Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
pterodactyl
GitHub Repository: pterodactyl/panel
 Path: blob/1.0-develop/tests/Integration/Api/Client/Server/Subuser/DeleteSubuserTest.php
14052 views
1
<?php

2


3
namespace Pterodactyl\Tests\Integration\Api\Client\Server\Subuser;

4


5
use Ramsey\Uuid\Uuid;

6
use Pterodactyl\Models\User;

7
use Pterodactyl\Models\Subuser;

8
use Pterodactyl\Models\Permission;

9
use Illuminate\Support\Facades\Bus;

10
use Pterodactyl\Jobs\RevokeSftpAccessJob;

11
use PHPUnit\Framework\Attributes\TestWith;

12
use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;

13


14
class DeleteSubuserTest extends ClientApiIntegrationTestCase

15
{

16
    /**

17
     * Guards against PHP's exciting behavior where a string can be cast to an int and only

18
     * the first numeric digits are returned. This causes UUIDs to be returned as an int when

19
     * looking up users, thus returning the wrong subusers (or no subuser at all).

20
     *

21
     * For example, 12aaaaaa-bbbb-cccc-ddddeeeeffff would be cast to "12" if you tried to cast

22
     * it to an integer. Then, in the deep API middlewares you would end up trying to load a user

23
     * with an ID of 12, which may or may not exist and be wrongly assigned to the model object.

24
     *

25
     * @see https://github.com/pterodactyl/panel/issues/2359

26
     */

27
    #[TestWith([null])]

28
    #[TestWith(['18180000'])]

29
    public function testCorrectSubuserIsDeletedFromServer(?string $prefix)

30
    {

31
        Bus::fake([RevokeSftpAccessJob::class]);

32


33
        [$user, $server] = $this->generateTestAccount();

34


35
        /** @var User $differentUser */

36
        $differentUser = User::factory()->create();

37


38
        $real = Uuid::uuid4()->toString();

39
        // Generate a UUID that lines up with a user in the database if it were to be cast to an int.

40
        $uuid = ($prefix ?: $differentUser->id) . substr($real, strlen($prefix ?: (string) $differentUser->id));

41


42
        /** @var User $subuser */

43
        $subuser = User::factory()->create(['uuid' => $uuid]);

44


45
        Subuser::query()->forceCreate([

46
            'user_id' => $subuser->id,

47
            'server_id' => $server->id,

48
            'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],

49
        ]);

50


51
        $this->withoutExceptionHandling()

52
            ->actingAs($user)

53
            ->deleteJson($this->link($server) . "/users/$subuser->uuid")->assertNoContent();

54


55
        Bus::assertDispatchedTimes(function (RevokeSftpAccessJob $job) use ($subuser, $server) {

56
            return $job->user === $subuser->uuid && $job->target->is($server);

57
        });

58
    }

59
}

60


61