Merge branch 'feature/api-integration-testing' into develop

This commit is contained in:
Dane Everitt 2018-03-26 19:55:28 -05:00
commit 68f0811273
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
30 changed files with 1374 additions and 80 deletions

View file

@ -5,10 +5,10 @@ APP_THEME=pterodactyl
APP_TIMEZONE=UTC APP_TIMEZONE=UTC
APP_URL=http://localhost/ APP_URL=http://localhost/
DB_HOST=127.0.0.1 TESTING_DB_HOST=127.0.0.1
DB_DATABASE=travis TESTING_DB_DATABASE=travis
DB_USERNAME=root TESTING_DB_USERNAME=root
DB_PASSWORD="" TESTING_DB_PASSWORD=""
CACHE_DRIVER=array CACHE_DRIVER=array
SESSION_DRIVER=array SESSION_DRIVER=array

View file

@ -14,9 +14,9 @@ before_script:
- echo 'opcache.enable_cli=1' >> ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d/travis.ini - echo 'opcache.enable_cli=1' >> ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d/travis.ini
- cp .env.travis .env - cp .env.travis .env
- travis_retry composer install --no-interaction --prefer-dist --no-suggest - travis_retry composer install --no-interaction --prefer-dist --no-suggest
- php artisan migrate --seed
script: script:
- vendor/bin/phpunit --coverage-clover coverage.xml - vendor/bin/phpunit --bootstrap vendor/autoload.php --coverage-clover coverage.xml tests/Unit
- vendor/bin/phpunit tests/Integration
notifications: notifications:
email: false email: false
webhooks: webhooks:

View file

@ -17,6 +17,13 @@ use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
class Handler extends ExceptionHandler class Handler extends ExceptionHandler
{ {
/**
* Laravel's validation parser formats custom rules using the class name
* resulting in some weird rule names. This string will be parsed out and
* replaced with 'p_' in the response code.
*/
private const PTERODACTYL_RULE_STRING = 'pterodactyl\_rules\_';
/** /**
* A list of the exception types that should not be reported. * A list of the exception types that should not be reported.
* *
@ -156,7 +163,9 @@ class Handler extends ExceptionHandler
$response = []; $response = [];
foreach ($errors as $key => $error) { foreach ($errors as $key => $error) {
$response[] = [ $response[] = [
'code' => array_get($codes, str_replace('.', '_', $field) . '.' . $key), 'code' => str_replace(self::PTERODACTYL_RULE_STRING, 'p_', array_get(
$codes, str_replace('.', '_', $field) . '.' . $key
)),
'detail' => $error, 'detail' => $error,
'source' => ['field' => $field], 'source' => ['field' => $field],
]; ];

View file

@ -9,19 +9,14 @@
namespace Pterodactyl\Services\Helpers; namespace Pterodactyl\Services\Helpers;
use Ramsey\Uuid\Uuid;
use Illuminate\Contracts\Hashing\Hasher; use Illuminate\Contracts\Hashing\Hasher;
use Illuminate\Database\ConnectionInterface; use Illuminate\Database\ConnectionInterface;
use Illuminate\Contracts\Config\Repository as ConfigRepository;
class TemporaryPasswordService class TemporaryPasswordService
{ {
const HMAC_ALGO = 'sha256'; const HMAC_ALGO = 'sha256';
/**
* @var \Illuminate\Contracts\Config\Repository
*/
protected $config;
/** /**
* @var \Illuminate\Database\ConnectionInterface * @var \Illuminate\Database\ConnectionInterface
*/ */
@ -35,16 +30,11 @@ class TemporaryPasswordService
/** /**
* TemporaryPasswordService constructor. * TemporaryPasswordService constructor.
* *
* @param \Illuminate\Contracts\Config\Repository $config
* @param \Illuminate\Database\ConnectionInterface $connection * @param \Illuminate\Database\ConnectionInterface $connection
* @param \Illuminate\Contracts\Hashing\Hasher $hasher * @param \Illuminate\Contracts\Hashing\Hasher $hasher
*/ */
public function __construct( public function __construct(ConnectionInterface $connection, Hasher $hasher)
ConfigRepository $config, {
ConnectionInterface $connection,
Hasher $hasher
) {
$this->config = $config;
$this->connection = $connection; $this->connection = $connection;
$this->hasher = $hasher; $this->hasher = $hasher;
} }
@ -57,7 +47,7 @@ class TemporaryPasswordService
*/ */
public function handle($email) public function handle($email)
{ {
$token = hash_hmac(self::HMAC_ALGO, str_random(40), $this->config->get('app.key')); $token = hash_hmac(self::HMAC_ALGO, Uuid::uuid4()->toString(), config('app.key'));
$this->connection->table('password_resets')->insert([ $this->connection->table('password_resets')->insert([
'email' => $email, 'email' => $email,

View file

@ -5,10 +5,15 @@ namespace Pterodactyl\Transformers\Api\Application;
use Cake\Chronos\Chronos; use Cake\Chronos\Chronos;
use Pterodactyl\Models\ApiKey; use Pterodactyl\Models\ApiKey;
use Illuminate\Container\Container; use Illuminate\Container\Container;
use Illuminate\Database\Eloquent\Model;
use League\Fractal\TransformerAbstract; use League\Fractal\TransformerAbstract;
use Pterodactyl\Services\Acl\Api\AdminAcl; use Pterodactyl\Services\Acl\Api\AdminAcl;
use Pterodactyl\Transformers\Api\Client\BaseClientTransformer;
use Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException; use Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException;
/**
* @method array transform(Model $model)
*/
abstract class BaseTransformer extends TransformerAbstract abstract class BaseTransformer extends TransformerAbstract
{ {
const RESPONSE_TIMEZONE = 'UTC'; const RESPONSE_TIMEZONE = 'UTC';
@ -88,7 +93,7 @@ abstract class BaseTransformer extends TransformerAbstract
$transformer = Container::getInstance()->makeWith($abstract, $parameters); $transformer = Container::getInstance()->makeWith($abstract, $parameters);
$transformer->setKey($this->getKey()); $transformer->setKey($this->getKey());
if (! $transformer instanceof self) { if (! $transformer instanceof self || $transformer instanceof BaseClientTransformer) {
throw new InvalidTransformerLevelException('Calls to ' . __METHOD__ . ' must return a transformer that is an instance of ' . __CLASS__); throw new InvalidTransformerLevelException('Calls to ' . __METHOD__ . ' must return a transformer that is an instance of ' . __CLASS__);
} }

View file

@ -46,10 +46,10 @@ class EggTransformer extends BaseTransformer
'description' => $model->description, 'description' => $model->description,
'docker_image' => $model->docker_image, 'docker_image' => $model->docker_image,
'config' => [ 'config' => [
'files' => json_decode($model->config_files), 'files' => json_decode($model->config_files, true),
'startup' => json_decode($model->config_startup), 'startup' => json_decode($model->config_startup, true),
'stop' => $model->config_stop, 'stop' => $model->config_stop,
'logs' => json_decode($model->config_logs), 'logs' => json_decode($model->config_logs, true),
'extends' => $model->config_from, 'extends' => $model->config_from,
], ],
'startup' => $model->startup, 'startup' => $model->startup,

View file

@ -32,7 +32,13 @@ class LocationTransformer extends BaseTransformer
*/ */
public function transform(Location $location): array public function transform(Location $location): array
{ {
return $location->toArray(); return [
'id' => $location->id,
'short' => $location->short,
'long' => $location->long,
$location->getUpdatedAtColumn() => $this->formatTimestamp($location->updated_at),
$location->getCreatedAtColumn() => $this->formatTimestamp($location->created_at),
];
} }
/** /**
@ -40,6 +46,8 @@ class LocationTransformer extends BaseTransformer
* *
* @param \Pterodactyl\Models\Location $location * @param \Pterodactyl\Models\Location $location
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource * @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
*
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
*/ */
public function includeServers(Location $location) public function includeServers(Location $location)
{ {
@ -57,6 +65,8 @@ class LocationTransformer extends BaseTransformer
* *
* @param \Pterodactyl\Models\Location $location * @param \Pterodactyl\Models\Location $location
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource * @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
*
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
*/ */
public function includeNodes(Location $location) public function includeNodes(Location $location)
{ {

View file

@ -4,6 +4,7 @@ namespace Pterodactyl\Transformers\Api\Application;
use Pterodactyl\Models\Egg; use Pterodactyl\Models\Egg;
use Pterodactyl\Models\Nest; use Pterodactyl\Models\Nest;
use Pterodactyl\Models\Server;
use Pterodactyl\Services\Acl\Api\AdminAcl; use Pterodactyl\Services\Acl\Api\AdminAcl;
class NestTransformer extends BaseTransformer class NestTransformer extends BaseTransformer
@ -49,6 +50,8 @@ class NestTransformer extends BaseTransformer
* *
* @param \Pterodactyl\Models\Nest $model * @param \Pterodactyl\Models\Nest $model
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource * @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
*
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
*/ */
public function includeEggs(Nest $model) public function includeEggs(Nest $model)
{ {
@ -60,4 +63,23 @@ class NestTransformer extends BaseTransformer
return $this->collection($model->getRelation('eggs'), $this->makeTransformer(EggTransformer::class), Egg::RESOURCE_NAME); return $this->collection($model->getRelation('eggs'), $this->makeTransformer(EggTransformer::class), Egg::RESOURCE_NAME);
} }
/**
* Include the servers relationship on the given Nest model.
*
* @param \Pterodactyl\Models\Nest $model
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
*
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
*/
public function includeServers(Nest $model)
{
if (! $this->authorize(AdminAcl::RESOURCE_SERVERS)) {
return $this->null();
}
$model->loadMissing('servers');
return $this->collection($model->getRelation('servers'), $this->makeTransformer(ServerTransformer::class), Server::RESOURCE_NAME);
}
} }

View file

@ -53,6 +53,8 @@ class UserTransformer extends BaseTransformer
* *
* @param \Pterodactyl\Models\User $user * @param \Pterodactyl\Models\User $user
* @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource * @return \League\Fractal\Resource\Collection|\League\Fractal\Resource\NullResource
*
* @throws \Pterodactyl\Exceptions\Transformer\InvalidTransformerLevelException
*/ */
public function includeServers(User $user) public function includeServers(User $user)
{ {

28
bootstrap/tests.php Normal file
View file

@ -0,0 +1,28 @@
<?php
use Illuminate\Contracts\Console\Kernel;
use Symfony\Component\Console\Output\ConsoleOutput;
require __DIR__ . '/../vendor/autoload.php';
$app = require __DIR__ . '/app.php';
/** @var \Pterodactyl\Console\Kernel $kernel */
$kernel = $app->make(Kernel::class);
/**
* Bootstrap the kernel and prepare application for testing.
*/
$kernel->bootstrap();
$output = new ConsoleOutput;
/**
* Perform database migrations and reseeding before continuing with
* running the tests.
*/
$output->writeln(PHP_EOL . '<comment>Refreshing database for Integration tests...</comment>');
$kernel->call('migrate:fresh', ['--database' => 'testing']);
$output->writeln('<comment>Seeding database for Integration tests...</comment>' . PHP_EOL);
$kernel->call('db:seed', ['--database' => 'testing']);

View file

@ -65,6 +65,7 @@
}, },
"autoload-dev": { "autoload-dev": {
"psr-4": { "psr-4": {
"Pterodactyl\\Tests\\Integration\\": "tests/Integration",
"Tests\\": "tests/" "Tests\\": "tests/"
} }
}, },

View file

@ -43,6 +43,28 @@ return [
'prefix' => env('DB_PREFIX', ''), 'prefix' => env('DB_PREFIX', ''),
'strict' => env('DB_STRICT_MODE', false), 'strict' => env('DB_STRICT_MODE', false),
], ],
/*
| -------------------------------------------------------------------------
| Test Database Connection
| -------------------------------------------------------------------------
|
| This connection is used by the integration and HTTP tests for Pterodactyl
| development. Normal users of the Panel do not need to adjust any settings
| in here.
*/
'testing' => [
'driver' => 'mysql',
'host' => env('TESTING_DB_HOST', '127.0.0.1'),
'port' => env('TESTING_DB_PORT', '3306'),
'database' => env('TESTING_DB_DATABASE', 'panel_test'),
'username' => env('TESTING_DB_USERNAME', 'pterodactyl_test'),
'password' => env('TESTING_DB_PASSWORD', ''),
'charset' => 'utf8mb4',
'collation' => 'utf8mb4_unicode_ci',
'prefix' => '',
'strict' => false,
],
], ],
/* /*

View file

@ -1,6 +1,8 @@
<?php <?php
use Cake\Chronos\Chronos;
use Faker\Generator as Faker; use Faker\Generator as Faker;
use Pterodactyl\Models\ApiKey;
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
@ -34,6 +36,8 @@ $factory->define(Pterodactyl\Models\Server::class, function (Faker $faker) {
'egg_id' => $faker->randomNumber(), 'egg_id' => $faker->randomNumber(),
'pack_id' => null, 'pack_id' => null,
'installed' => 1, 'installed' => 1,
'database_limit' => null,
'allocation_limit' => null,
'created_at' => \Carbon\Carbon::now(), 'created_at' => \Carbon\Carbon::now(),
'updated_at' => \Carbon\Carbon::now(), 'updated_at' => \Carbon\Carbon::now(),
]; ];
@ -44,7 +48,7 @@ $factory->define(Pterodactyl\Models\User::class, function (Faker $faker) {
return [ return [
'id' => $faker->unique()->randomNumber(), 'id' => $faker->unique()->randomNumber(),
'external_id' => null, 'external_id' => $faker->unique()->isbn10,
'uuid' => $faker->uuid, 'uuid' => $faker->uuid,
'username' => $faker->userName, 'username' => $faker->userName,
'email' => $faker->safeEmail, 'email' => $faker->safeEmail,
@ -54,6 +58,8 @@ $factory->define(Pterodactyl\Models\User::class, function (Faker $faker) {
'language' => 'en', 'language' => 'en',
'root_admin' => false, 'root_admin' => false,
'use_totp' => false, 'use_totp' => false,
'created_at' => Chronos::now(),
'updated_at' => Chronos::now(),
]; ];
}); });
@ -66,7 +72,7 @@ $factory->state(Pterodactyl\Models\User::class, 'admin', function () {
$factory->define(Pterodactyl\Models\Location::class, function (Faker $faker) { $factory->define(Pterodactyl\Models\Location::class, function (Faker $faker) {
return [ return [
'id' => $faker->unique()->randomNumber(), 'id' => $faker->unique()->randomNumber(),
'short' => $faker->domainWord, 'short' => $faker->unique()->domainWord,
'long' => $faker->catchPhrase, 'long' => $faker->catchPhrase,
]; ];
}); });
@ -74,7 +80,6 @@ $factory->define(Pterodactyl\Models\Location::class, function (Faker $faker) {
$factory->define(Pterodactyl\Models\Node::class, function (Faker $faker) { $factory->define(Pterodactyl\Models\Node::class, function (Faker $faker) {
return [ return [
'id' => $faker->unique()->randomNumber(), 'id' => $faker->unique()->randomNumber(),
'uuid' => $faker->unique()->uuid,
'public' => true, 'public' => true,
'name' => $faker->firstName, 'name' => $faker->firstName,
'fqdn' => $faker->ipv4, 'fqdn' => $faker->ipv4,
@ -224,21 +229,17 @@ $factory->define(Pterodactyl\Models\DaemonKey::class, function (Faker $faker) {
}); });
$factory->define(Pterodactyl\Models\ApiKey::class, function (Faker $faker) { $factory->define(Pterodactyl\Models\ApiKey::class, function (Faker $faker) {
static $token;
return [ return [
'id' => $faker->unique()->randomNumber(), 'id' => $faker->unique()->randomNumber(),
'user_id' => $faker->randomNumber(), 'user_id' => $faker->randomNumber(),
'key_type' => ApiKey::TYPE_APPLICATION,
'identifier' => str_random(Pterodactyl\Models\ApiKey::IDENTIFIER_LENGTH), 'identifier' => str_random(Pterodactyl\Models\ApiKey::IDENTIFIER_LENGTH),
'token' => 'encrypted_string', 'token' => $token ?: $token = encrypt(str_random(Pterodactyl\Models\ApiKey::KEY_LENGTH)),
'allowed_ips' => null,
'memo' => 'Test Function Key', 'memo' => 'Test Function Key',
'created_at' => \Carbon\Carbon::now()->toDateTimeString(), 'created_at' => \Carbon\Carbon::now()->toDateTimeString(),
'updated_at' => \Carbon\Carbon::now()->toDateTimeString(), 'updated_at' => \Carbon\Carbon::now()->toDateTimeString(),
]; ];
}); });
$factory->define(Pterodactyl\Models\APIPermission::class, function (Faker $faker) {
return [
'id' => $faker->unique()->randomNumber(),
'key_id' => $faker->randomNumber(),
'permission' => mb_strtolower($faker->word),
];
});

View file

@ -36,8 +36,8 @@ class UpgradeTaskSystem extends Migration
public function down() public function down()
{ {
Schema::table('tasks', function (Blueprint $table) { Schema::table('tasks', function (Blueprint $table) {
$table->dropForeign(['server_id']); // $table->dropForeign(['server_id']);
$table->dropForeign(['user_id']); // $table->dropForeign(['user_id']);
$table->renameColumn('server_id', 'server'); $table->renameColumn('server_id', 'server');
$table->dropColumn('user_id'); $table->dropColumn('user_id');

View file

@ -23,10 +23,6 @@ class DeleteTaskWhenParentServerIsDeleted extends Migration
*/ */
public function down() public function down()
{ {
Schema::table('tasks', function (Blueprint $table) { //
$table->dropForeign(['server_id']);
$table->foreign('server_id')->references('id')->on('servers');
});
} }
} }

View file

@ -41,7 +41,7 @@ class AddApiKeyPermissionColumns extends Migration
$table->unsignedInteger('key_id'); $table->unsignedInteger('key_id');
$table->string('permission'); $table->string('permission');
$table->foreign('key_id')->references('id')->on('keys')->onDelete('cascade'); $table->foreign('key_id')->references('id')->on('api_keys')->onDelete('cascade');
}); });
Schema::table('api_keys', function (Blueprint $table) { Schema::table('api_keys', function (Blueprint $table) {

View file

@ -26,7 +26,10 @@ class EnsureUniqueAllocationIdOnServersTable extends Migration
public function down() public function down()
{ {
Schema::table('servers', function (Blueprint $table) { Schema::table('servers', function (Blueprint $table) {
$table->dropForeign(['allocation_id']);
$table->dropUnique(['allocation_id']); $table->dropUnique(['allocation_id']);
$table->foreign('allocation_id')->references('id')->on('allocations');
}); });
} }
} }

View file

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
<phpunit backupGlobals="false" <phpunit backupGlobals="false"
backupStaticAttributes="false" backupStaticAttributes="false"
bootstrap="vendor/autoload.php" bootstrap="bootstrap/tests.php"
colors="true" colors="true"
convertErrorsToExceptions="true" convertErrorsToExceptions="true"
convertNoticesToExceptions="true" convertNoticesToExceptions="true"
@ -10,8 +10,8 @@
processIsolation="false" processIsolation="false"
stopOnFailure="false"> stopOnFailure="false">
<testsuites> <testsuites>
<testsuite name="Feature"> <testsuite name="Integration">
<directory suffix="Test.php">./tests/Feature</directory> <directory suffix="Test.php">./tests/Integration</directory>
</testsuite> </testsuite>
<testsuite name="Unit"> <testsuite name="Unit">
<directory suffix="Test.php">./tests/Unit</directory> <directory suffix="Test.php">./tests/Unit</directory>
@ -24,10 +24,7 @@
</filter> </filter>
<php> <php>
<env name="APP_ENV" value="testing"/> <env name="APP_ENV" value="testing"/>
<env name="DB_CONNECTION" value="mysql"/> <env name="DB_CONNECTION" value="testing"/>
<env name="DB_USERNAME" value="root"/>
<env name="DB_PASSWORD" value=""/>
<env name="DB_DATABASE" value="travis"/>
<env name="CACHE_DRIVER" value="array"/> <env name="CACHE_DRIVER" value="array"/>
<env name="SESSION_DRIVER" value="array"/> <env name="SESSION_DRIVER" value="array"/>
<env name="QUEUE_DRIVER" value="sync"/> <env name="QUEUE_DRIVER" value="sync"/>

View file

@ -0,0 +1,142 @@
<?php
namespace Pterodactyl\Tests\Integration\Api\Application;
use Pterodactyl\Models\User;
use PHPUnit\Framework\Assert;
use Pterodactyl\Models\ApiKey;
use Pterodactyl\Services\Acl\Api\AdminAcl;
use Tests\Traits\Integration\CreatesTestModels;
use Tests\Traits\IntegrationJsonRequestAssertions;
use Pterodactyl\Tests\Integration\IntegrationTestCase;
use Illuminate\Foundation\Testing\DatabaseTransactions;
use Pterodactyl\Transformers\Api\Application\BaseTransformer;
use Pterodactyl\Transformers\Api\Client\BaseClientTransformer;
abstract class ApplicationApiIntegrationTestCase extends IntegrationTestCase
{
use CreatesTestModels, DatabaseTransactions, IntegrationJsonRequestAssertions;
/**
* @var \Pterodactyl\Models\ApiKey
*/
private $key;
/**
* @var \Pterodactyl\Models\User
*/
private $user;
/**
* Bootstrap application API tests. Creates a default admin user and associated API key
* and also sets some default headers required for accessing the API.
*/
public function setUp()
{
parent::setUp();
$this->user = $this->createApiUser();
$this->key = $this->createApiKey($this->user);
$this->withHeader('Accept', 'application/vnd.pterodactyl.v1+json');
$this->withHeader('Authorization', 'Bearer ' . $this->getApiKey()->identifier . decrypt($this->getApiKey()->token));
$this->withMiddleware('api..key:' . ApiKey::TYPE_APPLICATION);
}
/**
* @return \Pterodactyl\Models\User
*/
public function getApiUser(): User
{
return $this->user;
}
/**
* @return \Pterodactyl\Models\ApiKey
*/
public function getApiKey(): ApiKey
{
return $this->key;
}
/**
* Creates a new default API key and refreshes the headers using it.
*
* @param \Pterodactyl\Models\User $user
* @param array $permissions
* @return \Pterodactyl\Models\ApiKey
*/
protected function createNewDefaultApiKey(User $user, array $permissions = []): ApiKey
{
$this->key = $this->createApiKey($user, $permissions);
$this->refreshHeaders($this->key);
return $this->key;
}
/**
* Refresh the authorization header for a request to use a different API key.
*
* @param \Pterodactyl\Models\ApiKey $key
*/
protected function refreshHeaders(ApiKey $key)
{
$this->withHeader('Authorization', 'Bearer ' . $key->identifier . decrypt($key->token));
}
/**
* Create an administrative user.
*
* @return \Pterodactyl\Models\User
*/
protected function createApiUser(): User
{
return factory(User::class)->create([
'root_admin' => true,
]);
}
/**
* Create a new application API key for a given user model.
*
* @param \Pterodactyl\Models\User $user
* @param array $permissions
* @return \Pterodactyl\Models\ApiKey
*/
protected function createApiKey(User $user, array $permissions = []): ApiKey
{
return factory(ApiKey::class)->create(array_merge([
'user_id' => $user->id,
'key_type' => ApiKey::TYPE_APPLICATION,
'r_servers' => AdminAcl::READ | AdminAcl::WRITE,
'r_nodes' => AdminAcl::READ | AdminAcl::WRITE,
'r_allocations' => AdminAcl::READ | AdminAcl::WRITE,
'r_users' => AdminAcl::READ | AdminAcl::WRITE,
'r_locations' => AdminAcl::READ | AdminAcl::WRITE,
'r_nests' => AdminAcl::READ | AdminAcl::WRITE,
'r_eggs' => AdminAcl::READ | AdminAcl::WRITE,
'r_database_hosts' => AdminAcl::READ | AdminAcl::WRITE,
'r_server_databases' => AdminAcl::READ | AdminAcl::WRITE,
'r_packs' => AdminAcl::READ | AdminAcl::WRITE,
], $permissions));
}
/**
* Return a transformer that can be used for testing purposes.
*
* @param string $abstract
* @return \Pterodactyl\Transformers\Api\Application\BaseTransformer
*/
protected function getTransformer(string $abstract): BaseTransformer
{
/** @var \Pterodactyl\Transformers\Api\Application\BaseTransformer $transformer */
$transformer = $this->app->make($abstract);
$transformer->setKey($this->getApiKey());
Assert::assertInstanceOf(BaseTransformer::class, $transformer);
Assert::assertNotInstanceOf(BaseClientTransformer::class, $transformer);
return $transformer;
}
}

View file

@ -0,0 +1,208 @@
<?php
namespace Pterodactyl\Tests\Integration\Api\Application\Location;
use Pterodactyl\Models\Node;
use Illuminate\Http\Response;
use Pterodactyl\Models\Location;
use Pterodactyl\Transformers\Api\Application\NodeTransformer;
use Pterodactyl\Transformers\Api\Application\ServerTransformer;
use Pterodactyl\Tests\Integration\Api\Application\ApplicationApiIntegrationTestCase;
class LocationControllerTest extends ApplicationApiIntegrationTestCase
{
/**
* Test getting all locations through the API.
*/
public function testGetLocations()
{
$locations = factory(Location::class)->times(2)->create();
$response = $this->getJson('/api/application/locations');
$response->assertStatus(Response::HTTP_OK);
$response->assertJsonCount(2, 'data');
$response->assertJsonStructure([
'object',
'data' => [
['object', 'attributes' => ['id', 'short', 'long', 'created_at', 'updated_at']],
['object', 'attributes' => ['id', 'short', 'long', 'created_at', 'updated_at']],
],
'meta' => ['pagination' => ['total', 'count', 'per_page', 'current_page', 'total_pages']],
]);
$response
->assertJson([
'object' => 'list',
'data' => [[], []],
'meta' => [
'pagination' => [
'total' => 2,
'count' => 2,
'per_page' => 50,
'current_page' => 1,
'total_pages' => 1,
],
],
])
->assertJsonFragment([
'object' => 'location',
'attributes' => [
'id' => $locations[0]->id,
'short' => $locations[0]->short,
'long' => $locations[0]->long,
'created_at' => $this->formatTimestamp($locations[0]->created_at),
'updated_at' => $this->formatTimestamp($locations[0]->updated_at),
],
])->assertJsonFragment([
'object' => 'location',
'attributes' => [
'id' => $locations[1]->id,
'short' => $locations[1]->short,
'long' => $locations[1]->long,
'created_at' => $this->formatTimestamp($locations[1]->created_at),
'updated_at' => $this->formatTimestamp($locations[1]->updated_at),
],
]);
}
/**
* Test getting a single location on the API.
*/
public function testGetSingleLocation()
{
$location = factory(Location::class)->create();
$response = $this->getJson('/api/application/locations/' . $location->id);
$response->assertStatus(Response::HTTP_OK);
$response->assertJsonCount(2);
$response->assertJsonStructure(['object', 'attributes' => ['id', 'short', 'long', 'created_at', 'updated_at']]);
$response->assertJson([
'object' => 'location',
'attributes' => [
'id' => $location->id,
'short' => $location->short,
'long' => $location->long,
'created_at' => $this->formatTimestamp($location->created_at),
'updated_at' => $this->formatTimestamp($location->updated_at),
],
], true);
}
/**
* Test that all of the defined relationships for a location can be loaded successfully.
*/
public function testRelationshipsCanBeLoaded()
{
$location = factory(Location::class)->create();
$server = $this->createServerModel(['user_id' => $this->getApiUser()->id, 'location_id' => $location->id]);
$response = $this->getJson('/api/application/locations/' . $location->id . '?include=servers,nodes');
$response->assertStatus(Response::HTTP_OK);
$response->assertJsonCount(2)->assertJsonCount(2, 'attributes.relationships');
$response->assertJsonStructure([
'attributes' => [
'relationships' => [
'nodes' => ['object', 'data' => [['attributes' => ['id']]]],
'servers' => ['object', 'data' => [['attributes' => ['id']]]],
],
],
]);
// Just assert that we see the expected relationship IDs in the response.
$response->assertJson([
'attributes' => [
'relationships' => [
'nodes' => [
'object' => 'list',
'data' => [
[
'object' => 'node',
'attributes' => $this->getTransformer(NodeTransformer::class)->transform($server->getRelation('node')),
],
],
],
'servers' => [
'object' => 'list',
'data' => [
[
'object' => 'server',
'attributes' => $this->getTransformer(ServerTransformer::class)->transform($server),
],
],
],
],
],
]);
}
/**
* Test that a relationship that an API key does not have permission to access
* cannot be loaded onto the model.
*/
public function testKeyWithoutPermissionCannotLoadRelationship()
{
$this->createNewDefaultApiKey($this->getApiUser(), ['r_nodes' => 0]);
$location = factory(Location::class)->create();
factory(Node::class)->create(['location_id' => $location->id]);
$response = $this->getJson('/api/application/locations/' . $location->id . '?include=nodes');
$response->assertStatus(Response::HTTP_OK);
$response->assertJsonCount(2)->assertJsonCount(1, 'attributes.relationships');
$response->assertJsonStructure([
'attributes' => [
'relationships' => [
'nodes' => ['object', 'attributes'],
],
],
]);
// Just assert that we see the expected relationship IDs in the response.
$response->assertJson([
'attributes' => [
'relationships' => [
'nodes' => [
'object' => 'null_resource',
'attributes' => null,
],
],
],
]);
}
/**
* Test that a missing location returns a 404 error.
*
* GET /api/application/locations/:id
*/
public function testGetMissingLocation()
{
$response = $this->getJson('/api/application/locations/nil');
$this->assertNotFoundJson($response);
}
/**
* Test that an authentication error occurs if a key does not have permission
* to access a resource.
*/
public function testErrorReturnedIfNoPermission()
{
$location = factory(Location::class)->create();
$this->createNewDefaultApiKey($this->getApiUser(), ['r_locations' => 0]);
$response = $this->getJson('/api/application/locations/' . $location->id);
$this->assertAccessDeniedJson($response);
}
/**
* Test that a location's existence is not exposed unless an API key has permission
* to access the resource.
*/
public function testResourceIsNotExposedWithoutPermissions()
{
$this->createNewDefaultApiKey($this->getApiUser(), ['r_locations' => 0]);
$response = $this->getJson('/api/application/locations/nil');
$this->assertAccessDeniedJson($response);
}
}

View file

@ -0,0 +1,149 @@
<?php
namespace Pterodactyl\Tests\Integration\Api\Application\Nests;
use Illuminate\Support\Arr;
use Illuminate\Http\Response;
use Pterodactyl\Contracts\Repository\EggRepositoryInterface;
use Pterodactyl\Transformers\Api\Application\EggTransformer;
use Pterodactyl\Tests\Integration\Api\Application\ApplicationApiIntegrationTestCase;
class EggControllerTest extends ApplicationApiIntegrationTestCase
{
/**
* @var \Pterodactyl\Contracts\Repository\EggRepositoryInterface
*/
private $repository;
/**
* Setup tests.
*/
public function setUp()
{
parent::setUp();
$this->repository = $this->app->make(EggRepositoryInterface::class);
}
/**
* Test that all of the eggs belonging to a given nest can be returned.
*/
public function testListAllEggsInNest()
{
$eggs = $this->repository->findWhere([['nest_id', '=', 1]]);
$response = $this->getJson('/api/application/nests/' . $eggs->first()->nest_id . '/eggs');
$response->assertStatus(Response::HTTP_OK);
$response->assertJsonCount(count($eggs), 'data');
$response->assertJsonStructure([
'object',
'data' => [
[
'object',
'attributes' => [
'id', 'uuid', 'nest', 'author', 'description', 'docker_image', 'startup', 'created_at', 'updated_at',
'script' => ['privileged', 'install', 'entry', 'container', 'extends'],
'config' => [
'files' => [],
'startup' => ['done', 'userInteraction' => []],
'stop',
'logs' => ['custom', 'location'],
'extends',
],
],
],
],
]);
foreach (array_get($response->json(), 'data') as $datum) {
$egg = $eggs->where('id', '=', $datum['attributes']['id'])->first();
$expected = json_encode(Arr::sortRecursive($datum['attributes']));
$actual = json_encode(Arr::sortRecursive($this->getTransformer(EggTransformer::class)->transform($egg)));
$this->assertSame($expected, $actual,
'Unable to find JSON fragment: ' . PHP_EOL . PHP_EOL . "[{$expected}]" . PHP_EOL . PHP_EOL . 'within' . PHP_EOL . PHP_EOL . "[{$actual}]."
);
}
}
/**
* Test that a single egg can be returned.
*/
public function testReturnSingleEgg()
{
$egg = $this->repository->find(1);
$response = $this->getJson('/api/application/nests/' . $egg->nest_id . '/eggs/' . $egg->id);
$response->assertStatus(Response::HTTP_OK);
$response->assertJsonStructure([
'object',
'attributes' => [
'id', 'uuid', 'nest', 'author', 'description', 'docker_image', 'startup', 'script' => [], 'config' => [], 'created_at', 'updated_at',
],
]);
$response->assertJson([
'object' => 'egg',
'attributes' => $this->getTransformer(EggTransformer::class)->transform($egg),
], true);
}
/**
* Test that a single egg and all of the defined relationships can be returned.
*/
public function testReturnSingleEggWithRelationships()
{
$egg = $this->repository->find(1);
$response = $this->getJson('/api/application/nests/' . $egg->nest_id . '/eggs/' . $egg->id . '?include=servers,variables,nest');
$response->assertStatus(Response::HTTP_OK);
$response->assertJsonStructure([
'object',
'attributes' => [
'relationships' => [
'nest' => ['object', 'attributes'],
'servers' => ['object', 'data' => []],
'variables' => ['object', 'data' => []],
],
],
]);
}
/**
* Test that a missing egg returns a 404 error.
*/
public function testGetMissingEgg()
{
$egg = $this->repository->find(1);
$response = $this->getJson('/api/application/nests/' . $egg->nest_id . '/eggs/nil');
$this->assertNotFoundJson($response);
}
/**
* Test that an authentication error occurs if a key does not have permission
* to access a resource.
*/
public function testErrorReturnedIfNoPermission()
{
$egg = $this->repository->find(1);
$this->createNewDefaultApiKey($this->getApiUser(), ['r_eggs' => 0]);
$response = $this->getJson('/api/application/nests/' . $egg->nest_id . '/eggs');
$this->assertAccessDeniedJson($response);
}
/**
* Test that a nests's existence is not exposed unless an API key has permission
* to access the resource.
*/
public function testResourceIsNotExposedWithoutPermissions()
{
$egg = $this->repository->find(1);
$this->createNewDefaultApiKey($this->getApiUser(), ['r_eggs' => 0]);
$response = $this->getJson('/api/application/nests/' . $egg->nest_id . '/eggs/nil');
$this->assertAccessDeniedJson($response);
}
}

View file

@ -0,0 +1,143 @@
<?php
namespace Pterodactyl\Tests\Integration\Api\Application\Nests;
use Illuminate\Http\Response;
use Pterodactyl\Contracts\Repository\NestRepositoryInterface;
use Pterodactyl\Transformers\Api\Application\NestTransformer;
use Pterodactyl\Tests\Integration\Api\Application\ApplicationApiIntegrationTestCase;
class NestControllerTest extends ApplicationApiIntegrationTestCase
{
/**
* @var \Pterodactyl\Contracts\Repository\NestRepositoryInterface
*/
private $repository;
/**
* Setup tests.
*/
public function setUp()
{
parent::setUp();
$this->repository = $this->app->make(NestRepositoryInterface::class);
}
/**
* Test that the expected nests are returned in the request.
*/
public function testNestResponse()
{
/** @var \Pterodactyl\Models\Nest[] $nests */
$nests = $this->repository->all();
$response = $this->getJson('/api/application/nests');
$response->assertStatus(Response::HTTP_OK);
$response->assertJsonCount(count($nests), 'data');
$response->assertJsonStructure([
'object',
'data' => [['object', 'attributes' => ['id', 'uuid', 'author', 'name', 'description', 'created_at', 'updated_at']]],
'meta' => ['pagination' => ['total', 'count', 'per_page', 'current_page', 'total_pages']],
]);
$response->assertJson([
'object' => 'list',
'data' => [],
'meta' => [
'pagination' => [
'total' => 4,
'count' => 4,
'per_page' => 50,
'current_page' => 1,
'total_pages' => 1,
],
],
]);
foreach ($nests as $nest) {
$response->assertJsonFragment([
'object' => 'nest',
'attributes' => $this->getTransformer(NestTransformer::class)->transform($nest),
]);
}
}
/**
* Test that getting a single nest returns the expected result.
*/
public function testSingleNestResponse()
{
$nest = $this->repository->find(1);
$response = $this->getJson('/api/application/nests/' . $nest->id);
$response->assertStatus(Response::HTTP_OK);
$response->assertJsonStructure([
'object',
'attributes' => ['id', 'uuid', 'author', 'name', 'description', 'created_at', 'updated_at'],
]);
$response->assertJson([
'object' => 'nest',
'attributes' => $this->getTransformer(NestTransformer::class)->transform($nest),
]);
}
/**
* Test that including eggs in the response works as expected.
*/
public function testSingleNestWithEggsIncluded()
{
$nest = $this->repository->find(1);
$nest->loadMissing('eggs');
$response = $this->getJson('/api/application/nests/' . $nest->id . '?include=servers,eggs');
$response->assertStatus(Response::HTTP_OK);
$response->assertJsonStructure([
'object',
'attributes' => [
'relationships' => [
'eggs' => ['object', 'data' => []],
'servers' => ['object', 'data' => []],
],
],
]);
$response->assertJsonCount(count($nest->getRelation('eggs')), 'attributes.relationships.eggs.data');
}
/**
* Test that a missing nest returns a 404 error.
*/
public function testGetMissingNest()
{
$response = $this->getJson('/api/application/nests/nil');
$this->assertNotFoundJson($response);
}
/**
* Test that an authentication error occurs if a key does not have permission
* to access a resource.
*/
public function testErrorReturnedIfNoPermission()
{
$nest = $this->repository->find(1);
$this->createNewDefaultApiKey($this->getApiUser(), ['r_nests' => 0]);
$response = $this->getJson('/api/application/nests/' . $nest->id);
$this->assertAccessDeniedJson($response);
}
/**
* Test that a nest's existence is not exposed unless an API key has permission
* to access the resource.
*/
public function testResourceIsNotExposedWithoutPermissions()
{
$nest = $this->repository->find(1);
$this->createNewDefaultApiKey($this->getApiUser(), ['r_nests' => 0]);
$response = $this->getJson('/api/application/nests/' . $nest->id);
$this->assertAccessDeniedJson($response);
}
}

View file

@ -0,0 +1,81 @@
<?php
namespace Pterodactyl\Tests\Integration\Api\Application\Users;
use Pterodactyl\Models\User;
use Illuminate\Http\Response;
use Pterodactyl\Tests\Integration\Api\Application\ApplicationApiIntegrationTestCase;
class ExternalUserControllerTest extends ApplicationApiIntegrationTestCase
{
/**
* Test that a user can be retrieved by their external ID.
*/
public function testGetRemoteUser()
{
$user = factory(User::class)->create();
$response = $this->getJson('/api/application/users/external/' . $user->external_id);
$response->assertStatus(Response::HTTP_OK);
$response->assertJsonCount(2);
$response->assertJsonStructure([
'object',
'attributes' => [
'id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name',
'language', 'root_admin', '2fa', 'created_at', 'updated_at',
],
]);
$response->assertJson([
'object' => 'user',
'attributes' => [
'id' => $user->id,
'external_id' => $user->external_id,
'uuid' => $user->uuid,
'username' => $user->username,
'email' => $user->email,
'first_name' => $user->name_first,
'last_name' => $user->name_last,
'language' => $user->language,
'root_admin' => (bool) $user->root_admin,
'2fa' => (bool) $user->totp_enabled,
'created_at' => $this->formatTimestamp($user->created_at),
'updated_at' => $this->formatTimestamp($user->updated_at),
],
], true);
}
/**
* Test that an invalid external ID returns a 404 error.
*/
public function testGetMissingUser()
{
$response = $this->getJson('/api/application/users/external/nil');
$this->assertNotFoundJson($response);
}
/**
* Test that an authentication error occurs if a key does not have permission
* to access a resource.
*/
public function testErrorReturnedIfNoPermission()
{
$user = factory(User::class)->create();
$this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => 0]);
$response = $this->getJson('/api/application/users/external/' . $user->external_id);
$this->assertAccessDeniedJson($response);
}
/**
* Test that a users's existence is not exposed unless an API key has permission
* to access the resource.
*/
public function testResourceIsNotExposedWithoutPermissions()
{
$this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => 0]);
$response = $this->getJson('/api/application/users/external/nil');
$this->assertAccessDeniedJson($response);
}
}

View file

@ -0,0 +1,327 @@
<?php
namespace Pterodactyl\Tests\Integration\Api\Application\Users;
use Pterodactyl\Models\User;
use Illuminate\Http\Response;
use Pterodactyl\Services\Acl\Api\AdminAcl;
use Pterodactyl\Transformers\Api\Application\UserTransformer;
use Pterodactyl\Transformers\Api\Application\ServerTransformer;
use Pterodactyl\Tests\Integration\Api\Application\ApplicationApiIntegrationTestCase;
class UserControllerTest extends ApplicationApiIntegrationTestCase
{
/**
* Test the response when requesting all users on the panel.
*/
public function testGetUsers()
{
$user = factory(User::class)->create();
$response = $this->getJson('/api/application/users');
$response->assertStatus(Response::HTTP_OK);
$response->assertJsonCount(2, 'data');
$response->assertJsonStructure([
'object',
'data' => [
['object', 'attributes' => ['id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at']],
['object', 'attributes' => ['id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at']],
],
'meta' => ['pagination' => ['total', 'count', 'per_page', 'current_page', 'total_pages']],
]);
$response
->assertJson([
'object' => 'list',
'data' => [[], []],
'meta' => [
'pagination' => [
'total' => 2,
'count' => 2,
'per_page' => 50,
'current_page' => 1,
'total_pages' => 1,
],
],
])
->assertJsonFragment([
'object' => 'user',
'attributes' => [
'id' => $this->getApiUser()->id,
'external_id' => $this->getApiUser()->external_id,
'uuid' => $this->getApiUser()->uuid,
'username' => $this->getApiUser()->username,
'email' => $this->getApiUser()->email,
'first_name' => $this->getApiUser()->name_first,
'last_name' => $this->getApiUser()->name_last,
'language' => $this->getApiUser()->language,
'root_admin' => (bool) $this->getApiUser()->root_admin,
'2fa' => (bool) $this->getApiUser()->totp_enabled,
'created_at' => $this->formatTimestamp($this->getApiUser()->created_at),
'updated_at' => $this->formatTimestamp($this->getApiUser()->updated_at),
],
])
->assertJsonFragment([
'object' => 'user',
'attributes' => [
'id' => $user->id,
'external_id' => $user->external_id,
'uuid' => $user->uuid,
'username' => $user->username,
'email' => $user->email,
'first_name' => $user->name_first,
'last_name' => $user->name_last,
'language' => $user->language,
'root_admin' => (bool) $user->root_admin,
'2fa' => (bool) $user->totp_enabled,
'created_at' => $this->formatTimestamp($user->created_at),
'updated_at' => $this->formatTimestamp($user->updated_at),
],
]);
}
/**
* Test getting a single user.
*/
public function testGetSingleUser()
{
$user = factory(User::class)->create();
$response = $this->getJson('/api/application/users/' . $user->id);
$response->assertStatus(Response::HTTP_OK);
$response->assertJsonCount(2);
$response->assertJsonStructure([
'object',
'attributes' => ['id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at'],
]);
$response->assertJson([
'object' => 'user',
'attributes' => [
'id' => $user->id,
'external_id' => $user->external_id,
'uuid' => $user->uuid,
'username' => $user->username,
'email' => $user->email,
'first_name' => $user->name_first,
'last_name' => $user->name_last,
'language' => $user->language,
'root_admin' => (bool) $user->root_admin,
'2fa' => (bool) $user->totp_enabled,
'created_at' => $this->formatTimestamp($user->created_at),
'updated_at' => $this->formatTimestamp($user->updated_at),
],
]);
}
/**
* Test that the correct relationships can be loaded.
*/
public function testRelationshipsCanBeLoaded()
{
$user = factory(User::class)->create();
$server = $this->createServerModel(['user_id' => $user->id]);
$response = $this->getJson('/api/application/users/' . $user->id . '?include=servers');
$response->assertStatus(Response::HTTP_OK);
$response->assertJsonCount(2);
$response->assertJsonStructure([
'object',
'attributes' => [
'id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at',
'relationships' => ['servers' => ['object', 'data' => [['object', 'attributes' => []]]]],
],
]);
$response->assertJsonFragment([
'object' => 'list',
'data' => [
[
'object' => 'server',
'attributes' => $this->getTransformer(ServerTransformer::class)->transform($server),
],
],
]);
}
/**
* Test that attempting to load a relationship that the key does not have permission
* for returns a null object.
*/
public function testKeyWithoutPermissionCannotLoadRelationship()
{
$this->createNewDefaultApiKey($this->getApiUser(), ['r_servers' => 0]);
$user = factory(User::class)->create();
$this->createServerModel(['user_id' => $user->id]);
$response = $this->getJson('/api/application/users/' . $user->id . '?include=servers');
$response->assertStatus(Response::HTTP_OK);
$response->assertJsonCount(2)->assertJsonCount(1, 'attributes.relationships');
$response->assertJsonStructure([
'attributes' => [
'relationships' => [
'servers' => ['object', 'attributes'],
],
],
]);
// Just assert that we see the expected relationship IDs in the response.
$response->assertJson([
'attributes' => [
'relationships' => [
'servers' => [
'object' => 'null_resource',
'attributes' => null,
],
],
],
]);
}
/**
* Test that an invalid external ID returns a 404 error.
*/
public function testGetMissingUser()
{
$response = $this->getJson('/api/application/users/nil');
$this->assertNotFoundJson($response);
}
/**
* Test that an authentication error occurs if a key does not have permission
* to access a resource.
*/
public function testErrorReturnedIfNoPermission()
{
$user = factory(User::class)->create();
$this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => 0]);
$response = $this->getJson('/api/application/users/' . $user->id);
$this->assertAccessDeniedJson($response);
}
/**
* Test that a users's existence is not exposed unless an API key has permission
* to access the resource.
*/
public function testResourceIsNotExposedWithoutPermissions()
{
$this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => 0]);
$response = $this->getJson('/api/application/users/nil');
$this->assertAccessDeniedJson($response);
}
/**
* Test that a user can be created.
*/
public function testCreateUser()
{
$response = $this->postJson('/api/application/users', [
'username' => 'testuser',
'email' => 'test@example.com',
'first_name' => 'Test',
'last_name' => 'User',
]);
$response->assertStatus(Response::HTTP_CREATED);
$response->assertJsonCount(3);
$response->assertJsonStructure([
'object',
'attributes' => ['id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at'],
'meta' => ['resource'],
]);
$this->assertDatabaseHas('users', ['username' => 'testuser', 'email' => 'test@example.com']);
$user = User::where('username', 'testuser')->first();
$response->assertJson([
'object' => 'user',
'attributes' => $this->getTransformer(UserTransformer::class)->transform($user),
'meta' => [
'resource' => route('api.application.users.view', $user->id),
],
], true);
}
/**
* Test that a user can be updated.
*/
public function testUpdateUser()
{
$user = factory(User::class)->create();
$response = $this->patchJson('/api/application/users/' . $user->id, [
'username' => 'new.test.name',
'email' => 'new@emailtest.com',
'first_name' => $user->name_first,
'last_name' => $user->name_last,
]);
$response->assertStatus(Response::HTTP_OK);
$response->assertJsonCount(2);
$response->assertJsonStructure([
'object',
'attributes' => ['id', 'external_id', 'uuid', 'username', 'email', 'first_name', 'last_name', 'language', 'root_admin', '2fa', 'created_at', 'updated_at'],
]);
$this->assertDatabaseHas('users', ['username' => 'new.test.name', 'email' => 'new@emailtest.com']);
$user = $user->fresh();
$response->assertJson([
'object' => 'user',
'attributes' => $this->getTransformer(UserTransformer::class)->transform($user),
]);
}
/**
* Test that a user can be deleted from the database.
*/
public function testDeleteUser()
{
$user = factory(User::class)->create();
$this->assertDatabaseHas('users', ['id' => $user->id]);
$response = $this->delete('/api/application/users/' . $user->id);
$response->assertStatus(Response::HTTP_NO_CONTENT);
$this->assertDatabaseMissing('users', ['id' => $user->id]);
}
/**
* Test that an API key without write permissions cannot create, update, or
* delete a user model.
*
* @param string $method
* @param string $url
*
* @dataProvider userWriteEndpointsDataProvider
*/
public function testApiKeyWithoutWritePermissions(string $method, string $url)
{
$this->createNewDefaultApiKey($this->getApiUser(), ['r_users' => AdminAcl::READ]);
if (str_contains($url, '{id}')) {
$user = factory(User::class)->create();
$url = str_replace('{id}', $user->id, $url);
}
$response = $this->$method($url);
$this->assertAccessDeniedJson($response);
}
/**
* Endpoints that should return a 403 error when the key does not have write
* permissions for user management.
*
* @return array
*/
public function userWriteEndpointsDataProvider(): array
{
return [
['postJson', '/api/application/users'],
['patchJson', '/api/application/users/{id}'],
['delete', '/api/application/users/{id}'],
];
}
}

View file

@ -0,0 +1,46 @@
<?php
namespace Pterodactyl\Tests\Integration;
use Tests\TestCase;
use Cake\Chronos\Chronos;
use Illuminate\Database\Eloquent\Model;
use Pterodactyl\Transformers\Api\Application\BaseTransformer;
abstract class IntegrationTestCase extends TestCase
{
/**
* Setup base integration test cases.
*/
public function setUp()
{
parent::setUp();
// Disable event dispatcher to prevent eloquence from trying to
// perform validation on models going into the database. If this is
// not disabled, eloquence validation errors get swallowed and
// the tests cannot complete because nothing is put into the database.
Model::unsetEventDispatcher();
}
/**
* @return array
*/
protected function connectionsToTransact()
{
return ['testing'];
}
/**
* Return an ISO-8601 formatted timestamp to use in the API response.
*
* @param string $timestamp
* @return string
*/
protected function formatTimestamp(string $timestamp): string
{
return Chronos::createFromFormat(Chronos::DEFAULT_TO_STRING_FORMAT, $timestamp)
->setTimezone(BaseTransformer::RESPONSE_TIMEZONE)
->toIso8601String();
}
}

View file

@ -0,0 +1,51 @@
<?php
namespace Tests\Traits;
use Illuminate\Http\Response;
use Illuminate\Foundation\Testing\TestResponse;
trait IntegrationJsonRequestAssertions
{
/**
* Make assertions about a 404 response on the API.
*
* @param \Illuminate\Foundation\Testing\TestResponse $response
*/
public function assertNotFoundJson(TestResponse $response)
{
$response->assertStatus(Response::HTTP_NOT_FOUND);
$response->assertJsonStructure(['errors' => [['code', 'status', 'detail']]]);
$response->assertJsonCount(1, 'errors');
$response->assertJson([
'errors' => [
[
'code' => 'NotFoundHttpException',
'status' => '404',
'detail' => 'The requested resource does not exist on this server.',
],
],
], true);
}
/**
* Make assertions about a 403 error returned by the API.
*
* @param \Illuminate\Foundation\Testing\TestResponse $response
*/
public function assertAccessDeniedJson(TestResponse $response)
{
$response->assertStatus(Response::HTTP_FORBIDDEN);
$response->assertJsonStructure(['errors' => [['code', 'status', 'detail']]]);
$response->assertJsonCount(1, 'errors');
$response->assertJson([
'errors' => [
[
'code' => 'AccessDeniedHttpException',
'status' => '403',
'detail' => 'This action is unauthorized.',
],
],
], true);
}
}

View file

@ -0,0 +1,77 @@
<?php
namespace Tests\Traits\Integration;
use Pterodactyl\Models\Egg;
use Pterodactyl\Models\Nest;
use Pterodactyl\Models\Node;
use Pterodactyl\Models\User;
use Pterodactyl\Models\Server;
use Pterodactyl\Models\Location;
use Pterodactyl\Models\Allocation;
use Illuminate\Database\Eloquent\Factory as EloquentFactory;
trait CreatesTestModels
{
/**
* Creates a server model in the databases for the purpose of testing. If an attribute
* is passed in that normally requires this function to create a model no model will be
* created and that attribute's value will be used.
*
* The returned server model will have all of the relationships loaded onto it.
*
* @param array $attributes
* @return \Pterodactyl\Models\Server
*/
public function createServerModel(array $attributes = []): Server
{
/** @var \Illuminate\Database\Eloquent\Factory $factory */
$factory = $this->app->make(EloquentFactory::class);
if (isset($attributes['user_id'])) {
$attributes['owner_id'] = $attributes['user_id'];
}
if (! isset($attributes['owner_id'])) {
$user = $factory->of(User::class)->create();
$attributes['owner_id'] = $user->id;
}
if (! isset($attributes['node_id'])) {
if (! isset($attributes['location_id'])) {
$location = $factory->of(Location::class)->create();
$attributes['location_id'] = $location->id;
}
$node = $factory->of(Node::class)->create(['location_id' => $attributes['location_id']]);
$attributes['node_id'] = $node->id;
}
if (! isset($attributes['allocation_id'])) {
$allocation = $factory->of(Allocation::class)->create(['node_id' => $attributes['node_id']]);
$attributes['allocation_id'] = $allocation->id;
}
if (! isset($attributes['nest_id'])) {
$nest = Nest::with('eggs')->first();
$attributes['nest_id'] = $nest->id;
if (! isset($attributes['egg_id'])) {
$attributes['egg_id'] = $nest->getRelation('eggs')->first()->id;
}
}
if (! isset($attributes['egg_id'])) {
$egg = Egg::where('nest_id', $attributes['nest_id'])->first();
$attributes['egg_id'] = $egg->id;
}
unset($attributes['user_id'], $attributes['location_id']);
$server = $factory->of(Server::class)->create($attributes);
return Server::with([
'location', 'user', 'node', 'allocation', 'nest', 'egg',
])->findOrFail($server->id);
}
}

View file

@ -2,6 +2,7 @@
namespace Tests\Unit\Http\Middleware; namespace Tests\Unit\Http\Middleware;
use Illuminate\Http\Request;
use Pterodactyl\Models\User; use Pterodactyl\Models\User;
use Pterodactyl\Http\Middleware\AdminAuthenticate; use Pterodactyl\Http\Middleware\AdminAuthenticate;

View file

@ -29,12 +29,12 @@ class DaemonAuthenticateTest extends MiddlewareTestCase
*/ */
public function testValidDaemonConnection() public function testValidDaemonConnection()
{ {
$this->setRequestRouteName('random.name');
$node = factory(Node::class)->make(); $node = factory(Node::class)->make();
$this->request->shouldReceive('route->getName')->withNoArgs()->once()->andReturn('random.name'); $this->request->shouldReceive('header')->with('X-Access-Node')->twice()->andReturn($node->daemonSecret);
$this->request->shouldReceive('header')->with('X-Access-Node')->twice()->andReturn($node->uuid);
$this->repository->shouldReceive('findFirstWhere')->with(['daemonSecret' => $node->uuid])->once()->andReturn($node); $this->repository->shouldReceive('findFirstWhere')->with(['daemonSecret' => $node->daemonSecret])->once()->andReturn($node);
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions()); $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
$this->assertRequestHasAttribute('node'); $this->assertRequestHasAttribute('node');
@ -46,7 +46,7 @@ class DaemonAuthenticateTest extends MiddlewareTestCase
*/ */
public function testIgnoredRouteShouldContinue() public function testIgnoredRouteShouldContinue()
{ {
$this->request->shouldReceive('route->getName')->withNoArgs()->once()->andReturn('daemon.configuration'); $this->setRequestRouteName('daemon.configuration');
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions()); $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
$this->assertRequestMissingAttribute('node'); $this->assertRequestMissingAttribute('node');
@ -59,7 +59,8 @@ class DaemonAuthenticateTest extends MiddlewareTestCase
*/ */
public function testExceptionThrownIfMissingHeader() public function testExceptionThrownIfMissingHeader()
{ {
$this->request->shouldReceive('route->getName')->withNoArgs()->once()->andReturn('random.name'); $this->setRequestRouteName('random.name');
$this->request->shouldReceive('header')->with('X-Access-Node')->once()->andReturn(false); $this->request->shouldReceive('header')->with('X-Access-Node')->once()->andReturn(false);
$this->getMiddleware()->handle($this->request, $this->getClosureAssertions()); $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());

View file

@ -1,30 +1,17 @@
<?php <?php
/*
* Pterodactyl - Panel
* Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
*
* This software is licensed under the terms of the MIT license.
* https://opensource.org/licenses/MIT
*/
namespace Tests\Unit\Services\Helpers; namespace Tests\Unit\Services\Helpers;
use Mockery as m; use Mockery as m;
use Tests\TestCase; use Tests\TestCase;
use phpmock\phpunit\PHPMock; use Tests\Traits\MocksUuids;
use Illuminate\Contracts\Hashing\Hasher; use Illuminate\Contracts\Hashing\Hasher;
use Illuminate\Contracts\Config\Repository;
use Illuminate\Database\ConnectionInterface; use Illuminate\Database\ConnectionInterface;
use Pterodactyl\Services\Helpers\TemporaryPasswordService; use Pterodactyl\Services\Helpers\TemporaryPasswordService;
class TemporaryPasswordServiceTest extends TestCase class TemporaryPasswordServiceTest extends TestCase
{ {
use PHPMock; use MocksUuids;
/**
* @var \Illuminate\Contracts\Config\Repository|\Mockery\Mock
*/
protected $config;
/** /**
* @var \Illuminate\Database\ConnectionInterface|\Mockery\Mock * @var \Illuminate\Database\ConnectionInterface|\Mockery\Mock
@ -48,11 +35,10 @@ class TemporaryPasswordServiceTest extends TestCase
{ {
parent::setUp(); parent::setUp();
$this->config = m::mock(Repository::class);
$this->connection = m::mock(ConnectionInterface::class); $this->connection = m::mock(ConnectionInterface::class);
$this->hasher = m::mock(Hasher::class); $this->hasher = m::mock(Hasher::class);
$this->service = new TemporaryPasswordService($this->config, $this->connection, $this->hasher); $this->service = new TemporaryPasswordService($this->connection, $this->hasher);
} }
/** /**
@ -60,11 +46,7 @@ class TemporaryPasswordServiceTest extends TestCase
*/ */
public function testTemporaryPasswordIsStored() public function testTemporaryPasswordIsStored()
{ {
$this->getFunctionMock('\\Pterodactyl\\Services\\Helpers', 'str_random') $token = hash_hmac(TemporaryPasswordService::HMAC_ALGO, $this->getKnownUuid(), config('app.key'));
->expects($this->once())->with(40)->willReturn('random_string');
$this->config->shouldReceive('get')->with('app.key')->once()->andReturn('123456');
$token = hash_hmac(TemporaryPasswordService::HMAC_ALGO, 'random_string', '123456');
$this->hasher->shouldReceive('make')->with($token)->once()->andReturn('hashed_token'); $this->hasher->shouldReceive('make')->with($token)->once()->andReturn('hashed_token');
$this->connection->shouldReceive('table')->with('password_resets')->once()->andReturnSelf(); $this->connection->shouldReceive('table')->with('password_resets')->once()->andReturnSelf();