storj/satellite/console/accountmanagementapikeys/service_test.go
Cameron 84b522bc06 satellite/console: create account management api keys service
We are in the process of creating an api to allow users to manage their
accounts programmatically. We would like to use api keys for
authorization. We were originally going to create an entirely new table
for these api keys, but seeing as we already have 2 other tables for
keys/tokens, api_keys and oauth_tokens, we thought it might be better to
use one of these. We're using oauth_tokens.

We create a new oidc.OAuthTokenKind for account management api keys:
KindAccountManagementTokenV0. We made the key versioned because we
likely want to improve the implementation in the future, but we want to
get something functional out the door ASAP because the account management
api feature is highly desired.

Add a new method to oidc.OAuthTokens interface for revoking v0 account
management api keys, RevokeAccountManagementTokenV0. Add update method
to dbx implementation to allow updating the expiration. We will revoke
these keys by setting the expiration to 0 so they are expired.

Change-Id: Ideb8ae04b23aa55d5825b064b5e43e32eadc1fba
2022-03-23 17:02:20 +00:00

102 lines
3.2 KiB
Go

// Copyright (C) 2020 Storj Labs, Inc.
// See LICENSE for copying information.
package accountmanagementapikeys_test
import (
"database/sql"
"testing"
"time"
"github.com/stretchr/testify/require"
"storj.io/common/testcontext"
"storj.io/common/testrand"
"storj.io/storj/private/testplanet"
"storj.io/storj/satellite/console/accountmanagementapikeys"
"storj.io/storj/satellite/oidc"
)
func TestAccountManagementAPIKeys(t *testing.T) {
testplanet.Run(t, testplanet.Config{
SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1,
}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
sat := planet.Satellites[0]
service := sat.API.AccountManagementAPIKeys.Service
id := testrand.UUID()
expires := time.Hour
apiKey, _, err := service.Create(ctx, id, expires)
require.NoError(t, err)
// test GetUserFromKey
userID, err := service.GetUserFromKey(ctx, apiKey)
require.NoError(t, err)
require.Equal(t, id, userID)
// make sure an error is returned from duplicate apikey
now := time.Now()
hash, err := service.HashKey(ctx, apiKey)
require.NoError(t, err)
_, err = service.InsertIntoDB(ctx, oidc.OAuthToken{
UserID: id,
Kind: oidc.KindAccountManagementTokenV0,
Token: hash,
}, now, expires)
require.True(t, accountmanagementapikeys.ErrDuplicateKey.Has(err))
// test revocation
require.NoError(t, service.Revoke(ctx, apiKey))
token, err := sat.DB.OIDC().OAuthTokens().Get(ctx, oidc.KindAccountManagementTokenV0, hash)
require.Equal(t, sql.ErrNoRows, err)
require.True(t, token.ExpiresAt.IsZero())
// test revoke non existent key
nonexistent := testrand.UUID().String()
err = service.Revoke(ctx, nonexistent)
require.Error(t, err)
// test GetUserFromKey non existent key
_, err = service.GetUserFromKey(ctx, nonexistent)
require.True(t, accountmanagementapikeys.ErrInvalidKey.Has(err))
})
}
func TestAccountManagementAPIKeysExpiration(t *testing.T) {
testplanet.Run(t, testplanet.Config{
SatelliteCount: 1, StorageNodeCount: 0, UplinkCount: 1,
}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
sat := planet.Satellites[0]
service := sat.API.AccountManagementAPIKeys.Service
now := time.Now()
// test no expiration uses default
expiresAt, err := service.InsertIntoDB(ctx, oidc.OAuthToken{
UserID: testrand.UUID(),
Kind: oidc.KindAccountManagementTokenV0,
Token: "testhash0",
}, now, 0)
require.NoError(t, err)
require.Equal(t, now.Add(sat.Config.AccountManagementAPIKeys.DefaultExpiration), expiresAt)
// test negative expiration uses default
expiresAt, err = service.InsertIntoDB(ctx, oidc.OAuthToken{
UserID: testrand.UUID(),
Kind: oidc.KindAccountManagementTokenV0,
Token: "testhash1",
}, now, -10000)
require.NoError(t, err)
require.Equal(t, now.Add(sat.Config.AccountManagementAPIKeys.DefaultExpiration), expiresAt)
// test regular expiration
expiration := 14 * time.Hour
expiresAt, err = service.InsertIntoDB(ctx, oidc.OAuthToken{
UserID: testrand.UUID(),
Kind: oidc.KindAccountManagementTokenV0,
Token: "testhash2",
}, now, expiration)
require.NoError(t, err)
require.Equal(t, now.Add(expiration), expiresAt)
})
}