-module CreateSuperUserToken
- # Install the supplied string (or a randomly generated token, if none
- # is given) as an API token that authenticates to the system user
- # account.
+# Install the supplied string (or a randomly generated token, if none
+# is given) as an API token that authenticates to the system user account.
+module CreateSuperUserToken
require File.dirname(__FILE__) + '/../config/boot'
require File.dirname(__FILE__) + '/../config/environment'
include ApplicationHelper
- act_as_system_user
- def create_superuser_token supplied_token
- if supplied_token
- api_client_auth = ApiClientAuthorization.
- where(api_token: supplied_token).
- first
- if api_client_auth && !api_client_auth.user.uuid.match(/-000000000000000$/)
- raise ActiveRecord::RecordNotUnique("Token already exists but is not a superuser token.")
+ def create_superuser_token supplied_token=nil
+ act_as_system_user do
+ # If token is supplied, verify that it indeed is a superuser token
+ if supplied_token
+ api_client_auth = ApiClientAuthorization.
+ where(api_token: supplied_token).
+ first
+ if api_client_auth && !api_client_auth.user.uuid.match(/-000000000000000$/)
+ raise "Token already exists but is not a superuser token."
+ end
end
- end
- if !api_client_auth
- api_client_auth = ApiClientAuthorization.
- new(user: system_user,
- api_client_id: 0,
- created_by_ip_address: '::1',
- api_token: supplied_token)
- api_client_auth.save!
- end
+ # need to create a token
+ if !api_client_auth
+ # Get (or create) trusted api client
+ apiClient = ApiClient.find_or_create_by_url_prefix_and_is_trusted("ssh://root@localhost/", true)
- puts api_client_auth.api_token
+ # Check if there is an unexpired superuser token corresponding to this api client
+ api_client_auth = ApiClientAuthorization.where(
+ 'user_id = (?) AND
+ api_client_id = (?) AND
+ (expires_at IS NULL OR expires_at > CURRENT_TIMESTAMP)',
+ system_user.id, apiClient.id).first
+
+ # none exist; create one with the supplied token
+ if !api_client_auth
+ api_client_auth = ApiClientAuthorization.
+ new(user: system_user,
+ api_client_id: apiClient.id,
+ created_by_ip_address: '::1',
+ api_token: supplied_token)
+ api_client_auth.save!
+ end
+ end
+
+ puts api_client_auth.api_token
+ api_client_auth.api_token
+ end
end
end
--- /dev/null
+require 'test_helper'
+require 'create_superuser_token'
+
+class CreateSuperUserTokenTest < ActiveSupport::TestCase
+ include CreateSuperUserToken
+
+ test "create superuser token twice and expect same resutls" do
+ # Create a token with some string
+ token1 = create_superuser_token 'atesttoken'
+ assert_not_nil token1
+ assert_equal token1, 'atesttoken'
+
+ # Create token again; this time, we should get the one created earlier
+ token2 = create_superuser_token
+ assert_not_nil token2
+ assert_equal token1, token2
+ end
+
+ test "create superuser token with two different inputs and expect the first both times" do
+ # Create a token with some string
+ token1 = create_superuser_token 'atesttoken'
+ assert_not_nil token1
+ assert_equal token1, 'atesttoken'
+
+ # Create token again with some other string and expect the existing superuser token back
+ token2 = create_superuser_token 'someothertokenstring'
+ assert_not_nil token2
+ assert_equal token1, token2
+ end
+
+ test "create superuser token twice and expect same results" do
+ # Create a token with some string
+ token1 = create_superuser_token 'atesttoken'
+ assert_not_nil token1
+ assert_equal token1, 'atesttoken'
+
+ # Create token again with that same superuser token and expect it back
+ token2 = create_superuser_token 'atesttoken'
+ assert_not_nil token2
+ assert_equal token1, token2
+ end
+
+ test "create superuser token and invoke again with some other valid token" do
+ # Create a token with some string
+ token1 = create_superuser_token 'atesttoken'
+ assert_not_nil token1
+ assert_equal token1, 'atesttoken'
+
+ su_token = api_client_authorizations("system_user").api_token
+ token2 = create_superuser_token su_token
+ assert_equal token2, su_token
+ end
+
+ test "create superuser token, expire it, and create again" do
+ # Create a token with some string
+ token1 = create_superuser_token 'atesttoken'
+ assert_not_nil token1
+ assert_equal token1, 'atesttoken'
+
+ # Expire this token and call create again; expect a new token created
+ apiClientAuth = ApiClientAuthorization.where(api_token: token1).first
+ Thread.current[:user] = users(:admin)
+ apiClientAuth.update_attributes expires_at: '2000-10-10'
+
+ token2 = create_superuser_token
+ assert_not_nil token2
+ assert_not_equal token1, token2
+ end
+
+ test "invoke create superuser token with an invalid non-superuser token and expect error" do
+ active_user_token = api_client_authorizations("active").api_token
+ e = assert_raises RuntimeError do
+ create_superuser_token active_user_token
+ end
+ assert_not_nil e
+ assert_equal "Token already exists but is not a superuser token.", e.message
+ end
+end