Add test, fix behavior of model creation

2018-07-14 22:58:33 -07:00 · 2018-07-14 22:58:33 -07:00 · 8bbe6bc279
commit 8bbe6bc279
parent 550c622d3b
2 changed files with 23 additions and 2 deletions
--- a/app/Http/Middleware/Api/AuthenticateKey.php
+++ b/app/Http/Middleware/Api/AuthenticateKey.php
@ -68,15 +68,15 @@ class AuthenticateKey
        // This is a request coming through using cookies, we have an authenticated user not using
        // an API key. Make some fake API key models and continue on through the process.
        if (empty($raw) && $request->user() instanceof User) {
-            $model = new ApiKey([
+            $model = (new ApiKey())->forceFill([
                'user_id' => $request->user()->id,
                'key_type' => ApiKey::TYPE_ACCOUNT,
            ]);
        } else {
            $model = $this->authenticateApiKey($raw, $keyType);
+            $this->auth->guard()->loginUsingId($model->user_id);
        }

-        $this->auth->guard()->loginUsingId($model->user_id);
        $request->attributes->set('api_key', $model);

        return $next($request);
--- a/tests/Unit/Http/Middleware/API/AuthenticateKeyTest.php
+++ b/tests/Unit/Http/Middleware/API/AuthenticateKeyTest.php
@ -4,6 +4,7 @@ namespace Tests\Unit\Http\Middleware\API;

 use Mockery as m;
 use Cake\Chronos\Chronos;
+use Pterodactyl\Models\User;
 use Pterodactyl\Models\ApiKey;
 use Illuminate\Auth\AuthManager;
 use Illuminate\Contracts\Encryption\Encrypter;
@ -48,6 +49,7 @@ class AuthenticateKeyTest extends MiddlewareTestCase
     */
    public function testMissingBearerTokenThrowsException()
    {
+        $this->request->shouldReceive('user')->andReturnNull();
        $this->request->shouldReceive('bearerToken')->withNoArgs()->once()->andReturnNull();

        try {
@ -117,6 +119,25 @@ class AuthenticateKeyTest extends MiddlewareTestCase
        $this->assertEquals($model, $this->request->attributes->get('api_key'));
    }

+    /**
+     * Test that we can still make it though this middleware if the user is logged in and passing
+     * through a cookie.
+     */
+    public function testAccessWithoutToken()
+    {
+        $user = factory(User::class)->make(['id' => 123]);
+
+        $this->request->shouldReceive('user')->andReturn($user);
+        $this->request->shouldReceive('bearerToken')->withNoArgs()->twice()->andReturnNull();
+
+        $this->getMiddleware()->handle($this->request, $this->getClosureAssertions(), ApiKey::TYPE_ACCOUNT);
+        $model = $this->request->attributes->get('api_key');
+
+        $this->assertSame(ApiKey::TYPE_ACCOUNT, $model->key_type);
+        $this->assertSame(123, $model->user_id);
+        $this->assertNull($model->identifier);
+    }
+
    /**
     * Test that a valid token identifier with an invalid token attached to it
     * triggers an exception.