rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/tests/Feature/TerminalAuthRoutesAuthorizationTest.php

119 lines
3.5 KiB
PHP
Raw Normal View History

fix(terminal): apply authorization middleware to terminal bootstrap routes Apply the existing `can.access.terminal` middleware to `POST /terminal/auth` and `POST /terminal/auth/ips` routes, consistent with the `GET /terminal` route. Adds regression tests covering unauthenticated, member, admin, and owner roles. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-25 15:56:37 +00:00
<?php
use App\Models\PrivateKey;
use App\Models\Server;
use App\Models\Team;
use App\Models\User;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
beforeEach(function () {
config()->set('app.env', 'local');
$this->team = Team::factory()->create();
$this->privateKey = PrivateKey::create([
'name' => 'Test Key',
'private_key' => '-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACBbhpqHhqv6aI67Mj9abM3DVbmcfYhZAhC7ca4d9UCevAAAAJi/QySHv0Mk
hwAAAAtzc2gtZWQyNTUxOQAAACBbhpqHhqv6aI67Mj9abM3DVbmcfYhZAhC7ca4d9UCevA
AAAECBQw4jg1WRT2IGHMncCiZhURCts2s24HoDS0thHnnRKVuGmoeGq/pojrsyP1pszcNV
uZx9iFkCELtxrh31QJ68AAAAEXNhaWxANzZmZjY2ZDJlMmRkAQIDBA==
-----END OPENSSH PRIVATE KEY-----',
'team_id' => $this->team->id,
]);
Server::factory()->create([
'name' => 'Test Server',
'ip' => 'coolify-testing-host',
'team_id' => $this->team->id,
'private_key_id' => $this->privateKey->id,
]);
});
// --- POST /terminal/auth ---
it('denies unauthenticated users on POST /terminal/auth', function () {
$this->postJson('/terminal/auth')
->assertStatus(401);
});
it('denies non-admin team members on POST /terminal/auth', function () {
$member = User::factory()->create();
$member->teams()->attach($this->team, ['role' => 'member']);
$this->actingAs($member);
session(['currentTeam' => $this->team]);
$this->postJson('/terminal/auth')
->assertStatus(403);
});
it('allows team owners on POST /terminal/auth', function () {
$owner = User::factory()->create();
$owner->teams()->attach($this->team, ['role' => 'owner']);
$this->actingAs($owner);
session(['currentTeam' => $this->team]);
$this->postJson('/terminal/auth')
->assertStatus(200)
->assertJson(['authenticated' => true]);
});
it('allows team admins on POST /terminal/auth', function () {
$admin = User::factory()->create();
$admin->teams()->attach($this->team, ['role' => 'admin']);
$this->actingAs($admin);
session(['currentTeam' => $this->team]);
$this->postJson('/terminal/auth')
->assertStatus(200)
->assertJson(['authenticated' => true]);
});
// --- POST /terminal/auth/ips ---
it('denies unauthenticated users on POST /terminal/auth/ips', function () {
$this->postJson('/terminal/auth/ips')
->assertStatus(401);
});
it('denies non-admin team members on POST /terminal/auth/ips', function () {
$member = User::factory()->create();
$member->teams()->attach($this->team, ['role' => 'member']);
$this->actingAs($member);
session(['currentTeam' => $this->team]);
$this->postJson('/terminal/auth/ips')
->assertStatus(403);
});
it('allows team owners on POST /terminal/auth/ips', function () {
$owner = User::factory()->create();
$owner->teams()->attach($this->team, ['role' => 'owner']);
$this->actingAs($owner);
session(['currentTeam' => $this->team]);
$this->postJson('/terminal/auth/ips')
->assertStatus(200)
->assertJsonStructure(['ipAddresses']);
});
it('allows team admins on POST /terminal/auth/ips', function () {
$admin = User::factory()->create();
$admin->teams()->attach($this->team, ['role' => 'admin']);
$this->actingAs($admin);
session(['currentTeam' => $this->team]);
$this->postJson('/terminal/auth/ips')
->assertStatus(200)
->assertJsonStructure(['ipAddresses']);
});
Reference in a new issue Copy permalink