jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Make token API id based

Browse Source 
we don't return the accessToken anymore
This commit is contained in:
Girish Ramakrishnan
2019-02-15 13:57:18 -08:00
parent d62bf6812e
commit 08bb8e3df9
7 changed files with 112 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
src/test/database-test.js
View File

@@ -826,46 +826,42 @@ describe('database', function () {
describe('token', function () {
var TOKEN_0 = {
id: 'tid-0',
name: 'token0',
accessToken: tokendb.generateToken(),
accessToken: hat(8 * 32),
identifier: '0',
clientId: 'clientid-0',
expires: Date.now() + 60 * 60000,
scope: 'clients'
};
var TOKEN_1 = {
id: 'tid-1',
name: 'token1',
accessToken: tokendb.generateToken(),
accessToken: hat(8 * 32),
identifier: '1',
clientId: 'clientid-1',
expires: Number.MAX_SAFE_INTEGER,
scope: 'settings'
};
var TOKEN_2 = {
id: 'tid-2',
name: 'token2',
accessToken: tokendb.generateToken(),
accessToken: hat(8 * 32),
identifier: '2',
clientId: 'clientid-2',
expires: Date.now(),
scope: 'apps'
};
it('add fails due to missing arguments', function () {
expect(function () { tokendb.add(TOKEN_0.accessToken, TOKEN_0.identifier, TOKEN_0.clientId, TOKEN_0.scope); }).to.throwError();
expect(function () { tokendb.add(TOKEN_0.accessToken, TOKEN_0.identifier, TOKEN_0.clientId, function () {}); }).to.throwError();
expect(function () { tokendb.add(TOKEN_0.accessToken, TOKEN_0.identifier, function () {}); }).to.throwError();
expect(function () { tokendb.add(TOKEN_0.accessToken, function () {}); }).to.throwError();
});
it('add succeeds', function (done) {
tokendb.add(TOKEN_0.accessToken, TOKEN_0.identifier, TOKEN_0.clientId, TOKEN_0.expires, TOKEN_0.scope, TOKEN_0.name, function (error) {
tokendb.add(TOKEN_0, function (error) {
expect(error).to.be(null);
done();
});
});
it('add of same token fails', function (done) {
tokendb.add(TOKEN_0.accessToken, TOKEN_0.identifier, TOKEN_0.clientId, TOKEN_0.expires, TOKEN_0.scope, TOKEN_0.name, function (error) {
tokendb.add(TOKEN_0, function (error) {
expect(error).to.be.a(DatabaseError);
expect(error.reason).to.be(DatabaseError.ALREADY_EXISTS);
done();
@@ -873,7 +869,16 @@ describe('database', function () {
});
it('get succeeds', function (done) {
tokendb.get(TOKEN_0.accessToken, function (error, result) {
tokendb.get(TOKEN_0.id, function (error, result) {
expect(error).to.be(null);
expect(result).to.be.an('object');
expect(result).to.be.eql(TOKEN_0);
done();
});
});
it('getByAccessToken succeeds', function (done) {
tokendb.getByAccessToken(TOKEN_0.accessToken, function (error, result) {
expect(error).to.be(null);
expect(result).to.be.an('object');
expect(result).to.be.eql(TOKEN_0);
@@ -882,7 +887,7 @@ describe('database', function () {
});
it('get of nonexisting token fails', function (done) {
tokendb.get(TOKEN_1.accessToken, function (error, result) {
tokendb.getByAccessToken(TOKEN_1.accessToken, function (error, result) {
expect(error).to.be.a(DatabaseError);
expect(error.reason).to.be(DatabaseError.NOT_FOUND);
expect(result).to.not.be.ok();
@@ -901,8 +906,16 @@ describe('database', function () {
});
});
it('delete fails', function (done) {
tokendb.del(TOKEN_0.id + 'x', function (error) {
expect(error).to.be.a(DatabaseError);
expect(error.reason).to.be(DatabaseError.NOT_FOUND);
done();
});
});
it('delete succeeds', function (done) {
tokendb.del(TOKEN_0.accessToken, function (error) {
tokendb.del(TOKEN_0.id, function (error) {
expect(error).to.be(null);
done();
});
@@ -918,7 +931,7 @@ describe('database', function () {
});
it('delByIdentifier succeeds', function (done) {
tokendb.add(TOKEN_1.accessToken, TOKEN_1.identifier, TOKEN_1.clientId, TOKEN_1.expires, TOKEN_1.scope, '', function (error) {
tokendb.add(TOKEN_1, function (error) {
expect(error).to.be(null);
tokendb.delByIdentifier(TOKEN_1.identifier, function (error) {
@@ -929,7 +942,7 @@ describe('database', function () {
});
it('cannot delete previously delete record', function (done) {
tokendb.del(TOKEN_0.accessToken, function (error) {
tokendb.del(TOKEN_0.id, function (error) {
expect(error).to.be.a(DatabaseError);
expect(error.reason).to.be(DatabaseError.NOT_FOUND);
done();
@@ -937,7 +950,7 @@ describe('database', function () {
});
it('getByIdentifierAndClientId succeeds', function (done) {
tokendb.add(TOKEN_0.accessToken, TOKEN_0.identifier, TOKEN_0.clientId, TOKEN_0.expires, TOKEN_0.scope, TOKEN_0.name, function (error) {
tokendb.add(TOKEN_0, function (error) {
expect(error).to.be(null);
tokendb.getByIdentifierAndClientId(TOKEN_0.identifier, TOKEN_0.clientId, function (error, result) {
@@ -951,14 +964,14 @@ describe('database', function () {
});
it('delExpired succeeds', function (done) {
tokendb.add(TOKEN_2.accessToken, TOKEN_2.identifier, TOKEN_2.clientId, TOKEN_2.expires, TOKEN_2.scope, TOKEN_2.name, function (error) {
tokendb.add(TOKEN_2, function (error) {
expect(error).to.be(null);
tokendb.delExpired(function (error, result) {
expect(error).to.not.be.ok();
expect(result).to.eql(1);
tokendb.get(TOKEN_2.accessToken, function (error, result) {
tokendb.getByAccessToken(TOKEN_2.accessToken, function (error, result) {
expect(error).to.be.a(DatabaseError);
expect(error.reason).to.be(DatabaseError.NOT_FOUND);
expect(result).to.not.be.ok();
@@ -972,7 +985,7 @@ describe('database', function () {
tokendb.delByIdentifierAndClientId(TOKEN_0.identifier, TOKEN_0.clientId, function (error) {
expect(error).to.be(null);
tokendb.get(TOKEN_0.accessToken, function (error, result) {
tokendb.getByAccessToken(TOKEN_0.accessToken, function (error, result) {
expect(error).to.be.a(DatabaseError);
expect(error.reason).to.be(DatabaseError.NOT_FOUND);
expect(result).to.not.be.ok();
@@ -982,13 +995,13 @@ describe('database', function () {
});
it('delByClientId succeeds', function (done) {
tokendb.add(TOKEN_0.accessToken, TOKEN_0.identifier, TOKEN_0.clientId, TOKEN_0.expires, TOKEN_0.scope, TOKEN_0.name, function (error) {
tokendb.add(TOKEN_0, function (error) {
expect(error).to.be(null);
tokendb.delByClientId(TOKEN_0.clientId, function (error) {
expect(error).to.not.be.ok();
tokendb.get(TOKEN_0.accessToken, function (error, result) {
tokendb.getByAccessToken(TOKEN_0.accessToken, function (error, result) {
expect(error).to.be.a(DatabaseError);
expect(error.reason).to.be(DatabaseError.NOT_FOUND);
expect(result).to.not.be.ok();
@@ -1840,7 +1853,7 @@ describe('database', function () {
var yesterday = new Date();
yesterday.setDate(yesterday.getDate() - 1);
database.query('INSERT INTO eventlog (id, action, source, data, creationTime) VALUES (?, ?, ?, ?, ?)', [ 'anotherid', 'user.login2', JSON.stringify({ ip: '1.2.3.4' }), JSON.stringify({ appId: 'thatapp' }), yesterday ], function (error, result) {
database.query('INSERT INTO eventlog (id, action, source, data, creationTime) VALUES (?, ?, ?, ?, ?)', [ 'anotherid', 'user.login2', JSON.stringify({ ip: '1.2.3.4' }), JSON.stringify({ appId: 'thatapp' }), yesterday ], function (error) {
expect(error).to.equal(null);
eventlogdb.upsert('anotherid_new', 'user.login2', { ip: '1.2.3.4' }, { appId: 'thatapp' }, function (error, result) {