From 9131d3d5213b73d4a4f2eef374d34fd21345c87f Mon Sep 17 00:00:00 2001
From: binwiederhier <pheckel@datto.com>
Date: Sun, 12 Feb 2023 12:19:46 -0500
Subject: [PATCH] Token tests

---
 server/server.go              |  1 -
 server/server_account.go      |  3 ---
 server/server_account_test.go | 11 +++++++++++
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/server/server.go b/server/server.go
index c96d8f79..775319e1 100644
--- a/server/server.go
+++ b/server/server.go
@@ -39,7 +39,6 @@ import (
   - tiers
   - api
   - tokens
-- MEDIUM: Test new token endpoints & never-expiring token
 - LOW: UI: Flickering upgrade banner when logging in
 - LOW: get rid of reservation id, replace with DELETE X-Topic: ...
 
diff --git a/server/server_account.go b/server/server_account.go
index 30298b5c..e2a9ee80 100644
--- a/server/server_account.go
+++ b/server/server_account.go
@@ -192,7 +192,6 @@ func (s *Server) handleAccountPasswordChange(w http.ResponseWriter, r *http.Requ
 }
 
 func (s *Server) handleAccountTokenCreate(w http.ResponseWriter, r *http.Request, v *visitor) error {
-	// TODO rate limit
 	req, err := readJSONWithLimit[apiAccountTokenIssueRequest](r.Body, jsonBodyBytesLimit, true) // Allow empty body!
 	if err != nil {
 		return err
@@ -228,7 +227,6 @@ func (s *Server) handleAccountTokenCreate(w http.ResponseWriter, r *http.Request
 }
 
 func (s *Server) handleAccountTokenUpdate(w http.ResponseWriter, r *http.Request, v *visitor) error {
-	// TODO rate limit
 	u := v.User()
 	req, err := readJSONWithLimit[apiAccountTokenUpdateRequest](r.Body, jsonBodyBytesLimit, true) // Allow empty body!
 	if err != nil {
@@ -267,7 +265,6 @@ func (s *Server) handleAccountTokenUpdate(w http.ResponseWriter, r *http.Request
 }
 
 func (s *Server) handleAccountTokenDelete(w http.ResponseWriter, r *http.Request, v *visitor) error {
-	// TODO rate limit
 	u := v.User()
 	token := readParam(r, "X-Token", "Token") // DELETEs cannot have a body, and we don't want it in the path
 	if token == "" {
diff --git a/server/server_account_test.go b/server/server_account_test.go
index 21947645..c68dd8e7 100644
--- a/server/server_account_test.go
+++ b/server/server_account_test.go
@@ -313,6 +313,17 @@ func TestAccount_ExtendToken(t *testing.T) {
 	require.Nil(t, err)
 	require.Equal(t, token.Token, extendedToken.Token)
 	require.True(t, token.Expires < extendedToken.Expires)
+
+	expires := time.Now().Add(999 * time.Hour)
+	body := fmt.Sprintf(`{"token":"%s", "label":"some label", "expires": %d}`, token.Token, expires.Unix())
+	rr = request(t, s, "PATCH", "/v1/account/token", body, map[string]string{
+		"Authorization": util.BearerAuth(token.Token),
+	})
+	require.Equal(t, 200, rr.Code)
+	token, err = util.UnmarshalJSON[apiAccountTokenResponse](io.NopCloser(rr.Body))
+	require.Nil(t, err)
+	require.Equal(t, "some label", token.Label)
+	require.Equal(t, expires.Unix(), token.Expires)
 }
 
 func TestAccount_ExtendToken_NoTokenProvided(t *testing.T) {