3 class Arvados::V1::ApiClientAuthorizationsControllerTest < ActionController::TestCase
4 test "should get index" do
5 authorize_with :active_trustedclient
7 assert_response :success
10 test "should not get index with expired auth" do
11 authorize_with :expired
12 get :index, format: :json
16 test "should not get index from untrusted client" do
17 authorize_with :active
22 test "create system auth" do
23 authorize_with :admin_trustedclient
24 post :create_system_auth, scopes: '["test"]'
25 assert_response :success
28 test "prohibit create system auth with token from non-trusted client" do
30 post :create_system_auth, scopes: '["test"]'
34 test "prohibit create system auth by non-admin" do
35 authorize_with :active
36 post :create_system_auth, scopes: '["test"]'
40 def assert_found_tokens(auth, search_params, *expected_tokens)
42 expected_tokens.map! { |name| api_client_authorizations(name).api_token }
43 get :index, search_params
44 assert_response :success
45 got_tokens = JSON.parse(@response.body)['items']
46 .map { |auth| auth['api_token'] }
47 assert_equal(expected_tokens.sort, got_tokens.sort,
48 "wrong results for #{search_params.inspect}")
51 # Three-tuples with auth to use, scopes to find, and expected tokens.
52 # Make two tests for each tuple, one searching with where and the other
54 [[:admin_trustedclient, [], :admin_noscope],
55 [:active_trustedclient, ["GET /arvados/v1/users"], :active_userlist],
56 [:active_trustedclient,
57 ["POST /arvados/v1/api_client_authorizations",
58 "GET /arvados/v1/api_client_authorizations"],
60 ].each do |auth, scopes, *expected|
61 test "#{auth.to_s} can find auths where scopes=#{scopes.inspect}" do
62 assert_found_tokens(auth, {where: {scopes: scopes}}, *expected)
65 test "#{auth.to_s} can find auths filtered with scopes=#{scopes.inspect}" do
66 assert_found_tokens(auth, {filters: [['scopes', '=', scopes]]}, *expected)