From 9bffa6a94c297c719121fc13e18693bc4186377d Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sat, 7 Aug 2021 08:46:30 -0700 Subject: [PATCH 1/3] Ignore files from V2 as well --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 11f82a76e..658743e22 100644 --- a/.gitignore +++ b/.gitignore @@ -13,8 +13,10 @@ storage/framework/* node_modules *.log _ide_helper.php +_ide_helper_models.php .phpstorm.meta.php .php_cs.cache +.yarn public/assets/manifest.json # For local development with docker From 75e0a862e7f2277cd4407e6c1c9c8b97d23ffb6e Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sat, 7 Aug 2021 09:16:29 -0700 Subject: [PATCH 2/3] Add another sanity check for websocket permissions --- .../Api/Client/Server/WebsocketControllerTest.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/Integration/Api/Client/Server/WebsocketControllerTest.php b/tests/Integration/Api/Client/Server/WebsocketControllerTest.php index d6c2119b6..b3f312560 100644 --- a/tests/Integration/Api/Client/Server/WebsocketControllerTest.php +++ b/tests/Integration/Api/Client/Server/WebsocketControllerTest.php @@ -3,6 +3,7 @@ namespace Pterodactyl\Tests\Integration\Api\Client\Server; use Carbon\CarbonImmutable; +use Pterodactyl\Models\User; use Illuminate\Http\Response; use Lcobucci\JWT\Configuration; use Pterodactyl\Models\Permission; @@ -27,6 +28,18 @@ class WebsocketControllerTest extends ClientApiIntegrationTestCase ->assertJsonPath('errors.0.detail', 'You do not have permission to connect to this server\'s websocket.'); } + /** + * Confirm users cannot access the websocket for another user's server. + */ + public function testUserWithoutPermissionForServerReceivesError() + { + [,$server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]); + [$user,] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]); + + $this->actingAs($user)->getJson("/api/client/servers/{$server->uuid}/websocket") + ->assertStatus(Response::HTTP_NOT_FOUND); + } + /** * Test that the expected permissions are returned for the server owner and that the JWT is * configured correctly. From 22f1341fea12237bb1fbb91da2539c64b1224e39 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sat, 7 Aug 2021 09:19:21 -0700 Subject: [PATCH 3/3] reformat --- .../Integration/Api/Client/Server/WebsocketControllerTest.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tests/Integration/Api/Client/Server/WebsocketControllerTest.php b/tests/Integration/Api/Client/Server/WebsocketControllerTest.php index b3f312560..d2656015e 100644 --- a/tests/Integration/Api/Client/Server/WebsocketControllerTest.php +++ b/tests/Integration/Api/Client/Server/WebsocketControllerTest.php @@ -3,7 +3,6 @@ namespace Pterodactyl\Tests\Integration\Api\Client\Server; use Carbon\CarbonImmutable; -use Pterodactyl\Models\User; use Illuminate\Http\Response; use Lcobucci\JWT\Configuration; use Pterodactyl\Models\Permission; @@ -33,7 +32,7 @@ class WebsocketControllerTest extends ClientApiIntegrationTestCase */ public function testUserWithoutPermissionForServerReceivesError() { - [,$server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]); + [, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]); [$user,] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]); $this->actingAs($user)->getJson("/api/client/servers/{$server->uuid}/websocket")