Path: blob/1.0-develop/tests/Integration/Api/Client/Server/Subuser/DeleteSubuserTest.php
7461 views
<?php12namespace Pterodactyl\Tests\Integration\Api\Client\Server\Subuser;34use Ramsey\Uuid\Uuid;5use Pterodactyl\Models\User;6use Pterodactyl\Models\Subuser;7use Pterodactyl\Models\Permission;8use Pterodactyl\Repositories\Wings\DaemonServerRepository;9use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;1011class DeleteSubuserTest extends ClientApiIntegrationTestCase12{13/**14* Guards against PHP's exciting behavior where a string can be cast to an int and only15* the first numeric digits are returned. This causes UUIDs to be returned as an int when16* looking up users, thus returning the wrong subusers (or no subuser at all).17*18* For example, 12aaaaaa-bbbb-cccc-ddddeeeeffff would be cast to "12" if you tried to cast19* it to an integer. Then, in the deep API middlewares you would end up trying to load a user20* with an ID of 12, which may or may not exist and be wrongly assigned to the model object.21*22* @see https://github.com/pterodactyl/panel/issues/235923*/24public function testCorrectSubuserIsDeletedFromServer()25{26$this->swap(DaemonServerRepository::class, $mock = \Mockery::mock(DaemonServerRepository::class));2728[$user, $server] = $this->generateTestAccount();2930/** @var User $differentUser */31$differentUser = User::factory()->create();3233$real = Uuid::uuid4()->toString();34// Generate a UUID that lines up with a user in the database if it were to be cast to an int.35$uuid = $differentUser->id . substr($real, strlen((string) $differentUser->id));3637/** @var User $subuser */38$subuser = User::factory()->create(['uuid' => $uuid]);3940Subuser::query()->forceCreate([41'user_id' => $subuser->id,42'server_id' => $server->id,43'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],44]);4546$mock->expects('setServer->revokeUserJTI')->with($subuser->id)->andReturnUndefined();4748$this->actingAs($user)->deleteJson($this->link($server) . "/users/$subuser->uuid")->assertNoContent();4950// Try the same test, but this time with a UUID that if cast to an int (shouldn't) line up with51// anything in the database.52$uuid = '18180000' . substr(Uuid::uuid4()->toString(), 8);53/** @var User $subuser */54$subuser = User::factory()->create(['uuid' => $uuid]);5556Subuser::query()->forceCreate([57'user_id' => $subuser->id,58'server_id' => $server->id,59'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],60]);6162$mock->expects('setServer->revokeUserJTI')->with($subuser->id)->andReturnUndefined();6364$this->actingAs($user)->deleteJson($this->link($server) . "/users/$subuser->uuid")->assertNoContent();65}66}676869