+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
require 'test_helper'
+require 'sweep_trashed_objects'
class ApiClientAuthorizationTest < ActiveSupport::TestCase
- # test "the truth" do
- # assert true
- # end
+ include CurrentApiClient
+
+ [:admin_trustedclient, :active_trustedclient].each do |token|
+ test "ApiClientAuthorization can be created then deleted by #{token}" do
+ set_user_from_auth token
+ x = ApiClientAuthorization.create!(user_id: current_user.id,
+ api_client_id: 0,
+ scopes: [])
+ newtoken = x.api_token
+ assert x.destroy, "Failed to destroy new ApiClientAuth"
+ assert_empty ApiClientAuthorization.where(api_token: newtoken), "Destroyed ApiClientAuth is still in database"
+ end
+ end
+
+ test "delete expired in SweepTrashedObjects" do
+ assert_not_empty ApiClientAuthorization.where(uuid: api_client_authorizations(:expired).uuid)
+ SweepTrashedObjects.sweep_now
+ assert_empty ApiClientAuthorization.where(uuid: api_client_authorizations(:expired).uuid)
+ end
+
+ test "accepts SystemRootToken" do
+ assert_nil ApiClientAuthorization.validate(token: "xxxSystemRootTokenxxx")
+
+ # will create a new ApiClientAuthorization record
+ Rails.configuration.SystemRootToken = "xxxSystemRootTokenxxx"
+
+ auth = ApiClientAuthorization.validate(token: "xxxSystemRootTokenxxx")
+ assert_equal "xxxSystemRootTokenxxx", auth.api_token
+ assert_equal User.find_by_uuid(system_user_uuid).id, auth.user_id
+ assert auth.api_client.is_trusted
+
+ # now change the token and try to use the old one first
+ Rails.configuration.SystemRootToken = "newxxxSystemRootTokenxxx"
+
+ # old token will fail
+ assert_nil ApiClientAuthorization.validate(token: "xxxSystemRootTokenxxx")
+ # new token will work
+ auth = ApiClientAuthorization.validate(token: "newxxxSystemRootTokenxxx")
+ assert_equal "newxxxSystemRootTokenxxx", auth.api_token
+ assert_equal User.find_by_uuid(system_user_uuid).id, auth.user_id
+
+ # now change the token again and use the new one first
+ Rails.configuration.SystemRootToken = "new2xxxSystemRootTokenxxx"
+
+ # new token will work
+ auth = ApiClientAuthorization.validate(token: "new2xxxSystemRootTokenxxx")
+ assert_equal "new2xxxSystemRootTokenxxx", auth.api_token
+ assert_equal User.find_by_uuid(system_user_uuid).id, auth.user_id
+ # old token will fail
+ assert_nil ApiClientAuthorization.validate(token: "newxxxSystemRootTokenxxx")
+ end
+
+
end