Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
pterodactyl
GitHub Repository: pterodactyl/panel
 Path: blob/1.0-develop/tests/Integration/Api/Client/Server/Startup/GetStartupAndVariablesTest.php
7461 views
1
<?php

2


3
namespace Pterodactyl\Tests\Integration\Api\Client\Server\Startup;

4


5
use Pterodactyl\Models\User;

6
use Pterodactyl\Models\Permission;

7
use Pterodactyl\Models\EggVariable;

8
use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;

9


10
class GetStartupAndVariablesTest extends ClientApiIntegrationTestCase

11
{

12
    /**

13
     * Test that the startup command and variables are returned for a server, but only the variables

14
     * that can be viewed by a user (e.g. user_viewable=true).

15
     */

16
    #[\PHPUnit\Framework\Attributes\DataProvider('permissionsDataProvider')]

17
    public function testStartupVariablesAreReturnedForServer(array $permissions)

18
    {

19
        /** @var \Pterodactyl\Models\Server $server */

20
        [$user, $server] = $this->generateTestAccount($permissions);

21


22
        $egg = $this->cloneEggAndVariables($server->egg);

23
        // BUNGEE_VERSION should never be returned to the user in this API call, either in

24
        // the array of variables, or revealed in the startup command.

25
        $egg->variables()->first()->update([

26
            'user_viewable' => false,

27
        ]);

28


29
        $server->fill([

30
            'egg_id' => $egg->id,

31
            'startup' => 'java {{SERVER_JARFILE}} --version {{BUNGEE_VERSION}}',

32
        ])->save();

33
        $server = $server->refresh();

34


35
        $response = $this->actingAs($user)->getJson($this->link($server) . '/startup');

36


37
        $response->assertOk();

38
        $response->assertJsonPath('meta.startup_command', 'java bungeecord.jar --version [hidden]');

39
        $response->assertJsonPath('meta.raw_startup_command', $server->startup);

40


41
        $response->assertJsonPath('object', 'list');

42
        $response->assertJsonCount(1, 'data');

43
        $response->assertJsonPath('data.0.object', EggVariable::RESOURCE_NAME);

44
        $this->assertJsonTransformedWith($response->json('data.0.attributes'), $egg->variables[1]);

45
    }

46


47
    /**

48
     * Test that a user without the required permission, or who does not have any permission to

49
     * access the server cannot get the startup information for it.

50
     */

51
    public function testStartupDataIsNotReturnedWithoutPermission()

52
    {

53
        [$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);

54
        $this->actingAs($user)->getJson($this->link($server) . '/startup')->assertForbidden();

55


56
        $user2 = User::factory()->create();

57
        $this->actingAs($user2)->getJson($this->link($server) . '/startup')->assertNotFound();

58
    }

59


60
    public static function permissionsDataProvider(): array

61
    {

62
        return [[[]], [[Permission::ACTION_STARTUP_READ]]];

63
    }

64
}

65


66