database\ConnectionInterface;
|
use Illuminate\Database\ConnectionInterface;
|
||||||
use Pterodactyl\Services\Helpers\TemporaryPasswordService;
|
use Pterodactyl\Services\Helpers\TemporaryPasswordService;
|
||||||
|
|
||||||
class TemporaryPasswordServiceTest extends TestCase
|
class TemporaryPasswordServiceTest extends TestCase
|
||||||
{
|
{
|
||||||
use PHPMock;
|
use MocksUuids;
|
||||||
|
|
||||||
/**
|
|
||||||
* @var \Illuminate\Contracts\Config\Repository|\Mockery\Mock
|
|
||||||
*/
|
|
||||||
protected $config;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var \Illuminate\Database\ConnectionInterface|\Mockery\Mock
|
* @var \Illuminate\Database\ConnectionInterface|\Mockery\Mock
|
||||||
|
@ -48,11 +35,10 @@ class TemporaryPasswordServiceTest extends TestCase
|
||||||
{
|
{
|
||||||
parent::setUp();
|
parent::setUp();
|
||||||
|
|
||||||
$this->config = m::mock(Repository::class);
|
|
||||||
$this->connection = m::mock(ConnectionInterface::class);
|
$this->connection = m::mock(ConnectionInterface::class);
|
||||||
$this->hasher = m::mock(Hasher::class);
|
$this->hasher = m::mock(Hasher::class);
|
||||||
|
|
||||||
$this->service = new TemporaryPasswordService($this->config, $this->connection, $this->hasher);
|
$this->service = new TemporaryPasswordService($this->connection, $this->hasher);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -60,11 +46,7 @@ class TemporaryPasswordServiceTest extends TestCase
|
||||||
*/
|
*/
|
||||||
public function testTemporaryPasswordIsStored()
|
public function testTemporaryPasswordIsStored()
|
||||||
{
|
{
|
||||||
$this->getFunctionMock('\\Pterodactyl\\Services\\Helpers', 'str_random')
|
$token = hash_hmac(TemporaryPasswordService::HMAC_ALGO, $this->getKnownUuid(), config('app.key'));
|
||||||
->expects($this->once())->with(40)->willReturn('random_string');
|
|
||||||
|
|
||||||
$this->config->shouldReceive('get')->with('app.key')->once()->andReturn('123456');
|
|
||||||
$token = hash_hmac(TemporaryPasswordService::HMAC_ALGO, 'random_string', '123456');
|
|
||||||
|
|
||||||
$this->hasher->shouldReceive('make')->with($token)->once()->andReturn('hashed_token');
|
$this->hasher->shouldReceive('make')->with($token)->once()->andReturn('hashed_token');
|
||||||
$this->connection->shouldReceive('table')->with('password_resets')->once()->andReturnSelf();
|
$this->connection->shouldReceive('table')->with('password_resets')->once()->andReturnSelf();
|
||||||
|
|
Loading…
Reference in a new issue