diff --git a/app/Http/Middleware/Api/SetSessionDriver.php b/app/Http/Middleware/Api/SetSessionDriver.php index e61604dbd..8ce50a8b5 100644 --- a/app/Http/Middleware/Api/SetSessionDriver.php +++ b/app/Http/Middleware/Api/SetSessionDriver.php @@ -4,16 +4,10 @@ namespace Pterodactyl\Http\Middleware\Api; use Closure; use Illuminate\Http\Request; -use Illuminate\Contracts\Foundation\Application; use Illuminate\Contracts\Config\Repository as ConfigRepository; class SetSessionDriver { - /** - * @var \Illuminate\Contracts\Foundation\Application - */ - private $app; - /** * @var \Illuminate\Contracts\Config\Repository */ @@ -22,12 +16,10 @@ class SetSessionDriver /** * SetSessionDriver constructor. * - * @param \Illuminate\Contracts\Foundation\Application $app - * @param \Illuminate\Contracts\Config\Repository $config + * @param \Illuminate\Contracts\Config\Repository $config */ - public function __construct(Application $app, ConfigRepository $config) + public function __construct(ConfigRepository $config) { - $this->app = $app; $this->config = $config; } diff --git a/app/Http/Middleware/RequireTwoFactorAuthentication.php b/app/Http/Middleware/RequireTwoFactorAuthentication.php index aee1cf068..486b8e3cc 100644 --- a/app/Http/Middleware/RequireTwoFactorAuthentication.php +++ b/app/Http/Middleware/RequireTwoFactorAuthentication.php @@ -10,6 +10,7 @@ namespace Pterodactyl\Http\Middleware; use Closure; +use Illuminate\Support\Str; use Illuminate\Http\Request; use Prologue\Alerts\AlertsMessageBag; @@ -24,27 +25,12 @@ class RequireTwoFactorAuthentication */ private $alert; - /** - * The names of routes that should be accessible without 2FA enabled. - * - * @var array - */ - protected $except = [ - 'account.security', - 'account.security.revoke', - 'account.security.totp', - 'account.security.totp.set', - 'account.security.totp.disable', - 'auth.totp', - 'auth.logout', - ]; - /** * The route to redirect a user to to enable 2FA. * * @var string */ - protected $redirectRoute = 'account.security'; + protected $redirectRoute = 'account'; /** * RequireTwoFactorAuthentication constructor. @@ -69,7 +55,8 @@ class RequireTwoFactorAuthentication return $next($request); } - if (in_array($request->route()->getName(), $this->except)) { + $current = $request->route()->getName(); + if (in_array($current, ['auth', 'account']) || Str::startsWith($current, ['auth.', 'account.'])) { return $next($request); } diff --git a/routes/base.php b/routes/base.php index 3dc1aa672..39d07d6d6 100644 --- a/routes/base.php +++ b/routes/base.php @@ -1,6 +1,7 @@ name('index'); +Route::get('/account', 'IndexController@index')->name('account'); /* |-------------------------------------------------------------------------- diff --git a/tests/Unit/Http/Controllers/Base/IndexControllerTest.php b/tests/Unit/Http/Controllers/Base/IndexControllerTest.php index 6e8cd38cf..a8ed6c7f4 100644 --- a/tests/Unit/Http/Controllers/Base/IndexControllerTest.php +++ b/tests/Unit/Http/Controllers/Base/IndexControllerTest.php @@ -78,7 +78,7 @@ class IndexControllerTest extends ControllerTestCase $response = $this->controller->index($this->request); $this->assertIsViewResponse($response); - $this->assertViewNameEquals('base.index', $response); + $this->assertViewNameEquals('templates.base.core', $response); $this->assertViewHasKey('servers', $response); $this->assertViewKeyEquals('servers', $paginator, $response); } diff --git a/tests/Unit/Http/Middleware/API/SetSessionDriverTest.php b/tests/Unit/Http/Middleware/API/SetSessionDriverTest.php index 36f1bc0b8..c65f8a6be 100644 --- a/tests/Unit/Http/Middleware/API/SetSessionDriverTest.php +++ b/tests/Unit/Http/Middleware/API/SetSessionDriverTest.php @@ -3,19 +3,12 @@ namespace Tests\Unit\Http\Middleware\API; use Mockery as m; -use Barryvdh\Debugbar\LaravelDebugbar; use Illuminate\Contracts\Config\Repository; -use Illuminate\Contracts\Foundation\Application; use Tests\Unit\Http\Middleware\MiddlewareTestCase; use Pterodactyl\Http\Middleware\Api\SetSessionDriver; class SetSessionDriverTest extends MiddlewareTestCase { - /** - * @var \Illuminate\Contracts\Foundation\Application|\Mockery\Mock - */ - private $appMock; - /** * @var \Illuminate\Contracts\Config\Repository|\Mockery\Mock */ @@ -28,29 +21,14 @@ class SetSessionDriverTest extends MiddlewareTestCase { parent::setUp(); - $this->appMock = m::mock(Application::class); $this->config = m::mock(Repository::class); } /** * Test that a production environment does not try to disable debug bar. */ - public function testProductionEnvironment() + public function testMiddleware() { - $this->config->shouldReceive('get')->once()->with('app.debug')->andReturn(false); - $this->config->shouldReceive('set')->once()->with('session.driver', 'array')->andReturnNull(); - - $this->getMiddleware()->handle($this->request, $this->getClosureAssertions()); - } - - /** - * Test that a local environment does disable debug bar. - */ - public function testLocalEnvironment() - { - $this->config->shouldReceive('get')->once()->with('app.debug')->andReturn(true); - $this->appMock->shouldReceive('make')->once()->with(LaravelDebugbar::class)->andReturnSelf(); - $this->appMock->shouldReceive('disable')->once()->withNoArgs()->andReturnNull(); $this->config->shouldReceive('set')->once()->with('session.driver', 'array')->andReturnNull(); $this->getMiddleware()->handle($this->request, $this->getClosureAssertions()); @@ -63,6 +41,6 @@ class SetSessionDriverTest extends MiddlewareTestCase */ private function getMiddleware(): SetSessionDriver { - return new SetSessionDriver($this->appMock, $this->config); + return new SetSessionDriver($this->config); } } diff --git a/tests/Unit/Http/Middleware/RequireTwoFactorAuthenticationTest.php b/tests/Unit/Http/Middleware/RequireTwoFactorAuthenticationTest.php index 19bd45129..562ff75cc 100644 --- a/tests/Unit/Http/Middleware/RequireTwoFactorAuthenticationTest.php +++ b/tests/Unit/Http/Middleware/RequireTwoFactorAuthenticationTest.php @@ -88,7 +88,7 @@ class RequireTwoFactorAuthenticationTest extends MiddlewareTestCase $response = $this->getMiddleware()->handle($this->request, $this->getClosureAssertions()); $this->assertInstanceOf(RedirectResponse::class, $response); - $this->assertEquals(route('account.security'), $response->getTargetUrl()); + $this->assertEquals(route('account'), $response->getTargetUrl()); } /** @@ -132,7 +132,7 @@ class RequireTwoFactorAuthenticationTest extends MiddlewareTestCase $response = $this->getMiddleware()->handle($this->request, $this->getClosureAssertions()); $this->assertInstanceOf(RedirectResponse::class, $response); - $this->assertEquals(route('account.security'), $response->getTargetUrl()); + $this->assertEquals(route('account'), $response->getTargetUrl()); } /** @@ -156,7 +156,8 @@ class RequireTwoFactorAuthenticationTest extends MiddlewareTestCase public function ignoredRoutesDataProvider() { return [ - ['account.security'], + ['auth'], + ['account'], ['account.security.revoke'], ['account.security.totp'], ['account.security.totp.set'], diff --git a/tests/Unit/Services/Users/TwoFactorSetupServiceTest.php b/tests/Unit/Services/Users/TwoFactorSetupServiceTest.php index 8cb097537..3c0615425 100644 --- a/tests/Unit/Services/Users/TwoFactorSetupServiceTest.php +++ b/tests/Unit/Services/Users/TwoFactorSetupServiceTest.php @@ -6,7 +6,7 @@ use Mockery as m; use Tests\TestCase; use Pterodactyl\Models\User; use PragmaRX\Google2FA\Google2FA; -use Illuminate\Contracts\Config\Repository; +use Illuminate\Support\Collection; use Illuminate\Contracts\Encryption\Encrypter; use Pterodactyl\Services\Users\TwoFactorSetupService; use Pterodactyl\Contracts\Repository\UserRepositoryInterface; @@ -40,7 +40,6 @@ class TwoFactorSetupServiceTest extends TestCase { parent::setUp(); - $this->config = m::mock(Repository::class); $this->encrypter = m::mock(Encrypter::class); $this->google2FA = m::mock(Google2FA::class); $this->repository = m::mock(UserRepositoryInterface::class); @@ -53,16 +52,19 @@ class TwoFactorSetupServiceTest extends TestCase { $model = factory(User::class)->make(); - $this->config->shouldReceive('get')->with('pterodactyl.auth.2fa.bytes')->once()->andReturn(32); + config()->set('pterodactyl.auth.2fa.bytes', 32); + config()->set('app.name', 'CompanyName'); + $this->google2FA->shouldReceive('generateSecretKey')->with(32)->once()->andReturn('secretKey'); - $this->config->shouldReceive('get')->with('app.name')->once()->andReturn('CompanyName'); $this->google2FA->shouldReceive('getQRCodeGoogleUrl')->with('CompanyName', $model->email, 'secretKey')->once()->andReturn('http://url.com'); $this->encrypter->shouldReceive('encrypt')->with('secretKey')->once()->andReturn('encryptedSecret'); $this->repository->shouldReceive('withoutFreshModel->update')->with($model->id, ['totp_secret' => 'encryptedSecret'])->once()->andReturnNull(); $response = $this->getService()->handle($model); $this->assertNotEmpty($response); - $this->assertSame('http://url.com', $response); + $this->assertInstanceOf(Collection::class, $response); + $this->assertSame('http://url.com', $response->get('image')); + $this->assertSame('secretKey', $response->get('secret')); } /** @@ -72,6 +74,6 @@ class TwoFactorSetupServiceTest extends TestCase */ private function getService(): TwoFactorSetupService { - return new TwoFactorSetupService($this->config, $this->encrypter, $this->google2FA, $this->repository); + return new TwoFactorSetupService($this->encrypter, $this->google2FA, $this->repository); } }