Add test, fix behavior of model creation

DaneEveritt · DaneEveritt · commit 8bbe6bc27947 · 2018-07-14T22:58:33.000-07:00
diff --git a/app/Http/Middleware/Api/AuthenticateKey.php b/app/Http/Middleware/Api/AuthenticateKey.php
@@ -68,15 +68,15 @@ public function handle(Request $request, Closure $next, int $keyType)
         // This is a request coming through using cookies, we have an authenticated user not using
         // an API key. Make some fake API key models and continue on through the process.
         if (empty($raw) && $request->user() instanceof User) {
-            $model = new ApiKey([
+            $model = (new ApiKey())->forceFill([
                 'user_id' => $request->user()->id,
                 'key_type' => ApiKey::TYPE_ACCOUNT,
             ]);
         } else {
             $model = $this->authenticateApiKey($raw, $keyType);
+            $this->auth->guard()->loginUsingId($model->user_id);
         }
 
-        $this->auth->guard()->loginUsingId($model->user_id);
         $request->attributes->set('api_key', $model);
 
         return $next($request);
diff --git a/tests/Unit/Http/Middleware/API/AuthenticateKeyTest.php b/tests/Unit/Http/Middleware/API/AuthenticateKeyTest.php
@@ -4,6 +4,7 @@
 
 use Mockery as m;
 use Cake\Chronos\Chronos;
+use Pterodactyl\Models\User;
 use Pterodactyl\Models\ApiKey;
 use Illuminate\Auth\AuthManager;
 use Illuminate\Contracts\Encryption\Encrypter;
@@ -48,6 +49,7 @@ public function setUp()
      */
     public function testMissingBearerTokenThrowsException()
     {
+        $this->request->shouldReceive('user')->andReturnNull();
         $this->request->shouldReceive('bearerToken')->withNoArgs()->once()->andReturnNull();
 
         try {
@@ -117,6 +119,25 @@ public function testValidTokenWithUserKey()
         $this->assertEquals($model, $this->request->attributes->get('api_key'));
     }
 
+    /**
+     * Test that we can still make it though this middleware if the user is logged in and passing
+     * through a cookie.
+     */
+    public function testAccessWithoutToken()
+    {
+        $user = factory(User::class)->make(['id' => 123]);
+
+        $this->request->shouldReceive('user')->andReturn($user);
+        $this->request->shouldReceive('bearerToken')->withNoArgs()->twice()->andReturnNull();
+
+        $this->getMiddleware()->handle($this->request, $this->getClosureAssertions(), ApiKey::TYPE_ACCOUNT);
+        $model = $this->request->attributes->get('api_key');
+
+        $this->assertSame(ApiKey::TYPE_ACCOUNT, $model->key_type);
+        $this->assertSame(123, $model->user_id);
+        $this->assertNull($model->identifier);
+    }
+
     /**
      * Test that a valid token identifier with an invalid token attached to it
      * triggers an exception.
