Skynet/misc_pterodactyl-panel
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'dane/sanctum' into v2

Browse source
This commit is contained in:
Dane Everitt 2021-08-07 16:19:19 -07:00
commit 874e7afce3
No known key found for this signature in database
GPG key ID: EEA66103B3D71F53
253 changed files with 1480 additions and 3543 deletions
Download patch file Download diff file Expand all files Collapse all files

109
tests/Integration/Api/Client/ApiKeyControllerTest.php
View file

@ -4,7 +4,8 @@ namespace Pterodactyl\Tests\Integration\Api\Client;
use Pterodactyl\Models\User;
use Illuminate\Http\Response;
use Pterodactyl\Models\ApiKey;
use Pterodactyl\Models\PersonalAccessToken;
use Pterodactyl\Transformers\Api\Client\PersonalAccessTokenTransformer;
class ApiKeyControllerTest extends ClientApiIntegrationTestCase
{
@ -13,7 +14,7 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
*/
protected function tearDown(): void
{
ApiKey::query()->forceDelete();
PersonalAccessToken::query()->forceDelete();
parent::tearDown();
}
@ -25,11 +26,8 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
{
/** @var \Pterodactyl\Models\User $user */
$user = User::factory()->create();
/** @var \Pterodactyl\Models\ApiKey $key */
$key = ApiKey::factory()->create([
'user_id' => $user->id,
'key_type' => ApiKey::TYPE_ACCOUNT,
]);
$token = $user->createToken('test');
$token = $token->accessToken;
$response = $this->actingAs($user)->get('/api/client/account/api-keys');
@ -38,13 +36,14 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
'object' => 'list',
'data' => [
[
'object' => 'api_key',
'object' => 'personal_access_token',
'attributes' => [
'identifier' => $key->identifier,
'description' => $key->memo,
'allowed_ips' => $key->allowed_ips,
'token_id' => $token->token_id,
'description' => $token->description,
'abilities' => ['*'],
'last_used_at' => null,
'created_at' => $key->created_at->toIso8601String(),
'updated_at' => $this->formatTimestamp($token->updated_at),
'created_at' => $this->formatTimestamp($token->created_at),
],
],
],
@ -64,34 +63,24 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
// Small sub-test to ensure we're always comparing the number of keys to the
// specific logged in account, and not just the total number of keys stored in
// the database.
ApiKey::factory()->times(10)->create([
PersonalAccessToken::factory()->times(10)->create([
'user_id' => User::factory()->create()->id,
'key_type' => ApiKey::TYPE_ACCOUNT,
]);
$response = $this->actingAs($user)->postJson('/api/client/account/api-keys', [
'description' => 'Test Description',
'allowed_ips' => ['127.0.0.1'],
]);
$response->assertOk();
/** @var \Pterodactyl\Models\ApiKey $key */
$key = ApiKey::query()->where('identifier', $response->json('attributes.identifier'))->firstOrFail();
$key = PersonalAccessToken::query()->where('token_id', $response->json('attributes.token_id'))->firstOrFail();
$response->assertJson([
'object' => 'api_key',
'attributes' => [
'identifier' => $key->identifier,
'description' => 'Test Description',
'allowed_ips' => ['127.0.0.1'],
'last_used_at' => null,
'created_at' => $key->created_at->toIso8601String(),
],
'meta' => [
'secret_token' => decrypt($key->token),
],
'object' => 'personal_access_token',
'attributes' => (new PersonalAccessTokenTransformer())->transform($key),
]);
$this->assertEquals($key->token, hash('sha256', substr($response->json('meta.secret_token'), 16)));
}
/**
@ -104,14 +93,10 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
{
/** @var \Pterodactyl\Models\User $user */
$user = User::factory()->create();
ApiKey::factory()->times(5)->create([
'user_id' => $user->id,
'key_type' => ApiKey::TYPE_ACCOUNT,
]);
PersonalAccessToken::factory()->times(10)->create(['user_id' => $user->id]);
$response = $this->actingAs($user)->postJson('/api/client/account/api-keys', [
'description' => 'Test Description',
'allowed_ips' => ['127.0.0.1'],
]);
$response->assertStatus(Response::HTTP_BAD_REQUEST);
@ -131,7 +116,6 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
$response = $this->actingAs($user)->postJson('/api/client/account/api-keys', [
'description' => '',
'allowed_ips' => ['127.0.0.1'],
]);
$response->assertStatus(Response::HTTP_UNPROCESSABLE_ENTITY);
@ -140,7 +124,6 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
$response = $this->actingAs($user)->postJson('/api/client/account/api-keys', [
'description' => str_repeat('a', 501),
'allowed_ips' => ['127.0.0.1'],
]);
$response->assertStatus(Response::HTTP_UNPROCESSABLE_ENTITY);
@ -155,16 +138,12 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
{
/** @var \Pterodactyl\Models\User $user */
$user = User::factory()->create();
/** @var \Pterodactyl\Models\ApiKey $key */
$key = ApiKey::factory()->create([
'user_id' => $user->id,
'key_type' => ApiKey::TYPE_ACCOUNT,
]);
$token = $user->createToken('test');
$response = $this->actingAs($user)->delete('/api/client/account/api-keys/' . $key->identifier);
$response->assertStatus(Response::HTTP_NO_CONTENT);
$response = $this->actingAs($user)->delete('/api/client/account/api-keys/' . $token->accessToken->token_id);
$response->assertNoContent();
$this->assertDatabaseMissing('api_keys', ['id' => $key->id]);
$this->assertDatabaseMissing('personal_access_tokens', ['id' => $token->accessToken->id]);
}
/**
@ -174,16 +153,12 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
{
/** @var \Pterodactyl\Models\User $user */
$user = User::factory()->create();
/** @var \Pterodactyl\Models\ApiKey $key */
$key = ApiKey::factory()->create([
'user_id' => $user->id,
'key_type' => ApiKey::TYPE_ACCOUNT,
]);
$token = $user->createToken('test');
$response = $this->actingAs($user)->delete('/api/client/account/api-keys/1234');
$response->assertNotFound();
$response = $this->actingAs($user)->delete('/api/client/account/api-keys/ptdl_1234');
$response->assertNoContent();
$this->assertDatabaseHas('api_keys', ['id' => $key->id]);
$this->assertDatabaseHas('personal_access_tokens', ['id' => $token->accessToken->id]);
}
/**
@ -196,35 +171,11 @@ class ApiKeyControllerTest extends ClientApiIntegrationTestCase
$user = User::factory()->create();
/** @var \Pterodactyl\Models\User $user2 */
$user2 = User::factory()->create();
/** @var \Pterodactyl\Models\ApiKey $key */
$key = ApiKey::factory()->create([
'user_id' => $user2->id,
'key_type' => ApiKey::TYPE_ACCOUNT,
]);
$token = $user2->createToken('test');
$response = $this->actingAs($user)->delete('/api/client/account/api-keys/' . $key->identifier);
$response->assertNotFound();
$response = $this->actingAs($user)->delete('/api/client/account/api-keys/' . $token->accessToken->token_id);
$response->assertNoContent();
$this->assertDatabaseHas('api_keys', ['id' => $key->id]);
}
/**
* Tests that an application API key also belonging to the logged in user cannot be
* deleted through this endpoint if it exists.
*/
public function testApplicationApiKeyCannotBeDeleted()
{
/** @var \Pterodactyl\Models\User $user */
$user = User::factory()->create();
/** @var \Pterodactyl\Models\ApiKey $key */
$key = ApiKey::factory()->create([
'user_id' => $user->id,
'key_type' => ApiKey::TYPE_APPLICATION,
]);
$response = $this->actingAs($user)->delete('/api/client/account/api-keys/' . $key->identifier);
$response->assertNotFound();
$this->assertDatabaseHas('api_keys', ['id' => $key->id]);
$this->assertDatabaseHas('personal_access_tokens', ['id' => $token->accessToken->id]);
}
}

5
tests/Integration/Api/Client/ClientApiIntegrationTestCase.php
View file

@ -6,7 +6,6 @@ use ReflectionClass;
use Pterodactyl\Models\Node;
use Pterodactyl\Models\Task;
use Pterodactyl\Models\User;
use Webmozart\Assert\Assert;
use InvalidArgumentException;
use Pterodactyl\Models\Backup;
use Pterodactyl\Models\Server;
@ -19,7 +18,6 @@ use Pterodactyl\Models\Allocation;
use Pterodactyl\Models\DatabaseHost;
use Pterodactyl\Tests\Integration\TestResponse;
use Pterodactyl\Tests\Integration\IntegrationTestCase;
use Pterodactyl\Transformers\Api\Client\BaseClientTransformer;
abstract class ClientApiIntegrationTestCase extends IntegrationTestCase
{
@ -61,7 +59,6 @@ abstract class ClientApiIntegrationTestCase extends IntegrationTestCase
*/
protected function link($model, $append = null): string
{
$link = '';
switch (get_class($model)) {
case Server::class:
$link = "/api/client/servers/{$model->uuid}";
@ -100,7 +97,6 @@ abstract class ClientApiIntegrationTestCase extends IntegrationTestCase
return [$user, $this->createServerModel(['user_id' => $user->id])];
}
/** @var \Pterodactyl\Models\Server $server */
$server = $this->createServerModel();
Subuser::query()->create([
@ -124,7 +120,6 @@ abstract class ClientApiIntegrationTestCase extends IntegrationTestCase
$transformer = sprintf('\\Pterodactyl\\Transformers\\Api\\Client\\%sTransformer', $reflect->getShortName());
$transformer = new $transformer();
$this->assertInstanceOf(BaseClientTransformer::class, $transformer);
$this->assertSame(
$transformer->transform($model),

2
tests/Integration/Api/Client/Server/ScheduleTask/CreateServerScheduleTaskTest.php
View file

@ -89,7 +89,7 @@ class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
}
/**
* Test that backups can not be tasked when the backup limit is 0
* Test that backups can not be tasked when the backup limit is 0.
*/
public function testBackupsCanNotBeTaskedIfLimit0()
{

2
tests/Integration/Api/Client/Server/WebsocketControllerTest.php
View file

@ -23,7 +23,7 @@ class WebsocketControllerTest extends ClientApiIntegrationTestCase
$this->actingAs($user)->getJson("/api/client/servers/{$server->uuid}/websocket")
->assertStatus(Response::HTTP_FORBIDDEN)
->assertJsonPath('errors.0.code', 'HttpForbiddenException')
->assertJsonPath('errors.0.code', 'AccessDeniedHttpException')
->assertJsonPath('errors.0.detail', 'You do not have permission to connect to this server\'s websocket.');
}