require 'test_helper'
class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest
+ include DbCurrentTime
+ extend DbCurrentTime
fixtures :all
test "create system auth" do
assert_response 403
end
- [nil, Time.now + 2.hours].each do |desired_expiration|
+ [nil, db_current_time + 2.hours].each do |desired_expiration|
test "expires_at gets clamped on non-admins when API.MaxTokenLifetime is set and desired expires_at #{desired_expiration.nil? ? 'is not set' : 'exceeds the limit'}" do
Rails.configuration.API.MaxTokenLifetime = 1.hour
# Test token creation
- start_t = Time.now
+ start_t = db_current_time
post "/arvados/v1/api_client_authorizations",
params: {
:format => :json,
}
},
headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:active_trustedclient).api_token}"}
- end_t = Time.now
+ end_t = db_current_time
assert_response 200
expiration_t = json_response['expires_at'].to_time
assert_operator expiration_t.to_f, :>, (start_t + Rails.configuration.API.MaxTokenLifetime).to_f
# Test token update
previous_expiration = expiration_t
token_uuid = json_response["uuid"]
- start_t = Time.now
+ start_t = db_current_time
put "/arvados/v1/api_client_authorizations/#{token_uuid}",
params: {
:api_client_authorization => {
}
},
headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:active_trustedclient).api_token}"}
- end_t = Time.now
+ end_t = db_current_time
assert_response 200
expiration_t = json_response['expires_at'].to_time
assert_operator previous_expiration.to_f, :<, expiration_t.to_f
end
end
- test "expires_at can be set to #{desired_expiration.nil? ? 'nil' : 'exceed the limit'} by admins when API.MaxTokenLifetime is set" do
+ test "behavior when expires_at is set to #{desired_expiration.nil? ? 'nil' : 'exceed the limit'} by admins when API.MaxTokenLifetime is set" do
Rails.configuration.API.MaxTokenLifetime = 1.hour
# Test token creation
headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:admin_trustedclient).api_token}"}
assert_response 200
if desired_expiration.nil?
- assert json_response['expires_at'].nil?
+ # When expires_at is nil, default to MaxTokenLifetime
+ assert_operator (json_response['expires_at'].to_time.to_i - (db_current_time + Rails.configuration.API.MaxTokenLifetime).to_i).abs, :<, 2
else
assert_equal json_response['expires_at'].to_time.to_i, desired_expiration.to_i
end
# Test token update (reverse the above behavior)
- previous_expiration = json_response['expires_at']
token_uuid = json_response['uuid']
- if previous_expiration.nil?
- desired_updated_expiration = Time.now + Rails.configuration.API.MaxTokenLifetime + 1.hour
+ if desired_expiration.nil?
+ submitted_updated_expiration = db_current_time + Rails.configuration.API.MaxTokenLifetime + 1.hour
else
- desired_updated_expiration = nil
+ submitted_updated_expiration = nil
end
put "/arvados/v1/api_client_authorizations/#{token_uuid}",
params: {
:api_client_authorization => {
- :expires_at => desired_updated_expiration,
+ :expires_at => submitted_updated_expiration,
}
},
headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:admin_trustedclient).api_token}"}
assert_response 200
- if desired_updated_expiration.nil?
- assert json_response['expires_at'].nil?
+ if submitted_updated_expiration.nil?
+ assert_operator (json_response['expires_at'].to_time.to_i - (db_current_time + Rails.configuration.API.MaxTokenLifetime).to_i).abs, :<, 2
else
- assert_equal json_response['expires_at'].to_time.to_i, desired_updated_expiration.to_i
+ assert_equal json_response['expires_at'].to_time.to_i, submitted_updated_expiration.to_i
end
end
end
+
+ test "get current token using salted token" do
+ salted = salt_token(fixture: :active, remote: 'abcde')
+ get('/arvados/v1/api_client_authorizations/current',
+ params: {remote: 'abcde'},
+ headers: {'HTTP_AUTHORIZATION' => "Bearer #{salted}"})
+ assert_response :success
+ assert_equal(json_response['uuid'], api_client_authorizations(:active).uuid)
+ assert_equal(json_response['scopes'], ['all'])
+ assert_not_nil(json_response['expires_at'])
+ assert_nil(json_response['api_token'])
+ end
end