X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/f3e3a6cc4b72120f856e14f3039b1c0c1f0326bd..ec17f6971109186961283443f2df6d5802bea401:/lib/controller/localdb/login_testuser_test.go diff --git a/lib/controller/localdb/login_testuser_test.go b/lib/controller/localdb/login_testuser_test.go index 7589088899..51dcaab9db 100644 --- a/lib/controller/localdb/login_testuser_test.go +++ b/lib/controller/localdb/login_testuser_test.go @@ -5,58 +5,29 @@ package localdb import ( - "context" + "database/sql" - "git.arvados.org/arvados.git/lib/config" - "git.arvados.org/arvados.git/lib/controller/rpc" "git.arvados.org/arvados.git/lib/ctrlctx" "git.arvados.org/arvados.git/sdk/go/arvados" "git.arvados.org/arvados.git/sdk/go/arvadostest" - "git.arvados.org/arvados.git/sdk/go/ctxlog" - "github.com/jmoiron/sqlx" check "gopkg.in/check.v1" ) var _ = check.Suite(&TestUserSuite{}) type TestUserSuite struct { - cluster *arvados.Cluster - ctrl *testLoginController - railsSpy *arvadostest.Proxy - db *sqlx.DB - - // transaction context - ctx context.Context - rollback func() error + localdbSuite } -func (s *TestUserSuite) SetUpSuite(c *check.C) { - cfg, err := config.NewLoader(nil, ctxlog.TestLogger(c)).Load() - c.Assert(err, check.IsNil) - s.cluster, err = cfg.GetCluster("") - c.Assert(err, check.IsNil) +func (s *TestUserSuite) SetUpTest(c *check.C) { + s.localdbSuite.SetUpTest(c) s.cluster.Login.Test.Enable = true s.cluster.Login.Test.Users = map[string]arvados.TestUser{ "valid": {Email: "valid@example.com", Password: "v@l1d"}, } - s.railsSpy = arvadostest.NewProxy(c, s.cluster.Services.RailsAPI) - s.ctrl = &testLoginController{ - Cluster: s.cluster, - RailsProxy: rpc.NewConn(s.cluster.ClusterID, s.railsSpy.URL, true, rpc.PassthroughTokenProvider), - } - s.db = arvadostest.DB(c, s.cluster) -} - -func (s *TestUserSuite) SetUpTest(c *check.C) { - tx, err := s.db.Beginx() - c.Assert(err, check.IsNil) - s.ctx = ctrlctx.NewWithTransaction(context.Background(), tx) - s.rollback = tx.Rollback -} - -func (s *TestUserSuite) TearDownTest(c *check.C) { - if s.rollback != nil { - s.rollback() + s.localdb.loginController = &testLoginController{ + Cluster: s.cluster, + Parent: s.localdb, } } @@ -74,7 +45,7 @@ func (s *TestUserSuite) TestLogin(c *check.C) { {true, "valid@example.com", "v@l1d"}, } { c.Logf("=== %#v", trial) - resp, err := s.ctrl.UserAuthenticate(s.ctx, arvados.UserAuthenticateOptions{ + resp, err := s.localdb.UserAuthenticate(s.ctx, arvados.UserAuthenticateOptions{ Username: trial.username, Password: trial.password, }) @@ -94,10 +65,52 @@ func (s *TestUserSuite) TestLogin(c *check.C) { } func (s *TestUserSuite) TestLoginForm(c *check.C) { - resp, err := s.ctrl.Login(s.ctx, arvados.LoginOptions{ + resp, err := s.localdb.Login(s.ctx, arvados.LoginOptions{ ReturnTo: "https://localhost:12345/example", }) c.Check(err, check.IsNil) c.Check(resp.HTML.String(), check.Matches, `(?ms).*
.*`) } + +func (s *TestUserSuite) TestExpireTokenOnLogout(c *check.C) { + s.cluster.Login.TrustPrivateNetworks = true + returnTo := "https://[::1]:12345/logout" + for _, trial := range []struct { + requestToken string + expiringTokenUUID string + shouldExpireToken bool + }{ + // v2 token + {arvadostest.ActiveTokenV2, arvadostest.ActiveTokenUUID, true}, + // v1 token + {arvadostest.AdminToken, arvadostest.AdminTokenUUID, true}, + // inexistent v1 token -- logout shouldn't fail + {"thisdoesntexistasatoken", "", false}, + // inexistent v2 token -- logout shouldn't fail + {"v2/some-fake-uuid/thisdoesntexistasatoken", "", false}, + } { + c.Logf("=== %#v", trial) + ctx := ctrlctx.NewWithToken(s.ctx, s.cluster, trial.requestToken) + + var tokenUUID string + var err error + qry := `SELECT uuid FROM api_client_authorizations WHERE uuid=$1 AND (expires_at IS NULL OR expires_at > current_timestamp AT TIME ZONE 'UTC') LIMIT 1` + + if trial.shouldExpireToken { + err = s.tx.QueryRowContext(ctx, qry, trial.expiringTokenUUID).Scan(&tokenUUID) + c.Check(err, check.IsNil) + } + + resp, err := s.localdb.Logout(ctx, arvados.LogoutOptions{ + ReturnTo: returnTo, + }) + c.Check(err, check.IsNil) + c.Check(resp.RedirectLocation, check.Equals, returnTo) + + if trial.shouldExpireToken { + err = s.tx.QueryRowContext(ctx, qry, trial.expiringTokenUUID).Scan(&tokenUUID) + c.Check(err, check.Equals, sql.ErrNoRows) + } + } +}