jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

tokens: add test for readonly token

Browse Source
This commit is contained in:
Girish Ramakrishnan
2022-11-23 18:16:03 +01:00
parent f728971479
commit 28f3b697a1
1 changed files with 97 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/test/tokens-test.js
+97 -65
View File
@@ -17,79 +17,111 @@ describe('Tokens API', function () {
let token, readOnlyToken;
it('cannot create token with bad name', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/tokens`)
.query({ access_token: owner.token })
.send({ name: new Array(128).fill('s').join('') })
.ok(() => true);
expect(response.statusCode).to.equal(400);
describe('CRUD', function () {
it('cannot create token with bad name', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/tokens`)
.query({ access_token: owner.token })
.send({ name: new Array(128).fill('s').join('') })
.ok(() => true);
expect(response.statusCode).to.equal(400);
});
it('can create token', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/tokens`)
.query({ access_token: owner.token })
.send({ name: 'mytoken1' });
expect(response.status).to.equal(201);
expect(response.body).to.be.a('object');
token = response.body;
});
it('can create read-only token', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/tokens`)
.query({ access_token: owner.token })
.send({ name: 'mytoken1', scope: { '*': 'r' }});
expect(response.status).to.equal(201);
expect(response.body).to.be.a('object');
readOnlyToken = response.body;
});
it('cannot create read-only token with invalid scope', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/tokens`)
.query({ access_token: owner.token })
.send({ name: 'mytoken1', scope: { 'foobar': 'rw' }})
.ok(() => true);
expect(response.status).to.equal(400);
});
it('can list tokens', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/tokens`)
.query({ access_token: owner.token });
expect(response.statusCode).to.equal(200);
expect(response.body.tokens.length).to.be(3); // one is owner token on activation
const tokenIds = response.body.tokens.map(t => t.id);
expect(tokenIds).to.contain(token.id);
expect(tokenIds).to.contain(readOnlyToken.id);
});
it('can get token', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/tokens/${token.id}`)
.query({ access_token: owner.token });
expect(response.statusCode).to.equal(200);
expect(response.body.id).to.be(token.id);
});
it('can delete token', async function () {
const response = await superagent.del(`${serverUrl}/api/v1/tokens/${token.id}`)
.query({ access_token: owner.token });
expect(response.statusCode).to.equal(204);
});
});
it('can create token', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/tokens`)
.query({ access_token: owner.token })
.send({ name: 'mytoken1' });
describe('readonly token', function () {
it('cannot create token with read only token', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/tokens`)
.query({ access_token: readOnlyToken.accessToken })
.send({ name: 'somename' })
.ok(() => true);
expect(response.status).to.equal(201);
expect(response.body).to.be.a('object');
token = response.body;
});
expect(response.status).to.equal(403);
});
it('can create read-only token', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/tokens`)
.query({ access_token: owner.token })
.send({ name: 'mytoken1', scope: { '*': 'r' }});
it('can use read only token to list domains', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/domains`)
.query({ access_token: readOnlyToken.accessToken })
.ok(() => true);
expect(response.status).to.equal(201);
expect(response.body).to.be.a('object');
readOnlyToken = response.body;
});
expect(response.status).to.equal(200);
expect(response.body.domains.length).to.be(1);
});
it('cannot create read-only token with invalid scope', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/tokens`)
.query({ access_token: owner.token })
.send({ name: 'mytoken1', scope: { 'foobar': 'rw' }})
.ok(() => true);
it('cannot use read only token for creating a domain', async function () {
const DOMAIN_0 = {
domain: 'domain0.com',
zoneName: 'domain0.com',
provider: 'noop',
config: { },
tlsConfig: {
provider: 'fallback'
}
};
expect(response.status).to.equal(400);
});
const response = await superagent.post(`${serverUrl}/api/v1/domains`)
.query({ access_token: readOnlyToken.accessToken })
.send(DOMAIN_0)
.ok(() => true);
it('can list tokens', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/tokens`)
.query({ access_token: owner.token });
expect(response.statusCode).to.equal(200);
expect(response.body.tokens.length).to.be(3); // one is owner token on activation
const tokenIds = response.body.tokens.map(t => t.id);
expect(tokenIds).to.contain(token.id);
expect(tokenIds).to.contain(readOnlyToken.id);
});
expect(response.statusCode).to.equal(403);
});
it('cannot create token with read only token', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/tokens`)
.query({ access_token: readOnlyToken.accessToken })
.send({ name: 'somename' })
.ok(() => true);
expect(response.status).to.equal(403);
});
it('cannot get non-existent token', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/tokens/foobar`)
.query({ access_token: owner.token })
.ok(() => true);
expect(response.statusCode).to.equal(404);
});
it('can get token', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/tokens/${token.id}`)
.query({ access_token: owner.token });
expect(response.statusCode).to.equal(200);
expect(response.body.id).to.be(token.id);
});
it('can delete token', async function () {
const response = await superagent.del(`${serverUrl}/api/v1/tokens/${token.id}`)
.query({ access_token: owner.token });
expect(response.statusCode).to.equal(204);
it('cannot get non-existent token', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/tokens/foobar`)
.query({ access_token: owner.token })
.ok(() => true);
expect(response.statusCode).to.equal(404);
});
});
});