storj/satellite/admin/restkeys_test.go
Moby von Briesen ed5ebb2527 satellite: Rename "acct mgmt api" to "rest api"
"REST API" is a more accurate descriptor of the generated API in the
console package than "account management API". The generated API is very
flexible and will allow us to implement many more endpoints outside the
scope of "account management", and "account management" is not very well
defined to begin with.

Change-Id: Ie87faeaa3c743ef4371eaf0edd2826303d592da7
2022-04-25 18:51:46 +00:00

148 lines
4.8 KiB
Go

// Copyright (C) 2020 Storj Labs, Inc.
// See LICENSE for copying information.
package admin_test
import (
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
"strings"
"testing"
"time"
"github.com/stretchr/testify/require"
"go.uber.org/zap"
"storj.io/common/testcontext"
"storj.io/common/testrand"
"storj.io/storj/private/testplanet"
"storj.io/storj/satellite"
"storj.io/storj/satellite/oidc"
)
func TestRESTKeys(t *testing.T) {
testplanet.Run(t, testplanet.Config{
SatelliteCount: 1,
StorageNodeCount: 0,
UplinkCount: 1,
Reconfigure: testplanet.Reconfigure{
Satellite: func(_ *zap.Logger, _ int, config *satellite.Config) {
config.Admin.Address = "127.0.0.1:0"
},
},
}, func(t *testing.T, ctx *testcontext.Context, planet *testplanet.Planet) {
address := planet.Satellites[0].Admin.Admin.Listener.Addr()
satellite := planet.Satellites[0]
keyService := satellite.API.REST.Keys
user, err := planet.Satellites[0].DB.Console().Users().GetByEmail(ctx, planet.Uplinks[0].Projects[0].Owner.Email)
require.NoError(t, err)
t.Run("create with default expiration", func(t *testing.T) {
body := strings.NewReader(`{"expiration":""}`)
req, err := http.NewRequestWithContext(ctx, http.MethodPost, fmt.Sprintf("http://"+address.String()+"/api/restkeys/%s", user.Email), body)
require.NoError(t, err)
req.Header.Set("Authorization", satellite.Config.Console.AuthToken)
// get current time to check against ExpiresAt
now := time.Now()
response, err := http.DefaultClient.Do(req)
require.NoError(t, err)
require.Equal(t, http.StatusOK, response.StatusCode)
require.Equal(t, "application/json", response.Header.Get("Content-Type"))
responseBody, err := ioutil.ReadAll(response.Body)
require.NoError(t, err)
require.NoError(t, response.Body.Close())
var output struct {
APIKey string `json:"apikey"`
ExpiresAt time.Time `json:"expiresAt"`
}
err = json.Unmarshal(responseBody, &output)
require.NoError(t, err)
userID, exp, err := keyService.GetUserAndExpirationFromKey(ctx, output.APIKey)
require.NoError(t, err)
require.Equal(t, user.ID, userID)
require.False(t, exp.IsZero())
require.False(t, exp.Before(now))
// check the expiration is around the time we expect
defaultExpiration := satellite.Config.RESTKeys.DefaultExpiration
require.True(t, output.ExpiresAt.After(now.Add(defaultExpiration)))
require.True(t, output.ExpiresAt.Before(now.Add(defaultExpiration+time.Hour)))
})
t.Run("create with custom expiration", func(t *testing.T) {
durationString := "3h"
body := strings.NewReader(fmt.Sprintf(`{"expiration":"%s"}`, durationString))
req, err := http.NewRequestWithContext(ctx, http.MethodPost, fmt.Sprintf("http://"+address.String()+"/api/restkeys/%s", user.Email), body)
require.NoError(t, err)
req.Header.Set("Authorization", satellite.Config.Console.AuthToken)
// get current time to check against ExpiresAt
now := time.Now()
response, err := http.DefaultClient.Do(req)
require.NoError(t, err)
require.Equal(t, http.StatusOK, response.StatusCode)
require.Equal(t, "application/json", response.Header.Get("Content-Type"))
responseBody, err := ioutil.ReadAll(response.Body)
require.NoError(t, err)
require.NoError(t, response.Body.Close())
var output struct {
APIKey string `json:"apikey"`
ExpiresAt time.Time `json:"expiresAt"`
}
err = json.Unmarshal(responseBody, &output)
require.NoError(t, err)
userID, exp, err := keyService.GetUserAndExpirationFromKey(ctx, output.APIKey)
require.NoError(t, err)
require.Equal(t, user.ID, userID)
require.False(t, exp.IsZero())
require.False(t, exp.Before(now))
// check the expiration is around the time we expect
durationTime, err := time.ParseDuration(durationString)
require.NoError(t, err)
require.True(t, output.ExpiresAt.After(now.Add(durationTime)))
require.True(t, output.ExpiresAt.Before(now.Add(durationTime+time.Hour)))
})
t.Run("revoke key", func(t *testing.T) {
apiKey := testrand.UUID().String()
hash, err := keyService.HashKey(ctx, apiKey)
require.NoError(t, err)
expiresAt, err := keyService.InsertIntoDB(ctx, oidc.OAuthToken{
UserID: user.ID,
Kind: oidc.KindRESTTokenV0,
Token: hash,
}, time.Now(), time.Hour)
require.NoError(t, err)
require.False(t, expiresAt.IsZero())
req, err := http.NewRequestWithContext(ctx, http.MethodPut, fmt.Sprintf("http://"+address.String()+"/api/restkeys/%s/revoke", apiKey), nil)
require.NoError(t, err)
req.Header.Set("Authorization", satellite.Config.Console.AuthToken)
response, err := http.DefaultClient.Do(req)
require.NoError(t, err)
require.Equal(t, http.StatusOK, response.StatusCode)
require.NoError(t, response.Body.Close())
_, _, err = keyService.GetUserAndExpirationFromKey(ctx, apiKey)
require.Error(t, err)
})
})
}