direct-online/vito
2
0
Fork 0
mirror of https://github.com/vitodeploy/vito.git synced 2025-07-02 14:36:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Isolate Users (#431)

Browse Source 
* WIP to isolate users

* Resolved issue with SSH AsUser

Updated Isolated User Script to use Server User for Team Access
Updated Path creation script to simplify for running as the isolated user

* Included the server user

* PHPMyAdmin script updated

Wordpress Script Updated
Updated Execute Script to support executing as isolated users

* Issue Resolution & Resolved Failing Unit Tests

* Fix for isolated_username vs user

* Run the deploy as the isolated user

* queue updates for isolated user

* Support isolated users in cronjobs

* script tests for isolated users

* Queue tests for isolated users

* Cronjob tests for isolated user

* Removed default queue command for laravel apps

* add default user to factory

* laravel pint fixes

* ensure echos are consistent

* removed unneeded parameter

* update

* fix queues for isolated users

* revert addslashes

---------

Co-authored-by: Saeed Vaziry <mr.saeedvaziry@gmail.com>
This commit is contained in:
Richard Anderson
2025-01-18 00:17:48 +00:00
committed by GitHub
parent 5947ae80bb
commit c1ae58772c
50 changed files with 717 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/Feature/API/SitesTest.php
View File

@ -43,6 +43,8 @@ public function test_create_site(array $inputs): void
->assertJsonFragment([
'domain' => $inputs['domain'],
'aliases' => $inputs['aliases'] ?? [],
'user' => $inputs['user'] ?? $this->server->getSshUser(),
'path' => '/home/'.($inputs['user'] ?? $this->server->getSshUser()).'/'.$inputs['domain'],
]);
}

75
tests/Feature/CronjobTest.php
View File

@ -5,6 +5,8 @@
use App\Enums\CronjobStatus;
use App\Facades\SSH;
use App\Models\CronJob;
use App\Models\Server;
use App\Models\Site;
use App\Web\Pages\Servers\CronJobs\Index;
use App\Web\Pages\Servers\CronJobs\Widgets\CronJobsList;
use Illuminate\Foundation\Testing\RefreshDatabase;
@ -83,6 +85,79 @@ public function test_create_cronjob()
SSH::assertExecutedContains('sudo -u vito crontab -l');
}
public function test_create_cronjob_for_isolated_user(): void
{
SSH::fake();
$this->actingAs($this->user);
$this->site->user = 'example';
$this->site->save();
Livewire::test(Index::class, [
'server' => $this->server,
])
->callAction('create', [
'command' => 'ls -la',
'user' => 'example',
'frequency' => '* * * * *',
])
->assertSuccessful();
$this->assertDatabaseHas('cron_jobs', [
'server_id' => $this->server->id,
'user' => 'example',
]);
SSH::assertExecutedContains("echo '* * * * * ls -la' | sudo -u example crontab -");
SSH::assertExecutedContains('sudo -u example crontab -l');
}
public function test_cannot_create_cronjob_for_non_existing_user(): void
{
SSH::fake();
$this->actingAs($this->user);
Livewire::test(Index::class, [
'server' => $this->server,
])
->callAction('create', [
'command' => 'ls -la',
'user' => 'example',
'frequency' => '* * * * *',
])
->assertHasActionErrors();
$this->assertDatabaseMissing('cron_jobs', [
'server_id' => $this->server->id,
'user' => 'example',
]);
}
public function test_cannot_create_cronjob_for_user_on_another_server(): void
{
SSH::fake();
$this->actingAs($this->user);
Site::factory()->create([
'server_id' => Server::factory()->create(['user_id' => 1])->id,
'user' => 'example',
]);
Livewire::test(Index::class, [
'server' => $this->server,
])
->callAction('create', [
'command' => 'ls -la',
'user' => 'example',
'frequency' => '* * * * *',
])
->assertHasActionErrors();
$this->assertDatabaseMissing('cron_jobs', [
'user' => 'example',
]);
}
public function test_create_custom_cronjob()
{
SSH::fake();

92
tests/Feature/QueuesTest.php
View File

@ -5,6 +5,7 @@
use App\Enums\QueueStatus;
use App\Facades\SSH;
use App\Models\Queue;
use App\Models\Site;
use App\Web\Pages\Servers\Sites\Pages\Queues\Index;
use App\Web\Pages\Servers\Sites\Pages\Queues\Widgets\QueuesList;
use Illuminate\Foundation\Testing\RefreshDatabase;
@ -88,6 +89,97 @@ public function test_create_queue()
]);
}
public function test_create_queue_as_isolated_user(): void
{
SSH::fake();
$this->actingAs($this->user);
$this->site->user = 'example';
$this->site->save();
Livewire::test(Index::class, [
'server' => $this->server,
'site' => $this->site,
])
->callAction('create', [
'command' => 'php artisan queue:work',
'user' => 'example',
'auto_start' => 1,
'auto_restart' => 1,
'numprocs' => 1,
])
->assertSuccessful();
$this->assertDatabaseHas('queues', [
'server_id' => $this->server->id,
'site_id' => $this->site->id,
'command' => 'php artisan queue:work',
'user' => 'example',
'auto_start' => 1,
'auto_restart' => 1,
'numprocs' => 1,
'status' => QueueStatus::RUNNING,
]);
}
public function test_cannot_create_queue_as_invalid_user(): void
{
SSH::fake();
$this->actingAs($this->user);
Livewire::test(Index::class, [
'server' => $this->server,
'site' => $this->site,
])
->callAction('create', [
'command' => 'php artisan queue:work',
'user' => 'example',
'auto_start' => 1,
'auto_restart' => 1,
'numprocs' => 1,
])
->assertHasActionErrors();
$this->assertDatabaseMissing('queues', [
'server_id' => $this->server->id,
'site_id' => $this->site->id,
'user' => 'example',
]);
}
public function test_cannot_create_queue_on_another_sites_user(): void
{
SSH::fake();
$this->actingAs($this->user);
Site::factory()->create([
'server_id' => $this->server->id,
'user' => 'example',
]);
Livewire::test(Index::class, [
'server' => $this->server,
'site' => $this->site,
])
->callAction('create', [
'command' => 'php artisan queue:work',
'user' => 'example',
'auto_start' => 1,
'auto_restart' => 1,
'numprocs' => 1,
])
->assertHasActionErrors();
$this->assertDatabaseMissing('queues', [
'server_id' => $this->server->id,
'site_id' => $this->site->id,
'user' => 'example',
]);
}
public function test_start_queue(): void
{
SSH::fake();

85
tests/Feature/ScriptTest.php
View File

@ -6,6 +6,8 @@
use App\Facades\SSH;
use App\Models\Script;
use App\Models\ScriptExecution;
use App\Models\Server;
use App\Models\Site;
use App\Web\Pages\Scripts\Executions;
use App\Web\Pages\Scripts\Index;
use App\Web\Pages\Scripts\Widgets\ScriptExecutionsList;
@ -118,6 +120,7 @@ public function test_execute_script_and_view_log(): void
$this->assertDatabaseHas('script_executions', [
'script_id' => $script->id,
'status' => ScriptExecutionStatus::COMPLETED,
'user' => 'root',
]);
$this->assertDatabaseHas('server_logs', [
@ -133,6 +136,88 @@ public function test_execute_script_and_view_log(): void
->assertSuccessful();
}
public function test_execute_script_as_isolated_user(): void
{
SSH::fake('script output');
$this->actingAs($this->user);
$script = Script::factory()->create([
'user_id' => $this->user->id,
]);
Site::factory()->create([
'server_id' => $this->server->id,
'user' => 'example',
]);
Livewire::test(Executions::class, [
'script' => $script,
])
->callAction('execute', [
'server' => $this->server->id,
'user' => 'example',
])
->assertSuccessful();
$this->assertDatabaseHas('script_executions', [
'script_id' => $script->id,
'status' => ScriptExecutionStatus::COMPLETED,
'user' => 'example',
]);
}
public function test_cannot_execute_script_as_non_existing_user(): void
{
$this->actingAs($this->user);
$script = Script::factory()->create([
'user_id' => $this->user->id,
]);
Livewire::test(Executions::class, [
'script' => $script,
])
->callAction('execute', [
'server' => $this->server->id,
'user' => 'example',
])
->assertHasActionErrors();
$this->assertDatabaseMissing('script_executions', [
'script_id' => $script->id,
'user' => 'example',
]);
}
public function test_cannot_execute_script_as_user_not_on_server(): void
{
$this->actingAs($this->user);
$script = Script::factory()->create([
'user_id' => $this->user->id,
]);
Site::factory()->create([
'server_id' => Server::factory()->create(['user_id' => 1])->id,
'user' => 'example',
]);
Livewire::test(Executions::class, [
'script' => $script,
])
->callAction('execute', [
'server' => $this->server->id,
'user' => 'example',
])
->assertHasActionErrors();
$this->assertDatabaseMissing('script_executions', [
'script_id' => $script->id,
'user' => 'example',
]);
}
public function test_see_executions(): void
{
$this->actingAs($this->user);

123
tests/Feature/SitesTest.php
View File

@ -48,13 +48,31 @@ public function test_create_site(array $inputs): void
->assertHasNoActionErrors()
->assertSuccessful();
$expectedUser = empty($inputs['user']) ? $this->server->getSshUser() : $inputs['user'];
$this->assertDatabaseHas('sites', [
'domain' => $inputs['domain'],
'aliases' => json_encode($inputs['aliases'] ?? []),
'status' => SiteStatus::READY,
'user' => $expectedUser,
'path' => '/home/'.$expectedUser.'/'.$inputs['domain'],
]);
}
/**
* @dataProvider failure_create_data
*/
public function test_isolated_user_failure(array $inputs): void
{
SSH::fake();
$this->actingAs($this->user);
Livewire::test(Index::class, [
'server' => $this->server,
])
->callAction('create', $inputs)
->assertHasActionErrors();
}
/**
* @dataProvider create_failure_data
*/
@ -247,6 +265,62 @@ public function test_see_logs(): void
->assertSee('Logs');
}
public static function failure_create_data(): array
{
return [
[
[
'type' => SiteType::PHP_BLANK,
'domain' => 'example.com',
'aliases' => ['www.example.com'],
'php_version' => '8.2',
'web_directory' => 'public',
'user' => 'a',
],
],
[
[
'type' => SiteType::PHP_BLANK,
'domain' => 'example.com',
'aliases' => ['www.example.com'],
'php_version' => '8.2',
'web_directory' => 'public',
'user' => 'root',
],
],
[
[
'type' => SiteType::PHP_BLANK,
'domain' => 'example.com',
'aliases' => ['www.example.com'],
'php_version' => '8.2',
'web_directory' => 'public',
'user' => 'vito',
],
],
[
[
'type' => SiteType::PHP_BLANK,
'domain' => 'example.com',
'aliases' => ['www.example.com'],
'php_version' => '8.2',
'web_directory' => 'public',
'user' => '123',
],
],
[
[
'type' => SiteType::PHP_BLANK,
'domain' => 'example.com',
'aliases' => ['www.example.com'],
'php_version' => '8.2',
'web_directory' => 'public',
'user' => 'qwertyuiopasdfghjklzxcvbnmqwertyu',
],
],
];
}
public static function create_data(): array
{
return [
@ -262,6 +336,19 @@ public static function create_data(): array
'composer' => true,
],
],
[
[
'type' => SiteType::LARAVEL,
'domain' => 'example.com',
'aliases' => ['www.example.com', 'www2.example.com'],
'php_version' => '8.2',
'web_directory' => 'public',
'repository' => 'test/test',
'branch' => 'main',
'composer' => true,
'user' => 'example',
],
],
[
[
'type' => SiteType::WORDPRESS,
@ -277,6 +364,22 @@ public static function create_data(): array
'database_password' => 'password',
],
],
[
[
'type' => SiteType::WORDPRESS,
'domain' => 'example.com',
'aliases' => ['www.example.com'],
'php_version' => '8.2',
'title' => 'Example',
'username' => 'example',
'email' => 'email@example.com',
'password' => 'password',
'database' => 'example',
'database_user' => 'example',
'database_password' => 'password',
'user' => 'example',
],
],
[
[
'type' => SiteType::PHP_BLANK,
@ -286,6 +389,16 @@ public static function create_data(): array
'web_directory' => 'public',
],
],
[
[
'type' => SiteType::PHP_BLANK,
'domain' => 'example.com',
'aliases' => ['www.example.com'],
'php_version' => '8.2',
'web_directory' => 'public',
'user' => 'example',
],
],
[
[
'type' => SiteType::PHPMYADMIN,
@ -295,6 +408,16 @@ public static function create_data(): array
'version' => '5.1.2',
],
],
[
[
'type' => SiteType::PHPMYADMIN,
'domain' => 'example.com',
'aliases' => ['www.example.com'],
'php_version' => '8.2',
'version' => '5.1.2',
'user' => 'example',
],
],
];
}