JakeHillion/storj
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0f538093af
storj/satellite/console/consoleweb/endpoints_test.go

887 lines
27 KiB
Go
Raw Normal View History

satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
// Copyright (C) 2021 Storj Labs, Inc.
// See LICENSE for copying information.
package consoleweb_test
import (
satellite/console: create project salt endpoint on satellite web server Introduces a new endpoint on the satellite web server to get the project's salt. The endpoint utilizes a new console service method GetSalt which in turn calls the project DB GetSalt method if the user is authorized. It returns the project salt bytes as a base64 encoded string in the response. Change-Id: Ia13b5a4b8580e7bdad0dbb98014a276b1c74b46d
2022-09-13 13:59:15 +01:00
"encoding/base64"
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
"encoding/json"
satellite/console: create project salt endpoint on satellite web server Introduces a new endpoint on the satellite web server to get the project's salt. The endpoint utilizes a new console service method GetSalt which in turn calls the project DB GetSalt method if the user is authorized. It returns the project salt bytes as a base64 encoded string in the response. Change-Id: Ia13b5a4b8580e7bdad0dbb98014a276b1c74b46d
2022-09-13 13:59:15 +01:00
"fmt"
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
"io"
"net/http"
"net/http/cookiejar"
satellite/console: integrate sessions into satellite UI This change integrates the session management database functionality with the web application. Claim-based authentication has been removed in favor of session token-based authentication. Change-Id: I62a4f5354a3ed8ca80272814aad2448f901eab1b
2022-06-05 23:41:38 +01:00
"net/url"
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
"strings"
"testing"
"time"
"github.com/stretchr/testify/require"
satellite/console: add more cross-user api tests This change adds more endpoints to the cross-user api test. Issue: https://github.com/storj/storj/issues/6246 Change-Id: I4c3128c3a932c713b10499a8909836a599b79458
2023-09-08 19:47:45 +01:00
"go.uber.org/zap"
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
"storj.io/common/testcontext"
satellite/console: create project salt endpoint on satellite web server Introduces a new endpoint on the satellite web server to get the project's salt. The endpoint utilizes a new console service method GetSalt which in turn calls the project DB GetSalt method if the user is authorized. It returns the project salt bytes as a base64 encoded string in the response. Change-Id: Ia13b5a4b8580e7bdad0dbb98014a276b1c74b46d
2022-09-13 13:59:15 +01:00
"storj.io/common/uuid"
satellite/console: create http endpoint for getting bucket usage totals This change introduces an HTTP endpoint for retrieving bucket usage totals. In the future, this will replace its GraphQL counterpart. References #6141 Change-Id: Ic6a0069a7e58b90dc2b6c55f164393f036c6acf4
2023-08-08 06:32:25 +01:00
"storj.io/storj/private/apigen"
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
"storj.io/storj/private/testplanet"
satellite/console: add more cross-user api tests This change adds more endpoints to the cross-user api test. Issue: https://github.com/storj/storj/issues/6246 Change-Id: I4c3128c3a932c713b10499a8909836a599b79458
2023-09-08 19:47:45 +01:00
"storj.io/storj/satellite"
satellite/console: create http endpoint for getting bucket usage totals This change introduces an HTTP endpoint for retrieving bucket usage totals. In the future, this will replace its GraphQL counterpart. References #6141 Change-Id: Ic6a0069a7e58b90dc2b6c55f164393f036c6acf4
2023-08-08 06:32:25 +01:00
"storj.io/storj/satellite/accounting"
satellite/console: add get project api keys http endpoint This change adds an endpoint to get paged project API keys, similar to GraphQL query. Issue: https://github.com/storj/storj/issues/6138 Change-Id: I5dea9e4ac61e798cc8a2e56a2755d722c1b66bfa
2023-08-04 15:45:13 +01:00
"storj.io/storj/satellite/console"
satellite/console: add wallet payments API Extends satelling console billing API with method to retrieve payments for a particular wallet. Change-Id: I2e82793c715db9353427e0a287baac57bf6a0f43
2022-06-16 14:26:27 +01:00
"storj.io/storj/satellite/payments/storjscan/blockchaintest"
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
)
func TestAuth(t *testing.T) {
testplanet.Run(t, testplanet.Config{
SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1,
}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
test := newTest(t, ctx, planet)
user := test.defaultUser()
{ // Register User
_ = test.registerUser("user@mail.test", "#$Rnkl12i3nkljfds")
}
{ // Login_GetToken_Fail
resp, body := test.request(
http.MethodPost, "/auth/token",
strings.NewReader(`{"email":"wrong@invalid.test","password":"wrong"}`))
require.Nil(t, findCookie(resp, "_tokenKey"))
require.Equal(t, http.StatusUnauthorized, resp.StatusCode)
_ = body
// TODO: require.Contains(t, body, "unauthorized")
}
{ // Login_GetToken_Pass
test.login(user.email, user.password)
}
{ // Login_ChangePassword_IncorrectCurrentPassword
resp, body := test.request(
http.MethodPost, "/auth/account/change-password",
test.toJSON(map[string]string{
"email": user.email,
"password": user.password + "1",
"newPassword": user.password + "2",
}))
web/satellite: unauthorized error (401) interception for http requests Implemented interception for http requests. We redirect user to login page on every 401 response. Issue: https://github.com/storj/storj/issues/5339 Change-Id: Icba4fc0031cb2b4e682a1be078cdcf95b7fa6bfe
2022-12-15 12:52:28 +00:00
require.Equal(t, http.StatusBadRequest, resp.StatusCode)
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
_ = body
//TODO: require.Contains(t, body, "password was incorrect")
}
{ // Login_ChangePassword
resp, _ := test.request(
http.MethodPost, "/auth/account/change-password`",
test.toJSON(map[string]string{
"email": user.email,
"password": user.password,
"newPassword": user.password,
}))
require.Equal(t, http.StatusOK, resp.StatusCode)
}
satellite/console: integrate sessions into satellite UI This change integrates the session management database functionality with the web application. Claim-based authentication has been removed in favor of session token-based authentication. Change-Id: I62a4f5354a3ed8ca80272814aad2448f901eab1b
2022-06-05 23:41:38 +01:00
var oldCookies []*http.Cookie
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
{ // Get_AccountInfo
resp, body := test.request(http.MethodGet, "/auth/account", nil)
require.Equal(test.t, http.StatusOK, resp.StatusCode)
require.Contains(test.t, body, "fullName")
satellite/console: integrate sessions into satellite UI This change integrates the session management database functionality with the web application. Claim-based authentication has been removed in favor of session token-based authentication. Change-Id: I62a4f5354a3ed8ca80272814aad2448f901eab1b
2022-06-05 23:41:38 +01:00
oldCookies = resp.Cookies()
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
var userIdentifier struct{ ID string }
require.NoError(test.t, json.Unmarshal([]byte(body), &userIdentifier))
require.NotEmpty(test.t, userIdentifier.ID)
}
satellite/admin: create an endpoint for isAccountFrozen Endpoint checks if an account is frozen or unfrozen. relates to https://github.com/storj/storj/issues/5398 Change-Id: I8ff44063870327e05cf729eaaaed1da6c5fa9217
2022-12-14 15:00:14 +00:00
{ // Get_FreezeStatus
resp, body := test.request(http.MethodGet, "/auth/account/freezestatus", nil)
require.Equal(test.t, http.StatusOK, resp.StatusCode)
require.Contains(test.t, body, "frozen")
satellite/consoleweb: improve freeze-status endpoint This change adds a freeze status endpoint that gets whether a user is frozen or warned. Change-Id: I0bc498a128af969177c2cfcfda9b9ee3d8968305
2023-04-17 14:03:59 +01:00
require.Contains(test.t, body, "warned")
satellite/admin: create an endpoint for isAccountFrozen Endpoint checks if an account is frozen or unfrozen. relates to https://github.com/storj/storj/issues/5398 Change-Id: I8ff44063870327e05cf729eaaaed1da6c5fa9217
2022-12-14 15:00:14 +00:00
satellite/consoleweb: improve freeze-status endpoint This change adds a freeze status endpoint that gets whether a user is frozen or warned. Change-Id: I0bc498a128af969177c2cfcfda9b9ee3d8968305
2023-04-17 14:03:59 +01:00
var freezestatus struct {
Frozen bool
Warned bool
}
satellite/admin: create an endpoint for isAccountFrozen Endpoint checks if an account is frozen or unfrozen. relates to https://github.com/storj/storj/issues/5398 Change-Id: I8ff44063870327e05cf729eaaaed1da6c5fa9217
2022-12-14 15:00:14 +00:00
require.NoError(test.t, json.Unmarshal([]byte(body), &freezestatus))
require.Equal(test.t, http.StatusOK, resp.StatusCode)
require.False(test.t, freezestatus.Frozen)
satellite/consoleweb: improve freeze-status endpoint This change adds a freeze status endpoint that gets whether a user is frozen or warned. Change-Id: I0bc498a128af969177c2cfcfda9b9ee3d8968305
2023-04-17 14:03:59 +01:00
require.False(test.t, freezestatus.Warned)
satellite/admin: create an endpoint for isAccountFrozen Endpoint checks if an account is frozen or unfrozen. relates to https://github.com/storj/storj/issues/5398 Change-Id: I8ff44063870327e05cf729eaaaed1da6c5fa9217
2022-12-14 15:00:14 +00:00
}
satellite/console: add endpoint to get user settings This change adds an endpoint that gets a user's settings. It will create a new settings entry if no settings exists. There's also a new endpoint to change a user's onboarding status. Issue: https://github.com/storj/storj/issues/5661 Change-Id: I9941bb9d61994af46244003f3ef4fcfe7d36918e
2023-03-16 11:42:01 +00:00
{ // Test_UserSettings
satellite/{console,db}: allow passphrasepromt toggling This change adds the user's passphrase prompt setting to the /account/settings endpoints. Issue: https://github.com/storj/storj/issues/5616 Change-Id: I48d470d49e82096fd090b74da323b279e342546e
2023-04-28 18:23:56 +01:00
type expectedSettings struct {
SessionDuration *time.Duration
OnboardingStart bool
OnboardingEnd bool
PassphrasePrompt bool
OnboardingStep *string
}
testGetSettings := func(expected expectedSettings) {
satellite/console: add endpoint to get user settings This change adds an endpoint that gets a user's settings. It will create a new settings entry if no settings exists. There's also a new endpoint to change a user's onboarding status. Issue: https://github.com/storj/storj/issues/5661 Change-Id: I9941bb9d61994af46244003f3ef4fcfe7d36918e
2023-03-16 11:42:01 +00:00
resp, body := test.request(http.MethodGet, "/auth/account/settings", nil)
var settings struct {
satellite/{console,db}: allow passphrasepromt toggling This change adds the user's passphrase prompt setting to the /account/settings endpoints. Issue: https://github.com/storj/storj/issues/5616 Change-Id: I48d470d49e82096fd090b74da323b279e342546e
2023-04-28 18:23:56 +01:00
SessionDuration *time.Duration
OnboardingStart bool
OnboardingEnd bool
PassphrasePrompt bool
OnboardingStep *string
satellite/console: add endpoint to get user settings This change adds an endpoint that gets a user's settings. It will create a new settings entry if no settings exists. There's also a new endpoint to change a user's onboarding status. Issue: https://github.com/storj/storj/issues/5661 Change-Id: I9941bb9d61994af46244003f3ef4fcfe7d36918e
2023-03-16 11:42:01 +00:00
}
require.Equal(t, http.StatusOK, resp.StatusCode)
require.NoError(test.t, json.Unmarshal([]byte(body), &settings))
require.Equal(test.t, expected.OnboardingStart, settings.OnboardingStart)
require.Equal(test.t, expected.OnboardingEnd, settings.OnboardingEnd)
satellite/{console,db}: allow passphrasepromt toggling This change adds the user's passphrase prompt setting to the /account/settings endpoints. Issue: https://github.com/storj/storj/issues/5616 Change-Id: I48d470d49e82096fd090b74da323b279e342546e
2023-04-28 18:23:56 +01:00
require.Equal(test.t, expected.PassphrasePrompt, settings.PassphrasePrompt)
satellite/console: add endpoint to get user settings This change adds an endpoint that gets a user's settings. It will create a new settings entry if no settings exists. There's also a new endpoint to change a user's onboarding status. Issue: https://github.com/storj/storj/issues/5661 Change-Id: I9941bb9d61994af46244003f3ef4fcfe7d36918e
2023-03-16 11:42:01 +00:00
require.Equal(test.t, expected.OnboardingStep, settings.OnboardingStep)
require.Equal(test.t, expected.SessionDuration, settings.SessionDuration)
}
satellite/{console,db}: allow passphrasepromt toggling This change adds the user's passphrase prompt setting to the /account/settings endpoints. Issue: https://github.com/storj/storj/issues/5616 Change-Id: I48d470d49e82096fd090b74da323b279e342546e
2023-04-28 18:23:56 +01:00
testGetSettings(expectedSettings{
SessionDuration: nil,
OnboardingStart: true,
OnboardingEnd: true,
PassphrasePrompt: true,
OnboardingStep: nil,
satellite/console: add endpoint to get user settings This change adds an endpoint that gets a user's settings. It will create a new settings entry if no settings exists. There's also a new endpoint to change a user's onboarding status. Issue: https://github.com/storj/storj/issues/5661 Change-Id: I9941bb9d61994af46244003f3ef4fcfe7d36918e
2023-03-16 11:42:01 +00:00
})
satellite/console: enable session timeout configuration This another account endpoint; patch /auth/account/settings. to handle changing a user's settings, including their session timeout config. Issue: https://github.com/storj/storj/issues/5560 Change-Id: I747b4e919cf7cef7c867ac9d282837ef51bed67e
2023-03-30 14:54:41 +01:00
step := "cli"
duration := time.Duration(15) * time.Minute
resp, _ := test.request(http.MethodPatch, "/auth/account/settings",
satellite/console: add endpoint to get user settings This change adds an endpoint that gets a user's settings. It will create a new settings entry if no settings exists. There's also a new endpoint to change a user's onboarding status. Issue: https://github.com/storj/storj/issues/5661 Change-Id: I9941bb9d61994af46244003f3ef4fcfe7d36918e
2023-03-16 11:42:01 +00:00
test.toJSON(map[string]interface{}{
satellite/{console,db}: allow passphrasepromt toggling This change adds the user's passphrase prompt setting to the /account/settings endpoints. Issue: https://github.com/storj/storj/issues/5616 Change-Id: I48d470d49e82096fd090b74da323b279e342546e
2023-04-28 18:23:56 +01:00
"sessionDuration": duration,
"onboardingStart": true,
"onboardingEnd": false,
"passphrasePrompt": false,
"onboardingStep": step,
satellite/console: add endpoint to get user settings This change adds an endpoint that gets a user's settings. It will create a new settings entry if no settings exists. There's also a new endpoint to change a user's onboarding status. Issue: https://github.com/storj/storj/issues/5661 Change-Id: I9941bb9d61994af46244003f3ef4fcfe7d36918e
2023-03-16 11:42:01 +00:00
}))
require.Equal(t, http.StatusOK, resp.StatusCode)
satellite/{console,db}: allow passphrasepromt toggling This change adds the user's passphrase prompt setting to the /account/settings endpoints. Issue: https://github.com/storj/storj/issues/5616 Change-Id: I48d470d49e82096fd090b74da323b279e342546e
2023-04-28 18:23:56 +01:00
testGetSettings(expectedSettings{
SessionDuration: &duration,
OnboardingStart: true,
OnboardingEnd: false,
PassphrasePrompt: false,
OnboardingStep: &step,
satellite/console: add endpoint to get user settings This change adds an endpoint that gets a user's settings. It will create a new settings entry if no settings exists. There's also a new endpoint to change a user's onboarding status. Issue: https://github.com/storj/storj/issues/5661 Change-Id: I9941bb9d61994af46244003f3ef4fcfe7d36918e
2023-03-16 11:42:01 +00:00
})
satellite/console: enable session timeout configuration This another account endpoint; patch /auth/account/settings. to handle changing a user's settings, including their session timeout config. Issue: https://github.com/storj/storj/issues/5560 Change-Id: I747b4e919cf7cef7c867ac9d282837ef51bed67e
2023-03-30 14:54:41 +01:00
resp, _ = test.request(http.MethodPatch, "/auth/account/settings",
satellite/console: add endpoint to get user settings This change adds an endpoint that gets a user's settings. It will create a new settings entry if no settings exists. There's also a new endpoint to change a user's onboarding status. Issue: https://github.com/storj/storj/issues/5661 Change-Id: I9941bb9d61994af46244003f3ef4fcfe7d36918e
2023-03-16 11:42:01 +00:00
test.toJSON(map[string]interface{}{
satellite/console: enable session timeout configuration This another account endpoint; patch /auth/account/settings. to handle changing a user's settings, including their session timeout config. Issue: https://github.com/storj/storj/issues/5560 Change-Id: I747b4e919cf7cef7c867ac9d282837ef51bed67e
2023-03-30 14:54:41 +01:00
"sessionDuration": nil,
satellite/console: add endpoint to get user settings This change adds an endpoint that gets a user's settings. It will create a new settings entry if no settings exists. There's also a new endpoint to change a user's onboarding status. Issue: https://github.com/storj/storj/issues/5661 Change-Id: I9941bb9d61994af46244003f3ef4fcfe7d36918e
2023-03-16 11:42:01 +00:00
"onboardingStart": nil,
"onboardingEnd": nil,
"onboardingStep": nil,
}))
require.Equal(t, http.StatusOK, resp.StatusCode)
satellite/console: enable session timeout configuration This another account endpoint; patch /auth/account/settings. to handle changing a user's settings, including their session timeout config. Issue: https://github.com/storj/storj/issues/5560 Change-Id: I747b4e919cf7cef7c867ac9d282837ef51bed67e
2023-03-30 14:54:41 +01:00
// having passed nil to /auth/account/settings shouldn't have changed existing values.
satellite/{console,db}: allow passphrasepromt toggling This change adds the user's passphrase prompt setting to the /account/settings endpoints. Issue: https://github.com/storj/storj/issues/5616 Change-Id: I48d470d49e82096fd090b74da323b279e342546e
2023-04-28 18:23:56 +01:00
testGetSettings(expectedSettings{
SessionDuration: &duration,
OnboardingStart: true,
OnboardingEnd: false,
PassphrasePrompt: false,
OnboardingStep: &step,
satellite/console: enable session timeout configuration This another account endpoint; patch /auth/account/settings. to handle changing a user's settings, including their session timeout config. Issue: https://github.com/storj/storj/issues/5560 Change-Id: I747b4e919cf7cef7c867ac9d282837ef51bed67e
2023-03-30 14:54:41 +01:00
})
// having passed 0 as sessionDuration to /auth/account/settings should nullify it.
resp, _ = test.request(http.MethodPatch, "/auth/account/settings",
test.toJSON(map[string]interface{}{
"sessionDuration": 0,
}))
require.Equal(t, http.StatusOK, resp.StatusCode)
satellite/{console,db}: allow passphrasepromt toggling This change adds the user's passphrase prompt setting to the /account/settings endpoints. Issue: https://github.com/storj/storj/issues/5616 Change-Id: I48d470d49e82096fd090b74da323b279e342546e
2023-04-28 18:23:56 +01:00
testGetSettings(expectedSettings{
satellite/console: add endpoint to get user settings This change adds an endpoint that gets a user's settings. It will create a new settings entry if no settings exists. There's also a new endpoint to change a user's onboarding status. Issue: https://github.com/storj/storj/issues/5661 Change-Id: I9941bb9d61994af46244003f3ef4fcfe7d36918e
2023-03-16 11:42:01 +00:00
SessionDuration: nil,
OnboardingStart: true,
OnboardingEnd: false,
OnboardingStep: &step,
})
}
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
{ // Logout
resp, _ := test.request(http.MethodPost, "/auth/logout", nil)
cookie := findCookie(resp, "_tokenKey")
require.NotNil(t, cookie)
require.Equal(t, "", cookie.Value)
require.Equal(t, http.StatusOK, resp.StatusCode)
}
{ // Get_AccountInfo shouldn't succeed after logging out
resp, body := test.request(http.MethodGet, "/auth/account", nil)
// TODO: wrong error text
// require.Contains(test.t, body, "unauthorized")
require.Contains(test.t, body, "error")
require.Equal(test.t, http.StatusUnauthorized, resp.StatusCode)
}
satellite/console: integrate sessions into satellite UI This change integrates the session management database functionality with the web application. Claim-based authentication has been removed in favor of session token-based authentication. Change-Id: I62a4f5354a3ed8ca80272814aad2448f901eab1b
2022-06-05 23:41:38 +01:00
{ // Get_AccountInfo shouldn't succeed with reused session cookie
satURL, err := url.Parse(test.url(""))
require.NoError(t, err)
test.client.Jar.SetCookies(satURL, oldCookies)
resp, body := test.request(http.MethodGet, "/auth/account", nil)
require.Contains(test.t, body, "error")
require.Equal(test.t, http.StatusUnauthorized, resp.StatusCode)
}
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
{ // repeated login attempts should end in too many requests
hitRateLimiter := false
for i := 0; i < 30; i++ {
resp, _ := test.request(
http.MethodPost, "/auth/token",
strings.NewReader(`{"email":"wrong@invalid.test","password":"wrong"}`))
require.Nil(t, findCookie(resp, "_tokenKey"))
if resp.StatusCode != http.StatusUnauthorized {
require.Equal(t, http.StatusTooManyRequests, resp.StatusCode)
hitRateLimiter = true
break
}
}
require.True(t, hitRateLimiter, "did not hit rate limiter")
}
})
}
func TestPayments(t *testing.T) {
testplanet.Run(t, testplanet.Config{
SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1,
}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
test := newTest(t, ctx, planet)
user := test.defaultUser()
{ // Unauthorized
for _, path := range []string{
"/payments/cards",
"/payments/account/balance",
"/payments/billing-history",
satellite/{console,consoleweb,consoleapi}: add new endpoint for paged invoices This change adds a new endpoint for listing invoices for billing history This endpoint will replace the billing-history endpoint used on the front end since were only interested in listing invoices. Issue: https://github.com/storj/storj/issues/5479 Change-Id: I4730f5dc497245c6730e60b7f9986554479d1d3b
2023-08-28 16:59:29 +01:00
"/payments/invoice-history",
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
"/payments/account/charges?from=1619827200&to=1620844320",
} {
resp, body := test.request(http.MethodGet, path, nil)
require.Contains(t, body, "unauthorized", path)
require.Equal(t, http.StatusUnauthorized, resp.StatusCode, path)
}
}
test.login(user.email, user.password)
{ // Get_PaymentCards_EmptyReturn
resp, body := test.request(http.MethodGet, "/payments/cards", nil)
satellite/{payments,satellitedb}: Remove custom coupon implementation Removes database tables and functionality related to our custom coupon implementation because it has been superseded by the Stripe coupon and promo code system. Requires implementations of the payments Invoices interface to return coupon usages along with invoices. Change-Id: Iac52d2ff64afca8cc4dbb2d1f20e6ad4b39ddfde
2021-08-27 01:51:26 +01:00
require.JSONEq(t, "[]", body)
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
require.Equal(t, http.StatusOK, resp.StatusCode)
}
{ // Get_AccountBalance
resp, body := test.request(http.MethodGet, "/payments/account/balance", nil)
require.Contains(t, body, "freeCredits")
require.Equal(t, http.StatusOK, resp.StatusCode)
}
{ // Get_BillingHistory
resp, body := test.request(http.MethodGet, "/payments/billing-history", nil)
satellite/{payments,satellitedb}: Remove custom coupon implementation Removes database tables and functionality related to our custom coupon implementation because it has been superseded by the Stripe coupon and promo code system. Requires implementations of the payments Invoices interface to return coupon usages along with invoices. Change-Id: Iac52d2ff64afca8cc4dbb2d1f20e6ad4b39ddfde
2021-08-27 01:51:26 +01:00
require.JSONEq(t, "[]", body)
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
require.Equal(t, http.StatusOK, resp.StatusCode)
}
satellite/{console,consoleweb,consoleapi}: add new endpoint for paged invoices This change adds a new endpoint for listing invoices for billing history This endpoint will replace the billing-history endpoint used on the front end since were only interested in listing invoices. Issue: https://github.com/storj/storj/issues/5479 Change-Id: I4730f5dc497245c6730e60b7f9986554479d1d3b
2023-08-28 16:59:29 +01:00
{ // Get_InvoiceHistory
resp, body := test.request(http.MethodGet, "/payments/invoice-history?limit=1", nil)
require.Contains(t, body, "items")
require.Equal(t, http.StatusOK, resp.StatusCode)
}
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
{ // Get_AccountChargesByDateRange
resp, body := test.request(http.MethodGet, "/payments/account/charges?from=1619827200&to=1620844320", nil)
require.Contains(t, body, "egress")
require.Equal(t, http.StatusOK, resp.StatusCode)
}
})
}
satellite/console: add wallet payments API Extends satelling console billing API with method to retrieve payments for a particular wallet. Change-Id: I2e82793c715db9353427e0a287baac57bf6a0f43
2022-06-16 14:26:27 +01:00
func TestWalletPayments(t *testing.T) {
testplanet.Run(t, testplanet.Config{
SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1,
}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
test := newTest(t, ctx, planet)
sat := planet.Satellites[0]
userData := test.defaultUser()
test.login(userData.email, userData.password)
user, err := sat.DB.Console().Users().GetByEmail(ctx, userData.email)
require.NoError(t, err)
wallet := blockchaintest.NewAddress()
err = sat.DB.Wallets().Add(ctx, user.ID, wallet)
require.NoError(t, err)
resp, _ := test.request(http.MethodGet, "/payments/wallet/payments", nil)
require.Equal(t, http.StatusOK, resp.StatusCode)
})
}
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
func TestBuckets(t *testing.T) {
testplanet.Run(t, testplanet.Config{
SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1,
}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
test := newTest(t, ctx, planet)
user := test.defaultUser()
{ // Unauthorized
for _, path := range []string{
"/buckets/bucket-names?projectID=" + test.defaultProjectID(),
} {
resp, body := test.request(http.MethodGet, path, nil)
require.Contains(t, body, "unauthorized", path)
require.Equal(t, http.StatusUnauthorized, resp.StatusCode, path)
}
}
test.login(user.email, user.password)
{ // Get_BucketNamesByProjectId
resp, body := test.request(http.MethodGet, "/buckets/bucket-names?projectID="+test.defaultProjectID(), nil)
// TODO: this should be []
require.JSONEq(t, "null", body)
require.Equal(t, http.StatusOK, resp.StatusCode)
}
{ // get bucket usages
satellite/console: create http endpoint for getting bucket usage totals This change introduces an HTTP endpoint for retrieving bucket usage totals. In the future, this will replace its GraphQL counterpart. References #6141 Change-Id: Ic6a0069a7e58b90dc2b6c55f164393f036c6acf4
2023-08-08 06:32:25 +01:00
params := url.Values{
"projectID": {test.defaultProjectID()},
"before": {time.Now().Add(time.Second).Format(apigen.DateFormat)},
"limit": {"1"},
"search": {""},
"page": {"1"},
}
cmd,satellite: remove Graphql code and dependencies This change removes unused GraphQL code. It also updates storj sim code to use the GraphQL replacement HTTP endpoints and removes the GraphQL dependency. Issue: https://github.com/storj/storj/issues/6142 Change-Id: Ie502553706c4b1282cd883a9275ea7332b8fc92d
2023-08-22 11:51:59 +01:00
resp, body := test.request(http.MethodGet, "/buckets/usage-totals?"+params.Encode(), nil)
satellite/console: create http endpoint for getting bucket usage totals This change introduces an HTTP endpoint for retrieving bucket usage totals. In the future, this will replace its GraphQL counterpart. References #6141 Change-Id: Ic6a0069a7e58b90dc2b6c55f164393f036c6acf4
2023-08-08 06:32:25 +01:00
require.Equal(t, http.StatusOK, resp.StatusCode)
var page accounting.BucketUsagePage
require.NoError(t, json.Unmarshal([]byte(body), &page))
require.Empty(t, page.BucketUsages)
const bucketName = "my-bucket"
require.NoError(t, planet.Uplinks[0].CreateBucket(ctx, planet.Satellites[0], bucketName))
resp, body = test.request(http.MethodGet, "/buckets/usage-totals?"+params.Encode(), nil)
require.Equal(t, http.StatusOK, resp.StatusCode)
require.NoError(t, json.Unmarshal([]byte(body), &page))
require.NotEmpty(t, page.BucketUsages)
require.Equal(t, bucketName, page.BucketUsages[0].BucketName)
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
}
})
}
func TestAPIKeys(t *testing.T) {
testplanet.Run(t, testplanet.Config{
SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1,
}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
test := newTest(t, ctx, planet)
user := test.defaultUser()
test.login(user.email, user.password)
satellite/console: Partially revert change to remove graphql This partially reverts commit 516241e406923dedcc66df06b7e7c1479dc98b91. Endpoints are added to the backend, as there are some customers who may use these endpoints, even though they are no longer necessary for the satellite UI. Change-Id: I52a99912d9eacf269fbb2ddca603e53c4af6d6bf
2023-09-07 20:11:20 +01:00
{ // Post_GenerateApiKey
resp, body := test.request(http.MethodPost, "/graphql",
test.toJSON(map[string]interface{}{
"variables": map[string]interface{}{
"projectId": test.defaultProjectID(),
"name": user.email,
},
"query": `
mutation ($projectId: String!, $name: String!) {
createAPIKey(projectID: $projectId, name: $name) {
key
keyInfo {
id
name
createdAt
__typename
}
__typename
}
}`}))
require.Contains(t, body, "createAPIKey")
require.Equal(t, http.StatusOK, resp.StatusCode)
}
{ // Get_APIKeyInfoByProjectId
resp, body := test.request(http.MethodPost, "/graphql",
test.toJSON(map[string]interface{}{
"variables": map[string]interface{}{
"orderDirection": 1,
"projectId": test.defaultProjectID(),
"limit": 6,
"search": ``,
"page": 1,
"order": 1,
},
"query": `
query ($projectId: String!, $limit: Int!, $search: String!, $page: Int!, $order: Int!, $orderDirection: Int!) {
project(id: $projectId) {
apiKeys(cursor: {limit: $limit, search: $search, page: $page, order: $order, orderDirection: $orderDirection}) {
apiKeys {
id
name
createdAt
__typename
}
search
limit
order
pageCount
currentPage
totalCount
__typename
}
__typename
}
}`}))
require.Contains(t, body, "apiKeysPage")
require.Equal(t, http.StatusOK, resp.StatusCode)
}
satellite/console: add get project api keys http endpoint This change adds an endpoint to get paged project API keys, similar to GraphQL query. Issue: https://github.com/storj/storj/issues/6138 Change-Id: I5dea9e4ac61e798cc8a2e56a2755d722c1b66bfa
2023-08-04 15:45:13 +01:00
{ // Get_ProjectAPIKeys
var projects console.APIKeyPage
path := "/api-keys/list-paged?projectID=" + test.defaultProjectID() + "&search=''&limit=6&page=1&order=1&orderDirection=1"
resp, body := test.request(http.MethodGet, path, nil)
require.Equal(t, http.StatusOK, resp.StatusCode)
require.NoError(t, json.Unmarshal([]byte(body), &projects))
require.Contains(t, body, "apiKeys")
}
satellite/console: add create api key http endpoint This change adds an endpoint to create new API key, similar to GraphQL mutation. Issue: https://github.com/storj/storj/issues/6139 Change-Id: I2b35d680fa8e019666c811ad3bdf16201e3b8946
2023-08-07 13:45:25 +01:00
{ // Post_Create_APIKey
var response console.CreateAPIKeyResponse
path := "/api-keys/create/" + test.defaultProjectID()
resp, body := test.request(http.MethodPost, path,
test.toJSON(map[string]interface{}{
"name": "testCreatedKey",
}))
require.Equal(t, http.StatusOK, resp.StatusCode)
err := json.Unmarshal([]byte(body), &response)
require.NoError(t, err)
require.Contains(t, body, "key")
require.Contains(t, body, "keyInfo")
require.NotNil(t, response.KeyInfo)
}
satellite/console: add delete api keys http endpoint This change adds an endpoint to delete API keys, similar to GraphQL mutation. Issue: https://github.com/storj/storj/issues/6140 Change-Id: Ia4a808222a057a199d803d8ea6b944c411a4dc8d
2023-08-07 15:27:10 +01:00
{ // Delete_APIKeys_By_IDs
var response *console.CreateAPIKeyResponse
path := "/api-keys/create/" + test.defaultProjectID()
resp, body := test.request(http.MethodPost, path,
test.toJSON(map[string]interface{}{
"name": "testCreatedKey1",
}))
require.Equal(t, http.StatusOK, resp.StatusCode)
require.NoError(t, json.Unmarshal([]byte(body), &response))
path = "/api-keys/delete-by-ids"
resp, body = test.request(http.MethodDelete, path,
test.toJSON(map[string]interface{}{
"ids": []string{response.KeyInfo.ID.String()},
}))
require.Equal(t, http.StatusOK, resp.StatusCode)
require.Empty(t, body)
}
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
})
}
func TestProjects(t *testing.T) {
testplanet.Run(t, testplanet.Config{
SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1,
}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
test := newTest(t, ctx, planet)
user := test.defaultUser()
test.login(user.email, user.password)
satellite/console: Partially revert change to remove graphql This partially reverts commit 516241e406923dedcc66df06b7e7c1479dc98b91. Endpoints are added to the backend, as there are some customers who may use these endpoints, even though they are no longer necessary for the satellite UI. Change-Id: I52a99912d9eacf269fbb2ddca603e53c4af6d6bf
2023-09-07 20:11:20 +01:00
{ // Get_ProjectId
resp, body := test.request(http.MethodPost, "/graphql",
test.toJSON(map[string]interface{}{
"query": `
{
myProjects {
name
id
description
createdAt
ownerId
__typename
}
}`}))
require.Contains(t, body, test.defaultProjectID())
require.Equal(t, http.StatusOK, resp.StatusCode)
}
satellite/console: create project salt endpoint on satellite web server Introduces a new endpoint on the satellite web server to get the project's salt. The endpoint utilizes a new console service method GetSalt which in turn calls the project DB GetSalt method if the user is authorized. It returns the project salt bytes as a base64 encoded string in the response. Change-Id: Ia13b5a4b8580e7bdad0dbb98014a276b1c74b46d
2022-09-13 13:59:15 +01:00
{ // Get_Salt
projectID := test.defaultProjectID()
id, err := uuid.FromString(projectID)
require.NoError(t, err)
// get salt from endpoint
var b64Salt string
resp, body := test.request(http.MethodGet, fmt.Sprintf("/projects/%s/salt", test.defaultProjectID()), nil)
require.Equal(t, http.StatusOK, resp.StatusCode)
require.NoError(t, json.Unmarshal([]byte(body), &b64Salt))
// get salt from db and base64 encode it
salt, err := planet.Satellites[0].DB.Console().Projects().GetSalt(ctx, id)
require.NoError(t, err)
require.Equal(t, b64Salt, base64.StdEncoding.EncodeToString(salt))
}
satellite/console: add create project http endpoint This change adds an HTTP endpoint for creating projects, to be used in place of the GraphQL version. Issue: https://github.com/storj/storj/issues/6195 Change-Id: I0377353418df7c152db6a935e99a3ea7ab4ce625
2023-08-18 14:31:49 +01:00
{ // Create_Project
name := "a name"
description := "a description"
resp, body := test.request(http.MethodPost, "/projects", test.toJSON(map[string]interface{}{
"name": name,
"description": description,
}))
require.Equal(t, http.StatusCreated, resp.StatusCode)
var createdProject console.ProjectInfo
require.NoError(t, json.Unmarshal([]byte(body), &createdProject))
require.Equal(t, name, createdProject.Name)
require.Equal(t, description, createdProject.Description)
}
satellite/console: add get user projects http endpoint This change adds an endpoint to get a user's projects, similar to the MyProjects GraphQL query. Issue: https://github.com/storj/storj/issues/6132 Change-Id: I91feb5a1ee8c1231a8a5e6de9b8dc5b256f857c5
2023-08-02 22:44:03 +01:00
satellite/console: add create project http endpoint This change adds an HTTP endpoint for creating projects, to be used in place of the GraphQL version. Issue: https://github.com/storj/storj/issues/6195 Change-Id: I0377353418df7c152db6a935e99a3ea7ab4ce625
2023-08-18 14:31:49 +01:00
{ // Get_User_Projects
var projects []console.ProjectInfo
satellite/console: add get user projects http endpoint This change adds an endpoint to get a user's projects, similar to the MyProjects GraphQL query. Issue: https://github.com/storj/storj/issues/6132 Change-Id: I91feb5a1ee8c1231a8a5e6de9b8dc5b256f857c5
2023-08-02 22:44:03 +01:00
resp, body := test.request(http.MethodGet, "/projects", nil)
require.Equal(t, http.StatusOK, resp.StatusCode)
require.NoError(t, json.Unmarshal([]byte(body), &projects))
require.NotEmpty(t, projects)
}
satellite/console: Partially revert change to remove graphql This partially reverts commit 516241e406923dedcc66df06b7e7c1479dc98b91. Endpoints are added to the backend, as there are some customers who may use these endpoints, even though they are no longer necessary for the satellite UI. Change-Id: I52a99912d9eacf269fbb2ddca603e53c4af6d6bf
2023-09-07 20:11:20 +01:00
{ // Get_ProjectInfo
resp, body := test.request(http.MethodPost, "/graphql",
test.toJSON(map[string]interface{}{
"variables": map[string]interface{}{
"projectId": test.defaultProjectID(),
"before": "2021-05-12T18:32:30.533Z",
"limit": 7,
"search": "",
"page": 1,
},
"query": `
query ($projectId: String!, $before: DateTime!, $limit: Int!, $search: String!, $page: Int!) {
project(id: $projectId) {
bucketUsages(before: $before, cursor: {limit: $limit, search: $search, page: $page}) {
bucketUsages {
bucketName
storage
egress
objectCount
segmentCount
since
before
__typename
}
search
limit
offset
pageCount
currentPage
totalCount
__typename
}
__typename
}
}`}))
require.Contains(t, body, "bucketUsagePage")
require.Equal(t, http.StatusOK, resp.StatusCode)
}
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
{ // Get_ProjectUsageLimitById
resp, body := test.request(http.MethodGet, `/projects/`+test.defaultProjectID()+`/usage-limits`, nil)
require.Equal(t, http.StatusOK, resp.StatusCode)
require.Contains(t, body, "storageLimit")
}
satellite: add get user paged projects http endpoint This change adds an endpoint to get a user's projects, similar to the OwnedProjects GraphQL query. The console.ProjectInfo struct has been renamed to UpsertProjectInfo to more accurately reflect its use. Issue: https://github.com/storj/storj/issues/6135 Change-Id: I802fe4694a5cc75a9df2b565476f6e6f473431d4
2023-08-07 14:16:04 +01:00
{ // Get_OwnedProjects - HTTP
var projects console.ProjectInfoPage
resp, body := test.request(http.MethodGet, "/projects/paged?limit=6&page=1", nil)
require.Equal(t, http.StatusOK, resp.StatusCode)
require.NoError(t, json.Unmarshal([]byte(body), &projects))
require.NotEmpty(t, projects.Projects)
}
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
{ // Post_ProjectRenameInvalid
cmd,satellite: remove Graphql code and dependencies This change removes unused GraphQL code. It also updates storj sim code to use the GraphQL replacement HTTP endpoints and removes the GraphQL dependency. Issue: https://github.com/storj/storj/issues/6142 Change-Id: Ie502553706c4b1282cd883a9275ea7332b8fc92d
2023-08-22 11:51:59 +01:00
resp, body := test.request(http.MethodPatch, fmt.Sprintf("/projects/%s", test.defaultProjectID()),
satellite/console: add update project http endpoint This change adds an endpoint update projects, to be used in place of the graphql alternative. Issue: https://github.com/storj/storj/issues/6134 Change-Id: I26c04f4400f71721cbddb7f64405e6c9b78edb4d
2023-08-09 01:14:28 +01:00
test.toJSON(map[string]interface{}{
"name": "My Second Project with a long name",
}))
require.Contains(t, body, "error")
require.Equal(t, http.StatusInternalServerError, resp.StatusCode)
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
}
{ // Post_ProjectRename
cmd,satellite: remove Graphql code and dependencies This change removes unused GraphQL code. It also updates storj sim code to use the GraphQL replacement HTTP endpoints and removes the GraphQL dependency. Issue: https://github.com/storj/storj/issues/6142 Change-Id: Ie502553706c4b1282cd883a9275ea7332b8fc92d
2023-08-22 11:51:59 +01:00
resp, _ := test.request(http.MethodPatch, fmt.Sprintf("/projects/%s", test.defaultProjectID()),
satellite/console: add update project http endpoint This change adds an endpoint update projects, to be used in place of the graphql alternative. Issue: https://github.com/storj/storj/issues/6134 Change-Id: I26c04f4400f71721cbddb7f64405e6c9b78edb4d
2023-08-09 01:14:28 +01:00
test.toJSON(map[string]interface{}{
"name": "new name",
}))
require.Equal(t, http.StatusOK, resp.StatusCode)
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
}
})
}
func TestWrongUser(t *testing.T) {
testplanet.Run(t, testplanet.Config{
SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1,
satellite/console: add more cross-user api tests This change adds more endpoints to the cross-user api test. Issue: https://github.com/storj/storj/issues/6246 Change-Id: I4c3128c3a932c713b10499a8909836a599b79458
2023-09-08 19:47:45 +01:00
Reconfigure: testplanet.Reconfigure{
Satellite: func(log *zap.Logger, index int, config *satellite.Config) {
config.Console.RateLimit.Burst = 4
},
},
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
test := newTest(t, ctx, planet)
satellite/{consoleweb,consoleapi}: add cross user api tests This change adds tests to ensure critical endpoints are not able to be called by users for other users. It asserts that if cases like that do happen, a 401 response will be sent. Issue: https://github.com/storj/storj-private/issues/407 Change-Id: I70097a80f691a7d0fcb0bc5dbce8291144177720
2023-08-21 23:50:02 +01:00
authorizedUser := test.defaultUser()
unauthorizedUser := test.registerUser("user@mail.test", "#$Rnkl12i3nkljfds")
type endpointTest struct {
endpoint string
method string
body interface{}
}
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
satellite/{consoleweb,consoleapi}: add cross user api tests This change adds tests to ensure critical endpoints are not able to be called by users for other users. It asserts that if cases like that do happen, a 401 response will be sent. Issue: https://github.com/storj/storj-private/issues/407 Change-Id: I70097a80f691a7d0fcb0bc5dbce8291144177720
2023-08-21 23:50:02 +01:00
baseProjectsUrl := "/projects"
satellite/console: add more cross-user api tests This change adds more endpoints to the cross-user api test. Issue: https://github.com/storj/storj/issues/6246 Change-Id: I4c3128c3a932c713b10499a8909836a599b79458
2023-09-08 19:47:45 +01:00
baseApiKeyUrl := "/api-keys"
satellite/{consoleweb,consoleapi}: add cross user api tests This change adds tests to ensure critical endpoints are not able to be called by users for other users. It asserts that if cases like that do happen, a 401 response will be sent. Issue: https://github.com/storj/storj-private/issues/407 Change-Id: I70097a80f691a7d0fcb0bc5dbce8291144177720
2023-08-21 23:50:02 +01:00
baseProjectIdUrl := fmt.Sprintf("%s/%s", baseProjectsUrl, test.defaultProjectID())
getProjectResourceUrl := func(resource string) string {
return fmt.Sprintf("%s/%s", baseProjectIdUrl, resource)
}
satellite/console: add more cross-user api tests This change adds more endpoints to the cross-user api test. Issue: https://github.com/storj/storj/issues/6246 Change-Id: I4c3128c3a932c713b10499a8909836a599b79458
2023-09-08 19:47:45 +01:00
getIdAppendedApiKeyUrl := func(resource string) string {
return fmt.Sprintf("%s/%s%s", baseApiKeyUrl, resource, test.defaultProjectID())
}
// login and create an api key and credit card to test deletion.
test.login(authorizedUser.email, authorizedUser.password)
resp, body := test.request(http.MethodPost, getIdAppendedApiKeyUrl("create/"), test.toJSON("some name"))
require.Equal(t, http.StatusOK, resp.StatusCode)
var response console.CreateAPIKeyResponse
require.NoError(t, json.Unmarshal([]byte(body), &response))
apiKeyId := response.KeyInfo.ID.String()
test.login(unauthorizedUser.email, unauthorizedUser.password)
satellite/{consoleweb,consoleapi}: add cross user api tests This change adds tests to ensure critical endpoints are not able to be called by users for other users. It asserts that if cases like that do happen, a 401 response will be sent. Issue: https://github.com/storj/storj-private/issues/407 Change-Id: I70097a80f691a7d0fcb0bc5dbce8291144177720
2023-08-21 23:50:02 +01:00
testCases := []endpointTest{
{
endpoint: baseProjectIdUrl,
method: http.MethodPatch,
body: map[string]interface{}{
"name": "new name",
},
},
{
endpoint: getProjectResourceUrl("members") + "?emails=" + "some@email.com",
method: http.MethodDelete,
},
{
endpoint: getProjectResourceUrl("salt"),
method: http.MethodGet,
},
{
endpoint: getProjectResourceUrl("members"),
method: http.MethodGet,
},
satellite/{console,analytics}: allow limit increase request This change adds a new endpoint that submits limit increase requests to segment. Issue: https://github.com/storj/storj/issues/6233 Change-Id: Ie4f70aef31079acbe2f24771b3ea359d5769eb95
2023-09-06 13:30:55 +01:00
{
endpoint: getProjectResourceUrl("limit-increase"),
method: http.MethodPost,
body: map[string]interface{}{
"limitType": "storage",
"currentLimit": "100000000",
"desiredLimit": "200000000",
},
},
satellite/{consoleweb,consoleapi}: add cross user api tests This change adds tests to ensure critical endpoints are not able to be called by users for other users. It asserts that if cases like that do happen, a 401 response will be sent. Issue: https://github.com/storj/storj-private/issues/407 Change-Id: I70097a80f691a7d0fcb0bc5dbce8291144177720
2023-08-21 23:50:02 +01:00
{
satellite/console,web/satellite: disallow creating multiple new invites This change prevents multiple project invitation records from being created from a single API request. Change-Id: I01268fcc0e2f7b5f24870b032cb53f03c7ad0800
2023-10-16 21:29:36 +01:00
endpoint: getProjectResourceUrl("invite") + "/" + "some@email.com",
satellite/{consoleweb,consoleapi}: add cross user api tests This change adds tests to ensure critical endpoints are not able to be called by users for other users. It asserts that if cases like that do happen, a 401 response will be sent. Issue: https://github.com/storj/storj-private/issues/407 Change-Id: I70097a80f691a7d0fcb0bc5dbce8291144177720
2023-08-21 23:50:02 +01:00
method: http.MethodPost,
},
{
endpoint: getProjectResourceUrl("usage-limits"),
method: http.MethodGet,
},
satellite/console: add more cross-user api tests This change adds more endpoints to the cross-user api test. Issue: https://github.com/storj/storj/issues/6246 Change-Id: I4c3128c3a932c713b10499a8909836a599b79458
2023-09-08 19:47:45 +01:00
{
endpoint: "/buckets/bucket-names?projectID=" + test.defaultProjectID(),
method: http.MethodGet,
},
{
endpoint: "/buckets/usage-totals?limit=10&page=1&before=" + time.Now().Format(apigen.DateFormat) + "&projectID=" + test.defaultProjectID(),
method: http.MethodGet,
},
satellite/{consoleweb,consoleapi}: add cross user api tests This change adds tests to ensure critical endpoints are not able to be called by users for other users. It asserts that if cases like that do happen, a 401 response will be sent. Issue: https://github.com/storj/storj-private/issues/407 Change-Id: I70097a80f691a7d0fcb0bc5dbce8291144177720
2023-08-21 23:50:02 +01:00
{
endpoint: getProjectResourceUrl("daily-usage") + "?from=100000000&to=200000000000",
method: http.MethodGet,
},
{
satellite/console: add more cross-user api tests This change adds more endpoints to the cross-user api test. Issue: https://github.com/storj/storj/issues/6246 Change-Id: I4c3128c3a932c713b10499a8909836a599b79458
2023-09-08 19:47:45 +01:00
endpoint: getIdAppendedApiKeyUrl("create/"),
satellite/{consoleweb,consoleapi}: add cross user api tests This change adds tests to ensure critical endpoints are not able to be called by users for other users. It asserts that if cases like that do happen, a 401 response will be sent. Issue: https://github.com/storj/storj-private/issues/407 Change-Id: I70097a80f691a7d0fcb0bc5dbce8291144177720
2023-08-21 23:50:02 +01:00
method: http.MethodPost,
body: "name",
},
satellite/console: add more cross-user api tests This change adds more endpoints to the cross-user api test. Issue: https://github.com/storj/storj/issues/6246 Change-Id: I4c3128c3a932c713b10499a8909836a599b79458
2023-09-08 19:47:45 +01:00
{
endpoint: getIdAppendedApiKeyUrl("delete-by-name?name=name&projectID="),
method: http.MethodDelete,
},
{
endpoint: getIdAppendedApiKeyUrl("list-paged?limit=10&page=1&order=1&orderDirection=1&projectID="),
method: http.MethodGet,
},
{
endpoint: getIdAppendedApiKeyUrl("api-key-names?projectID="),
method: http.MethodGet,
},
{
endpoint: baseApiKeyUrl + "/delete-by-ids",
method: http.MethodDelete,
body: map[string]interface{}{
"ids": []string{apiKeyId},
},
},
satellite/{consoleweb,consoleapi}: add cross user api tests This change adds tests to ensure critical endpoints are not able to be called by users for other users. It asserts that if cases like that do happen, a 401 response will be sent. Issue: https://github.com/storj/storj-private/issues/407 Change-Id: I70097a80f691a7d0fcb0bc5dbce8291144177720
2023-08-21 23:50:02 +01:00
}
for _, testCase := range testCases {
t.Run(fmt.Sprintf("Unauthorized on %s", testCase.endpoint), func(t *testing.T) {
satellite/console: add more cross-user api tests This change adds more endpoints to the cross-user api test. Issue: https://github.com/storj/storj/issues/6246 Change-Id: I4c3128c3a932c713b10499a8909836a599b79458
2023-09-08 19:47:45 +01:00
resp, body = test.request(testCase.method, testCase.endpoint, test.toJSON(testCase.body))
satellite/{consoleweb,consoleapi}: add cross user api tests This change adds tests to ensure critical endpoints are not able to be called by users for other users. It asserts that if cases like that do happen, a 401 response will be sent. Issue: https://github.com/storj/storj-private/issues/407 Change-Id: I70097a80f691a7d0fcb0bc5dbce8291144177720
2023-08-21 23:50:02 +01:00
require.Contains(t, body, "not authorized")
require.Equal(t, http.StatusUnauthorized, resp.StatusCode)
})
}
// login with correct user to make sure they have access.
test.login(authorizedUser.email, authorizedUser.password)
for _, testCase := range testCases {
t.Run(fmt.Sprintf("Authorized on %s", testCase.endpoint), func(t *testing.T) {
satellite/console: add more cross-user api tests This change adds more endpoints to the cross-user api test. Issue: https://github.com/storj/storj/issues/6246 Change-Id: I4c3128c3a932c713b10499a8909836a599b79458
2023-09-08 19:47:45 +01:00
resp, body = test.request(testCase.method, testCase.endpoint, test.toJSON(testCase.body))
satellite/{consoleweb,consoleapi}: add cross user api tests This change adds tests to ensure critical endpoints are not able to be called by users for other users. It asserts that if cases like that do happen, a 401 response will be sent. Issue: https://github.com/storj/storj-private/issues/407 Change-Id: I70097a80f691a7d0fcb0bc5dbce8291144177720
2023-08-21 23:50:02 +01:00
require.NotContains(t, body, "not authorized")
require.NotEqual(t, http.StatusUnauthorized, resp.StatusCode)
})
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
}
})
}
type test struct {
t *testing.T
ctx *testcontext.Context
planet *testplanet.Planet
client *http.Client
}
func newTest(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) test {
jar, err := cookiejar.New(nil)
require.NoError(t, err)
return test{t: t, ctx: ctx, planet: planet, client: &http.Client{Jar: jar}}
}
type registeredUser struct {
id string
email string
password string
}
func (test *test) request(method string, path string, data io.Reader) (resp Response, body string) {
req, err := http.NewRequestWithContext(test.ctx, method, test.url(path), data)
require.NoError(test.t, err)
req.Header = map[string][]string{
"sec-ch-ua": {`" Not A;Brand";v="99"`, `"Chromium";v="90"`, `"Google Chrome";v="90"`},
"sec-ch-ua-mobile": {"?0"},
"User-Agent": {"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36"},
"Content-Type": {"application/json"},
"Accept": {"*/*"},
}
return test.do(req)
}
// Response is a wrapper for http.Request to prevent false-positive with bodyclose check.
type Response struct{ *http.Response }
func (test *test) do(req *http.Request) (_ Response, body string) {
resp, err := test.client.Do(req)
require.NoError(test.t, err)
all: fix deprecated ioutil commands Change-Id: I59db35116ec7215a1b8e2ae7dbd319fa099adfac
2022-10-11 12:39:08 +01:00
data, err := io.ReadAll(resp.Body)
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
require.NoError(test.t, err)
require.NoError(test.t, resp.Body.Close())
return Response{resp}, string(data)
}
func (test *test) url(suffix string) string {
return test.planet.Satellites[0].ConsoleURL() + "/api/v0" + suffix
}
func (test *test) toJSON(v interface{}) io.Reader {
satellite/console: add more cross-user api tests This change adds more endpoints to the cross-user api test. Issue: https://github.com/storj/storj/issues/6246 Change-Id: I4c3128c3a932c713b10499a8909836a599b79458
2023-09-08 19:47:45 +01:00
if str, ok := v.(string); ok {
return strings.NewReader(str)
}
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
data, err := json.Marshal(v)
require.NoError(test.t, err)
return strings.NewReader(string(data))
}
func (test *test) defaultUser() registeredUser {
user := test.planet.Uplinks[0].User[test.planet.Satellites[0].ID()]
return registeredUser{
email: user.Email,
password: user.Password,
}
}
func (test *test) defaultProjectID() string { return test.planet.Uplinks[0].Projects[0].ID.String() }
satellite/console: integrate sessions into satellite UI This change integrates the session management database functionality with the web application. Claim-based authentication has been removed in favor of session token-based authentication. Change-Id: I62a4f5354a3ed8ca80272814aad2448f901eab1b
2022-06-05 23:41:38 +01:00
func (test *test) login(email, password string) Response {
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
resp, body := test.request(
http.MethodPost, "/auth/token",
test.toJSON(map[string]string{
"email": email,
"password": password,
}))
satellite/console: add more cross-user api tests This change adds more endpoints to the cross-user api test. Issue: https://github.com/storj/storj/issues/6246 Change-Id: I4c3128c3a932c713b10499a8909836a599b79458
2023-09-08 19:47:45 +01:00
require.Equal(test.t, http.StatusOK, resp.StatusCode)
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
cookie := findCookie(resp, "_tokenKey")
require.NotNil(test.t, cookie)
satellite/console,web/satellite: invalidate sessions after inactivity Sessions now expire after a much shorter amount of time, requiring clients to issue API requests for session extension. This is handled behind the scenes as the user interacts with the page, but once session expiration is imminent, a modal appears which informs the user of his inactivity and presents him with the choice of loging out or preserving his session. Change-Id: I68008d45859c814a835d65d882ad5ad2199d618e
2022-07-19 10:26:18 +01:00
var tokenInfo struct {
Token string `json:"token"`
}
require.NoError(test.t, json.Unmarshal([]byte(body), &tokenInfo))
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
require.Equal(test.t, http.StatusOK, resp.StatusCode)
satellite/console,web/satellite: invalidate sessions after inactivity Sessions now expire after a much shorter amount of time, requiring clients to issue API requests for session extension. This is handled behind the scenes as the user interacts with the page, but once session expiration is imminent, a modal appears which informs the user of his inactivity and presents him with the choice of loging out or preserving his session. Change-Id: I68008d45859c814a835d65d882ad5ad2199d618e
2022-07-19 10:26:18 +01:00
require.Equal(test.t, tokenInfo.Token, cookie.Value)
satellite/console: integrate sessions into satellite UI This change integrates the session management database functionality with the web application. Claim-based authentication has been removed in favor of session token-based authentication. Change-Id: I62a4f5354a3ed8ca80272814aad2448f901eab1b
2022-06-05 23:41:38 +01:00
return resp
satellite/console/consoleweb: add endpoint tests This currently contains tests for both graphql and regular endpoints. Co-authored-by: Antonio Franco <antonio@storj.io> Change-Id: I28d7e629b1caa114438d6fbc3abcc079a8ca10a6
2021-08-11 12:50:50 +01:00
}
func (test *test) registerUser(email, password string) registeredUser {
resp, body := test.request(
http.MethodPost, "/auth/register",
test.toJSON(map[string]interface{}{
"secret": "",
"password": password,
"fullName": "Chester Cheeto",
"shortName": "",
"email": email,
"partner": "",
"partnerId": "",
"isProfessional": false,
"position": "",
"companyName": "",
"employeeCount": "",
"haveSalesContact": false,
}))
require.Equal(test.t, http.StatusOK, resp.StatusCode)
time.Sleep(time.Second) // TODO: hack-fix, register activates account asynchronously
return registeredUser{
id: body,
email: email,
password: password,
}
}
func findCookie(response Response, name string) *http.Cookie {
for _, c := range response.Cookies() {
if c.Name == name {
return c
}
}
return nil
}
Reference in New Issue Copy Permalink