X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/a3c7d9e03062e3246b0857fbae05f45d22e39169..41a378b99c8c4411a66c19e878b7535c67de2ba3:/services/api/test/integration/users_test.rb diff --git a/services/api/test/integration/users_test.rb b/services/api/test/integration/users_test.rb index ee230d5140..3660d35bad 100644 --- a/services/api/test/integration/users_test.rb +++ b/services/api/test/integration/users_test.rb @@ -198,6 +198,13 @@ class UsersTest < ActionDispatch::IntegrationTest verify_link_existence created['uuid'], created['email'], true, true, true, true, false + # create a token + token = act_as_system_user do + ApiClientAuthorization.create!(user: User.find_by_uuid(created['uuid']), api_client: ApiClient.all.first).api_token + end + + assert_equal 1, ApiClientAuthorization.where(user_id: User.find_by_uuid(created['uuid']).id).size, 'expected token not found' + post "/arvados/v1/users/#{created['uuid']}/unsetup", params: {}, headers: auth(:admin) assert_response :success @@ -205,6 +212,7 @@ class UsersTest < ActionDispatch::IntegrationTest created2 = json_response assert_not_nil created2['uuid'], 'expected uuid for the newly created user' assert_equal created['uuid'], created2['uuid'], 'expected uuid not found' + assert_equal 0, ApiClientAuthorization.where(user_id: User.find_by_uuid(created['uuid']).id).size, 'token should have been deleted by user unsetup' verify_link_existence created['uuid'], created['email'], false, false, false, false, false end @@ -326,7 +334,7 @@ class UsersTest < ActionDispatch::IntegrationTest end - test "cannot set is_activate to false directly" do + test "cannot set is_active to false directly" do post('/arvados/v1/users', params: { user: { @@ -339,6 +347,14 @@ class UsersTest < ActionDispatch::IntegrationTest user = json_response assert_equal false, user['is_active'] + token = act_as_system_user do + ApiClientAuthorization.create!(user: User.find_by_uuid(user['uuid']), api_client: ApiClient.all.first).api_token + end + post("/arvados/v1/user_agreements/sign", + params: {uuid: 'zzzzz-4zz18-t68oksiu9m80s4y'}, + headers: {"HTTP_AUTHORIZATION" => "Bearer #{token}"}) + assert_response :success + post("/arvados/v1/users/#{user['uuid']}/activate", params: {}, headers: auth(:admin)) @@ -418,20 +434,26 @@ class UsersTest < ActionDispatch::IntegrationTest params: {}, headers: {"HTTP_AUTHORIZATION" => "Bearer #{token}"}) assert_response(:success) - user = json_response - assert_equal true, user['is_active'] + userJSON = json_response + assert_equal true, userJSON['is_active'] post("/arvados/v1/users/#{user['uuid']}/unsetup", params: {}, headers: auth(:admin)) assert_response :success + # Need to get a new token, the old one was invalidated by the unsetup call + act_as_system_user do + ap = ApiClientAuthorization.create!(user: user, api_client_id: 0) + token = ap.api_token + end + get("/arvados/v1/users/#{user['uuid']}", params: {}, headers: {"HTTP_AUTHORIZATION" => "Bearer #{token}"}) assert_response(:success) - user = json_response - assert_equal false, user['is_active'] + userJSON = json_response + assert_equal false, userJSON['is_active'] post("/arvados/v1/users/#{user['uuid']}/activate", params: {}, @@ -440,5 +462,35 @@ class UsersTest < ActionDispatch::IntegrationTest assert_match(/Cannot activate without being invited/, json_response['errors'][0]) end + test "bypass_federation only accepted for admins" do + get "/arvados/v1/users", + params: { + bypass_federation: true + }, + headers: auth(:admin) + + assert_response :success + + get "/arvados/v1/users", + params: { + bypass_federation: true + }, + headers: auth(:active) + + assert_response 403 + end + + test "disabling system root user not permitted" do + put("/arvados/v1/users/#{users(:system_user).uuid}", + params: { + user: {is_admin: false} + }, + headers: auth(:admin)) + assert_response 422 + post("/arvados/v1/users/#{users(:system_user).uuid}/unsetup", + params: {}, + headers: auth(:admin)) + assert_response 422 + end end