storj/satellite/console/consoleweb/consoleapi/apikeys_test.go

// Copyright (C) 2021 Storj Labs, Inc.
// See LICENSE for copying information.

package consoleapi_test

import (
	"encoding/json"
	"io"
	"net/http"
	"testing"
	"time"

	"github.com/stretchr/testify/require"
	"go.uber.org/zap"

	"storj.io/common/macaroon"
	"storj.io/common/testcontext"
	"storj.io/storj/private/testplanet"
	"storj.io/storj/satellite"
	"storj.io/storj/satellite/console"
)

func Test_DeleteAPIKeyByNameAndProjectID(t *testing.T) {
	testplanet.Run(t, testplanet.Config{
		SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1,
		Reconfigure: testplanet.Reconfigure{
			Satellite: func(log *zap.Logger, index int, config *satellite.Config) {
				config.Console.OpenRegistrationEnabled = true
				config.Console.RateLimit.Burst = 10
			},
		},
	}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
		sat := planet.Satellites[0]

		newUser := console.CreateUser{
			FullName:  "test_name",
			ShortName: "",
			Email:     "apikeytest@test.test",
		}

		user, err := sat.AddUser(ctx, newUser, 1)
		require.NoError(t, err)

		project, err := sat.AddProject(ctx, user.ID, "apikeytest")
		require.NoError(t, err)

		secret, err := macaroon.NewSecret()
		require.NoError(t, err)

		key, err := macaroon.NewAPIKey(secret)
		require.NoError(t, err)

		apikey := console.APIKeyInfo{
			Name:      "test",
			ProjectID: project.ID,
			Secret:    secret,
		}

		// we are using full name as a password
		tokenInfo, err := sat.API.Console.Service.Token(ctx, console.AuthUser{Email: user.Email, Password: user.FullName})
		require.NoError(t, err)

		client := http.Client{}

		expire := time.Now().AddDate(0, 0, 1)
		cookie := http.Cookie{
			Name:    "_tokenKey",
			Path:    "/",
			Value:   tokenInfo.Token.String(),
			Expires: expire,
		}

		deleteTestFunc := func(request *http.Request) func(t *testing.T) {
			return func(t *testing.T) {
				created, err := sat.DB.Console().APIKeys().Create(ctx, key.Head(), apikey)
				require.NoError(t, err)

				request.AddCookie(&cookie)

				result, err := client.Do(request)
				require.NoError(t, err)
				require.Equal(t, http.StatusOK, result.StatusCode)

				keyAfterDelete, err := sat.DB.Console().APIKeys().Get(ctx, created.ID)
				require.Error(t, err)
				require.Nil(t, keyAfterDelete)

				defer func() {
					err = result.Body.Close()
					require.NoError(t, err)
				}()
			}
		}

		req, err := http.NewRequestWithContext(ctx, http.MethodDelete, "http://"+planet.Satellites[0].API.Console.Listener.Addr().String()+"/api/v0/api-keys/delete-by-name?name="+apikey.Name+"&projectID="+project.ID.String(), nil)
		require.NoError(t, err)
		t.Run("delete by name and projectID", deleteTestFunc(req))

		req, err = http.NewRequestWithContext(ctx, http.MethodDelete, "http://"+planet.Satellites[0].API.Console.Listener.Addr().String()+"/api/v0/api-keys/delete-by-name?name="+apikey.Name+"&publicID="+project.PublicID.String(), nil)
		require.NoError(t, err)
		t.Run("delete by name and publicID", deleteTestFunc(req))
	})
}

func Test_GetAllAPIKeyNamesByProjectID(t *testing.T) {
	testplanet.Run(t, testplanet.Config{
		SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1,
		Reconfigure: testplanet.Reconfigure{
			Satellite: func(log *zap.Logger, index int, config *satellite.Config) {
				config.Console.OpenRegistrationEnabled = true
				config.Console.RateLimit.Burst = 10
			},
		},
	}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
		sat := planet.Satellites[0]

		newUser := console.CreateUser{
			FullName:  "test_name",
			ShortName: "",
			Email:     "apikeytest1@test.test",
		}

		user, err := sat.AddUser(ctx, newUser, 1)
		require.NoError(t, err)

		project, err := sat.AddProject(ctx, user.ID, "apikeytest")
		require.NoError(t, err)

		// we are using full name as a password
		tokenInfo, err := sat.API.Console.Service.Token(ctx, console.AuthUser{Email: user.Email, Password: user.FullName})
		require.NoError(t, err)

		client := http.Client{}

		expire := time.Now().AddDate(0, 0, 1)
		cookie := http.Cookie{
			Name:    "_tokenKey",
			Path:    "/",
			Value:   tokenInfo.Token.String(),
			Expires: expire,
		}

		secret, err := macaroon.NewSecret()
		require.NoError(t, err)

		key, err := macaroon.NewAPIKey(secret)
		require.NoError(t, err)

		apikey := console.APIKeyInfo{
			Name:      "test",
			ProjectID: project.ID,
			Secret:    secret,
		}

		secret1, err := macaroon.NewSecret()
		require.NoError(t, err)

		key1, err := macaroon.NewAPIKey(secret1)
		require.NoError(t, err)

		apikey1 := console.APIKeyInfo{
			Name:      "test1",
			ProjectID: project.ID,
			Secret:    secret1,
		}

		created, err := sat.DB.Console().APIKeys().Create(ctx, key.Head(), apikey)
		require.NoError(t, err)

		created1, err := sat.DB.Console().APIKeys().Create(ctx, key1.Head(), apikey1)
		require.NoError(t, err)

		request, err := http.NewRequestWithContext(ctx, http.MethodGet, "http://"+planet.Satellites[0].API.Console.Listener.Addr().String()+"/api/v0/api-keys/api-key-names?projectID="+project.ID.String(), nil)
		require.NoError(t, err)

		request.AddCookie(&cookie)

		result, err := client.Do(request)
		require.NoError(t, err)
		require.Equal(t, http.StatusOK, result.StatusCode)

		body, err := io.ReadAll(result.Body)
		require.NoError(t, err)

		var output []string

		err = json.Unmarshal(body, &output)
		require.NoError(t, err)

		require.Equal(t, 2, len(output))
		require.Equal(t, created.Name, output[0])
		require.Equal(t, created1.Name, output[1])

		defer func() {
			err = result.Body.Close()
			require.NoError(t, err)
		}()
	})
}
satellite/console: delete api key by name and project id endpoint WHAT: new endpoint to be able to delete apiKey/accessGrant by name and project id WHY: it will be called to delete special pregenerated access grant which will be used to generate gateway credentials for file browser component or bucket management Change-Id: I7467ebaab27a7da33efd062536c6da41e6ed4c30 2021-03-16 19:43:02 +00:00			`// Copyright (C) 2021 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package consoleapi_test`

			`import (`
satellite/{console, db}: endpoint to get all API key names by project ID Added new endpoint, service method and DB query to get all API key names by provided project ID. Issue: https://github.com/storj/storj/issues/5693 Change-Id: I62e4e8ae660bd81234b75aa159a472a5aa9d5a48 2023-06-12 13:42:49 +01:00			`"encoding/json"`
			`"io"`
satellite/console: delete api key by name and project id endpoint WHAT: new endpoint to be able to delete apiKey/accessGrant by name and project id WHY: it will be called to delete special pregenerated access grant which will be used to generate gateway credentials for file browser component or bucket management Change-Id: I7467ebaab27a7da33efd062536c6da41e6ed4c30 2021-03-16 19:43:02 +00:00			`"net/http"`
			`"testing"`
			`"time"`

			`"github.com/stretchr/testify/require"`
			`"go.uber.org/zap"`

			`"storj.io/common/macaroon"`
			`"storj.io/common/testcontext"`
			`"storj.io/storj/private/testplanet"`
			`"storj.io/storj/satellite"`
			`"storj.io/storj/satellite/console"`
			`)`

			`func Test_DeleteAPIKeyByNameAndProjectID(t *testing.T) {`
			`testplanet.Run(t, testplanet.Config{`
			`SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1,`
			`Reconfigure: testplanet.Reconfigure{`
			`Satellite: func(log zap.Logger, index int, config satellite.Config) {`
			`config.Console.OpenRegistrationEnabled = true`
			`config.Console.RateLimit.Burst = 10`
			`},`
			`},`
			`}, func(t testing.T, ctx testcontext.Context, planet *testplanet.Planet) {`
			`sat := planet.Satellites[0]`

			`newUser := console.CreateUser{`
			`FullName: "test_name",`
			`ShortName: "",`
			`Email: "apikeytest@test.test",`
			`}`

			`user, err := sat.AddUser(ctx, newUser, 1)`
			`require.NoError(t, err)`

			`project, err := sat.AddProject(ctx, user.ID, "apikeytest")`
			`require.NoError(t, err)`

			`secret, err := macaroon.NewSecret()`
			`require.NoError(t, err)`

			`key, err := macaroon.NewAPIKey(secret)`
			`require.NoError(t, err)`

			`apikey := console.APIKeyInfo{`
			`Name: "test",`
			`ProjectID: project.ID,`
			`Secret: secret,`
			`}`

			`// we are using full name as a password`
satellite/console,web/satellite: invalidate sessions after inactivity Sessions now expire after a much shorter amount of time, requiring clients to issue API requests for session extension. This is handled behind the scenes as the user interacts with the page, but once session expiration is imminent, a modal appears which informs the user of his inactivity and presents him with the choice of loging out or preserving his session. Change-Id: I68008d45859c814a835d65d882ad5ad2199d618e 2022-07-19 10:26:18 +01:00			`tokenInfo, err := sat.API.Console.Service.Token(ctx, console.AuthUser{Email: user.Email, Password: user.FullName})`
satellite/console: delete api key by name and project id endpoint WHAT: new endpoint to be able to delete apiKey/accessGrant by name and project id WHY: it will be called to delete special pregenerated access grant which will be used to generate gateway credentials for file browser component or bucket management Change-Id: I7467ebaab27a7da33efd062536c6da41e6ed4c30 2021-03-16 19:43:02 +00:00			`require.NoError(t, err)`

			`client := http.Client{}`

			`expire := time.Now().AddDate(0, 0, 1)`
			`cookie := http.Cookie{`
			`Name: "_tokenKey",`
			`Path: "/",`
satellite/console,web/satellite: invalidate sessions after inactivity Sessions now expire after a much shorter amount of time, requiring clients to issue API requests for session extension. This is handled behind the scenes as the user interacts with the page, but once session expiration is imminent, a modal appears which informs the user of his inactivity and presents him with the choice of loging out or preserving his session. Change-Id: I68008d45859c814a835d65d882ad5ad2199d618e 2022-07-19 10:26:18 +01:00			`Value: tokenInfo.Token.String(),`
satellite/console: delete api key by name and project id endpoint WHAT: new endpoint to be able to delete apiKey/accessGrant by name and project id WHY: it will be called to delete special pregenerated access grant which will be used to generate gateway credentials for file browser component or bucket management Change-Id: I7467ebaab27a7da33efd062536c6da41e6ed4c30 2021-03-16 19:43:02 +00:00			`Expires: expire,`
			`}`

satellite/{console,web}: support delete by ID and publicID Update the delete API key by name and projectID to support project-ID and project-publicID. Issue: https://github.com/storj/storj/issues/5410 Change-Id: I3bd11b9c3ae1ad6ce662dfc18b42779d2e4edf9b 2023-01-05 09:17:16 +00:00			`deleteTestFunc := func(request http.Request) func(t testing.T) {`
			`return func(t *testing.T) {`
			`created, err := sat.DB.Console().APIKeys().Create(ctx, key.Head(), apikey)`
			`require.NoError(t, err)`
satellite/console: delete api key by name and project id endpoint WHAT: new endpoint to be able to delete apiKey/accessGrant by name and project id WHY: it will be called to delete special pregenerated access grant which will be used to generate gateway credentials for file browser component or bucket management Change-Id: I7467ebaab27a7da33efd062536c6da41e6ed4c30 2021-03-16 19:43:02 +00:00
satellite/{console,web}: support delete by ID and publicID Update the delete API key by name and projectID to support project-ID and project-publicID. Issue: https://github.com/storj/storj/issues/5410 Change-Id: I3bd11b9c3ae1ad6ce662dfc18b42779d2e4edf9b 2023-01-05 09:17:16 +00:00			`request.AddCookie(&cookie)`

			`result, err := client.Do(request)`
			`require.NoError(t, err)`
			`require.Equal(t, http.StatusOK, result.StatusCode)`
satellite/console: delete api key by name and project id endpoint WHAT: new endpoint to be able to delete apiKey/accessGrant by name and project id WHY: it will be called to delete special pregenerated access grant which will be used to generate gateway credentials for file browser component or bucket management Change-Id: I7467ebaab27a7da33efd062536c6da41e6ed4c30 2021-03-16 19:43:02 +00:00
satellite/{console,web}: support delete by ID and publicID Update the delete API key by name and projectID to support project-ID and project-publicID. Issue: https://github.com/storj/storj/issues/5410 Change-Id: I3bd11b9c3ae1ad6ce662dfc18b42779d2e4edf9b 2023-01-05 09:17:16 +00:00			`keyAfterDelete, err := sat.DB.Console().APIKeys().Get(ctx, created.ID)`
			`require.Error(t, err)`
			`require.Nil(t, keyAfterDelete)`
satellite/console: delete api key by name and project id endpoint WHAT: new endpoint to be able to delete apiKey/accessGrant by name and project id WHY: it will be called to delete special pregenerated access grant which will be used to generate gateway credentials for file browser component or bucket management Change-Id: I7467ebaab27a7da33efd062536c6da41e6ed4c30 2021-03-16 19:43:02 +00:00
satellite/{console,web}: support delete by ID and publicID Update the delete API key by name and projectID to support project-ID and project-publicID. Issue: https://github.com/storj/storj/issues/5410 Change-Id: I3bd11b9c3ae1ad6ce662dfc18b42779d2e4edf9b 2023-01-05 09:17:16 +00:00			`defer func() {`
			`err = result.Body.Close()`
			`require.NoError(t, err)`
			`}()`
			`}`
			`}`

satellite/{console, db}: endpoint to get all API key names by project ID Added new endpoint, service method and DB query to get all API key names by provided project ID. Issue: https://github.com/storj/storj/issues/5693 Change-Id: I62e4e8ae660bd81234b75aa159a472a5aa9d5a48 2023-06-12 13:42:49 +01:00			`req, err := http.NewRequestWithContext(ctx, http.MethodDelete, "http://"+planet.Satellites[0].API.Console.Listener.Addr().String()+"/api/v0/api-keys/delete-by-name?name="+apikey.Name+"&projectID="+project.ID.String(), nil)`
satellite/{console,web}: support delete by ID and publicID Update the delete API key by name and projectID to support project-ID and project-publicID. Issue: https://github.com/storj/storj/issues/5410 Change-Id: I3bd11b9c3ae1ad6ce662dfc18b42779d2e4edf9b 2023-01-05 09:17:16 +00:00			`require.NoError(t, err)`
			`t.Run("delete by name and projectID", deleteTestFunc(req))`

satellite/{console, db}: endpoint to get all API key names by project ID Added new endpoint, service method and DB query to get all API key names by provided project ID. Issue: https://github.com/storj/storj/issues/5693 Change-Id: I62e4e8ae660bd81234b75aa159a472a5aa9d5a48 2023-06-12 13:42:49 +01:00			`req, err = http.NewRequestWithContext(ctx, http.MethodDelete, "http://"+planet.Satellites[0].API.Console.Listener.Addr().String()+"/api/v0/api-keys/delete-by-name?name="+apikey.Name+"&publicID="+project.PublicID.String(), nil)`
satellite/{console,web}: support delete by ID and publicID Update the delete API key by name and projectID to support project-ID and project-publicID. Issue: https://github.com/storj/storj/issues/5410 Change-Id: I3bd11b9c3ae1ad6ce662dfc18b42779d2e4edf9b 2023-01-05 09:17:16 +00:00			`require.NoError(t, err)`
satellite/{console, db}: endpoint to get all API key names by project ID Added new endpoint, service method and DB query to get all API key names by provided project ID. Issue: https://github.com/storj/storj/issues/5693 Change-Id: I62e4e8ae660bd81234b75aa159a472a5aa9d5a48 2023-06-12 13:42:49 +01:00			`t.Run("delete by name and publicID", deleteTestFunc(req))`
			`})`
			`}`

			`func Test_GetAllAPIKeyNamesByProjectID(t *testing.T) {`
			`testplanet.Run(t, testplanet.Config{`
			`SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1,`
			`Reconfigure: testplanet.Reconfigure{`
			`Satellite: func(log zap.Logger, index int, config satellite.Config) {`
			`config.Console.OpenRegistrationEnabled = true`
			`config.Console.RateLimit.Burst = 10`
			`},`
			`},`
			`}, func(t testing.T, ctx testcontext.Context, planet *testplanet.Planet) {`
			`sat := planet.Satellites[0]`

			`newUser := console.CreateUser{`
			`FullName: "test_name",`
			`ShortName: "",`
			`Email: "apikeytest1@test.test",`
			`}`

			`user, err := sat.AddUser(ctx, newUser, 1)`
			`require.NoError(t, err)`

			`project, err := sat.AddProject(ctx, user.ID, "apikeytest")`
			`require.NoError(t, err)`

			`// we are using full name as a password`
			`tokenInfo, err := sat.API.Console.Service.Token(ctx, console.AuthUser{Email: user.Email, Password: user.FullName})`
			`require.NoError(t, err)`

			`client := http.Client{}`

			`expire := time.Now().AddDate(0, 0, 1)`
			`cookie := http.Cookie{`
			`Name: "_tokenKey",`
			`Path: "/",`
			`Value: tokenInfo.Token.String(),`
			`Expires: expire,`
			`}`

			`secret, err := macaroon.NewSecret()`
			`require.NoError(t, err)`

			`key, err := macaroon.NewAPIKey(secret)`
			`require.NoError(t, err)`

			`apikey := console.APIKeyInfo{`
			`Name: "test",`
			`ProjectID: project.ID,`
			`Secret: secret,`
			`}`

			`secret1, err := macaroon.NewSecret()`
			`require.NoError(t, err)`

			`key1, err := macaroon.NewAPIKey(secret1)`
			`require.NoError(t, err)`

			`apikey1 := console.APIKeyInfo{`
			`Name: "test1",`
			`ProjectID: project.ID,`
			`Secret: secret1,`
			`}`

			`created, err := sat.DB.Console().APIKeys().Create(ctx, key.Head(), apikey)`
			`require.NoError(t, err)`

			`created1, err := sat.DB.Console().APIKeys().Create(ctx, key1.Head(), apikey1)`
			`require.NoError(t, err)`

			`request, err := http.NewRequestWithContext(ctx, http.MethodGet, "http://"+planet.Satellites[0].API.Console.Listener.Addr().String()+"/api/v0/api-keys/api-key-names?projectID="+project.ID.String(), nil)`
			`require.NoError(t, err)`

			`request.AddCookie(&cookie)`

			`result, err := client.Do(request)`
			`require.NoError(t, err)`
			`require.Equal(t, http.StatusOK, result.StatusCode)`

			`body, err := io.ReadAll(result.Body)`
			`require.NoError(t, err)`

			`var output []string`

			`err = json.Unmarshal(body, &output)`
			`require.NoError(t, err)`

			`require.Equal(t, 2, len(output))`
			`require.Equal(t, created.Name, output[0])`
			`require.Equal(t, created1.Name, output[1])`

			`defer func() {`
			`err = result.Body.Close()`
			`require.NoError(t, err)`
			`}()`
satellite/console: delete api key by name and project id endpoint WHAT: new endpoint to be able to delete apiKey/accessGrant by name and project id WHY: it will be called to delete special pregenerated access grant which will be used to generate gateway credentials for file browser component or bucket management Change-Id: I7467ebaab27a7da33efd062536c6da41e6ed4c30 2021-03-16 19:43:02 +00:00			`})`
			`}`