[ARVADOS] updated: 8d3305862395e930a8a40383871426cfacebeab6

git at public.curoverse.com git at public.curoverse.com
Thu Oct 29 15:56:36 EDT 2015 

Summary of changes:
 services/api/lib/create_superuser_token.rb         | 60 +++++++++++------
 .../api/test/unit/create_superuser_token_test.rb   | 78 ++++++++++++++++++++++
 2 files changed, 116 insertions(+), 22 deletions(-)
 create mode 100644 services/api/test/unit/create_superuser_token_test.rb

       via  8d3305862395e930a8a40383871426cfacebeab6 (commit)
      from  a5e86befc352e31600399e9c4a476479d2155413 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 8d3305862395e930a8a40383871426cfacebeab6
Author: radhika <radhika at curoverse.com>
Date:   Thu Oct 29 15:55:58 2015 -0400

    7534: return an existing token instead of creating a new each time; add tests.

diff --git a/services/api/lib/create_superuser_token.rb b/services/api/lib/create_superuser_token.rb
index 7ee951e..aea6dd0 100755
--- a/services/api/lib/create_superuser_token.rb
+++ b/services/api/lib/create_superuser_token.rb
@@ -1,33 +1,49 @@
-module CreateSuperUserToken
-  # Install the supplied string (or a randomly generated token, if none
-  # is given) as an API token that authenticates to the system user
-  # account.
+# Install the supplied string (or a randomly generated token, if none
+# is given) as an API token that authenticates to the system user account.
 
+module CreateSuperUserToken
   require File.dirname(__FILE__) + '/../config/boot'
   require File.dirname(__FILE__) + '/../config/environment'
 
   include ApplicationHelper
-  act_as_system_user
 
-  def create_superuser_token supplied_token
-    if supplied_token
-      api_client_auth = ApiClientAuthorization.
-        where(api_token: supplied_token).
-        first
-      if api_client_auth && !api_client_auth.user.uuid.match(/-000000000000000$/)
-        raise ActiveRecord::RecordNotUnique("Token already exists but is not a superuser token.")
+  def create_superuser_token supplied_token=nil
+    act_as_system_user do
+      # If token is supplied, verify that it indeed is a superuser token
+      if supplied_token
+        api_client_auth = ApiClientAuthorization.
+          where(api_token: supplied_token).
+          first
+        if api_client_auth && !api_client_auth.user.uuid.match(/-000000000000000$/)
+          raise "Token already exists but is not a superuser token."
+        end
       end
-    end
 
-    if !api_client_auth
-      api_client_auth = ApiClientAuthorization.
-        new(user: system_user,
-            api_client_id: 0,
-            created_by_ip_address: '::1',
-            api_token: supplied_token)
-      api_client_auth.save!
-    end
+      # need to create a token
+      if !api_client_auth
+        # Get (or create) trusted api client
+        apiClient =  ApiClient.find_or_create_by_url_prefix_and_is_trusted("ssh://root@localhost/", true)
 
-    puts api_client_auth.api_token
+        # Check if there is an unexpired superuser token corresponding to this api client
+        api_client_auth = ApiClientAuthorization.where(
+                'user_id = (?) AND
+                 api_client_id = (?) AND
+                 (expires_at IS NULL OR expires_at > CURRENT_TIMESTAMP)',
+               system_user.id, apiClient.id).first
+
+        # none exist; create one with the supplied token
+        if !api_client_auth
+          api_client_auth = ApiClientAuthorization.
+            new(user: system_user,
+              api_client_id: apiClient.id,
+              created_by_ip_address: '::1',
+              api_token: supplied_token)
+          api_client_auth.save!
+        end
+      end
+
+      puts api_client_auth.api_token
+      api_client_auth.api_token
+    end
   end
 end
diff --git a/services/api/test/unit/create_superuser_token_test.rb b/services/api/test/unit/create_superuser_token_test.rb
new file mode 100644
index 0000000..d5ca3f9
--- /dev/null
+++ b/services/api/test/unit/create_superuser_token_test.rb
@@ -0,0 +1,78 @@
+require 'test_helper'
+require 'create_superuser_token'
+
+class CreateSuperUserTokenTest < ActiveSupport::TestCase
+  include CreateSuperUserToken
+
+  test "create superuser token twice and expect same resutls" do
+    # Create a token with some string
+    token1 = create_superuser_token 'atesttoken'
+    assert_not_nil token1
+    assert_equal token1, 'atesttoken'
+
+    # Create token again; this time, we should get the one created earlier
+    token2 = create_superuser_token
+    assert_not_nil token2
+    assert_equal token1, token2
+  end
+
+  test "create superuser token with two different inputs and expect the first both times" do
+    # Create a token with some string
+    token1 = create_superuser_token 'atesttoken'
+    assert_not_nil token1
+    assert_equal token1, 'atesttoken'
+
+    # Create token again with some other string and expect the existing superuser token back
+    token2 = create_superuser_token 'someothertokenstring'
+    assert_not_nil token2
+    assert_equal token1, token2
+  end
+
+  test "create superuser token twice and expect same results" do
+    # Create a token with some string
+    token1 = create_superuser_token 'atesttoken'
+    assert_not_nil token1
+    assert_equal token1, 'atesttoken'
+
+    # Create token again with that same superuser token and expect it back
+    token2 = create_superuser_token 'atesttoken'
+    assert_not_nil token2
+    assert_equal token1, token2
+  end
+
+  test "create superuser token and invoke again with some other valid token" do
+    # Create a token with some string
+    token1 = create_superuser_token 'atesttoken'
+    assert_not_nil token1
+    assert_equal token1, 'atesttoken'
+
+    su_token = api_client_authorizations("system_user").api_token
+    token2 = create_superuser_token su_token
+    assert_equal token2, su_token
+  end
+
+  test "create superuser token, expire it, and create again" do
+    # Create a token with some string
+    token1 = create_superuser_token 'atesttoken'
+    assert_not_nil token1
+    assert_equal token1, 'atesttoken'
+
+    # Expire this token and call create again; expect a new token created
+    apiClientAuth = ApiClientAuthorization.where(api_token: token1).first
+    Thread.current[:user] = users(:admin)
+    apiClientAuth.update_attributes expires_at: '2000-10-10'
+
+    token2 = create_superuser_token
+    assert_not_nil token2
+    assert_not_equal token1, token2
+  end
+
+  test "invoke create superuser token with an invalid non-superuser token and expect error" do
+    active_user_token = api_client_authorizations("active").api_token
+    e = assert_raises RuntimeError do
+      create_superuser_token active_user_token
+    end
+    assert_not_nil e
+    assert_equal "Token already exists but is not a superuser token.", e.message
+  end
+end

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list