Added validation to variable validation rules to validate that the validation rules are valid

closes pterodactyl#988

Author: DaneEveritt

CHANGELOG.md

@@ -9,6 +9,7 @@ This project follows [Semantic Versioning](http://semver.org) guidelines.
 
 ### Added
 * Added a new client API endpoint for gathering the utilization stats for servers including disk, cpu, and memory. `GET /api/client/servers/<id>/utilization`
+* Added validation to variable validation rules to validate that the validation rules are valid because we heard you like validating your validation.
 
 ## v0.7.6 (Derelict Dermodactylus)
 ### Fixed

app/Exceptions/Service/Egg/Variable/BadValidationRuleException.php

@@ -0,0 +1,9 @@
+<?php
+
+namespace Pterodactyl\Exceptions\Service\Egg\Variable;
+
+use Pterodactyl\Exceptions\DisplayException;
+
+class BadValidationRuleException extends DisplayException
+{
+}

app/Services/Eggs/Variables/VariableCreationService.php

@@ -3,24 +3,46 @@
 namespace Pterodactyl\Services\Eggs\Variables;
 
 use Pterodactyl\Models\EggVariable;
+use Illuminate\Contracts\Validation\Factory;
+use Pterodactyl\Traits\Services\ValidatesValidationRules;
 use Pterodactyl\Contracts\Repository\EggVariableRepositoryInterface;
 use Pterodactyl\Exceptions\Service\Egg\Variable\ReservedVariableNameException;
 
 class VariableCreationService
 {
+    use ValidatesValidationRules;
+
     /**
      * @var \Pterodactyl\Contracts\Repository\EggVariableRepositoryInterface
      */
-    protected $repository;
+    private $repository;
+
+    /**
+     * @var \Illuminate\Contracts\Validation\Factory
+     */
+    private $validator;
 
     /**
      * VariableCreationService constructor.
      *
      * @param \Pterodactyl\Contracts\Repository\EggVariableRepositoryInterface $repository
+     * @param \Illuminate\Contracts\Validation\Factory                         $validator
      */
-    public function __construct(EggVariableRepositoryInterface $repository)
+    public function __construct(EggVariableRepositoryInterface $repository, Factory $validator)
     {
         $this->repository = $repository;
+        $this->validator = $validator;
+    }
+
+    /**
+     * Return the validation factory instance to be used by rule validation
+     * checking in the trait.
+     *
+     * @return \Illuminate\Contracts\Validation\Factory
+     */
+    protected function getValidator(): Factory
+    {
+        return $this->validator;
     }
 
     /**
@@ -31,6 +53,7 @@ public function __construct(EggVariableRepositoryInterface $repository)
      * @return \Pterodactyl\Models\EggVariable
      *
      * @throws \Pterodactyl\Exceptions\Model\DataValidationException
+     * @throws \Pterodactyl\Exceptions\Service\Egg\Variable\BadValidationRuleException
      * @throws \Pterodactyl\Exceptions\Service\Egg\Variable\ReservedVariableNameException
      */
     public function handle(int $egg, array $data): EggVariable
@@ -42,6 +65,10 @@ public function handle(int $egg, array $data): EggVariable
             ));
         }
 
+        if (! empty($data['rules'] ?? '')) {
+            $this->validateRules($data['rules']);
+        }
+
         $options = array_get($data, 'options') ?? [];
 
         return $this->repository->create([

app/Services/Eggs/Variables/VariableUpdateService.php

@@ -3,25 +3,47 @@
 namespace Pterodactyl\Services\Eggs\Variables;
 
 use Pterodactyl\Models\EggVariable;
+use Illuminate\Contracts\Validation\Factory;
 use Pterodactyl\Exceptions\DisplayException;
+use Pterodactyl\Traits\Services\ValidatesValidationRules;
 use Pterodactyl\Contracts\Repository\EggVariableRepositoryInterface;
 use Pterodactyl\Exceptions\Service\Egg\Variable\ReservedVariableNameException;
 
 class VariableUpdateService
 {
+    use ValidatesValidationRules;
+
     /**
      * @var \Pterodactyl\Contracts\Repository\EggVariableRepositoryInterface
      */
-    protected $repository;
+    private $repository;
+
+    /**
+     * @var \Illuminate\Contracts\Validation\Factory
+     */
+    private $validator;
 
     /**
      * VariableUpdateService constructor.
      *
      * @param \Pterodactyl\Contracts\Repository\EggVariableRepositoryInterface $repository
+     * @param \Illuminate\Contracts\Validation\Factory                         $validator
      */
-    public function __construct(EggVariableRepositoryInterface $repository)
+    public function __construct(EggVariableRepositoryInterface $repository, Factory $validator)
     {
         $this->repository = $repository;
+        $this->validator = $validator;
+    }
+
+    /**
+     * Return the validation factory instance to be used by rule validation
+     * checking in the trait.
+     *
+     * @return \Illuminate\Contracts\Validation\Factory
+     */
+    protected function getValidator(): Factory
+    {
+        return $this->validator;
     }
 
     /**
@@ -58,6 +80,10 @@ public function handle(EggVariable $variable, array $data)
             }
         }
 
+        if (! empty($data['rules'] ?? '')) {
+            $this->validateRules($data['rules']);
+        }
+
         $options = array_get($data, 'options') ?? [];
 
         return $this->repository->withoutFreshModel()->update($variable->id, [

app/Traits/Services/ValidatesValidationRules.php

@@ -0,0 +1,40 @@
+<?php
+
+namespace Pterodactyl\Traits\Services;
+
+use BadMethodCallException;
+use Illuminate\Support\Str;
+use Illuminate\Contracts\Validation\Factory;
+use Pterodactyl\Exceptions\Service\Egg\Variable\BadValidationRuleException;
+
+trait ValidatesValidationRules
+{
+    /**
+     * @return \Illuminate\Contracts\Validation\Factory
+     */
+    abstract protected function getValidator(): Factory;
+
+    /**
+     * Validate that the rules being provided are valid for Laravel and can
+     * be resolved.
+     *
+     * @param array|string $rules
+     *
+     * @throws \Pterodactyl\Exceptions\Service\Egg\Variable\BadValidationRuleException
+     */
+    public function validateRules($rules)
+    {
+        try {
+            $this->getValidator()->make(['__TEST' => 'test'], ['__TEST' => $rules])->fails();
+        } catch (BadMethodCallException $exception) {
+            $matches = [];
+            if (preg_match('/Method \[(.+)\] does not exist\./', $exception->getMessage(), $matches)) {
+                throw new BadValidationRuleException(trans('exceptions.nest.variables.bad_validation_rule', [
+                    'rule' => Str::snake(str_replace('validate', '', array_get($matches, 1, 'unknownRule'))),
+                ]), $exception);
+            }
+
+            throw $exception;
+        }
+    }
+}

resources/lang/en/exceptions.php

@@ -24,6 +24,7 @@
         'variables' => [
             'env_not_unique' => 'The environment variable :name must be unique to this Egg.',
             'reserved_name' => 'The environment variable :name is protected and cannot be assigned to a variable.',
+            'bad_validation_rule' => 'The validation rule ":rule" is not a valid rule for this application.',
         ],
         'importer' => [
             'json_error' => 'There was an error while attempting to parse the JSON file: :error.',

resources/themes/pterodactyl/admin/eggs/variables.blade.php

@@ -105,20 +105,20 @@
                 <div class="modal-body">
                     <div class="form-group">
                         <label class="control-label">Name <span class="field-required"></span></label>
-                        <input type="text" name="name" class="form-control" />
+                        <input type="text" name="name" class="form-control" value="{{ old('name') }}"/>
                     </div>
                     <div class="form-group">
                         <label class="control-label">Description</label>
-                        <textarea name="description" class="form-control" rows="3"></textarea>
+                        <textarea name="description" class="form-control" rows="3">{{ old('description') }}</textarea>
                     </div>
                     <div class="row">
                         <div class="form-group col-md-6">
                             <label class="control-label">Environment Variable <span class="field-required"></span></label>
-                            <input type="text" name="env_variable" class="form-control" />
+                            <input type="text" name="env_variable" class="form-control" value="{{ old('env_variable') }}" />
                         </div>
                         <div class="form-group col-md-6">
                             <label class="control-label">Default Value</label>
-                            <input type="text" name="default_value" class="form-control" />
+                            <input type="text" name="default_value" class="form-control" value="{{ old('default_value') }}" />
                         </div>
                         <div class="col-xs-12">
                             <p class="text-muted small">This variable can be accessed in the statup command by entering <code>@{{environment variable value}}</code>.</p>
@@ -133,7 +133,7 @@
                     </div>
                     <div class="form-group">
                         <label class="control-label">Input Rules <span class="field-required"></span></label>
-                        <input type="text" name="rules" class="form-control" value="required|string|max:20" placeholder="required|string|max:20" />
+                        <input type="text" name="rules" class="form-control" value="{{ old('rules', 'required|string|max:20') }}" placeholder="required|string|max:20" />
                         <p class="text-muted small">These rules are defined using standard Laravel Framework validation rules.</p>
                     </div>
                 </div>

tests/Unit/Services/Eggs/Variables/VariableCreationServiceTest.php

@@ -4,7 +4,9 @@
 
 use Mockery as m;
 use Tests\TestCase;
+use BadMethodCallException;
 use Pterodactyl\Models\EggVariable;
+use Illuminate\Contracts\Validation\Factory;
 use Pterodactyl\Services\Eggs\Variables\VariableCreationService;
 use Pterodactyl\Contracts\Repository\EggVariableRepositoryInterface;
 
@@ -13,12 +15,12 @@ class VariableCreationServiceTest extends TestCase
     /**
      * @var \Pterodactyl\Contracts\Repository\EggVariableRepositoryInterface|\Mockery\Mock
      */
-    protected $repository;
+    private $repository;
 
     /**
-     * @var \Pterodactyl\Services\Eggs\Variables\VariableCreationService
+     * @var \Illuminate\Contracts\Validation\Factory|\Mockery\Mock
      */
-    protected $service;
+    private $validator;
 
     /**
      * Setup tests.
@@ -28,8 +30,7 @@ public function setUp()
         parent::setUp();
 
         $this->repository = m::mock(EggVariableRepositoryInterface::class);
-
-        $this->service = new VariableCreationService($this->repository);
+        $this->validator = m::mock(Factory::class);
     }
 
     /**
@@ -46,7 +47,7 @@ public function testVariableIsCreatedAndStored()
             'env_variable' => 'TEST_VAR_123',
         ]))->once()->andReturn(new EggVariable);
 
-        $this->assertInstanceOf(EggVariable::class, $this->service->handle(1, $data));
+        $this->assertInstanceOf(EggVariable::class, $this->getService()->handle(1, $data));
     }
 
     /**
@@ -62,7 +63,7 @@ public function testOptionsPassedInArrayKeyAreParsedProperly()
             'env_variable' => 'TEST_VAR_123',
         ]))->once()->andReturn(new EggVariable);
 
-        $this->assertInstanceOf(EggVariable::class, $this->service->handle(1, $data));
+        $this->assertInstanceOf(EggVariable::class, $this->getService()->handle(1, $data));
     }
 
     /**
@@ -81,18 +82,20 @@ public function testNullOptionValueIsPassedAsArray()
             'user_editable' => false,
         ]))->once()->andReturn(new EggVariable);
 
-        $this->assertInstanceOf(EggVariable::class, $this->service->handle(1, $data));
+        $this->assertInstanceOf(EggVariable::class, $this->getService()->handle(1, $data));
     }
 
     /**
      * Test that all of the reserved variables defined in the model trigger an exception.
      *
+     * @param string $variable
+     *
      * @dataProvider reservedNamesProvider
      * @expectedException \Pterodactyl\Exceptions\Service\Egg\Variable\ReservedVariableNameException
      */
     public function testExceptionIsThrownIfEnvironmentVariableIsInListOfReservedNames(string $variable)
     {
-        $this->service->handle(1, ['env_variable' => $variable]);
+        $this->getService()->handle(1, ['env_variable' => $variable]);
     }
 
     /**
@@ -106,7 +109,49 @@ public function testEggIdPassedInDataIsNotApplied()
             'egg_id' => 1,
         ]))->once()->andReturn(new EggVariable);
 
-        $this->assertInstanceOf(EggVariable::class, $this->service->handle(1, $data));
+        $this->assertInstanceOf(EggVariable::class, $this->getService()->handle(1, $data));
+    }
+
+    /**
+     * Test that validation errors due to invalid rules are caught and handled properly.
+     *
+     * @expectedException \Pterodactyl\Exceptions\Service\Egg\Variable\BadValidationRuleException
+     * @expectedExceptionMessage The validation rule "hodor_door" is not a valid rule for this application.
+     */
+    public function testInvalidValidationRulesResultInException()
+    {
+        $data = ['env_variable' => 'TEST_VAR_123', 'rules' => 'string|hodorDoor'];
+
+        $this->validator->shouldReceive('make')->once()
+            ->with(['__TEST' => 'test'], ['__TEST' => 'string|hodorDoor'])
+            ->andReturnSelf();
+
+        $this->validator->shouldReceive('fails')->once()
+            ->withNoArgs()
+            ->andThrow(new BadMethodCallException('Method [validateHodorDoor] does not exist.'));
+
+        $this->getService()->handle(1, $data);
+    }
+
+    /**
+     * Test that an exception not stemming from a bad rule is not caught.
+     *
+     * @expectedException \BadMethodCallException
+     * @expectedExceptionMessage Received something, but no expectations were specified.
+     */
+    public function testExceptionNotCausedByBadRuleIsNotCaught()
+    {
+        $data = ['env_variable' => 'TEST_VAR_123', 'rules' => 'string'];
+
+        $this->validator->shouldReceive('make')->once()
+            ->with(['__TEST' => 'test'], ['__TEST' => 'string'])
+            ->andReturnSelf();
+
+        $this->validator->shouldReceive('fails')->once()
+            ->withNoArgs()
+            ->andThrow(new BadMethodCallException('Received something, but no expectations were specified.'));
+
+        $this->getService()->handle(1, $data);
     }
 
     /**
@@ -124,4 +169,14 @@ public function reservedNamesProvider()
 
         return $data;
     }
+
+    /**
+     * Return an instance of the service with mocked dependencies for testing.
+     *
+     * @return \Pterodactyl\Services\Eggs\Variables\VariableCreationService
+     */
+    private function getService(): VariableCreationService
+    {
+        return new VariableCreationService($this->repository, $this->validator);
+    }
 }