X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/a7631a1ccb6e2a6925d00a06562e171c4ce4ea2f..69c08bb019277b158fc2f568b7de7483caa2875d:/services/api/test/functional/user_sessions_controller_test.rb diff --git a/services/api/test/functional/user_sessions_controller_test.rb b/services/api/test/functional/user_sessions_controller_test.rb index cd475dea4d..66aff787bd 100644 --- a/services/api/test/functional/user_sessions_controller_test.rb +++ b/services/api/test/functional/user_sessions_controller_test.rb @@ -9,9 +9,8 @@ class UserSessionsControllerTest < ActionController::TestCase test "redirect to joshid" do api_client_page = 'http://client.example.com/home' get :login, params: {return_to: api_client_page} - assert_response :redirect - assert_equal("http://test.host/auth/joshid?return_to=%2Chttp%3A%2F%2Fclient.example.com%2Fhome", @response.redirect_url) - assert_nil assigns(:api_client) + # Not supported any more + assert_response 404 end test "send token when user is already logged in" do @@ -30,6 +29,7 @@ class UserSessionsControllerTest < ActionController::TestCase authorize_with :inactive api_client_page = 'http://client.example.com/home' get :login, params: {return_to: api_client_page} + assert_response :redirect assert_not_nil assigns(:api_client) assert_nil assigns(:api_client_auth).expires_at end @@ -40,6 +40,7 @@ class UserSessionsControllerTest < ActionController::TestCase authorize_with :inactive api_client_page = 'http://client.example.com/home' get :login, params: {return_to: api_client_page} + assert_response :redirect assert_not_nil assigns(:api_client) api_client_auth = assigns(:api_client_auth) assert_in_delta(api_client_auth.expires_at, @@ -47,6 +48,31 @@ class UserSessionsControllerTest < ActionController::TestCase 1.second) end + [[0, 1.hour, 1.hour], + [1.hour, 2.hour, 1.hour], + [2.hour, 1.hour, 1.hour], + [2.hour, nil, 2.hour], + ].each do |config_lifetime, request_lifetime, expect_lifetime| + test "login with TokenLifetime=#{config_lifetime} and request has expires_at=#{ request_lifetime.nil? ? "nil" : request_lifetime }" do + Rails.configuration.Login.TokenLifetime = config_lifetime + expected_expiration_time = Time.now() + expect_lifetime + authorize_with :inactive + @request.headers['Authorization'] = 'Bearer '+Rails.configuration.SystemRootToken + if request_lifetime.nil? + get :create, params: {provider: 'controller', auth_info: {email: "foo@bar.com"}, return_to: ',https://app.example'} + else + get :create, params: {provider: 'controller', auth_info: {email: "foo@bar.com", expires_at: Time.now() + request_lifetime}, return_to: ',https://app.example'} + end + assert_response :redirect + api_client_auth = assigns(:api_client_auth) + assert_not_nil api_client_auth + assert_not_nil assigns(:api_client) + assert_in_delta(api_client_auth.expires_at, + expected_expiration_time, + 1.second) + end + end + test "login with remote param returns a salted token" do authorize_with :inactive api_client_page = 'http://client.example.com/home' @@ -68,7 +94,7 @@ class UserSessionsControllerTest < ActionController::TestCase test "login to LoginCluster" do Rails.configuration.Login.LoginCluster = 'zbbbb' - Rails.configuration.RemoteClusters['zbbbb'] = {'Host' => 'zbbbb.example.com'} + Rails.configuration.RemoteClusters['zbbbb'] = ConfigLoader.to_OrderedOptions({'Host' => 'zbbbb.example.com'}) api_client_page = 'http://client.example.com/home' get :login, params: {return_to: api_client_page} assert_response :redirect @@ -80,9 +106,8 @@ class UserSessionsControllerTest < ActionController::TestCase Rails.configuration.Login.LoginCluster = 'zzzzz' api_client_page = 'http://client.example.com/home' get :login, params: {return_to: api_client_page} - assert_response :redirect - assert_equal("http://test.host/auth/joshid?return_to=%2Chttp%3A%2F%2Fclient.example.com%2Fhome", @response.redirect_url) - assert_nil assigns(:api_client) + # Doesn't redirect, just fail. + assert_response 404 end test "controller cannot create session without SystemRootToken" do