X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/75efbc85be494c802f3c6822875cb64b9a34de6b..a9b9c6ff05e0268570b829bd62a6f683cf9f1d19:/lib/controller/localdb/login_testuser_test.go

diff --git a/lib/controller/localdb/login_testuser_test.go b/lib/controller/localdb/login_testuser_test.go
index 7a520428b6..51c2416f59 100644
--- a/lib/controller/localdb/login_testuser_test.go
+++ b/lib/controller/localdb/login_testuser_test.go
@@ -6,12 +6,14 @@ package localdb
 
 import (
 	"context"
+	"database/sql"
 
 	"git.arvados.org/arvados.git/lib/config"
 	"git.arvados.org/arvados.git/lib/controller/rpc"
 	"git.arvados.org/arvados.git/lib/ctrlctx"
 	"git.arvados.org/arvados.git/sdk/go/arvados"
 	"git.arvados.org/arvados.git/sdk/go/arvadostest"
+	"git.arvados.org/arvados.git/sdk/go/auth"
 	"git.arvados.org/arvados.git/sdk/go/ctxlog"
 	"github.com/jmoiron/sqlx"
 	check "gopkg.in/check.v1"
@@ -26,8 +28,8 @@ type TestUserSuite struct {
 	db       *sqlx.DB
 
 	// transaction context
-	ctx      context.Context
-	rollback func() error
+	ctx context.Context
+	tx  *sqlx.Tx
 }
 
 func (s *TestUserSuite) SetUpSuite(c *check.C) {
@@ -51,13 +53,11 @@ func (s *TestUserSuite) SetUpTest(c *check.C) {
 	tx, err := s.db.Beginx()
 	c.Assert(err, check.IsNil)
 	s.ctx = ctrlctx.NewWithTransaction(context.Background(), tx)
-	s.rollback = tx.Rollback
+	s.tx = tx
 }
 
 func (s *TestUserSuite) TearDownTest(c *check.C) {
-	if s.rollback != nil {
-		s.rollback()
-	}
+	s.tx.Rollback()
 }
 
 func (s *TestUserSuite) TestLogin(c *check.C) {
@@ -101,3 +101,46 @@ func (s *TestUserSuite) TestLoginForm(c *check.C) {
 	c.Check(resp.HTML.String(), check.Matches, `(?ms).*<form method="POST".*`)
 	c.Check(resp.HTML.String(), check.Matches, `(?ms).*<input id="return_to" type="hidden" name="return_to" value="https://localhost:12345/example">.*`)
 }
+
+func (s *TestUserSuite) TestExpireTokenOnLogout(c *check.C) {
+	returnTo := "https://localhost:12345/logout"
+	for _, trial := range []struct {
+		requestToken      string
+		expiringTokenUUID string
+		shouldExpireToken bool
+	}{
+		// v2 token
+		{arvadostest.ActiveTokenV2, arvadostest.ActiveTokenUUID, true},
+		// v1 token
+		{arvadostest.AdminToken, arvadostest.AdminTokenUUID, true},
+		// inexistent v1 token -- logout shouldn't fail
+		{"thisdoesntexistasatoken", "", false},
+		// inexistent v2 token -- logout shouldn't fail
+		{"v2/some-fake-uuid/thisdoesntexistasatoken", "", false},
+	} {
+		c.Logf("=== %#v", trial)
+		ctx := auth.NewContext(s.ctx, &auth.Credentials{
+			Tokens: []string{trial.requestToken},
+		})
+
+		var tokenUUID string
+		var err error
+		qry := `SELECT uuid FROM api_client_authorizations WHERE uuid=$1 AND (expires_at IS NULL OR expires_at > current_timestamp AT TIME ZONE 'UTC') LIMIT 1`
+
+		if trial.shouldExpireToken {
+			err = s.tx.QueryRowContext(ctx, qry, trial.expiringTokenUUID).Scan(&tokenUUID)
+			c.Check(err, check.IsNil)
+		}
+
+		resp, err := s.ctrl.Logout(ctx, arvados.LogoutOptions{
+			ReturnTo: returnTo,
+		})
+		c.Check(err, check.IsNil)
+		c.Check(resp.RedirectLocation, check.Equals, returnTo)
+
+		if trial.shouldExpireToken {
+			err = s.tx.QueryRowContext(ctx, qry, trial.expiringTokenUUID).Scan(&tokenUUID)
+			c.Check(err, check.Equals, sql.ErrNoRows)
+		}
+	}
+}