Skip to content

Commit 5dee97e

Browse files
MrSoulPenguinMrSoulPenguin
committed
test: add cases to catch node permission issues on transfer status updates
1 parent 17e92c7 commit 5dee97e

File tree

1 file changed

+107
-0
lines changed

1 file changed

+107
-0
lines changed

tests/Integration/Api/Remote/ServerTransferControllerTest.php

Lines changed: 107 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,107 @@
1+
<?php
2+
3+
namespace Integration\Api\Remote;
4+
5+
use Pterodactyl\Models\ServerTransfer;
6+
use Pterodactyl\Tests\Integration\IntegrationTestCase;
7+
8+
class ServerTransferControllerTest extends IntegrationTestCase
9+
{
10+
protected ServerTransfer $transfer;
11+
12+
public function setup(): void
13+
{
14+
parent::setUp();
15+
16+
$transfer = $this->createServerTransferModel();
17+
18+
$this->transfer = $transfer;
19+
}
20+
21+
public function testSuccessStatusUpdateCanBeSentFromNewNode()
22+
{
23+
$server = $this->transfer->server;
24+
$newNode = $this->transfer->newNode;
25+
26+
$this->withHeader(
27+
'Authorization',
28+
"Bearer $newNode->daemon_token_id." . $newNode->getDecryptedKey()
29+
)->postJson("/api/remote/servers/$server->uuid/transfer/success")->assertNoContent();
30+
31+
$this->assertDatabaseHas('server_transfers', ['id' => $this->transfer->id, 'successful' => true]);
32+
}
33+
34+
public function testFailureStatusUpdateCanBeSentFromOldNode()
35+
{
36+
$server = $this->transfer->server;
37+
$oldNode = $this->transfer->oldNode;
38+
39+
$this->withHeader(
40+
'Authorization',
41+
"Bearer $oldNode->daemon_token_id." . $oldNode->getDecryptedKey()
42+
)->postJson("/api/remote/servers/$server->uuid/transfer/failure")->assertNoContent();
43+
44+
$this->assertDatabaseHas('server_transfers', ['id' => $this->transfer->id, 'successful' => false]);
45+
}
46+
47+
public function testFailureStatusUpdateCanBeSentFromNewNode()
48+
{
49+
$server = $this->transfer->server;
50+
$newNode = $this->transfer->newNode;
51+
52+
$this->withHeader(
53+
'Authorization',
54+
"Bearer $newNode->daemon_token_id." . $newNode->getDecryptedKey()
55+
)->postJson("/api/remote/servers/$server->uuid/transfer/failure")->assertNoContent();
56+
57+
$this->assertDatabaseHas('server_transfers', ['id' => $this->transfer->id, 'successful' => false]);
58+
}
59+
60+
public function testSuccessStatusUpdateCannotBeSentFromOldNode()
61+
{
62+
$server = $this->transfer->server;
63+
$oldNode = $this->transfer->oldNode;
64+
65+
$response = $this->withHeader(
66+
'Authorization',
67+
"Bearer $oldNode->daemon_token_id." . $oldNode->getDecryptedKey()
68+
)->postJson("/api/remote/servers/$server->uuid/transfer/success")->assertForbidden();
69+
70+
$response->assertJsonPath('errors.0.code', 'HttpForbiddenException');
71+
$response->assertJsonPath('errors.0.detail', 'Requesting node does not have permission to access this server.');
72+
73+
$this->assertDatabaseHas('server_transfers', ['id' => $this->transfer->id, 'successful' => null]);
74+
}
75+
76+
public function testSuccessStatusUpdateCannotBeSentFromUnauthorizedNode()
77+
{
78+
$server = $this->transfer->server;
79+
$susNode = $this->createNodeModel();
80+
81+
$response = $this->withHeader(
82+
'Authorization',
83+
"Bearer $susNode->daemon_token_id." . $susNode->getDecryptedKey()
84+
)->postJson("/api/remote/servers/$server->uuid/transfer/success")->assertForbidden();
85+
86+
$response->assertJsonPath('errors.0.code', 'HttpForbiddenException');
87+
$response->assertJsonPath('errors.0.detail', 'Requesting node does not have permission to access this server.');
88+
89+
$this->assertDatabaseHas('server_transfers', ['id' => $this->transfer->id, 'successful' => null]);
90+
}
91+
92+
public function testFailureStatusUpdateCannotBeSentFromUnauthorizedNode()
93+
{
94+
$server = $this->transfer->server;
95+
$susNode = $this->createNodeModel();
96+
97+
$response = $this->withHeader(
98+
'Authorization',
99+
"Bearer $susNode->daemon_token_id." . $susNode->getDecryptedKey()
100+
)->postJson("/api/remote/servers/$server->uuid/transfer/failure")->assertForbidden();
101+
102+
$response->assertJsonPath('errors.0.code', 'HttpForbiddenException');
103+
$response->assertJsonPath('errors.0.detail', 'Requesting node does not have permission to access this server.');
104+
105+
$this->assertDatabaseHas('server_transfers', ['id' => $this->transfer->id, 'successful' => null]);
106+
}
107+
}

0 commit comments

Comments
 (0)