package localdb
import (
- "context"
+ "database/sql"
- "git.arvados.org/arvados.git/lib/config"
- "git.arvados.org/arvados.git/lib/controller/rpc"
"git.arvados.org/arvados.git/lib/ctrlctx"
"git.arvados.org/arvados.git/sdk/go/arvados"
"git.arvados.org/arvados.git/sdk/go/arvadostest"
- "git.arvados.org/arvados.git/sdk/go/ctxlog"
- "github.com/jmoiron/sqlx"
check "gopkg.in/check.v1"
)
var _ = check.Suite(&TestUserSuite{})
type TestUserSuite struct {
- cluster *arvados.Cluster
- ctrl *testLoginController
- railsSpy *arvadostest.Proxy
- db *sqlx.DB
-
- // transaction context
- ctx context.Context
- rollback func() error
+ localdbSuite
}
-func (s *TestUserSuite) SetUpSuite(c *check.C) {
- cfg, err := config.NewLoader(nil, ctxlog.TestLogger(c)).Load()
- c.Assert(err, check.IsNil)
- s.cluster, err = cfg.GetCluster("")
- c.Assert(err, check.IsNil)
+func (s *TestUserSuite) SetUpTest(c *check.C) {
+ s.localdbSuite.SetUpTest(c)
s.cluster.Login.Test.Enable = true
s.cluster.Login.Test.Users = map[string]arvados.TestUser{
"valid": {Email: "valid@example.com", Password: "v@l1d"},
}
- s.railsSpy = arvadostest.NewProxy(c, s.cluster.Services.RailsAPI)
- s.ctrl = &testLoginController{
- Cluster: s.cluster,
- RailsProxy: rpc.NewConn(s.cluster.ClusterID, s.railsSpy.URL, true, rpc.PassthroughTokenProvider),
- }
- s.db = arvadostest.DB(c, s.cluster)
-}
-
-func (s *TestUserSuite) SetUpTest(c *check.C) {
- tx, err := s.db.Beginx()
- c.Assert(err, check.IsNil)
- s.ctx = ctrlctx.NewWithTransaction(context.Background(), tx)
- s.rollback = tx.Rollback
-}
-
-func (s *TestUserSuite) TearDownTest(c *check.C) {
- if s.rollback != nil {
- s.rollback()
+ s.localdb.loginController = &testLoginController{
+ Cluster: s.cluster,
+ Parent: s.localdb,
}
}
{true, "valid@example.com", "v@l1d"},
} {
c.Logf("=== %#v", trial)
- resp, err := s.ctrl.UserAuthenticate(s.ctx, arvados.UserAuthenticateOptions{
+ resp, err := s.localdb.UserAuthenticate(s.ctx, arvados.UserAuthenticateOptions{
Username: trial.username,
Password: trial.password,
})
}
func (s *TestUserSuite) TestLoginForm(c *check.C) {
- resp, err := s.ctrl.Login(s.ctx, arvados.LoginOptions{
+ resp, err := s.localdb.Login(s.ctx, arvados.LoginOptions{
ReturnTo: "https://localhost:12345/example",
})
c.Check(err, check.IsNil)
c.Check(resp.HTML.String(), check.Matches, `(?ms).*<form method="POST".*`)
c.Check(resp.HTML.String(), check.Matches, `(?ms).*<input id="return_to" type="hidden" name="return_to" value="https://localhost:12345/example">.*`)
}
+
+func (s *TestUserSuite) TestExpireTokenOnLogout(c *check.C) {
+ s.cluster.Login.TrustPrivateNetworks = true
+ returnTo := "https://[::1]:12345/logout"
+ for _, trial := range []struct {
+ requestToken string
+ expiringTokenUUID string
+ shouldExpireToken bool
+ }{
+ // v2 token
+ {arvadostest.ActiveTokenV2, arvadostest.ActiveTokenUUID, true},
+ // v1 token
+ {arvadostest.AdminToken, arvadostest.AdminTokenUUID, true},
+ // inexistent v1 token -- logout shouldn't fail
+ {"thisdoesntexistasatoken", "", false},
+ // inexistent v2 token -- logout shouldn't fail
+ {"v2/some-fake-uuid/thisdoesntexistasatoken", "", false},
+ } {
+ c.Logf("=== %#v", trial)
+ ctx := ctrlctx.NewWithToken(s.ctx, s.cluster, trial.requestToken)
+
+ var tokenUUID string
+ var err error
+ qry := `SELECT uuid FROM api_client_authorizations WHERE uuid=$1 AND (expires_at IS NULL OR expires_at > current_timestamp AT TIME ZONE 'UTC') LIMIT 1`
+
+ if trial.shouldExpireToken {
+ err = s.tx.QueryRowContext(ctx, qry, trial.expiringTokenUUID).Scan(&tokenUUID)
+ c.Check(err, check.IsNil)
+ }
+
+ resp, err := s.localdb.Logout(ctx, arvados.LogoutOptions{
+ ReturnTo: returnTo,
+ })
+ c.Check(err, check.IsNil)
+ c.Check(resp.RedirectLocation, check.Equals, returnTo)
+
+ if trial.shouldExpireToken {
+ err = s.tx.QueryRowContext(ctx, qry, trial.expiringTokenUUID).Scan(&tokenUUID)
+ c.Check(err, check.Equals, sql.ErrNoRows)
+ }
+ }
+}