projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch '16982-tilde-devN' refs #16982
[arvados.git] / services / api / test / integration / api_client_authorizations_api_test.rb
diff --git a/services/api/test/integration/api_client_authorizations_api_test.rb b/services/api/test/integration/api_client_authorizations_api_test.rb
index e42a4ef1055deffd27d4cffc6eb67b370fbae470..296ab8a2ff4169167d8c85bffcdab34f67f078e5 100644 (file)
--- a/services/api/test/integration/api_client_authorizations_api_test.rb
+++ b/services/api/test/integration/api_client_authorizations_api_test.rb
@@ -8,43 +8,69 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest
   fixtures :all
 
   test "create system auth" do
-    post "/arvados/v1/api_client_authorizations/create_system_auth", {:format => :json, :scopes => ['test'].to_json}, {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:admin_trustedclient).api_token}"}
+    post "/arvados/v1/api_client_authorizations/create_system_auth",
+      params: {:format => :json, :scopes => ['test'].to_json},
+      headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:admin_trustedclient).api_token}"}
     assert_response :success
   end
 
-  test "create token for different user" do
-    post "/arvados/v1/api_client_authorizations", {
-      :format => :json,
-      :api_client_authorization => {
-        :owner_uuid => users(:spectator).uuid
-      }
-    }, {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:admin_trustedclient).api_token}"}
-    assert_response :success
+  [:admin_trustedclient, :SystemRootToken].each do |tk|
+    test "create token for different user using #{tk}" do
+      if tk == :SystemRootToken
+        token = "xyzzy-SystemRootToken"
+        Rails.configuration.SystemRootToken = token
+      else
+        token = api_client_authorizations(tk).api_token
+      end
+
+      post "/arvados/v1/api_client_authorizations",
+           params: {
+             :format => :json,
+             :api_client_authorization => {
+               :owner_uuid => users(:spectator).uuid
+             }
+           },
+           headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{token}"}
+      assert_response :success
+
+      get "/arvados/v1/users/current",
+          params: {:format => :json},
+          headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{json_response['api_token']}"}
+      @json_response = nil
+      assert_equal json_response['uuid'], users(:spectator).uuid
+    end
+  end
 
-    get "/arvados/v1/users/current", {
-      :format => :json
-    }, {'HTTP_AUTHORIZATION' => "OAuth2 #{json_response['api_token']}"}
-    @json_response = nil
-    assert_equal users(:spectator).uuid, json_response['uuid']
+  test "System root token is system user" do
+    token = "xyzzy-SystemRootToken"
+    Rails.configuration.SystemRootToken = token
+    get "/arvados/v1/users/current",
+        params: {:format => :json},
+        headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{token}"}
+    assert_equal json_response['uuid'], system_user_uuid
   end
 
   test "refuse to create token for different user if not trusted client" do
-    post "/arvados/v1/api_client_authorizations", {
-      :format => :json,
-      :api_client_authorization => {
-        :owner_uuid => users(:spectator).uuid
-      }
-    }, {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:admin).api_token}"}
+    post "/arvados/v1/api_client_authorizations",
+      params: {
+        :format => :json,
+        :api_client_authorization => {
+          :owner_uuid => users(:spectator).uuid
+        }
+      },
+      headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:admin).api_token}"}
     assert_response 403
   end
 
   test "refuse to create token for different user if not admin" do
-    post "/arvados/v1/api_client_authorizations", {
-      :format => :json,
-      :api_client_authorization => {
-        :owner_uuid => users(:spectator).uuid
-      }
-    }, {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:active_trustedclient).api_token}"}
+    post "/arvados/v1/api_client_authorizations",
+      params: {
+        :format => :json,
+        :api_client_authorization => {
+          :owner_uuid => users(:spectator).uuid
+        }
+      },
+      headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:active_trustedclient).api_token}"}
     assert_response 403
   end