mirror of
https://github.com/grafana/grafana.git
synced 2024-11-23 01:16:31 -06:00
306 lines
9.8 KiB
Go
306 lines
9.8 KiB
Go
package api
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/grafana/grafana/pkg/bus"
|
|
"github.com/grafana/grafana/pkg/models"
|
|
"github.com/grafana/grafana/pkg/services/auth"
|
|
|
|
. "github.com/smartystreets/goconvey/convey"
|
|
)
|
|
|
|
func TestUserTokenApiEndpoint(t *testing.T) {
|
|
Convey("When current user attempts to revoke an auth token for a non-existing user", t, func() {
|
|
userId := int64(0)
|
|
bus.AddHandler("test", func(cmd *models.GetUserByIdQuery) error {
|
|
userId = cmd.Id
|
|
return models.ErrUserNotFound
|
|
})
|
|
|
|
cmd := models.RevokeAuthTokenCmd{AuthTokenId: 2}
|
|
|
|
revokeUserAuthTokenScenario("Should return not found when calling POST on", "/api/user/revoke-auth-token", "/api/user/revoke-auth-token", cmd, 200, func(sc *scenarioContext) {
|
|
sc.fakeReqWithParams("POST", sc.url, map[string]string{}).exec()
|
|
So(sc.resp.Code, ShouldEqual, 404)
|
|
So(userId, ShouldEqual, 200)
|
|
})
|
|
})
|
|
|
|
Convey("When current user gets auth tokens for a non-existing user", t, func() {
|
|
userId := int64(0)
|
|
bus.AddHandler("test", func(cmd *models.GetUserByIdQuery) error {
|
|
userId = cmd.Id
|
|
return models.ErrUserNotFound
|
|
})
|
|
|
|
getUserAuthTokensScenario("Should return not found when calling GET on", "/api/user/auth-tokens", "/api/user/auth-tokens", 200, func(sc *scenarioContext) {
|
|
sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()
|
|
So(sc.resp.Code, ShouldEqual, 404)
|
|
So(userId, ShouldEqual, 200)
|
|
})
|
|
})
|
|
|
|
Convey("When logout an existing user from all devices", t, func() {
|
|
bus.AddHandler("test", func(cmd *models.GetUserByIdQuery) error {
|
|
cmd.Result = &models.User{Id: 200}
|
|
return nil
|
|
})
|
|
|
|
logoutUserFromAllDevicesInternalScenario("Should be successful", 1, func(sc *scenarioContext) {
|
|
sc.fakeReqWithParams("POST", sc.url, map[string]string{}).exec()
|
|
So(sc.resp.Code, ShouldEqual, 200)
|
|
})
|
|
})
|
|
|
|
Convey("When logout a non-existing user from all devices", t, func() {
|
|
bus.AddHandler("test", func(cmd *models.GetUserByIdQuery) error {
|
|
return models.ErrUserNotFound
|
|
})
|
|
|
|
logoutUserFromAllDevicesInternalScenario("Should return not found", TestUserID, func(sc *scenarioContext) {
|
|
sc.fakeReqWithParams("POST", sc.url, map[string]string{}).exec()
|
|
So(sc.resp.Code, ShouldEqual, 404)
|
|
})
|
|
})
|
|
|
|
Convey("When revoke an auth token for a user", t, func() {
|
|
bus.AddHandler("test", func(cmd *models.GetUserByIdQuery) error {
|
|
cmd.Result = &models.User{Id: 200}
|
|
return nil
|
|
})
|
|
|
|
cmd := models.RevokeAuthTokenCmd{AuthTokenId: 2}
|
|
token := &models.UserToken{Id: 1}
|
|
|
|
revokeUserAuthTokenInternalScenario("Should be successful", cmd, 200, token, func(sc *scenarioContext) {
|
|
sc.userAuthTokenService.GetUserTokenProvider = func(ctx context.Context, userId, userTokenId int64) (*models.UserToken, error) {
|
|
return &models.UserToken{Id: 2}, nil
|
|
}
|
|
sc.fakeReqWithParams("POST", sc.url, map[string]string{}).exec()
|
|
So(sc.resp.Code, ShouldEqual, 200)
|
|
})
|
|
})
|
|
|
|
Convey("When revoke the active auth token used by himself", t, func() {
|
|
bus.AddHandler("test", func(cmd *models.GetUserByIdQuery) error {
|
|
cmd.Result = &models.User{Id: TestUserID}
|
|
return nil
|
|
})
|
|
|
|
cmd := models.RevokeAuthTokenCmd{AuthTokenId: 2}
|
|
token := &models.UserToken{Id: 2}
|
|
|
|
revokeUserAuthTokenInternalScenario("Should not be successful", cmd, TestUserID, token, func(sc *scenarioContext) {
|
|
sc.userAuthTokenService.GetUserTokenProvider = func(ctx context.Context, userId, userTokenId int64) (*models.UserToken, error) {
|
|
return token, nil
|
|
}
|
|
sc.fakeReqWithParams("POST", sc.url, map[string]string{}).exec()
|
|
So(sc.resp.Code, ShouldEqual, 400)
|
|
})
|
|
})
|
|
|
|
Convey("When gets auth tokens for a user", t, func() {
|
|
bus.AddHandler("test", func(cmd *models.GetUserByIdQuery) error {
|
|
cmd.Result = &models.User{Id: TestUserID}
|
|
return nil
|
|
})
|
|
|
|
currentToken := &models.UserToken{Id: 1}
|
|
|
|
getUserAuthTokensInternalScenario("Should be successful", currentToken, func(sc *scenarioContext) {
|
|
tokens := []*models.UserToken{
|
|
{
|
|
Id: 1,
|
|
ClientIp: "127.0.0.1",
|
|
UserAgent: "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36",
|
|
CreatedAt: time.Now().Unix(),
|
|
SeenAt: time.Now().Unix(),
|
|
},
|
|
{
|
|
Id: 2,
|
|
ClientIp: "127.0.0.2",
|
|
UserAgent: "Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1",
|
|
CreatedAt: time.Now().Unix(),
|
|
SeenAt: 0,
|
|
},
|
|
}
|
|
sc.userAuthTokenService.GetUserTokensProvider = func(ctx context.Context, userId int64) ([]*models.UserToken, error) {
|
|
return tokens, nil
|
|
}
|
|
sc.fakeReqWithParams("GET", sc.url, map[string]string{}).exec()
|
|
|
|
So(sc.resp.Code, ShouldEqual, 200)
|
|
result := sc.ToJSON()
|
|
So(result.MustArray(), ShouldHaveLength, 2)
|
|
|
|
resultOne := result.GetIndex(0)
|
|
So(resultOne.Get("id").MustInt64(), ShouldEqual, tokens[0].Id)
|
|
So(resultOne.Get("isActive").MustBool(), ShouldBeTrue)
|
|
So(resultOne.Get("clientIp").MustString(), ShouldEqual, "127.0.0.1")
|
|
So(resultOne.Get("createdAt").MustString(), ShouldEqual, time.Unix(tokens[0].CreatedAt, 0).Format(time.RFC3339))
|
|
So(resultOne.Get("seenAt").MustString(), ShouldEqual, time.Unix(tokens[0].SeenAt, 0).Format(time.RFC3339))
|
|
|
|
So(resultOne.Get("device").MustString(), ShouldEqual, "Other")
|
|
So(resultOne.Get("browser").MustString(), ShouldEqual, "Chrome")
|
|
So(resultOne.Get("browserVersion").MustString(), ShouldEqual, "72.0")
|
|
So(resultOne.Get("os").MustString(), ShouldEqual, "Linux")
|
|
So(resultOne.Get("osVersion").MustString(), ShouldEqual, "")
|
|
|
|
resultTwo := result.GetIndex(1)
|
|
So(resultTwo.Get("id").MustInt64(), ShouldEqual, tokens[1].Id)
|
|
So(resultTwo.Get("isActive").MustBool(), ShouldBeFalse)
|
|
So(resultTwo.Get("clientIp").MustString(), ShouldEqual, "127.0.0.2")
|
|
So(resultTwo.Get("createdAt").MustString(), ShouldEqual, time.Unix(tokens[1].CreatedAt, 0).Format(time.RFC3339))
|
|
So(resultTwo.Get("seenAt").MustString(), ShouldEqual, time.Unix(tokens[1].CreatedAt, 0).Format(time.RFC3339))
|
|
|
|
So(resultTwo.Get("device").MustString(), ShouldEqual, "iPhone")
|
|
So(resultTwo.Get("browser").MustString(), ShouldEqual, "Mobile Safari")
|
|
So(resultTwo.Get("browserVersion").MustString(), ShouldEqual, "11.0")
|
|
So(resultTwo.Get("os").MustString(), ShouldEqual, "iOS")
|
|
So(resultTwo.Get("osVersion").MustString(), ShouldEqual, "11.0")
|
|
})
|
|
})
|
|
}
|
|
|
|
func revokeUserAuthTokenScenario(desc string, url string, routePattern string, cmd models.RevokeAuthTokenCmd, userId int64, fn scenarioFunc) {
|
|
Convey(desc+" "+url, func() {
|
|
defer bus.ClearBusHandlers()
|
|
|
|
fakeAuthTokenService := auth.NewFakeUserAuthTokenService()
|
|
|
|
hs := HTTPServer{
|
|
Bus: bus.GetBus(),
|
|
AuthTokenService: fakeAuthTokenService,
|
|
}
|
|
|
|
sc := setupScenarioContext(url)
|
|
sc.userAuthTokenService = fakeAuthTokenService
|
|
sc.defaultHandler = Wrap(func(c *models.ReqContext) Response {
|
|
sc.context = c
|
|
sc.context.UserId = userId
|
|
sc.context.OrgId = TestOrgID
|
|
sc.context.OrgRole = models.ROLE_ADMIN
|
|
|
|
return hs.RevokeUserAuthToken(c, cmd)
|
|
})
|
|
|
|
sc.m.Post(routePattern, sc.defaultHandler)
|
|
|
|
fn(sc)
|
|
})
|
|
}
|
|
|
|
func getUserAuthTokensScenario(desc string, url string, routePattern string, userId int64, fn scenarioFunc) {
|
|
Convey(desc+" "+url, func() {
|
|
defer bus.ClearBusHandlers()
|
|
|
|
fakeAuthTokenService := auth.NewFakeUserAuthTokenService()
|
|
|
|
hs := HTTPServer{
|
|
Bus: bus.GetBus(),
|
|
AuthTokenService: fakeAuthTokenService,
|
|
}
|
|
|
|
sc := setupScenarioContext(url)
|
|
sc.userAuthTokenService = fakeAuthTokenService
|
|
sc.defaultHandler = Wrap(func(c *models.ReqContext) Response {
|
|
sc.context = c
|
|
sc.context.UserId = userId
|
|
sc.context.OrgId = TestOrgID
|
|
sc.context.OrgRole = models.ROLE_ADMIN
|
|
|
|
return hs.GetUserAuthTokens(c)
|
|
})
|
|
|
|
sc.m.Get(routePattern, sc.defaultHandler)
|
|
|
|
fn(sc)
|
|
})
|
|
}
|
|
|
|
func logoutUserFromAllDevicesInternalScenario(desc string, userId int64, fn scenarioFunc) {
|
|
Convey(desc, func() {
|
|
defer bus.ClearBusHandlers()
|
|
|
|
hs := HTTPServer{
|
|
Bus: bus.GetBus(),
|
|
AuthTokenService: auth.NewFakeUserAuthTokenService(),
|
|
}
|
|
|
|
sc := setupScenarioContext("/")
|
|
sc.defaultHandler = Wrap(func(c *models.ReqContext) Response {
|
|
sc.context = c
|
|
sc.context.UserId = TestUserID
|
|
sc.context.OrgId = TestOrgID
|
|
sc.context.OrgRole = models.ROLE_ADMIN
|
|
|
|
return hs.logoutUserFromAllDevicesInternal(context.Background(), userId)
|
|
})
|
|
|
|
sc.m.Post("/", sc.defaultHandler)
|
|
|
|
fn(sc)
|
|
})
|
|
}
|
|
|
|
func revokeUserAuthTokenInternalScenario(desc string, cmd models.RevokeAuthTokenCmd, userId int64, token *models.UserToken, fn scenarioFunc) {
|
|
Convey(desc, func() {
|
|
defer bus.ClearBusHandlers()
|
|
|
|
fakeAuthTokenService := auth.NewFakeUserAuthTokenService()
|
|
|
|
hs := HTTPServer{
|
|
Bus: bus.GetBus(),
|
|
AuthTokenService: fakeAuthTokenService,
|
|
}
|
|
|
|
sc := setupScenarioContext("/")
|
|
sc.userAuthTokenService = fakeAuthTokenService
|
|
sc.defaultHandler = Wrap(func(c *models.ReqContext) Response {
|
|
sc.context = c
|
|
sc.context.UserId = TestUserID
|
|
sc.context.OrgId = TestOrgID
|
|
sc.context.OrgRole = models.ROLE_ADMIN
|
|
sc.context.UserToken = token
|
|
|
|
return hs.revokeUserAuthTokenInternal(c, userId, cmd)
|
|
})
|
|
|
|
sc.m.Post("/", sc.defaultHandler)
|
|
|
|
fn(sc)
|
|
})
|
|
}
|
|
|
|
func getUserAuthTokensInternalScenario(desc string, token *models.UserToken, fn scenarioFunc) {
|
|
Convey(desc, func() {
|
|
defer bus.ClearBusHandlers()
|
|
|
|
fakeAuthTokenService := auth.NewFakeUserAuthTokenService()
|
|
|
|
hs := HTTPServer{
|
|
Bus: bus.GetBus(),
|
|
AuthTokenService: fakeAuthTokenService,
|
|
}
|
|
|
|
sc := setupScenarioContext("/")
|
|
sc.userAuthTokenService = fakeAuthTokenService
|
|
sc.defaultHandler = Wrap(func(c *models.ReqContext) Response {
|
|
sc.context = c
|
|
sc.context.UserId = TestUserID
|
|
sc.context.OrgId = TestOrgID
|
|
sc.context.OrgRole = models.ROLE_ADMIN
|
|
sc.context.UserToken = token
|
|
|
|
return hs.getUserAuthTokensInternal(c, TestUserID)
|
|
})
|
|
|
|
sc.m.Get("/", sc.defaultHandler)
|
|
|
|
fn(sc)
|
|
})
|
|
}
|