[ARVADOS] updated: 2.1.0-544-g0d248fb5c

Tue Apr 13 14:30:15 UTC 2021

Summary of changes:
 lib/controller/localdb/login_testuser_test.go | 55 ++++++++++++++++++++++++---
 1 file changed, 49 insertions(+), 6 deletions(-)

       via  0d248fb5c215f9489aa4bd5bc6f4c38fd8cf0b5d (commit)
      from  63f2e3b96f6d1a7cfa626f729b6907655e6dad67 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.


commit 0d248fb5c215f9489aa4bd5bc6f4c38fd8cf0b5d
Author: Lucas Di Pentima <lucas at di-pentima.com.ar>
Date:   Tue Apr 13 11:29:42 2021 -0300

    16159: Adds tests checking token expiration at logout.
    
    Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas at di-pentima.com.ar>

diff --git a/lib/controller/localdb/login_testuser_test.go b/lib/controller/localdb/login_testuser_test.go
index 7a520428b..51c2416f5 100644
--- a/lib/controller/localdb/login_testuser_test.go
+++ b/lib/controller/localdb/login_testuser_test.go
@@ -6,12 +6,14 @@ package localdb
 
 import (
 	"context"
+	"database/sql"
 
 	"git.arvados.org/arvados.git/lib/config"
 	"git.arvados.org/arvados.git/lib/controller/rpc"
 	"git.arvados.org/arvados.git/lib/ctrlctx"
 	"git.arvados.org/arvados.git/sdk/go/arvados"
 	"git.arvados.org/arvados.git/sdk/go/arvadostest"
+	"git.arvados.org/arvados.git/sdk/go/auth"
 	"git.arvados.org/arvados.git/sdk/go/ctxlog"
 	"github.com/jmoiron/sqlx"
 	check "gopkg.in/check.v1"
@@ -26,8 +28,8 @@ type TestUserSuite struct {
 	db       *sqlx.DB
 
 	// transaction context
-	ctx      context.Context
-	rollback func() error
+	ctx context.Context
+	tx  *sqlx.Tx
 }
 
 func (s *TestUserSuite) SetUpSuite(c *check.C) {
@@ -51,13 +53,11 @@ func (s *TestUserSuite) SetUpTest(c *check.C) {
 	tx, err := s.db.Beginx()
 	c.Assert(err, check.IsNil)
 	s.ctx = ctrlctx.NewWithTransaction(context.Background(), tx)
-	s.rollback = tx.Rollback
+	s.tx = tx
 }
 
 func (s *TestUserSuite) TearDownTest(c *check.C) {
-	if s.rollback != nil {
-		s.rollback()
-	}
+	s.tx.Rollback()
 }
 
 func (s *TestUserSuite) TestLogin(c *check.C) {
@@ -101,3 +101,46 @@ func (s *TestUserSuite) TestLoginForm(c *check.C) {
 	c.Check(resp.HTML.String(), check.Matches, `(?ms).*<form method="POST".*`)
 	c.Check(resp.HTML.String(), check.Matches, `(?ms).*<input id="return_to" type="hidden" name="return_to" value="https://localhost:12345/example">.*`)
 }
+
+func (s *TestUserSuite) TestExpireTokenOnLogout(c *check.C) {
+	returnTo := "https://localhost:12345/logout"
+	for _, trial := range []struct {
+		requestToken      string
+		expiringTokenUUID string
+		shouldExpireToken bool
+	}{
+		// v2 token
+		{arvadostest.ActiveTokenV2, arvadostest.ActiveTokenUUID, true},
+		// v1 token
+		{arvadostest.AdminToken, arvadostest.AdminTokenUUID, true},
+		// inexistent v1 token -- logout shouldn't fail
+		{"thisdoesntexistasatoken", "", false},
+		// inexistent v2 token -- logout shouldn't fail
+		{"v2/some-fake-uuid/thisdoesntexistasatoken", "", false},
+	} {
+		c.Logf("=== %#v", trial)
+		ctx := auth.NewContext(s.ctx, &auth.Credentials{
+			Tokens: []string{trial.requestToken},
+		})
+
+		var tokenUUID string
+		var err error
+		qry := `SELECT uuid FROM api_client_authorizations WHERE uuid=$1 AND (expires_at IS NULL OR expires_at > current_timestamp AT TIME ZONE 'UTC') LIMIT 1`
+
+		if trial.shouldExpireToken {
+			err = s.tx.QueryRowContext(ctx, qry, trial.expiringTokenUUID).Scan(&tokenUUID)
+			c.Check(err, check.IsNil)
+		}
+
+		resp, err := s.ctrl.Logout(ctx, arvados.LogoutOptions{
+			ReturnTo: returnTo,
+		})
+		c.Check(err, check.IsNil)
+		c.Check(resp.RedirectLocation, check.Equals, returnTo)
+
+		if trial.shouldExpireToken {
+			err = s.tx.QueryRowContext(ctx, qry, trial.expiringTokenUUID).Scan(&tokenUUID)
+			c.Check(err, check.Equals, sql.ErrNoRows)
+		}
+	}
+}

-----------------------------------------------------------------------


hooks/post-receive
-- 


