projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch '15877-accept-json-in-json'
[arvados.git] / services / api / test / unit / api_client_authorization_test.rb
diff --git a/services/api/test/unit/api_client_authorization_test.rb b/services/api/test/unit/api_client_authorization_test.rb
index b5b07d1f788746d33ee00a47dfab485544974ee4..fb90418b8480be6507532a1e9f4baefd00922463 100644 (file)
--- a/services/api/test/unit/api_client_authorization_test.rb
+++ b/services/api/test/unit/api_client_authorization_test.rb
@@ -1,7 +1,62 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 require 'test_helper'
+require 'sweep_trashed_objects'
 
 class ApiClientAuthorizationTest < ActiveSupport::TestCase
-  # test "the truth" do
-  #   assert true
-  # end
+  include CurrentApiClient
+
+  [:admin_trustedclient, :active_trustedclient].each do |token|
+    test "ApiClientAuthorization can be created then deleted by #{token}" do
+      set_user_from_auth token
+      x = ApiClientAuthorization.create!(user_id: current_user.id,
+                                         api_client_id: 0,
+                                         scopes: [])
+      newtoken = x.api_token
+      assert x.destroy, "Failed to destroy new ApiClientAuth"
+      assert_empty ApiClientAuthorization.where(api_token: newtoken), "Destroyed ApiClientAuth is still in database"
+    end
+  end
+
+  test "delete expired in SweepTrashedObjects" do
+    assert_not_empty ApiClientAuthorization.where(uuid: api_client_authorizations(:expired).uuid)
+    SweepTrashedObjects.sweep_now
+    assert_empty ApiClientAuthorization.where(uuid: api_client_authorizations(:expired).uuid)
+  end
+
+  test "accepts SystemRootToken" do
+    assert_nil ApiClientAuthorization.validate(token: "xxxSystemRootTokenxxx")
+
+    # will create a new ApiClientAuthorization record
+    Rails.configuration.SystemRootToken = "xxxSystemRootTokenxxx"
+
+    auth = ApiClientAuthorization.validate(token: "xxxSystemRootTokenxxx")
+    assert_equal "xxxSystemRootTokenxxx", auth.api_token
+    assert_equal User.find_by_uuid(system_user_uuid).id, auth.user_id
+    assert auth.api_client.is_trusted
+
+    # now change the token and try to use the old one first
+    Rails.configuration.SystemRootToken = "newxxxSystemRootTokenxxx"
+
+    # old token will fail
+    assert_nil ApiClientAuthorization.validate(token: "xxxSystemRootTokenxxx")
+    # new token will work
+    auth = ApiClientAuthorization.validate(token: "newxxxSystemRootTokenxxx")
+    assert_equal "newxxxSystemRootTokenxxx", auth.api_token
+    assert_equal User.find_by_uuid(system_user_uuid).id, auth.user_id
+
+    # now change the token again and use the new one first
+    Rails.configuration.SystemRootToken = "new2xxxSystemRootTokenxxx"
+
+    # new token will work
+    auth = ApiClientAuthorization.validate(token: "new2xxxSystemRootTokenxxx")
+    assert_equal "new2xxxSystemRootTokenxxx", auth.api_token
+    assert_equal User.find_by_uuid(system_user_uuid).id, auth.user_id
+    # old token will fail
+    assert_nil ApiClientAuthorization.validate(token: "newxxxSystemRootTokenxxx")
+  end
+
+
 end