pterodactyl/panel
1
0
Fork 0
mirror of https://github.com/pterodactyl/panel.git synced 2026-06-14 21:03:32 -05:00
Code Issues Packages Projects Releases 128 Wiki Activity
Files
develop
panel/tests/Integration/Api/Client/Server/Subuser/DeleteSubuserTest.php
Dane Everitt 0e74f3aade Improve SFTP session revocation to cover password changes and account deletion (#5568) 
This expands upon previous work done to better disconnect users from
SFTP when different events occur within Pterodactyl. This new logic also
accounts for password changes and their account being deleted entirely
from the system.

These events now trigger background jobs that will reach out to every
node they are associated with to ensure they're disconnected if
currently connected.
2026-02-14 10:51:26 -08:00

60 lines
2.3 KiB
PHP
Raw Permalink Blame History

<?php
namespace Pterodactyl\Tests\Integration\Api\Client\Server\Subuser;
use Ramsey\Uuid\Uuid;
use Pterodactyl\Models\User;
use Pterodactyl\Models\Subuser;
use Pterodactyl\Models\Permission;
use Illuminate\Support\Facades\Bus;
use Pterodactyl\Jobs\RevokeSftpAccessJob;
use PHPUnit\Framework\Attributes\TestWith;
use Pterodactyl\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
class DeleteSubuserTest extends ClientApiIntegrationTestCase
{
/**
* Guards against PHP's exciting behavior where a string can be cast to an int and only
* the first numeric digits are returned. This causes UUIDs to be returned as an int when
* looking up users, thus returning the wrong subusers (or no subuser at all).
*
* For example, 12aaaaaa-bbbb-cccc-ddddeeeeffff would be cast to "12" if you tried to cast
* it to an integer. Then, in the deep API middlewares you would end up trying to load a user
* with an ID of 12, which may or may not exist and be wrongly assigned to the model object.
*
* @see https://github.com/pterodactyl/panel/issues/2359
*/
#[TestWith([null])]
#[TestWith(['18180000'])]
public function testCorrectSubuserIsDeletedFromServer(?string $prefix)
{
Bus::fake([RevokeSftpAccessJob::class]);
[$user, $server] = $this->generateTestAccount();
/** @var User $differentUser */
$differentUser = User::factory()->create();
$real = Uuid::uuid4()->toString();
// Generate a UUID that lines up with a user in the database if it were to be cast to an int.
$uuid = ($prefix ?: $differentUser->id) . substr($real, strlen($prefix ?: (string) $differentUser->id));
/** @var User $subuser */
$subuser = User::factory()->create(['uuid' => $uuid]);
Subuser::query()->forceCreate([
'user_id' => $subuser->id,
'server_id' => $server->id,
'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
]);
$this->withoutExceptionHandling()
->actingAs($user)
->deleteJson($this->link($server) . "/users/$subuser->uuid")->assertNoContent();
Bus::assertDispatchedTimes(function (RevokeSftpAccessJob $job) use ($subuser, $server) {
return $job->user === $subuser->uuid && $job->target->is($server);
});
}
}
Reference in New Issue View Git Blame Copy Permalink