diff --git a/app/Models/RecoveryToken.php b/app/Models/RecoveryToken.php index 7be74f53c..5cd00a9d0 100644 --- a/app/Models/RecoveryToken.php +++ b/app/Models/RecoveryToken.php @@ -17,6 +17,11 @@ class RecoveryToken extends Model */ const UPDATED_AT = null; + /** + * @var bool + */ + public $timestamps = true; + /** * @var bool */ diff --git a/app/Models/User.php b/app/Models/User.php index 360fa3913..baff65b6f 100644 --- a/app/Models/User.php +++ b/app/Models/User.php @@ -266,11 +266,11 @@ class User extends Model implements * Returns all of the servers that a user can access by way of being the owner of the * server, or because they are assigned as a subuser for that server. * - * @return \Illuminate\Database\Eloquent\Relations\HasMany + * @return \Illuminate\Database\Eloquent\Builder */ public function accessibleServers() { - return $this->hasMany(Server::class, 'owner_id') + return Server::query() ->select('servers.*') ->leftJoin('subusers', 'subusers.server_id', '=', 'servers.id') ->where(function (Builder $builder) { diff --git a/tests/Integration/Api/Client/ClientControllerTest.php b/tests/Integration/Api/Client/ClientControllerTest.php index 1561f59cf..82aeb564d 100644 --- a/tests/Integration/Api/Client/ClientControllerTest.php +++ b/tests/Integration/Api/Client/ClientControllerTest.php @@ -35,7 +35,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase $response->assertJsonPath('data.0.attributes.identifier', $servers[0]->uuidShort); $response->assertJsonPath('data.0.attributes.server_owner', true); $response->assertJsonPath('meta.pagination.total', 1); - $response->assertJsonPath('meta.pagination.per_page', config('pterodactyl.paginate.frontend.servers')); + $response->assertJsonPath('meta.pagination.per_page', 50); } /** @@ -54,7 +54,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase $this->createServerModel(['user_id' => $users[2]->id]), ]; - $response = $this->actingAs($users[0])->getJson('/api/client?filter=all'); + $response = $this->actingAs($users[0])->getJson('/api/client?type=all'); $response->assertOk(); $response->assertJsonCount(3, 'data'); @@ -117,7 +117,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase 'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT], ]); - $response = $this->actingAs($users[0])->getJson('/api/client?filter=owner'); + $response = $this->actingAs($users[0])->getJson('/api/client?type=owner'); $response->assertOk(); $response->assertJsonCount(1, 'data'); diff --git a/tests/Integration/Api/Client/TwoFactorControllerTest.php b/tests/Integration/Api/Client/TwoFactorControllerTest.php index 8344d2b96..189a94fa1 100644 --- a/tests/Integration/Api/Client/TwoFactorControllerTest.php +++ b/tests/Integration/Api/Client/TwoFactorControllerTest.php @@ -6,6 +6,8 @@ use Carbon\Carbon; use Pterodactyl\Models\User; use Illuminate\Http\Response; use PragmaRX\Google2FA\Google2FA; +use Pterodactyl\Models\RecoveryToken; +use PHPUnit\Framework\ExpectationFailedException; class TwoFactorControllerTest extends ClientApiIntegrationTestCase { @@ -89,11 +91,29 @@ class TwoFactorControllerTest extends ClientApiIntegrationTestCase 'code' => $token, ]); - $response->assertStatus(Response::HTTP_NO_CONTENT); + $response->assertOk(); + $response->assertJsonPath('object', 'recovery_tokens'); $user = $user->refresh(); - $this->assertTrue($user->use_totp); + + $tokens = RecoveryToken::query()->where('user_id', $user->id)->get(); + $this->assertCount(10, $tokens); + $this->assertStringStartsWith('$2y$10$', $tokens[0]->token); + + $tokens = $tokens->pluck('token')->toArray(); + + foreach ($response->json('attributes.tokens') as $raw) { + foreach ($tokens as $hashed) { + if (password_verify($raw, $hashed)) { + continue 2; + } + } + + throw new ExpectationFailedException( + sprintf('Failed asserting that token [%s] exists as a hashed value in recovery_tokens table.', $raw) + ); + } } /**