Add test cases for client servers endpoint

Author: DaneEveritt

app/Models/Location.php

@@ -2,6 +2,16 @@
 
 namespace Pterodactyl\Models;
 
+/**
+ * @property int $id
+ * @property string $short
+ * @property string $long
+ * @property \Carbon\Carbon $created_at
+ * @property \Carbon\Carbon $updated_at
+ *
+ * @property \Pterodactyl\Models\Node[] $nodes
+ * @property \Pterodactyl\Models\Server[] $servers
+ */
 class Location extends Model
 {
     /**

database/factories/ModelFactory.php

@@ -20,8 +20,6 @@
 
 $factory->define(Pterodactyl\Models\Server::class, function (Faker $faker) {
     return [
-        'id' => $faker->unique()->randomNumber(),
-        'node_id' => $faker->randomNumber(),
         'uuid' => $faker->unique()->uuid,
         'uuidShort' => str_random(8),
         'name' => $faker->firstName,
@@ -34,9 +32,6 @@
         'io' => 500,
         'cpu' => 0,
         'oom_disabled' => 0,
-        'allocation_id' => $faker->randomNumber(),
-        'nest_id' => $faker->randomNumber(),
-        'egg_id' => $faker->randomNumber(),
         'pack_id' => null,
         'installed' => 1,
         'database_limit' => null,
@@ -50,7 +45,6 @@
     static $password;
 
     return [
-        'id' => $faker->unique()->randomNumber(),
         'external_id' => $faker->unique()->isbn10,
         'uuid' => $faker->uuid,
         'username' => $faker->userName,
@@ -74,15 +68,13 @@
 
 $factory->define(Pterodactyl\Models\Location::class, function (Faker $faker) {
     return [
-        'id' => $faker->unique()->randomNumber(),
-        'short' => $faker->unique()->domainWord,
+        'short' => Str::random(8),
         'long' => $faker->catchPhrase,
     ];
 });
 
 $factory->define(Pterodactyl\Models\Node::class, function (Faker $faker) {
     return [
-        'id' => $faker->unique()->randomNumber(),
         'uuid' => Uuid::uuid4()->toString(),
         'public' => true,
         'name' => $faker->firstName,
@@ -104,7 +96,6 @@
 
 $factory->define(Pterodactyl\Models\Nest::class, function (Faker $faker) {
     return [
-        'id' => $faker->unique()->randomNumber(),
         'uuid' => $faker->unique()->uuid,
         'author' => 'testauthor@example.com',
         'name' => $faker->word,
@@ -114,9 +105,7 @@
 
 $factory->define(Pterodactyl\Models\Egg::class, function (Faker $faker) {
     return [
-        'id' => $faker->unique()->randomNumber(),
         'uuid' => $faker->unique()->uuid,
-        'nest_id' => $faker->unique()->randomNumber(),
         'name' => $faker->name,
         'description' => implode(' ', $faker->sentences(3)),
         'startup' => 'java -jar test.jar',
@@ -125,7 +114,6 @@
 
 $factory->define(Pterodactyl\Models\EggVariable::class, function (Faker $faker) {
     return [
-        'id' => $faker->unique()->randomNumber(),
         'name' => $faker->firstName,
         'description' => $faker->sentence(),
         'env_variable' => strtoupper(str_replace(' ', '_', $faker->words(2, true))),
@@ -146,8 +134,6 @@
 
 $factory->define(Pterodactyl\Models\Pack::class, function (Faker $faker) {
     return [
-        'id' => $faker->unique()->randomNumber(),
-        'egg_id' => $faker->randomNumber(),
         'uuid' => $faker->uuid,
         'name' => $faker->word,
         'description' => null,
@@ -159,41 +145,30 @@
 });
 
 $factory->define(Pterodactyl\Models\Subuser::class, function (Faker $faker) {
-    return [
-        'id' => $faker->unique()->randomNumber(),
-        'user_id' => $faker->randomNumber(),
-        'server_id' => $faker->randomNumber(),
-    ];
+    return [];
 });
 
 $factory->define(Pterodactyl\Models\Allocation::class, function (Faker $faker) {
     return [
-        'id' => $faker->unique()->randomNumber(),
-        'node_id' => $faker->randomNumber(),
         'ip' => $faker->ipv4,
         'port' => $faker->randomNumber(5),
     ];
 });
 
 $factory->define(Pterodactyl\Models\DatabaseHost::class, function (Faker $faker) {
     return [
-        'id' => $faker->unique()->randomNumber(),
         'name' => $faker->colorName,
         'host' => $faker->unique()->ipv4,
         'port' => 3306,
         'username' => $faker->colorName,
         'password' => Crypt::encrypt($faker->word),
-        'node_id' => $faker->randomNumber(),
     ];
 });
 
 $factory->define(Pterodactyl\Models\Database::class, function (Faker $faker) {
     static $password;
 
     return [
-        'id' => $faker->unique()->randomNumber(),
-        'server_id' => $faker->randomNumber(),
-        'database_host_id' => $faker->randomNumber(),
         'database' => str_random(10),
         'username' => str_random(10),
         'remote' => '%',
@@ -205,16 +180,12 @@
 
 $factory->define(Pterodactyl\Models\Schedule::class, function (Faker $faker) {
     return [
-        'id' => $faker->unique()->randomNumber(),
-        'server_id' => $faker->randomNumber(),
         'name' => $faker->firstName(),
     ];
 });
 
 $factory->define(Pterodactyl\Models\Task::class, function (Faker $faker) {
     return [
-        'id' => $faker->unique()->randomNumber(),
-        'schedule_id' => $faker->randomNumber(),
         'sequence_id' => $faker->randomNumber(1),
         'action' => 'command',
         'payload' => 'test command',
@@ -225,9 +196,6 @@
 
 $factory->define(Pterodactyl\Models\DaemonKey::class, function (Faker $faker) {
     return [
-        'id' => $faker->unique()->randomNumber(),
-        'server_id' => $faker->randomNumber(),
-        'user_id' => $faker->randomNumber(),
         'secret' => 'i_' . str_random(40),
         'expires_at' => \Carbon\Carbon::now()->addMinutes(10)->toDateTimeString(),
     ];
@@ -237,8 +205,6 @@
     static $token;
 
     return [
-        'id' => $faker->unique()->randomNumber(),
-        'user_id' => $faker->randomNumber(),
         'key_type' => ApiKey::TYPE_APPLICATION,
         'identifier' => str_random(Pterodactyl\Models\ApiKey::IDENTIFIER_LENGTH),
         'token' => $token ?: $token = encrypt(str_random(Pterodactyl\Models\ApiKey::KEY_LENGTH)),

tests/Integration/Api/Client/ApiKeyControllerTest.php

@@ -63,7 +63,7 @@ public function testApiKeyCanBeCreatedForAccount()
         /** @var \Pterodactyl\Models\User $user */
         $user = factory(User::class)->create();
 
-        // Small sub-test to ensure we're always comparing the number of keys to the
+        // Small sub-test to ensure we're always comparing the  number of keys to the
         // specific logged in account, and not just the total number of keys stored in
         // the database.
         factory(ApiKey::class)->times(10)->create([

tests/Integration/Api/Client/ClientControllerTest.php

@@ -0,0 +1,162 @@
+<?php
+
+namespace Pterodactyl\Tests\Integration\Api\Client;
+
+use Pterodactyl\Models\Node;
+use Pterodactyl\Models\User;
+use Pterodactyl\Models\Server;
+use Pterodactyl\Models\Subuser;
+use Pterodactyl\Models\Location;
+use Pterodactyl\Models\Permission;
+use Pterodactyl\Tests\Integration\IntegrationTestCase;
+
+class ClientControllerTest extends IntegrationTestCase
+{
+    /**
+     * Cleanup after tests are run.
+     */
+    protected function tearDown(): void
+    {
+        Server::query()->forceDelete();
+        User::query()->forceDelete();
+        Node::query()->forceDelete();
+        Location::query()->forceDelete();
+
+        parent::tearDown();
+    }
+
+    /**
+     * Test that only the servers a logged in user is assigned to are returned by the
+     * API endpoint. Obviously there are cases such as being an administrator or being
+     * a subuser, but for this test we just want to test a basic scenario and pretend
+     * subusers do not exist at all.
+     */
+    public function testOnlyLoggedInUsersServersAreReturned()
+    {
+        /** @var \Pterodactyl\Models\User[] $users */
+        $users = factory(User::class)->times(3)->create();
+
+        /** @var \Pterodactyl\Models\Server[] $servers */
+        $servers = [
+            $this->createServerModel(['user_id' => $users[0]->id]),
+            $this->createServerModel(['user_id' => $users[1]->id]),
+            $this->createServerModel(['user_id' => $users[2]->id]),
+        ];
+
+        $response = $this->actingAs($users[0])->getJson('/api/client');
+
+        $response->assertOk();
+        $response->assertJsonPath('object', 'list');
+        $response->assertJsonPath('data.0.object', Server::RESOURCE_NAME);
+        $response->assertJsonPath('data.0.attributes.identifier', $servers[0]->uuidShort);
+        $response->assertJsonPath('data.0.attributes.server_owner', true);
+        $response->assertJsonPath('meta.pagination.total', 1);
+        $response->assertJsonPath('meta.pagination.per_page', config('pterodactyl.paginate.frontend.servers'));
+    }
+
+    /**
+     * Tests that all of the servers on the system are returned when making the request as an
+     * administrator and including the ?filter=all parameter in the URL.
+     */
+    public function testFilterIncludeAllServersWhenAdministrator()
+    {
+        /** @var \Pterodactyl\Models\User[] $users */
+        $users = factory(User::class)->times(3)->create();
+        $users[0]->root_admin = true;
+
+        $servers = [
+            $this->createServerModel(['user_id' => $users[0]->id]),
+            $this->createServerModel(['user_id' => $users[1]->id]),
+            $this->createServerModel(['user_id' => $users[2]->id]),
+        ];
+
+        $response = $this->actingAs($users[0])->getJson('/api/client?filter=all');
+
+        $response->assertOk();
+        $response->assertJsonCount(3, 'data');
+
+        for ($i = 0; $i < 3; $i++) {
+            $response->assertJsonPath("data.{$i}.attributes.server_owner", $i === 0);
+            $response->assertJsonPath("data.{$i}.attributes.identifier", $servers[$i]->uuidShort);
+        }
+    }
+
+    /**
+     * Test that servers where the user is a subuser are returned by default in the API call.
+     */
+    public function testServersUserIsASubuserOfAreReturned()
+    {
+        /** @var \Pterodactyl\Models\User[] $users */
+        $users = factory(User::class)->times(3)->create();
+        $servers = [
+            $this->createServerModel(['user_id' => $users[0]->id]),
+            $this->createServerModel(['user_id' => $users[1]->id]),
+            $this->createServerModel(['user_id' => $users[2]->id]),
+        ];
+
+        // Set user 0 as a subuser of server 1. Thus, we should get two servers
+        // back in the response when making the API call as user 0.
+        Subuser::query()->create([
+            'user_id' => $users[0]->id,
+            'server_id' => $servers[1]->id,
+            'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
+        ]);
+
+        $response = $this->actingAs($users[0])->getJson('/api/client');
+
+        $response->assertOk();
+        $response->assertJsonCount(2, 'data');
+        $response->assertJsonPath('data.0.attributes.server_owner', true);
+        $response->assertJsonPath('data.0.attributes.identifier', $servers[0]->uuidShort);
+        $response->assertJsonPath('data.1.attributes.server_owner', false);
+        $response->assertJsonPath('data.1.attributes.identifier', $servers[1]->uuidShort);
+    }
+
+    /**
+     * Returns only servers that the user owns, not servers they are a subuser of.
+     */
+    public function testFilterOnlyOwnerServers()
+    {
+        /** @var \Pterodactyl\Models\User[] $users */
+        $users = factory(User::class)->times(3)->create();
+        $servers = [
+            $this->createServerModel(['user_id' => $users[0]->id]),
+            $this->createServerModel(['user_id' => $users[1]->id]),
+            $this->createServerModel(['user_id' => $users[2]->id]),
+        ];
+
+        // Set user 0 as a subuser of server 1. Thus, we should get two servers
+        // back in the response when making the API call as user 0.
+        Subuser::query()->create([
+            'user_id' => $users[0]->id,
+            'server_id' => $servers[1]->id,
+            'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
+        ]);
+
+        $response = $this->actingAs($users[0])->getJson('/api/client?filter=owner');
+
+        $response->assertOk();
+        $response->assertJsonCount(1, 'data');
+        $response->assertJsonPath('data.0.attributes.server_owner', true);
+        $response->assertJsonPath('data.0.attributes.identifier', $servers[0]->uuidShort);
+    }
+
+    /**
+     * Tests that the permissions from the Panel are returned correctly.
+     */
+    public function testPermissionsAreReturned()
+    {
+        /** @var \Pterodactyl\Models\User $user */
+        $user = factory(User::class)->create();
+
+        $this->actingAs($user)
+            ->getJson('/api/client/permissions')
+            ->assertOk()
+            ->assertJson([
+                'object' => 'system_permissions',
+                'attributes' => [
+                    'permissions' => Permission::permissions()->toArray(),
+                ],
+            ]);
+    }
+}

tests/Integration/IntegrationTestCase.php

@@ -5,10 +5,13 @@
 use Tests\TestCase;
 use Cake\Chronos\Chronos;
 use Illuminate\Database\Eloquent\Model;
+use Tests\Traits\Integration\CreatesTestModels;
 use Pterodactyl\Transformers\Api\Application\BaseTransformer;
 
 abstract class IntegrationTestCase extends TestCase
 {
+    use CreatesTestModels;
+
     /**
      * Setup base integration test cases.
      */