Fix failing tests (which caught a bug in the new client query)

Author: DaneEveritt

app/Models/RecoveryToken.php

@@ -17,6 +17,11 @@ class RecoveryToken extends Model
      */
     const UPDATED_AT = null;
 
+    /**
+     * @var bool
+     */
+    public $timestamps = true;
+
     /**
      * @var bool
      */

app/Models/User.php

@@ -266,11 +266,11 @@ public function recoveryTokens()
      * Returns all of the servers that a user can access by way of being the owner of the
      * server, or because they are assigned as a subuser for that server.
      *
-     * @return \Illuminate\Database\Eloquent\Relations\HasMany
+     * @return \Illuminate\Database\Eloquent\Builder
      */
     public function accessibleServers()
     {
-        return $this->hasMany(Server::class, 'owner_id')
+        return Server::query()
             ->select('servers.*')
             ->leftJoin('subusers', 'subusers.server_id', '=', 'servers.id')
             ->where(function (Builder $builder) {

tests/Integration/Api/Client/ClientControllerTest.php

@@ -35,7 +35,7 @@ public function testOnlyLoggedInUsersServersAreReturned()
         $response->assertJsonPath('data.0.attributes.identifier', $servers[0]->uuidShort);
         $response->assertJsonPath('data.0.attributes.server_owner', true);
         $response->assertJsonPath('meta.pagination.total', 1);
-        $response->assertJsonPath('meta.pagination.per_page', config('pterodactyl.paginate.frontend.servers'));
+        $response->assertJsonPath('meta.pagination.per_page', 50);
     }
 
     /**
@@ -54,7 +54,7 @@ public function testFilterIncludeAllServersWhenAdministrator()
             $this->createServerModel(['user_id' => $users[2]->id]),
         ];
 
-        $response = $this->actingAs($users[0])->getJson('/api/client?filter=all');
+        $response = $this->actingAs($users[0])->getJson('/api/client?type=all');
 
         $response->assertOk();
         $response->assertJsonCount(3, 'data');
@@ -117,7 +117,7 @@ public function testFilterOnlyOwnerServers()
             'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
         ]);
 
-        $response = $this->actingAs($users[0])->getJson('/api/client?filter=owner');
+        $response = $this->actingAs($users[0])->getJson('/api/client?type=owner');
 
         $response->assertOk();
         $response->assertJsonCount(1, 'data');

tests/Integration/Api/Client/TwoFactorControllerTest.php

@@ -6,6 +6,8 @@
 use Pterodactyl\Models\User;
 use Illuminate\Http\Response;
 use PragmaRX\Google2FA\Google2FA;
+use Pterodactyl\Models\RecoveryToken;
+use PHPUnit\Framework\ExpectationFailedException;
 
 class TwoFactorControllerTest extends ClientApiIntegrationTestCase
 {
@@ -89,11 +91,29 @@ public function testTwoFactorCanBeEnabledOnAccount()
             'code' => $token,
         ]);
 
-        $response->assertStatus(Response::HTTP_NO_CONTENT);
+        $response->assertOk();
+        $response->assertJsonPath('object', 'recovery_tokens');
 
         $user = $user->refresh();
-
         $this->assertTrue($user->use_totp);
+
+        $tokens = RecoveryToken::query()->where('user_id', $user->id)->get();
+        $this->assertCount(10, $tokens);
+        $this->assertStringStartsWith('$2y$10$', $tokens[0]->token);
+
+        $tokens = $tokens->pluck('token')->toArray();
+
+        foreach ($response->json('attributes.tokens') as $raw) {
+            foreach ($tokens as $hashed) {
+                if (password_verify($raw, $hashed)) {
+                    continue 2;
+                }
+            }
+
+            throw new ExpectationFailedException(
+                sprintf('Failed asserting that token [%s] exists as a hashed value in recovery_tokens table.', $raw)
+            );
+        }
     }
 
     /**