+
+func (s *TestUserSuite) TestExpireTokenOnLogout(c *check.C) {
+ returnTo := "https://localhost:12345/logout"
+ for _, trial := range []struct {
+ requestToken string
+ expiringTokenUUID string
+ shouldExpireToken bool
+ }{
+ // v2 token
+ {arvadostest.ActiveTokenV2, arvadostest.ActiveTokenUUID, true},
+ // v1 token
+ {arvadostest.AdminToken, arvadostest.AdminTokenUUID, true},
+ // inexistent v1 token -- logout shouldn't fail
+ {"thisdoesntexistasatoken", "", false},
+ // inexistent v2 token -- logout shouldn't fail
+ {"v2/some-fake-uuid/thisdoesntexistasatoken", "", false},
+ } {
+ c.Logf("=== %#v", trial)
+ ctx := auth.NewContext(s.ctx, &auth.Credentials{
+ Tokens: []string{trial.requestToken},
+ })
+
+ var tokenUUID string
+ var err error
+ qry := `SELECT uuid FROM api_client_authorizations WHERE uuid=$1 AND (expires_at IS NULL OR expires_at > current_timestamp AT TIME ZONE 'UTC') LIMIT 1`
+
+ if trial.shouldExpireToken {
+ err = s.tx.QueryRowContext(ctx, qry, trial.expiringTokenUUID).Scan(&tokenUUID)
+ c.Check(err, check.IsNil)
+ }
+
+ resp, err := s.ctrl.Logout(ctx, arvados.LogoutOptions{
+ ReturnTo: returnTo,
+ })
+ c.Check(err, check.IsNil)
+ c.Check(resp.RedirectLocation, check.Equals, returnTo)
+
+ if trial.shouldExpireToken {
+ err = s.tx.QueryRowContext(ctx, qry, trial.expiringTokenUUID).Scan(&tokenUUID)
+ c.Check(err, check.Equals, sql.ErrNoRows)
+ }
+ }
+}