extern/netbird
1
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2025-06-20 09:47:49 +02:00
Code Issues Packages Projects Releases Wiki Activity

use object instead of plain token for create response + handler test

Browse Source
This commit is contained in:
Pascal Fischer 2023-03-28 14:47:15 +02:00
parent 6a75ec4ab7
commit 514403db37
5 changed files with 265 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
management/server/http/api/openapi.yml
View File

@ -317,6 +317,17 @@ components:
- created_by - created_by
- created_at - created_at
- last_used - last_used
PersonalAccessTokenGenerated:
type: object
properties:
plain_token:
description: Plain text representation of the generated token
type: string
personal_access_token:
$ref: '#/components/schemas/PersonalAccessToken'
required:
- plain_token
- personal_access_token
PersonalAccessTokenRequest: PersonalAccessTokenRequest:
type: object type: object
properties: properties:
@ -945,9 +956,9 @@ paths:
'200': '200':
description: The token in plain text description: The token in plain text
content: content:
text/plain: application/json:
schema: schema:
type: string $ref: '#/components/schemas/PersonalAccessTokenGenerated'
'400': '400':
"$ref": "#/components/responses/bad_request" "$ref": "#/components/responses/bad_request"
'401': '401':

8
management/server/http/api/types.gen.go
View File

@ -400,6 +400,14 @@ type PersonalAccessToken struct {
Name string `json:"name"` Name string `json:"name"`
} }
// PersonalAccessTokenGenerated defines model for PersonalAccessTokenGenerated.
type PersonalAccessTokenGenerated struct {
PersonalAccessToken PersonalAccessToken `json:"personal_access_token"`
// PlainToken Plain text representation of the generated token
PlainToken string `json:"plain_token"`
}
// PersonalAccessTokenRequest defines model for PersonalAccessTokenRequest. // PersonalAccessTokenRequest defines model for PersonalAccessTokenRequest.
type PersonalAccessTokenRequest struct { type PersonalAccessTokenRequest struct {
// ExpiresIn Expiration in days // ExpiresIn Expiration in days

26
management/server/http/pat_handler.go
View File

@ -81,7 +81,18 @@ func (h *PATHandler) GetToken(w http.ResponseWriter, r *http.Request) {
return return
} }
pat := account.Users[userID].PATs[tokenID] user = account.Users[userID]
if user == nil {
util.WriteError(status.Errorf(status.NotFound, "user not found"), w)
return
}
pat := user.PATs[tokenID]
if pat == nil {
util.WriteError(status.Errorf(status.NotFound, "PAT not found"), w)
return
}
util.WriteJSONObject(w, toPATResponse(pat)) util.WriteJSONObject(w, toPATResponse(pat))
} }
@ -121,14 +132,14 @@ func (h *PATHandler) CreateToken(w http.ResponseWriter, r *http.Request) {
return return
} }
pat, plainToken, err := server.CreateNewPAT(req.Name, req.ExpiresIn, user.Id) pat, err := server.CreateNewPAT(req.Name, req.ExpiresIn, user.Id)
err = h.accountManager.AddPATToUser(account.Id, userID, pat) err = h.accountManager.AddPATToUser(account.Id, userID, &pat.PersonalAccessToken)
if err != nil { if err != nil {
util.WriteError(err, w) util.WriteError(err, w)
return return
} }
util.WriteJSONObject(w, plainToken) util.WriteJSONObject(w, toPATGeneratedResponse(pat))
} }
func (h *PATHandler) DeleteToken(w http.ResponseWriter, r *http.Request) { func (h *PATHandler) DeleteToken(w http.ResponseWriter, r *http.Request) {
@ -175,3 +186,10 @@ func toPATResponse(pat *server.PersonalAccessToken) *api.PersonalAccessToken {
LastUsed: pat.LastUsed, LastUsed: pat.LastUsed,
} }
} }
func toPATGeneratedResponse(pat *server.PersonalAccessTokenGenerated) *api.PersonalAccessTokenGenerated {
return &api.PersonalAccessTokenGenerated{
PlainToken: pat.PlainToken,
PersonalAccessToken: *toPATResponse(&pat.PersonalAccessToken),
}
}

208
management/server/http/pat_handler_test.go
View File

@ -1,37 +1,231 @@
package http package http
import ( import (
"bytes"
"encoding/json"
"fmt"
"io"
"net/http" "net/http"
"net/http/httptest"
"testing"
"time"
"github.com/google/go-cmp/cmp"
"github.com/gorilla/mux"
"github.com/stretchr/testify/assert"
"github.com/netbirdio/netbird/management/server" "github.com/netbirdio/netbird/management/server"
"github.com/netbirdio/netbird/management/server/http/api"
"github.com/netbirdio/netbird/management/server/jwtclaims" "github.com/netbirdio/netbird/management/server/jwtclaims"
"github.com/netbirdio/netbird/management/server/mock_server" "github.com/netbirdio/netbird/management/server/mock_server"
"github.com/netbirdio/netbird/management/server/status" "github.com/netbirdio/netbird/management/server/status"
) )
const (
existingAccountID = "existingAccountID"
notFoundAccountID = "notFoundAccountID"
existingUserID = "existingUserID"
notFoundUserID = "notFoundUserID"
existingTokenID = "existingTokenID"
notFoundTokenID = "notFoundTokenID"
domain = "hotmail.com"
)
var testAccount = &server.Account{
Id: existingAccountID,
Domain: domain,
Users: map[string]*server.User{
existingUserID: {
Id: existingUserID,
PATs: map[string]*server.PersonalAccessToken{
existingTokenID: {
ID: existingTokenID,
Name: "My first token",
HashedToken: "someHash",
ExpirationDate: time.Now().AddDate(0, 0, 7),
CreatedBy: existingUserID,
CreatedAt: time.Now(),
LastUsed: time.Now(),
},
"token2": {
ID: "token2",
Name: "My second token",
HashedToken: "someOtherHash",
ExpirationDate: time.Now().AddDate(0, 0, 7),
CreatedBy: existingUserID,
CreatedAt: time.Now(),
LastUsed: time.Now(),
},
},
},
},
}
func initPATTestData() *PATHandler { func initPATTestData() *PATHandler {
return &PATHandler{ return &PATHandler{
accountManager: &mock_server.MockAccountManager{ accountManager: &mock_server.MockAccountManager{
AddPATToUserFunc: func(accountID string, userID string, pat *server.PersonalAccessToken) error { AddPATToUserFunc: func(accountID string, userID string, pat *server.PersonalAccessToken) error {
if nsGroupID == existingNSGroupID { if accountID != existingAccountID {
return baseExistingNSGroup.Copy(), nil return status.Errorf(status.NotFound, "account with ID %s not found", accountID)
} }
return nil, status.Errorf(status.NotFound, "nameserver group with ID %s not found", nsGroupID) if userID != existingUserID {
return status.Errorf(status.NotFound, "user with ID %s not found", userID)
}
return nil
}, },
GetAccountFromTokenFunc: func(_ jwtclaims.AuthorizationClaims) (*server.Account, *server.User, error) { GetAccountFromTokenFunc: func(_ jwtclaims.AuthorizationClaims) (*server.Account, *server.User, error) {
return testingNSAccount, testingAccount.Users["test_user"], nil return testAccount, testAccount.Users[existingUserID], nil
},
DeletePATFunc: func(accountID string, userID string, tokenID string) error {
if accountID != existingAccountID {
return status.Errorf(status.NotFound, "account with ID %s not found", accountID)
}
if userID != existingUserID {
return status.Errorf(status.NotFound, "user with ID %s not found", userID)
}
if tokenID != existingTokenID {
return status.Errorf(status.NotFound, "token with ID %s not found", tokenID)
}
return nil
}, },
}, },
claimsExtractor: jwtclaims.NewClaimsExtractor( claimsExtractor: jwtclaims.NewClaimsExtractor(
jwtclaims.WithFromRequestContext(func(r *http.Request) jwtclaims.AuthorizationClaims { jwtclaims.WithFromRequestContext(func(r *http.Request) jwtclaims.AuthorizationClaims {
return jwtclaims.AuthorizationClaims{ return jwtclaims.AuthorizationClaims{
UserId: "test_user", UserId: existingUserID,
Domain: "hotmail.com", Domain: domain,
AccountId: testNSGroupAccountID, AccountId: testNSGroupAccountID,
} }
}), }),
), ),
} }
} }
func TestTokenHandlers(t *testing.T) {
tt := []struct {
name string
expectedStatus int
expectedBody bool
requestType string
requestPath string
requestBody io.Reader
}{
{
name: "Get All Tokens",
requestType: http.MethodGet,
requestPath: "/api/users/" + existingUserID + "/tokens",
expectedStatus: http.StatusOK,
expectedBody: true,
},
{
name: "Get Existing Token",
requestType: http.MethodGet,
requestPath: "/api/users/" + existingUserID + "/tokens/" + existingTokenID,
expectedStatus: http.StatusOK,
expectedBody: true,
},
{
name: "Get Not Existing Token",
requestType: http.MethodGet,
requestPath: "/api/users/" + existingUserID + "/tokens/" + notFoundTokenID,
expectedStatus: http.StatusNotFound,
},
{
name: "Delete Existing Token",
requestType: http.MethodDelete,
requestPath: "/api/users/" + existingUserID + "/tokens/" + existingTokenID,
expectedStatus: http.StatusOK,
},
{
name: "Delete Not Existing Token",
requestType: http.MethodDelete,
requestPath: "/api/users/" + existingUserID + "/tokens/" + notFoundTokenID,
expectedStatus: http.StatusNotFound,
},
{
name: "POST OK",
requestType: http.MethodPost,
requestPath: "/api/users/" + existingUserID + "/tokens",
requestBody: bytes.NewBuffer(
[]byte(fmt.Sprint("{\"name\":\"name\",\"expires_in\":7}"))),
expectedStatus: http.StatusOK,
expectedBody: true,
},
}
p := initPATTestData()
for _, tc := range tt {
t.Run(tc.name, func(t *testing.T) {
recorder := httptest.NewRecorder()
req := httptest.NewRequest(tc.requestType, tc.requestPath, tc.requestBody)
router := mux.NewRouter()
router.HandleFunc("/api/users/{userId}/tokens", p.GetAllTokens).Methods("GET")
router.HandleFunc("/api/users/{userId}/tokens/{tokenId}", p.GetToken).Methods("GET")
router.HandleFunc("/api/users/{userId}/tokens", p.CreateToken).Methods("POST")
router.HandleFunc("/api/users/{userId}/tokens/{tokenId}", p.DeleteToken).Methods("DELETE")
router.ServeHTTP(recorder, req)
res := recorder.Result()
defer res.Body.Close()
content, err := io.ReadAll(res.Body)
if err != nil {
t.Fatalf("I don't know what I expected; %v", err)
}
if status := recorder.Code; status != tc.expectedStatus {
t.Errorf("handler returned wrong status code: got %v want %v, content: %s",
status, tc.expectedStatus, string(content))
return
}
if !tc.expectedBody {
return
}
switch tc.name {
case "POST OK":
got := &api.PersonalAccessTokenGenerated{}
if err = json.Unmarshal(content, &got); err != nil {
t.Fatalf("Sent content is not in correct json format; %v", err)
}
assert.NotEmpty(t, got.PlainToken)
assert.Equal(t, server.PATLength, len(got.PlainToken))
case "Get All Tokens":
expectedTokens := []api.PersonalAccessToken{
toTokenResponse(*testAccount.Users[existingUserID].PATs[existingTokenID]),
toTokenResponse(*testAccount.Users[existingUserID].PATs["token2"]),
}
var got []api.PersonalAccessToken
if err = json.Unmarshal(content, &got); err != nil {
t.Fatalf("Sent content is not in correct json format; %v", err)
}
assert.True(t, cmp.Equal(got, expectedTokens))
case "Get Existing Token":
expectedToken := toTokenResponse(*testAccount.Users[existingUserID].PATs[existingTokenID])
got := &api.PersonalAccessToken{}
if err = json.Unmarshal(content, &got); err != nil {
t.Fatalf("Sent content is not in correct json format; %v", err)
}
assert.True(t, cmp.Equal(*got, expectedToken))
}
})
}
}
func toTokenResponse(serverToken server.PersonalAccessToken) api.PersonalAccessToken {
return api.PersonalAccessToken{
Id: serverToken.ID,
Name: serverToken.Name,
CreatedAt: serverToken.CreatedAt,
LastUsed: serverToken.LastUsed,
CreatedBy: serverToken.CreatedBy,
ExpirationDate: serverToken.ExpirationDate,
}
}

32
management/server/personal_access_token.go
View File

@ -34,23 +34,33 @@ type PersonalAccessToken struct {
LastUsed time.Time LastUsed time.Time
} }
// PersonalAccessTokenGenerated holds the new PersonalAccessToken and the plain text version of it
type PersonalAccessTokenGenerated struct {
PlainToken string
PersonalAccessToken
}
// CreateNewPAT will generate a new PersonalAccessToken that can be assigned to a User. // CreateNewPAT will generate a new PersonalAccessToken that can be assigned to a User.
// Additionally, it will return the token in plain text once, to give to the user and only save a hashed version // Additionally, it will return the token in plain text once, to give to the user and only save a hashed version
func CreateNewPAT(name string, expirationInDays int, createdBy string) (*PersonalAccessToken, string, error) { func CreateNewPAT(name string, expirationInDays int, createdBy string) (*PersonalAccessTokenGenerated, error) {
hashedToken, plainToken, err := generateNewToken() hashedToken, plainToken, err := generateNewToken()
if err != nil { if err != nil {
return nil, "", err return nil, err
} }
currentTime := time.Now().UTC() currentTime := time.Now().UTC()
return &PersonalAccessToken{ return &PersonalAccessTokenGenerated{
ID: xid.New().String(), PersonalAccessToken: PersonalAccessToken{
Name: name, ID: xid.New().String(),
HashedToken: hashedToken, Name: name,
ExpirationDate: currentTime.AddDate(0, 0, expirationInDays), HashedToken: hashedToken,
CreatedBy: createdBy, ExpirationDate: currentTime.AddDate(0, 0, expirationInDays),
CreatedAt: currentTime, CreatedBy: createdBy,
LastUsed: currentTime, CreatedAt: currentTime,
}, plainToken, nil LastUsed: currentTime,
},
PlainToken: plainToken,
}, nil
} }
func generateNewToken() (string, string, error) { func generateNewToken() (string, string, error) {