Token tests

2024-06-18 18:34:58 +12:00 · 2023-02-12 12:19:46 -05:00 · 2023-02-12 12:19:46 -05:00 · 9131d3d521
parent 6b4971786f
commit 9131d3d521
3 changed files with 11 additions and 4 deletions
--- a/server/server.go
+++ b/server/server.go
@ -39,7 +39,6 @@ import (
  - tiers
  - api
  - tokens
- MEDIUM: Test new token endpoints & never-expiring token
 - LOW: UI: Flickering upgrade banner when logging in
 - LOW: get rid of reservation id, replace with DELETE X-Topic: ...

--- a/server/server_account.go
+++ b/server/server_account.go
@ -192,7 +192,6 @@ func (s *Server) handleAccountPasswordChange(w http.ResponseWriter, r *http.Requ
 }

 func (s *Server) handleAccountTokenCreate(w http.ResponseWriter, r *http.Request, v *visitor) error {
-	// TODO rate limit
 	req, err := readJSONWithLimit[apiAccountTokenIssueRequest](r.Body, jsonBodyBytesLimit, true) // Allow empty body!
 	if err != nil {
 		return err
@ -228,7 +227,6 @@ func (s *Server) handleAccountTokenCreate(w http.ResponseWriter, r *http.Request
 }

 func (s *Server) handleAccountTokenUpdate(w http.ResponseWriter, r *http.Request, v *visitor) error {
-	// TODO rate limit
 	u := v.User()
 	req, err := readJSONWithLimit[apiAccountTokenUpdateRequest](r.Body, jsonBodyBytesLimit, true) // Allow empty body!
 	if err != nil {
@ -267,7 +265,6 @@ func (s *Server) handleAccountTokenUpdate(w http.ResponseWriter, r *http.Request
 }

 func (s *Server) handleAccountTokenDelete(w http.ResponseWriter, r *http.Request, v *visitor) error {
-	// TODO rate limit
 	u := v.User()
 	token := readParam(r, "X-Token", "Token") // DELETEs cannot have a body, and we don't want it in the path
 	if token == "" {
--- a/server/server_account_test.go
+++ b/server/server_account_test.go
@ -313,6 +313,17 @@ func TestAccount_ExtendToken(t *testing.T) {
 	require.Nil(t, err)
 	require.Equal(t, token.Token, extendedToken.Token)
 	require.True(t, token.Expires < extendedToken.Expires)
+
+	expires := time.Now().Add(999 * time.Hour)
+	body := fmt.Sprintf(`{"token":"%s", "label":"some label", "expires": %d}`, token.Token, expires.Unix())
+	rr = request(t, s, "PATCH", "/v1/account/token", body, map[string]string{
+		"Authorization": util.BearerAuth(token.Token),
+	})
+	require.Equal(t, 200, rr.Code)
+	token, err = util.UnmarshalJSON[apiAccountTokenResponse](io.NopCloser(rr.Body))
+	require.Nil(t, err)
+	require.Equal(t, "some label", token.Label)
+	require.Equal(t, expires.Unix(), token.Expires)
 }

 func TestAccount_ExtendToken_NoTokenProvided(t *testing.T) {