Add more middleware tests

DaneEveritt · DaneEveritt · commit 7882250bafd8 · 2017-11-03T18:16:49.000-05:00
diff --git a/app/Http/Middleware/Authenticate.php b/app/Http/Middleware/Authenticate.php
@@ -4,41 +4,26 @@
 
 use Closure;
 use Illuminate\Http\Request;
-use Illuminate\Contracts\Auth\Guard;
+use Illuminate\Auth\AuthenticationException;
 
 class Authenticate
 {
-    /**
-     * The Guard implementation.
-     *
-     * @var \Illuminate\Contracts\Auth\Guard
-     */
-    protected $auth;
-
-    /**
-     * Create a new filter instance.
-     *
-     * @param \Illuminate\Contracts\Auth\Guard $auth
-     */
-    public function __construct(Guard $auth)
-    {
-        $this->auth = $auth;
-    }
-
     /**
      * Handle an incoming request.
      *
      * @param \Illuminate\Http\Request $request
      * @param \Closure                 $next
      * @return mixed
+     *
+     * @throws \Illuminate\Auth\AuthenticationException
      */
     public function handle(Request $request, Closure $next)
     {
-        if ($this->auth->guest()) {
-            if ($request->ajax()) {
-                return response('Unauthorized.', 401);
+        if (! $request->user()) {
+            if ($request->ajax() || $request->expectsJson()) {
+                throw new AuthenticationException();
             } else {
-                return redirect()->guest('auth/login');
+                return redirect()->route('auth.login');
             }
         }
 
diff --git a/app/Http/Middleware/DaemonAuthenticate.php b/app/Http/Middleware/DaemonAuthenticate.php
@@ -11,10 +11,8 @@
 
 use Closure;
 use Illuminate\Http\Request;
-use Pterodactyl\Models\Node;
-use Symfony\Component\HttpKernel\Exception\HttpException;
 use Pterodactyl\Contracts\Repository\NodeRepositoryInterface;
-use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 
 class DaemonAuthenticate
 {
@@ -56,15 +54,10 @@ public function handle(Request $request, Closure $next)
         }
 
         if (! $request->header('X-Access-Node')) {
-            throw new HttpException(403);
-        }
-
-        try {
-            $node = $this->repository->findWhere(['daemonSecret' => $request->header('X-Access-Node')]);
-        } catch (RecordNotFoundException $exception) {
-            throw new HttpException(401);
+            throw new AccessDeniedHttpException;
         }
 
+        $node = $this->repository->findWhere(['daemonSecret' => $request->header('X-Access-Node')]);
         $request->attributes->set('node', $node);
 
         return $next($request);
diff --git a/app/Http/Middleware/LanguageMiddleware.php b/app/Http/Middleware/LanguageMiddleware.php
@@ -11,11 +11,16 @@
 
 use Closure;
 use Illuminate\Http\Request;
-use Illuminate\Support\Facades\App;
+use Illuminate\Foundation\Application;
 use Illuminate\Contracts\Config\Repository;
 
 class LanguageMiddleware
 {
+    /**
+     * @var \Illuminate\Foundation\Application
+     */
+    private $app;
+
     /**
      * @var \Illuminate\Contracts\Config\Repository
      */
@@ -24,10 +29,12 @@ class LanguageMiddleware
     /**
      * LanguageMiddleware constructor.
      *
+     * @param \Illuminate\Foundation\Application      $app
      * @param \Illuminate\Contracts\Config\Repository $config
      */
-    public function __construct(Repository $config)
+    public function __construct(Application $app, Repository $config)
     {
+        $this->app = $app;
         $this->config = $config;
     }
 
@@ -40,7 +47,7 @@ public function __construct(Repository $config)
      */
     public function handle(Request $request, Closure $next)
     {
-        App::setLocale($this->config->get('app.locale', 'en'));
+        $this->app->setLocale($this->config->get('app.locale', 'en'));
 
         return $next($request);
     }
diff --git a/app/Http/Middleware/RedirectIfAuthenticated.php b/app/Http/Middleware/RedirectIfAuthenticated.php
@@ -9,7 +9,7 @@
 class RedirectIfAuthenticated
 {
     /**
-     * @var \Illuminate\Contracts\Auth\Guard
+     * @var \Illuminate\Auth\AuthManager
      */
     private $authManager;
 
@@ -34,7 +34,7 @@ public function __construct(AuthManager $authManager)
     public function handle(Request $request, Closure $next, string $guard = null)
     {
         if ($this->authManager->guard($guard)->check()) {
-            return redirect(route('index'));
+            return redirect()->route('index');
         }
 
         return $next($request);
diff --git a/app/Http/Middleware/RequireTwoFactorAuthentication.php b/app/Http/Middleware/RequireTwoFactorAuthentication.php
@@ -73,27 +73,23 @@ public function __construct(AlertsMessageBag $alert, Settings $settings)
      */
     public function handle(Request $request, Closure $next)
     {
-        // Ignore non-users
         if (! $request->user()) {
             return $next($request);
         }
 
-        // Skip the 2FA pages
         if (in_array($request->route()->getName(), $this->except)) {
             return $next($request);
         }
 
-        // Get the setting
         switch ((int) $this->settings->get('2fa', 0)) {
             case self::LEVEL_NONE:
                 return $next($request);
-
+                break;
             case self::LEVEL_ADMIN:
-                if (! $request->user()->root_admin) {
+                if (! $request->user()->root_admin || $request->user()->use_totp) {
                     return $next($request);
                 }
                 break;
-
             case self::LEVEL_ALL:
                 if ($request->user()->use_totp) {
                     return $next($request);
diff --git a/database/factories/ModelFactory.php b/database/factories/ModelFactory.php
@@ -74,6 +74,7 @@
 $factory->define(Pterodactyl\Models\Node::class, function (Faker\Generator $faker) {
     return [
         'id' => $faker->unique()->randomNumber(),
+        'uuid' => $faker->unique()->uuid,
         'public' => true,
         'name' => $faker->firstName,
         'fqdn' => $faker->ipv4,
diff --git a/tests/Traits/Http/MocksMiddlewareClosure.php b/tests/Traits/Http/MocksMiddlewareClosure.php
@@ -8,11 +8,6 @@
 
 trait MocksMiddlewareClosure
 {
-    /**
-     * @var \Illuminate\Http\Request
-     */
-    protected $request;
-
     /**
      * Provide a closure to be used when validating that the response from the middleware
      * is the same request object we passed into it.
diff --git a/tests/Unit/Http/Middleware/AdminAuthenticateTest.php b/tests/Unit/Http/Middleware/AdminAuthenticateTest.php
@@ -0,0 +1,62 @@
+<?php
+
+namespace Tests\Unit\Http\Middleware;
+
+use Pterodactyl\Models\User;
+use Pterodactyl\Http\Middleware\AdminAuthenticate;
+use Symfony\Component\HttpKernel\Exception\HttpException;
+
+class AdminAuthenticateTest extends MiddlewareTestCase
+{
+    /**
+     * Test that an admin is authenticated.
+     */
+    public function testAdminsAreAuthenticated()
+    {
+        $user = factory(User::class)->make(['root_admin' => 1]);
+
+        $this->request->shouldReceive('user')->withNoArgs()->twice()->andReturn($user);
+
+        $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
+    }
+
+    /**
+     * Test that a missing user in the request triggers an error.
+     */
+    public function testExceptionIsThrownIfUserDoesNotExist()
+    {
+        $this->request->shouldReceive('user')->withNoArgs()->once()->andReturnNull();
+
+        try {
+            $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
+        } catch (HttpException $exception) {
+            $this->assertEquals(403, $exception->getStatusCode());
+        }
+    }
+
+    /**
+     * Test that an exception is thrown if the user is not an admin.
+     */
+    public function testExceptionIsThrownIfUserIsNotAnAdmin()
+    {
+        $user = factory(User::class)->make(['root_admin' => 0]);
+
+        $this->request->shouldReceive('user')->withNoArgs()->twice()->andReturn($user);
+
+        try {
+            $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
+        } catch (HttpException $exception) {
+            $this->assertEquals(403, $exception->getStatusCode());
+        }
+    }
+
+    /**
+     * Return an instance of the middleware using mocked dependencies.
+     *
+     * @return \Pterodactyl\Http\Middleware\AdminAuthenticate
+     */
+    private function getMiddleware(): AdminAuthenticate
+    {
+        return new AdminAuthenticate();
+    }
+}
diff --git a/tests/Unit/Http/Middleware/AuthenticateTest.php b/tests/Unit/Http/Middleware/AuthenticateTest.php
@@ -0,0 +1,57 @@
+<?php
+
+namespace Tests\Unit\Http\Middleware;
+
+use Illuminate\Http\RedirectResponse;
+use Pterodactyl\Http\Middleware\Authenticate;
+
+class AuthenticateTest extends MiddlewareTestCase
+{
+    /**
+     * Test that a logged in user validates correctly.
+     */
+    public function testLoggedInUser()
+    {
+        $this->request->shouldReceive('user')->withNoArgs()->once()->andReturn(true);
+
+        $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
+    }
+
+    /**
+     * Test that a logged out user results in a redirect.
+     */
+    public function testLoggedOutUser()
+    {
+        $this->request->shouldReceive('user')->withNoArgs()->once()->andReturnNull();
+        $this->request->shouldReceive('ajax')->withNoArgs()->once()->andReturn(false);
+        $this->request->shouldReceive('expectsJson')->withNoArgs()->once()->andReturn(false);
+
+        $response = $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
+        $this->assertInstanceOf(RedirectResponse::class, $response);
+        $this->assertEquals(302, $response->getStatusCode());
+        $this->assertEquals(route('auth.login'), $response->getTargetUrl());
+    }
+
+    /**
+     * Test that a logged out user via an API/Ajax request returns a HTTP error.
+     *
+     * @expectedException \Illuminate\Auth\AuthenticationException
+     */
+    public function testLoggedOUtUserApiRequest()
+    {
+        $this->request->shouldReceive('user')->withNoArgs()->once()->andReturnNull();
+        $this->request->shouldReceive('ajax')->withNoArgs()->once()->andReturn(true);
+
+        $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
+    }
+
+    /**
+     * Return an instance of the middleware using mocked dependencies.
+     *
+     * @return \Pterodactyl\Http\Middleware\Authenticate
+     */
+    private function getMiddleware(): Authenticate
+    {
+        return new Authenticate();
+    }
+}
diff --git a/tests/Unit/Http/Middleware/DaemonAuthenticateTest.php b/tests/Unit/Http/Middleware/DaemonAuthenticateTest.php
@@ -0,0 +1,77 @@
+<?php
+
+namespace Tests\Unit\Http\Middleware;
+
+use Mockery as m;
+use Pterodactyl\Models\Node;
+use Pterodactyl\Http\Middleware\DaemonAuthenticate;
+use Pterodactyl\Contracts\Repository\NodeRepositoryInterface;
+
+class DaemonAuthenticateTest extends MiddlewareTestCase
+{
+    /**
+     * @var \Pterodactyl\Contracts\Repository\NodeRepositoryInterface|\Mockery\Mock
+     */
+    private $repository;
+
+    /**
+     * Setup tests.
+     */
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->repository = m::mock(NodeRepositoryInterface::class);
+    }
+
+    /**
+     * Test a valid daemon connection.
+     */
+    public function testValidDaemonConnection()
+    {
+        $node = factory(Node::class)->make();
+
+        $this->request->shouldReceive('route->getName')->withNoArgs()->once()->andReturn('random.name');
+        $this->request->shouldReceive('header')->with('X-Access-Node')->twice()->andReturn($node->uuid);
+
+        $this->repository->shouldReceive('findWhere')->with(['daemonSecret' => $node->uuid])->once()->andReturn($node);
+
+        $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
+        $this->assertRequestHasAttribute('node');
+        $this->assertRequestAttributeEquals($node, 'node');
+    }
+
+    /**
+     * Test that ignored routes do not continue through the middleware.
+     */
+    public function testIgnoredRouteShouldContinue()
+    {
+        $this->request->shouldReceive('route->getName')->withNoArgs()->once()->andReturn('daemon.configuration');
+
+        $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
+        $this->assertRequestMissingAttribute('node');
+    }
+
+    /**
+     * Test that a request missing a X-Access-Node header causes an exception.
+     *
+     * @expectedException \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
+     */
+    public function testExceptionThrownIfMissingHeader()
+    {
+        $this->request->shouldReceive('route->getName')->withNoArgs()->once()->andReturn('random.name');
+        $this->request->shouldReceive('header')->with('X-Access-Node')->once()->andReturn(false);
+
+        $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
+    }
+
+    /**
+     * Return an instance of the middleware using mocked dependencies.
+     *
+     * @return \Pterodactyl\Http\Middleware\DaemonAuthenticate
+     */
+    private function getMiddleware(): DaemonAuthenticate
+    {
+        return new DaemonAuthenticate($this->repository);
+    }
+}
diff --git a/tests/Unit/Http/Middleware/LanguageMiddlewareTest.php b/tests/Unit/Http/Middleware/LanguageMiddlewareTest.php
diff --git a/tests/Unit/Http/Middleware/RedirectIfAuthenticatedTest.php b/tests/Unit/Http/Middleware/RedirectIfAuthenticatedTest.php
diff --git a/tests/Unit/Http/Middleware/RequireTwoFactorAuthenticationTest.php b/tests/Unit/Http/Middleware/RequireTwoFactorAuthenticationTest.php

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@`
`9`	`9`	`class RedirectIfAuthenticated`
`10`	`10`	`{`
`11`	`11`	`/**`
`12`		`- * @var \Illuminate\Contracts\Auth\Guard`
	`12`	`+ * @var \Illuminate\Auth\AuthManager`
`13`	`13`	`*/`
`14`	`14`	`private $authManager;`
`15`	`15`
`@@ -34,7 +34,7 @@ public function __construct(AuthManager $authManager)`
`34`	`34`	`public function handle(Request $request, Closure $next, string $guard = null)`
`35`	`35`	`{`
`36`	`36`	`if ($this->authManager->guard($guard)->check()) {`
`37`		`- return redirect(route('index'));`
	`37`	`+ return redirect()->route('index');`
`38`	`38`	`}`
`39`	`39`
`40`	`40`	`return $next($request);`