More middleware tests

DaneEveritt · DaneEveritt · commit 7b3393aff9e6 · 2017-11-01T20:45:43.000-05:00
diff --git a/app/Http/Middleware/Server/DatabaseBelongsToServer.php b/app/Http/Middleware/Server/DatabaseBelongsToServer.php
@@ -12,7 +12,7 @@ class DatabaseBelongsToServer
     /**
      * @var \Pterodactyl\Contracts\Repository\DatabaseRepositoryInterface
      */
-    protected $repository;
+    private $repository;
 
     /**
      * DatabaseAccess constructor.
@@ -40,7 +40,7 @@ public function handle(Request $request, Closure $next)
         $server = $request->attributes->get('server');
 
         $database = $this->repository->find($request->input('database'));
-        if ($database->server_id !== $server->id) {
+        if (is_null($database) || $database->server_id !== $server->id) {
             throw new NotFoundHttpException;
         }
 
diff --git a/app/Http/Middleware/Server/SubuserBelongsToServer.php b/app/Http/Middleware/Server/SubuserBelongsToServer.php
@@ -50,7 +50,7 @@ public function handle(Request $request, Closure $next)
 
         $hash = $request->route()->parameter('subuser', 0);
         $subuser = $this->repository->find($this->hashids->decodeFirst($hash, 0));
-        if (! $subuser || $subuser->server_id !== $server->id) {
+        if (is_null($subuser) || $subuser->server_id !== $server->id) {
             throw new NotFoundHttpException;
         }
 
diff --git a/tests/Assertions/MiddlewareAttributeAssertionsTrait.php b/tests/Assertions/MiddlewareAttributeAssertionsTrait.php
@@ -0,0 +1,39 @@
+<?php
+
+namespace Tests\Assertions;
+
+use PHPUnit\Framework\Assert;
+
+trait MiddlewareAttributeAssertionsTrait
+{
+    /**
+     * Assert a request has an attribute assigned to it.
+     *
+     * @param string $attribute
+     */
+    public function assertRequestHasAttribute(string $attribute)
+    {
+        Assert::assertTrue($this->request->attributes->has($attribute), 'Assert that request mock has ' . $attribute . ' attribute.');
+    }
+
+    /**
+     * Assert a request does not have an attribute assigned to it.
+     *
+     * @param string $attribute
+     */
+    public function assertRequestMissingAttribute(string $attribute)
+    {
+        Assert::assertFalse($this->request->attributes->has($attribute), 'Assert that request mock does not have ' . $attribute . ' attribute.');
+    }
+
+    /**
+     * Assert a request attribute matches an expected value.
+     *
+     * @param mixed  $expected
+     * @param string $attribute
+     */
+    public function assertRequestAttributeEquals($expected, string $attribute)
+    {
+        Assert::assertEquals($expected, $this->request->attributes->get($attribute));
+    }
+}
diff --git a/tests/Traits/Http/MocksMiddlewareClosure.php b/tests/Traits/Http/MocksMiddlewareClosure.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace Tests\Traits\Http;
+
+use Closure;
+use Illuminate\Http\Request;
+use BadFunctionCallException;
+
+trait MocksMiddlewareClosure
+{
+    /**
+     * @var \Illuminate\Http\Request
+     */
+    protected $request;
+
+    /**
+     * Provide a closure to be used when validating that the response from the middleware
+     * is the same request object we passed into it.
+     */
+    protected function getClosureAssertions(): Closure
+    {
+        if (is_null($this->request)) {
+            throw new BadFunctionCallException('Calling getClosureAssertions without defining a request object is not supported.');
+        }
+
+        return function ($response) {
+            $this->assertInstanceOf(Request::class, $response);
+            $this->assertSame($this->request, $response);
+        };
+    }
+}
diff --git a/tests/Unit/Http/Middleware/Daemon/DaemonAuthenticateTest.php b/tests/Unit/Http/Middleware/Daemon/DaemonAuthenticateTest.php
@@ -2,29 +2,21 @@
 
 namespace Tests\Unit\Http\Middleware\Daemon;
 
-use Closure;
 use Mockery as m;
-use Tests\TestCase;
-use Illuminate\Http\Request;
 use Pterodactyl\Models\Node;
-use Symfony\Component\HttpFoundation\ParameterBag;
+use Tests\Unit\Http\Middleware\MiddlewareTestCase;
 use Symfony\Component\HttpKernel\Exception\HttpException;
 use Pterodactyl\Http\Middleware\Daemon\DaemonAuthenticate;
 use Pterodactyl\Contracts\Repository\NodeRepositoryInterface;
 use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
 
-class DaemonAuthenticateTest extends TestCase
+class DaemonAuthenticateTest extends MiddlewareTestCase
 {
     /**
      * @var \Pterodactyl\Contracts\Repository\NodeRepositoryInterface|\Mockery\Mock
      */
     private $repository;
 
-    /**
-     * @var \Illuminate\Http\Request|\Mockery\Mock
-     */
-    private $request;
-
     /**
      * Setup tests.
      */
@@ -33,8 +25,6 @@ public function setUp()
         parent::setUp();
 
         $this->repository = m::mock(NodeRepositoryInterface::class);
-        $this->request = m::mock(Request::class);
-        $this->request->attributes = new ParameterBag();
     }
 
     /**
@@ -98,8 +88,8 @@ public function testSuccessfulMiddlewareProcess()
         $this->repository->shouldReceive('findFirstWhere')->with([['daemonSecret', '=', $model->daemonSecret]])->once()->andReturn($model);
 
         $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
-        $this->assertTrue($this->request->attributes->has('node'), 'Assert request attributes contains node.');
-        $this->assertSame($model, $this->request->attributes->get('node'));
+        $this->assertRequestHasAttribute('node');
+        $this->assertRequestAttributeEquals($model, 'node');
     }
 
     /**
@@ -111,16 +101,4 @@ private function getMiddleware(): DaemonAuthenticate
     {
         return new DaemonAuthenticate($this->repository);
     }
-
-    /**
-     * Provide a closure to be used when validating that the response from the middleware
-     * is the same request object we passed into it.
-     */
-    private function getClosureAssertions(): Closure
-    {
-        return function ($response) {
-            $this->assertInstanceOf(Request::class, $response);
-            $this->assertSame($this->request, $response);
-        };
-    }
 }
diff --git a/tests/Unit/Http/Middleware/MiddlewareTestCase.php b/tests/Unit/Http/Middleware/MiddlewareTestCase.php
@@ -0,0 +1,58 @@
+<?php
+
+namespace Tests\Unit\Http\Middleware;
+
+use Mockery as m;
+use Tests\TestCase;
+use Illuminate\Http\Request;
+use Pterodactyl\Models\User;
+use Tests\Traits\Http\MocksMiddlewareClosure;
+use Symfony\Component\HttpFoundation\ParameterBag;
+use Tests\Assertions\MiddlewareAttributeAssertionsTrait;
+
+abstract class MiddlewareTestCase extends TestCase
+{
+    use MiddlewareAttributeAssertionsTrait, MocksMiddlewareClosure;
+
+    /**
+     * @var \Illuminate\Http\Request|\Mockery\Mock
+     */
+    protected $request;
+
+    /**
+     * Setup tests with a mocked request object and normal attributes.
+     */
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->request = m::mock(Request::class);
+        $this->request->attributes = new ParameterBag();
+    }
+
+    /**
+     * Set a request attribute on the mock object.
+     *
+     * @param string $attribute
+     * @param mixed  $value
+     */
+    protected function setRequestAttribute(string $attribute, $value)
+    {
+        $this->request->attributes->set($attribute, $value);
+    }
+
+    /**
+     * Sets the mocked request user. If a user model is not provided, a factory model
+     * will be created and returned.
+     *
+     * @param \Pterodactyl\Models\User|null $user
+     * @return \Pterodactyl\Models\User
+     */
+    protected function setRequestUser(User $user = null): User
+    {
+        $user = $user instanceof User ? $user : factory(User::class)->make();
+        $this->request->shouldReceive('user')->withNoArgs()->andReturn($user);
+
+        return $user;
+    }
+}
diff --git a/tests/Unit/Http/Middleware/Server/AccessingValidServerTest.php b/tests/Unit/Http/Middleware/Server/AccessingValidServerTest.php
@@ -2,20 +2,16 @@
 
 namespace Tests\Unit\Http\Middleware\Server;
 
-use Closure;
 use Mockery as m;
-use Tests\TestCase;
-use Illuminate\View\View;
-use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 use Pterodactyl\Models\Server;
 use Illuminate\Contracts\Session\Session;
 use Illuminate\Contracts\Config\Repository;
-use Symfony\Component\HttpFoundation\ParameterBag;
+use Tests\Unit\Http\Middleware\MiddlewareTestCase;
 use Pterodactyl\Http\Middleware\AccessingValidServer;
 use Pterodactyl\Contracts\Repository\ServerRepositoryInterface;
 
-class AccessingValidServerTest extends TestCase
+class AccessingValidServerTest extends MiddlewareTestCase
 {
     /**
      * @var \Illuminate\Contracts\Config\Repository|\Mockery\Mock
@@ -27,11 +23,6 @@ class AccessingValidServerTest extends TestCase
      */
     private $repository;
 
-    /**
-     * @var \Illuminate\Http\Request|\Mockery\Mock
-     */
-    private $request;
-
     /**
      * @var \Illuminate\Contracts\Session\Session|\Mockery\Mock
      */
@@ -46,8 +37,6 @@ public function setUp()
 
         $this->config = m::mock(Repository::class);
         $this->repository = m::mock(ServerRepositoryInterface::class);
-        $this->request = m::mock(Request::class);
-        $this->request->attributes = new ParameterBag();
         $this->session = m::mock(Session::class);
     }
 
@@ -139,8 +128,8 @@ public function testValidServerProcess()
         $this->session->shouldReceive('now')->with('server_data.model', $model)->once()->andReturnNull();
 
         $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
-        $this->assertTrue($this->request->attributes->has('server'), 'Assert request attributes contains server.');
-        $this->assertSame($model, $this->request->attributes->get('server'));
+        $this->assertRequestHasAttribute('server');
+        $this->assertRequestAttributeEquals($model, 'server');
     }
 
     /**
@@ -170,16 +159,4 @@ private function getMiddleware(): AccessingValidServer
     {
         return new AccessingValidServer($this->config, $this->repository, $this->session);
     }
-
-    /**
-     * Provide a closure to be used when validating that the response from the middleware
-     * is the same request object we passed into it.
-     */
-    private function getClosureAssertions(): Closure
-    {
-        return function ($response) {
-            $this->assertInstanceOf(Request::class, $response);
-            $this->assertSame($this->request, $response);
-        };
-    }
 }
diff --git a/tests/Unit/Http/Middleware/Server/AuthenticateAsSubuserTest.php b/tests/Unit/Http/Middleware/Server/AuthenticateAsSubuserTest.php
@@ -0,0 +1,79 @@
+<?php
+
+namespace Tests\Unit\Http\Middleware\Server;
+
+use Mockery as m;
+use Pterodactyl\Models\Server;
+use Illuminate\Contracts\Session\Session;
+use Tests\Unit\Http\Middleware\MiddlewareTestCase;
+use Pterodactyl\Http\Middleware\Server\AuthenticateAsSubuser;
+use Pterodactyl\Services\DaemonKeys\DaemonKeyProviderService;
+use Pterodactyl\Exceptions\Repository\RecordNotFoundException;
+
+class AuthenticateAsSubuserTest extends MiddlewareTestCase
+{
+    /**
+     * @var \Pterodactyl\Services\DaemonKeys\DaemonKeyProviderService|\Mockery\Mock
+     */
+    private $keyProviderService;
+
+    /**
+     * @var \Illuminate\Contracts\Session\Session|\Mockery\Mock
+     */
+    private $session;
+
+    /**
+     * Setup tests.
+     */
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->keyProviderService = m::mock(DaemonKeyProviderService::class);
+        $this->session = m::mock(Session::class);
+    }
+
+    /**
+     * Test a successful instance of the middleware.
+     */
+    public function testSuccessfulMiddleware()
+    {
+        $model = factory(Server::class)->make();
+        $user = $this->setRequestUser();
+        $this->setRequestAttribute('server', $model);
+
+        $this->keyProviderService->shouldReceive('handle')->with($model->id, $user->id)->once()->andReturn('abc123');
+        $this->session->shouldReceive('now')->with('server_data.token', 'abc123')->once()->andReturnNull();
+
+        $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
+        $this->assertRequestHasAttribute('server_token');
+        $this->assertRequestAttributeEquals('abc123', 'server_token');
+    }
+
+    /**
+     * Test middleware handles missing token exception.
+     *
+     * @expectedException \Illuminate\Auth\AuthenticationException
+     * @expectedExceptionMessage This account does not have permission to access this server.
+     */
+    public function testExceptionIsThrownIfNoTokenIsFound()
+    {
+        $model = factory(Server::class)->make();
+        $user = $this->setRequestUser();
+        $this->setRequestAttribute('server', $model);
+
+        $this->keyProviderService->shouldReceive('handle')->with($model->id, $user->id)->once()->andThrow(new RecordNotFoundException);
+
+        $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
+    }
+
+    /**
+     * Return an instance of the middleware using mocked dependencies.
+     *
+     * @return \Pterodactyl\Http\Middleware\Server\AuthenticateAsSubuser
+     */
+    public function getMiddleware(): AuthenticateAsSubuser
+    {
+        return new AuthenticateAsSubuser($this->keyProviderService, $this->session);
+    }
+}
diff --git a/tests/Unit/Http/Middleware/Server/DatabaseBelongsToServerTest.php b/tests/Unit/Http/Middleware/Server/DatabaseBelongsToServerTest.php
diff --git a/tests/Unit/Http/Middleware/Server/ScheduleBelongsToServerTest.php b/tests/Unit/Http/Middleware/Server/ScheduleBelongsToServerTest.php
diff --git a/tests/Unit/Http/Middleware/Server/SubuserBelongsToServerTest.php b/tests/Unit/Http/Middleware/Server/SubuserBelongsToServerTest.php

Original file line number	Diff line number	Diff line change
`@@ -50,7 +50,7 @@ public function handle(Request $request, Closure $next)`
`50`	`50`
`51`	`51`	`$hash = $request->route()->parameter('subuser', 0);`
`52`	`52`	`$subuser = $this->repository->find($this->hashids->decodeFirst($hash, 0));`
`53`		`- if (! $subuser \|\| $subuser->server_id !== $server->id) {`
	`53`	`+ if (is_null($subuser) \|\| $subuser->server_id !== $server->id) {`
`54`	`54`	`throw new NotFoundHttpException;`
`55`	`55`	`}`
`56`	`56`