Skynet/misc_pterodactyl-panel
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add another sanity check for websocket permissions

Browse source
This commit is contained in:
Dane Everitt 2021-08-07 09:16:29 -07:00
parent 9bffa6a94c
commit 75e0a862e7
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
tests/Integration/Api/Client/Server/WebsocketControllerTest.php
View file

@ -3,6 +3,7 @@
namespace Pterodactyl\Tests\Integration\Api\Client\Server; namespace Pterodactyl\Tests\Integration\Api\Client\Server;
use Carbon\CarbonImmutable; use Carbon\CarbonImmutable;
use Pterodactyl\Models\User;
use Illuminate\Http\Response; use Illuminate\Http\Response;
use Lcobucci\JWT\Configuration; use Lcobucci\JWT\Configuration;
use Pterodactyl\Models\Permission; use Pterodactyl\Models\Permission;
@ -27,6 +28,18 @@ class WebsocketControllerTest extends ClientApiIntegrationTestCase
->assertJsonPath('errors.0.detail', 'You do not have permission to connect to this server\'s websocket.'); ->assertJsonPath('errors.0.detail', 'You do not have permission to connect to this server\'s websocket.');
} }
/**
* Confirm users cannot access the websocket for another user's server.
*/
public function testUserWithoutPermissionForServerReceivesError()
{
[,$server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
[$user,] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
$this->actingAs($user)->getJson("/api/client/servers/{$server->uuid}/websocket")
->assertStatus(Response::HTTP_NOT_FOUND);
}
/** /**
* Test that the expected permissions are returned for the server owner and that the JWT is * Test that the expected permissions are returned for the server owner and that the JWT is
* configured correctly. * configured correctly.