projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch '17984-cwl-project-uuid-users' into main
[arvados.git] / services / api / test / integration / api_client_authorizations_api_test.rb
diff --git a/services/api/test/integration/api_client_authorizations_api_test.rb b/services/api/test/integration/api_client_authorizations_api_test.rb
index 3a7b201312b341e158814b082492dcbedbeee2c3..405e4bf687cee646c06e1c22d189802c4039d848 100644 (file)
--- a/services/api/test/integration/api_client_authorizations_api_test.rb
+++ b/services/api/test/integration/api_client_authorizations_api_test.rb
@@ -5,6 +5,8 @@
 require 'test_helper'
 
 class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest
+  include DbCurrentTime
+  extend DbCurrentTime
   fixtures :all
 
   test "create system auth" do
@@ -74,12 +76,12 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest
     assert_response 403
   end
 
-  [nil, Time.now + 2.hours].each do |desired_expiration|
+  [nil, db_current_time + 2.hours].each do |desired_expiration|
     test "expires_at gets clamped on non-admins when API.MaxTokenLifetime is set and desired expires_at #{desired_expiration.nil? ? 'is not set' : 'exceeds the limit'}" do
       Rails.configuration.API.MaxTokenLifetime = 1.hour
 
       # Test token creation
-      start_t = Time.now
+      start_t = db_current_time
       post "/arvados/v1/api_client_authorizations",
         params: {
           :format => :json,
@@ -89,7 +91,7 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest
           }
         },
         headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:active_trustedclient).api_token}"}
-      end_t = Time.now
+      end_t = db_current_time
       assert_response 200
       expiration_t = json_response['expires_at'].to_time
       assert_operator expiration_t.to_f, :>, (start_t + Rails.configuration.API.MaxTokenLifetime).to_f
@@ -102,7 +104,7 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest
       # Test token update
       previous_expiration = expiration_t
       token_uuid = json_response["uuid"]
-      start_t = Time.now
+      start_t = db_current_time
       put "/arvados/v1/api_client_authorizations/#{token_uuid}",
         params: {
           :api_client_authorization => {
@@ -110,7 +112,7 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest
           }
         },
         headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:active_trustedclient).api_token}"}
-      end_t = Time.now
+      end_t = db_current_time
       assert_response 200
       expiration_t = json_response['expires_at'].to_time
       assert_operator previous_expiration.to_f, :<, expiration_t.to_f
@@ -122,7 +124,7 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest
       end
     end
 
-    test "expires_at can be set to #{desired_expiration.nil? ? 'nil' : 'exceed the limit'} by admins when API.MaxTokenLifetime is set" do
+    test "behavior when expires_at is set to #{desired_expiration.nil? ? 'nil' : 'exceed the limit'} by admins when API.MaxTokenLifetime is set" do
       Rails.configuration.API.MaxTokenLifetime = 1.hour
 
       # Test token creation
@@ -137,32 +139,44 @@ class ApiClientAuthorizationsApiTest < ActionDispatch::IntegrationTest
         headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:admin_trustedclient).api_token}"}
       assert_response 200
       if desired_expiration.nil?
-        assert json_response['expires_at'].nil?
+        # When expires_at is nil, default to MaxTokenLifetime
+        assert_operator (json_response['expires_at'].to_time.to_i - (db_current_time + Rails.configuration.API.MaxTokenLifetime).to_i).abs, :<, 2
       else
         assert_equal json_response['expires_at'].to_time.to_i, desired_expiration.to_i
       end
 
       # Test token update (reverse the above behavior)
-      previous_expiration = json_response['expires_at']
       token_uuid = json_response['uuid']
-      if previous_expiration.nil?
-        desired_updated_expiration = Time.now + Rails.configuration.API.MaxTokenLifetime + 1.hour
+      if desired_expiration.nil?
+        submitted_updated_expiration = db_current_time + Rails.configuration.API.MaxTokenLifetime + 1.hour
       else
-        desired_updated_expiration = nil
+        submitted_updated_expiration = nil
       end
       put "/arvados/v1/api_client_authorizations/#{token_uuid}",
         params: {
           :api_client_authorization => {
-            :expires_at => desired_updated_expiration,
+            :expires_at => submitted_updated_expiration,
           }
         },
         headers: {'HTTP_AUTHORIZATION' => "OAuth2 #{api_client_authorizations(:admin_trustedclient).api_token}"}
       assert_response 200
-      if desired_updated_expiration.nil?
-        assert json_response['expires_at'].nil?
+      if submitted_updated_expiration.nil?
+        assert_operator (json_response['expires_at'].to_time.to_i - (db_current_time + Rails.configuration.API.MaxTokenLifetime).to_i).abs, :<, 2
       else
-        assert_equal json_response['expires_at'].to_time.to_i, desired_updated_expiration.to_i
+        assert_equal json_response['expires_at'].to_time.to_i, submitted_updated_expiration.to_i
       end
     end
   end
+
+  test "get current token using salted token" do
+    salted = salt_token(fixture: :active, remote: 'abcde')
+    get('/arvados/v1/api_client_authorizations/current',
+        params: {remote: 'abcde'},
+        headers: {'HTTP_AUTHORIZATION' => "Bearer #{salted}"})
+    assert_response :success
+    assert_equal(json_response['uuid'], api_client_authorizations(:active).uuid)
+    assert_equal(json_response['scopes'], ['all'])
+    assert_not_nil(json_response['expires_at'])
+    assert_nil(json_response['api_token'])
+  end
 end