Add test coverage for creating tasks

Author: DaneEveritt

app/Exceptions/Service/ServiceLimitExceededException.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace Pterodactyl\Exceptions\Service;
+
+use Throwable;
+use Pterodactyl\Exceptions\DisplayException;
+
+class ServiceLimitExceededException extends DisplayException
+{
+    /**
+     * Exception thrown when something goes over a defined limit, such as allocated
+     * ports, tasks, databases, etc.
+     *
+     * @param string $message
+     * @param \Throwable|null $previous
+     */
+    public function __construct(string $message, Throwable $previous = null)
+    {
+        parent::__construct($message, $previous, self::LEVEL_WARNING);
+    }
+}

app/Http/Controllers/Api/Client/Servers/ScheduleTaskController.php

@@ -13,6 +13,7 @@
 use Pterodactyl\Transformers\Api\Client\TaskTransformer;
 use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
 use Pterodactyl\Http\Controllers\Api\Client\ClientApiController;
+use Pterodactyl\Exceptions\Service\ServiceLimitExceededException;
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 use Pterodactyl\Http\Requests\Api\Client\Servers\Schedules\StoreTaskRequest;
 
@@ -44,11 +45,15 @@ public function __construct(TaskRepository $repository)
      * @return array
      *
      * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Pterodactyl\Exceptions\Service\ServiceLimitExceededException
      */
     public function store(StoreTaskRequest $request, Server $server, Schedule $schedule)
     {
-        if ($schedule->server_id !== $server->id) {
-            throw new NotFoundHttpException;
+        $limit = config('pterodactyl.client_features.schedules.per_schedule_task_limit', 10);
+        if ($schedule->tasks()->count() >= $limit) {
+            throw new ServiceLimitExceededException(
+                "Schedules may not have more than {$limit} tasks associated with them. Creating this task would put this schedule over the limit."
+            );
         }
 
         $lastTask = $schedule->tasks->last();

config/pterodactyl.php

@@ -162,6 +162,11 @@
             'enabled' => env('PTERODACTYL_CLIENT_DATABASES_ENABLED', true),
             'allow_random' => env('PTERODACTYL_CLIENT_DATABASES_ALLOW_RANDOM', true),
         ],
+
+        'schedules' => [
+            // The total number of tasks that can exist for any given schedule at once.
+            'per_schedule_task_limit' => 10,
+        ],
     ],
 
     /*

tests/Integration/Api/Client/ClientApiIntegrationTestCase.php

@@ -6,11 +6,14 @@
 use ReflectionClass;
 use Carbon\CarbonImmutable;
 use Pterodactyl\Models\Node;
+use Pterodactyl\Models\Task;
 use Pterodactyl\Models\User;
+use Webmozart\Assert\Assert;
 use Pterodactyl\Models\Model;
 use Pterodactyl\Models\Server;
 use Pterodactyl\Models\Subuser;
 use Pterodactyl\Models\Location;
+use Pterodactyl\Models\Schedule;
 use Illuminate\Support\Collection;
 use Pterodactyl\Tests\Integration\IntegrationTestCase;
 use Pterodactyl\Transformers\Api\Client\BaseClientTransformer;
@@ -41,6 +44,33 @@ public function setUp(): void
         CarbonImmutable::setTestNow(Carbon::now());
     }
 
+    /**
+     * Returns a link to the specific resource using the client API.
+     *
+     * @param mixed $model
+     * @param string|null $append
+     * @return string
+     */
+    protected function link($model, $append = null): string
+    {
+        Assert::isInstanceOfAny($model, [Server::class, Schedule::class, Task::class]);
+
+        $link = '';
+        switch (get_class($model)) {
+            case Server::class:
+                $link = "/api/client/servers/{$model->uuid}";
+                break;
+            case Schedule::class:
+                $link = "/api/client/servers/{$model->server->uuid}/schedules/{$model->id}";
+                break;
+            case Task::class:
+                $link = "/api/client/servers/{$model->schedule->server->uuid}/schedules/{$model->schedule->id}/tasks/{$model->id}";
+                break;
+        }
+
+        return $link . ($append ? '/' . ltrim($append, '/') : '');
+    }
+
     /**
      * Generates a user and a server for that user. If an array of permissions is passed it
      * is assumed that the user is actually a subuser of the server.

tests/Integration/Api/Client/Server/Schedule/DeleteServerScheduleTest.php

@@ -50,7 +50,7 @@ public function testNotFoundErrorIsReturnedIfScheduleDoesNotExistAtAll()
     public function testNotFoundErrorIsReturnedIfScheduleDoesNotBelongToServer()
     {
         [$user, $server] = $this->generateTestAccount();
-        [, $server2] = $this->generateTestAccount();
+        [, $server2] = $this->generateTestAccount(['user_id' => $user->id]);
 
         $schedule = factory(Schedule::class)->create(['server_id' => $server2->id]);
 

tests/Integration/Api/Client/Server/Schedule/GetServerSchedulesTest.php

@@ -64,7 +64,7 @@ public function testServerSchedulesAreReturned($permissions, $individual)
     public function testScheduleBelongingToAnotherServerCannotBeViewed()
     {
         [$user, $server] = $this->generateTestAccount();
-        [, $server2] = $this->generateTestAccount();
+        [, $server2] = $this->generateTestAccount(['user_id' => $user->id]);
 
         $schedule = factory(Schedule::class)->create(['server_id' => $server2->id]);
 

tests/Integration/Api/Client/Server/Schedule/UpdateServerScheduleTest.php

@@ -50,7 +50,7 @@ public function testScheduleCanBeUpdated($permissions)
     public function testErrorIsReturnedIfScheduleDoesNotBelongToServer()
     {
         [$user, $server] = $this->generateTestAccount();
-        [, $server2] = $this->generateTestAccount();
+        [, $server2] = $this->generateTestAccount(['user_id' => $user->id]);
 
         $schedule = factory(Schedule::class)->create(['server_id' => $server2->id]);
 

tests/Integration/Api/Client/Server/ScheduleTask/CreateServerScheduleTaskTest.php

@@ -0,0 +1,177 @@
+<?php
+
+namespace Pterodactyl\Tests\Integration\Api\Client\Server\ScheduleTask;
+
+use Pterodactyl\Models\Task;
+use Illuminate\Http\Response;
+use Pterodactyl\Models\Schedule;
+use Pterodactyl\Models\Permission;
+use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
+
+class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
+{
+    /**
+     * Test that a task can be created.
+     *
+     * @param array $permissions
+     * @dataProvider permissionsDataProvider
+     */
+    public function testTaskCanBeCreated($permissions)
+    {
+        [$user, $server] = $this->generateTestAccount($permissions);
+
+        /** @var \Pterodactyl\Models\Schedule $schedule */
+        $schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
+        $this->assertEmpty($schedule->tasks);
+
+        $response = $this->actingAs($user)->postJson($this->link($schedule, '/tasks'), [
+            'action' => 'command',
+            'payload' => 'say Test',
+            'time_offset' => 10,
+            'sequence_id' => 1,
+        ]);
+
+        $response->assertOk();
+        /** @var \Pterodactyl\Models\Task $task */
+        $task = Task::query()->findOrFail($response->json('attributes.id'));
+
+        $this->assertSame($schedule->id, $task->schedule_id);
+        $this->assertSame(1, $task->sequence_id);
+        $this->assertSame('command', $task->action);
+        $this->assertSame('say Test', $task->payload);
+        $this->assertSame(10, $task->time_offset);
+        $this->assertJsonTransformedWith($response->json('attributes'), $task);
+    }
+
+    /**
+     * Test that validation errors are returned correctly if bad data is passed into the API.
+     */
+    public function testValidationErrorsAreReturned()
+    {
+        [$user, $server] = $this->generateTestAccount();
+
+        /** @var \Pterodactyl\Models\Schedule $schedule */
+        $schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
+
+        $response = $this->actingAs($user)->postJson($this->link($schedule, '/tasks'))->assertStatus(Response::HTTP_UNPROCESSABLE_ENTITY);
+
+        foreach (['action', 'payload', 'time_offset'] as $i => $field) {
+            $response->assertJsonPath("errors.{$i}.code", $field === 'payload' ? 'required_unless' : 'required');
+            $response->assertJsonPath("errors.{$i}.source.field", $field);
+        }
+
+        $this->actingAs($user)->postJson($this->link($schedule, '/tasks'), [
+            'action' => 'hodor',
+            'payload' => 'say Test',
+            'time_offset' => 0,
+        ])
+            ->assertStatus(Response::HTTP_UNPROCESSABLE_ENTITY)
+            ->assertJsonPath('errors.0.code', 'in')
+            ->assertJsonPath('errors.0.source.field', 'action');
+
+        $this->actingAs($user)->postJson($this->link($schedule, '/tasks'), [
+            'action' => 'command',
+            'time_offset' => 0,
+        ])
+            ->assertStatus(Response::HTTP_UNPROCESSABLE_ENTITY)
+            ->assertJsonPath('errors.0.code', 'required_unless')
+            ->assertJsonPath('errors.0.source.field', 'payload');
+
+        $this->actingAs($user)->postJson($this->link($schedule, '/tasks'), [
+            'action' => 'command',
+            'payload' => 'say Test',
+            'time_offset' => 0,
+            'sequence_id' => 'hodor',
+        ])
+            ->assertStatus(Response::HTTP_UNPROCESSABLE_ENTITY)
+            ->assertJsonPath('errors.0.code', 'numeric')
+            ->assertJsonPath('errors.0.source.field', 'sequence_id');
+    }
+
+    /**
+     * Test that backups can be tasked out correctly since they do not require a payload.
+     */
+    public function testBackupsCanBeTaskedCorrectly()
+    {
+        [$user, $server] = $this->generateTestAccount();
+
+        /** @var \Pterodactyl\Models\Schedule $schedule */
+        $schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
+
+        $this->actingAs($user)->postJson($this->link($schedule, '/tasks'), [
+            'action' => 'backup',
+            'time_offset' => 0,
+        ])->assertOk();
+
+        $this->actingAs($user)->postJson($this->link($schedule, '/tasks'), [
+            'action' => 'backup',
+            'payload' => "file.txt\nfile2.log",
+            'time_offset' => 0,
+        ])->assertOk();
+    }
+
+    /**
+     * Test that an error is returned if the user attempts to create an additional task that
+     * would put the schedule over the task limit.
+     */
+    public function testErrorIsReturnedIfTooManyTasksExistForSchedule()
+    {
+        config()->set('pterodactyl.client_features.schedules.per_schedule_task_limit', 2);
+
+        [$user, $server] = $this->generateTestAccount();
+
+        /** @var \Pterodactyl\Models\Schedule $schedule */
+        $schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
+        factory(Task::class)->times(2)->create(['schedule_id' => $schedule->id]);
+
+        $this->actingAs($user)->postJson($this->link($schedule, '/tasks'), [
+            'action' => 'command',
+            'payload' => 'say test',
+            'time_offset' => 0,
+        ])
+            ->assertStatus(Response::HTTP_BAD_REQUEST)
+            ->assertJsonPath('errors.0.code', 'ServiceLimitExceededException')
+            ->assertJsonPath('errors.0.detail', 'Schedules may not have more than 2 tasks associated with them. Creating this task would put this schedule over the limit.');
+    }
+
+    /**
+     * Test that an error is returned if the targeted schedule does not belong to the server
+     * in the request.
+     */
+    public function testErrorIsReturnedIfScheduleDoesNotBelongToServer()
+    {
+        [$user, $server] = $this->generateTestAccount();
+        [, $server2] = $this->generateTestAccount(['user_id' => $user->id]);
+
+        /** @var \Pterodactyl\Models\Schedule $schedule */
+        $schedule = factory(Schedule::class)->create(['server_id' => $server2->id]);
+
+        $this->actingAs($user)
+            ->postJson("/api/client/servers/{$server->uuid}/schedules/{$schedule->id}/tasks")
+            ->assertNotFound();
+    }
+
+    /**
+     * Test that an error is returned if the subuser making the request does not have permission
+     * to update a schedule.
+     */
+    public function testErrorIsReturnedIfSubuserDoesNotHaveScheduleUpdatePermissions()
+    {
+        [$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_CREATE]);
+
+        /** @var \Pterodactyl\Models\Schedule $schedule */
+        $schedule = factory(Schedule::class)->create(['server_id' => $server->id]);
+
+        $this->actingAs($user)
+            ->postJson($this->link($schedule, '/tasks'))
+            ->assertForbidden();
+    }
+
+    /**
+     * @return array
+     */
+    public function permissionsDataProvider(): array
+    {
+        return [[[]], [[Permission::ACTION_SCHEDULE_UPDATE]]];
+    }
+}