2022-07-06 02:57:23 +01:00
|
|
|
import os
|
|
|
|
|
|
2023-10-10 16:08:34 +05:30
|
|
|
import pytest
|
2022-08-06 05:05:23 +05:30
|
|
|
|
2024-01-31 14:42:40 +05:30
|
|
|
from tests.utils import (
|
|
|
|
|
get_admin_credentials,
|
|
|
|
|
get_frontend_url,
|
|
|
|
|
login_as,
|
|
|
|
|
wait_for_healthcheck_util,
|
|
|
|
|
wait_for_writes_to_sync,
|
|
|
|
|
)
|
2022-07-06 02:57:23 +01:00
|
|
|
|
|
|
|
|
# Disable telemetry
|
2022-08-06 05:05:23 +05:30
|
|
|
os.environ["DATAHUB_TELEMETRY_ENABLED"] = "false"
|
2022-06-30 16:00:50 +05:30
|
|
|
|
2022-07-15 14:44:19 +01:00
|
|
|
(admin_user, admin_pass) = get_admin_credentials()
|
2022-05-24 18:44:31 +01:00
|
|
|
|
2022-08-06 05:05:23 +05:30
|
|
|
|
2022-07-06 02:57:23 +01:00
|
|
|
@pytest.fixture(scope="session")
|
|
|
|
|
def wait_for_healthchecks():
|
2022-07-14 22:04:06 +05:30
|
|
|
wait_for_healthcheck_util()
|
2022-07-06 02:57:23 +01:00
|
|
|
yield
|
|
|
|
|
|
2022-09-23 16:48:23 -07:00
|
|
|
|
2022-07-06 02:57:23 +01:00
|
|
|
@pytest.mark.dependency()
|
|
|
|
|
def test_healthchecks(wait_for_healthchecks):
|
|
|
|
|
# Call to wait_for_healthchecks fixture will do the actual functionality.
|
|
|
|
|
pass
|
|
|
|
|
|
2022-09-23 16:48:23 -07:00
|
|
|
|
2022-07-06 02:57:23 +01:00
|
|
|
@pytest.mark.dependency(depends=["test_healthchecks"])
|
2022-09-23 16:48:23 -07:00
|
|
|
@pytest.fixture(scope="class", autouse=True)
|
2022-07-06 02:57:23 +01:00
|
|
|
def custom_user_setup():
|
2022-09-23 16:48:23 -07:00
|
|
|
"""Fixture to execute setup before and tear down after all tests are run"""
|
2024-01-31 14:42:40 +05:30
|
|
|
admin_session = login_as(admin_user, admin_pass)
|
2022-09-23 16:48:23 -07:00
|
|
|
|
|
|
|
|
res_data = removeUser(admin_session, "urn:li:corpuser:user")
|
|
|
|
|
assert res_data
|
|
|
|
|
assert "error" not in res_data
|
|
|
|
|
|
|
|
|
|
# Test getting the invite token
|
|
|
|
|
get_invite_token_json = {
|
|
|
|
|
"query": """query getInviteToken($input: GetInviteTokenInput!) {\n
|
|
|
|
|
getInviteToken(input: $input){\n
|
|
|
|
|
inviteToken\n
|
|
|
|
|
}\n
|
|
|
|
|
}""",
|
|
|
|
|
"variables": {"input": {}},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
get_invite_token_response = admin_session.post(
|
|
|
|
|
f"{get_frontend_url()}/api/v2/graphql", json=get_invite_token_json
|
|
|
|
|
)
|
|
|
|
|
get_invite_token_response.raise_for_status()
|
|
|
|
|
get_invite_token_res_data = get_invite_token_response.json()
|
|
|
|
|
|
|
|
|
|
assert get_invite_token_res_data
|
|
|
|
|
assert get_invite_token_res_data["data"]
|
|
|
|
|
invite_token = get_invite_token_res_data["data"]["getInviteToken"]["inviteToken"]
|
|
|
|
|
assert invite_token is not None
|
|
|
|
|
assert "error" not in invite_token
|
|
|
|
|
|
|
|
|
|
# Pass the invite token when creating the user
|
|
|
|
|
sign_up_json = {
|
|
|
|
|
"fullName": "Test User",
|
|
|
|
|
"email": "user",
|
|
|
|
|
"password": "user",
|
|
|
|
|
"title": "Date Engineer",
|
|
|
|
|
"inviteToken": invite_token,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
sign_up_response = admin_session.post(
|
|
|
|
|
f"{get_frontend_url()}/signUp", json=sign_up_json
|
|
|
|
|
)
|
|
|
|
|
sign_up_response.raise_for_status()
|
|
|
|
|
assert sign_up_response
|
|
|
|
|
assert "error" not in sign_up_response
|
|
|
|
|
# Sleep for eventual consistency
|
2023-06-06 14:44:52 -07:00
|
|
|
wait_for_writes_to_sync()
|
2022-09-23 16:48:23 -07:00
|
|
|
|
|
|
|
|
# signUp will override the session cookie to the new user to be signed up.
|
|
|
|
|
admin_session.cookies.clear()
|
2024-01-31 14:42:40 +05:30
|
|
|
admin_session = login_as(admin_user, admin_pass)
|
2022-09-23 16:48:23 -07:00
|
|
|
|
|
|
|
|
# Make user created user is there.
|
|
|
|
|
res_data = listUsers(admin_session)
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["listUsers"]
|
|
|
|
|
assert {"username": "user"} in res_data["data"]["listUsers"]["users"]
|
|
|
|
|
|
|
|
|
|
yield
|
|
|
|
|
|
|
|
|
|
# Delete created user
|
|
|
|
|
res_data = removeUser(admin_session, "urn:li:corpuser:user")
|
|
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
2024-01-31 14:42:40 +05:30
|
|
|
assert res_data["data"]["removeUser"] is True
|
2022-09-23 16:48:23 -07:00
|
|
|
# Sleep for eventual consistency
|
2023-06-06 14:44:52 -07:00
|
|
|
wait_for_writes_to_sync()
|
2022-09-23 16:48:23 -07:00
|
|
|
|
|
|
|
|
# Make user created user is not there.
|
|
|
|
|
res_data = listUsers(admin_session)
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["listUsers"]
|
|
|
|
|
assert {"username": "user"} not in res_data["data"]["listUsers"]["users"]
|
|
|
|
|
|
2022-07-06 02:57:23 +01:00
|
|
|
|
|
|
|
|
@pytest.mark.dependency(depends=["test_healthchecks"])
|
2022-05-24 18:44:31 +01:00
|
|
|
@pytest.fixture(autouse=True)
|
2022-07-06 02:57:23 +01:00
|
|
|
def access_token_setup():
|
2022-05-24 18:44:31 +01:00
|
|
|
"""Fixture to execute asserts before and after a test is run"""
|
2024-01-31 14:42:40 +05:30
|
|
|
admin_session = login_as(admin_user, admin_pass)
|
2022-05-24 18:44:31 +01:00
|
|
|
|
|
|
|
|
res_data = listAccessTokens(admin_session)
|
|
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["listAccessTokens"]["total"] == 0
|
|
|
|
|
assert not res_data["data"]["listAccessTokens"]["tokens"]
|
|
|
|
|
|
|
|
|
|
yield
|
|
|
|
|
|
|
|
|
|
# Clean up
|
|
|
|
|
res_data = listAccessTokens(admin_session)
|
|
|
|
|
for metadata in res_data["data"]["listAccessTokens"]["tokens"]:
|
2022-06-30 16:00:50 +05:30
|
|
|
revokeAccessToken(admin_session, metadata["id"])
|
|
|
|
|
|
2022-07-06 02:57:23 +01:00
|
|
|
# Sleep for eventual consistency
|
2023-06-06 14:44:52 -07:00
|
|
|
wait_for_writes_to_sync()
|
2022-05-24 18:44:31 +01:00
|
|
|
|
2022-09-23 16:48:23 -07:00
|
|
|
|
2022-07-06 02:57:23 +01:00
|
|
|
@pytest.mark.dependency(depends=["test_healthchecks"])
|
|
|
|
|
def test_admin_can_create_list_and_revoke_tokens(wait_for_healthchecks):
|
2024-01-31 14:42:40 +05:30
|
|
|
admin_session = login_as(admin_user, admin_pass)
|
2022-05-24 18:44:31 +01:00
|
|
|
|
|
|
|
|
# Using a super account, there should be no tokens
|
|
|
|
|
res_data = listAccessTokens(admin_session)
|
|
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["listAccessTokens"]["total"] is not None
|
|
|
|
|
assert len(res_data["data"]["listAccessTokens"]["tokens"]) == 0
|
|
|
|
|
|
|
|
|
|
# Using a super account, generate a token for itself.
|
2022-07-15 14:44:19 +01:00
|
|
|
res_data = generateAccessToken_v2(admin_session, f"urn:li:corpuser:{admin_user}")
|
2022-05-24 18:44:31 +01:00
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["createAccessToken"]
|
|
|
|
|
assert res_data["data"]["createAccessToken"]["accessToken"]
|
2022-09-23 16:48:23 -07:00
|
|
|
assert (
|
|
|
|
|
res_data["data"]["createAccessToken"]["metadata"]["actorUrn"]
|
|
|
|
|
== f"urn:li:corpuser:{admin_user}"
|
|
|
|
|
)
|
2022-05-24 18:44:31 +01:00
|
|
|
admin_tokenId = res_data["data"]["createAccessToken"]["metadata"]["id"]
|
2022-07-06 02:57:23 +01:00
|
|
|
# Sleep for eventual consistency
|
2023-06-06 14:44:52 -07:00
|
|
|
wait_for_writes_to_sync()
|
2022-05-24 18:44:31 +01:00
|
|
|
|
|
|
|
|
# Using a super account, list the previously created token.
|
|
|
|
|
res_data = listAccessTokens(admin_session)
|
|
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["listAccessTokens"]["total"] is not None
|
|
|
|
|
assert len(res_data["data"]["listAccessTokens"]["tokens"]) == 1
|
2022-09-23 16:48:23 -07:00
|
|
|
assert (
|
|
|
|
|
res_data["data"]["listAccessTokens"]["tokens"][0]["actorUrn"]
|
|
|
|
|
== f"urn:li:corpuser:{admin_user}"
|
|
|
|
|
)
|
|
|
|
|
assert (
|
|
|
|
|
res_data["data"]["listAccessTokens"]["tokens"][0]["ownerUrn"]
|
|
|
|
|
== f"urn:li:corpuser:{admin_user}"
|
|
|
|
|
)
|
2022-05-24 18:44:31 +01:00
|
|
|
|
|
|
|
|
# Check that the super account can revoke tokens that it created
|
|
|
|
|
res_data = revokeAccessToken(admin_session, admin_tokenId)
|
|
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["revokeAccessToken"]
|
2024-01-31 14:42:40 +05:30
|
|
|
assert res_data["data"]["revokeAccessToken"] is True
|
2022-07-06 02:57:23 +01:00
|
|
|
# Sleep for eventual consistency
|
2023-06-06 14:44:52 -07:00
|
|
|
wait_for_writes_to_sync()
|
2022-05-24 18:44:31 +01:00
|
|
|
|
|
|
|
|
# Using a super account, there should be no tokens
|
|
|
|
|
res_data = listAccessTokens(admin_session)
|
|
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["listAccessTokens"]["total"] is not None
|
|
|
|
|
assert len(res_data["data"]["listAccessTokens"]["tokens"]) == 0
|
|
|
|
|
|
2022-09-23 16:48:23 -07:00
|
|
|
|
2022-07-06 02:57:23 +01:00
|
|
|
@pytest.mark.dependency(depends=["test_healthchecks"])
|
|
|
|
|
def test_admin_can_create_and_revoke_tokens_for_other_user(wait_for_healthchecks):
|
2024-01-31 14:42:40 +05:30
|
|
|
admin_session = login_as(admin_user, admin_pass)
|
2022-05-24 18:44:31 +01:00
|
|
|
|
|
|
|
|
# Using a super account, there should be no tokens
|
|
|
|
|
res_data = listAccessTokens(admin_session)
|
|
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["listAccessTokens"]["total"] is not None
|
|
|
|
|
assert len(res_data["data"]["listAccessTokens"]["tokens"]) == 0
|
|
|
|
|
|
|
|
|
|
# Using a super account, generate a token for another user.
|
|
|
|
|
res_data = generateAccessToken_v2(admin_session, "urn:li:corpuser:user")
|
|
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["createAccessToken"]
|
|
|
|
|
assert res_data["data"]["createAccessToken"]["accessToken"]
|
2022-09-23 16:48:23 -07:00
|
|
|
assert (
|
|
|
|
|
res_data["data"]["createAccessToken"]["metadata"]["actorUrn"]
|
|
|
|
|
== "urn:li:corpuser:user"
|
|
|
|
|
)
|
2022-05-24 18:44:31 +01:00
|
|
|
user_tokenId = res_data["data"]["createAccessToken"]["metadata"]["id"]
|
2022-07-06 02:57:23 +01:00
|
|
|
# Sleep for eventual consistency
|
2023-06-06 14:44:52 -07:00
|
|
|
wait_for_writes_to_sync()
|
2022-05-24 18:44:31 +01:00
|
|
|
|
|
|
|
|
# Using a super account, list the previously created tokens.
|
|
|
|
|
res_data = listAccessTokens(admin_session)
|
|
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["listAccessTokens"]["total"] is not None
|
|
|
|
|
assert len(res_data["data"]["listAccessTokens"]["tokens"]) == 1
|
2022-09-23 16:48:23 -07:00
|
|
|
assert (
|
|
|
|
|
res_data["data"]["listAccessTokens"]["tokens"][0]["actorUrn"]
|
|
|
|
|
== "urn:li:corpuser:user"
|
|
|
|
|
)
|
|
|
|
|
assert (
|
|
|
|
|
res_data["data"]["listAccessTokens"]["tokens"][0]["ownerUrn"]
|
|
|
|
|
== f"urn:li:corpuser:{admin_user}"
|
|
|
|
|
)
|
2022-05-24 18:44:31 +01:00
|
|
|
|
|
|
|
|
# Check that the super account can revoke tokens that it created for another user
|
|
|
|
|
res_data = revokeAccessToken(admin_session, user_tokenId)
|
|
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["revokeAccessToken"]
|
2024-01-31 14:42:40 +05:30
|
|
|
assert res_data["data"]["revokeAccessToken"] is True
|
2022-07-06 02:57:23 +01:00
|
|
|
# Sleep for eventual consistency
|
2023-06-06 14:44:52 -07:00
|
|
|
wait_for_writes_to_sync()
|
2022-05-24 18:44:31 +01:00
|
|
|
|
|
|
|
|
# Using a super account, there should be no tokens
|
|
|
|
|
res_data = listAccessTokens(admin_session)
|
|
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["listAccessTokens"]["total"] is not None
|
|
|
|
|
assert len(res_data["data"]["listAccessTokens"]["tokens"]) == 0
|
2022-06-30 16:00:50 +05:30
|
|
|
|
2022-09-23 16:48:23 -07:00
|
|
|
|
2022-07-06 02:57:23 +01:00
|
|
|
@pytest.mark.dependency(depends=["test_healthchecks"])
|
|
|
|
|
def test_non_admin_can_create_list_revoke_tokens(wait_for_healthchecks):
|
2024-01-31 14:42:40 +05:30
|
|
|
user_session = login_as("user", "user")
|
2022-05-24 18:44:31 +01:00
|
|
|
|
|
|
|
|
# Normal user should be able to generate token for himself.
|
|
|
|
|
res_data = generateAccessToken_v2(user_session, "urn:li:corpuser:user")
|
|
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["createAccessToken"]
|
|
|
|
|
assert res_data["data"]["createAccessToken"]["accessToken"]
|
2022-09-23 16:48:23 -07:00
|
|
|
assert (
|
|
|
|
|
res_data["data"]["createAccessToken"]["metadata"]["actorUrn"]
|
|
|
|
|
== "urn:li:corpuser:user"
|
|
|
|
|
)
|
2022-05-24 18:44:31 +01:00
|
|
|
user_tokenId = res_data["data"]["createAccessToken"]["metadata"]["id"]
|
2022-07-06 02:57:23 +01:00
|
|
|
# Sleep for eventual consistency
|
2023-06-06 14:44:52 -07:00
|
|
|
wait_for_writes_to_sync()
|
2022-05-24 18:44:31 +01:00
|
|
|
|
|
|
|
|
# User should be able to list his own token
|
2022-09-23 16:48:23 -07:00
|
|
|
res_data = listAccessTokens(
|
2022-10-04 10:20:04 -07:00
|
|
|
user_session, [{"field": "ownerUrn", "values": ["urn:li:corpuser:user"]}]
|
2022-09-23 16:48:23 -07:00
|
|
|
)
|
2022-05-24 18:44:31 +01:00
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["listAccessTokens"]["total"] is not None
|
|
|
|
|
assert len(res_data["data"]["listAccessTokens"]["tokens"]) == 1
|
2022-09-23 16:48:23 -07:00
|
|
|
assert (
|
|
|
|
|
res_data["data"]["listAccessTokens"]["tokens"][0]["actorUrn"]
|
|
|
|
|
== "urn:li:corpuser:user"
|
|
|
|
|
)
|
|
|
|
|
assert (
|
|
|
|
|
res_data["data"]["listAccessTokens"]["tokens"][0]["ownerUrn"]
|
|
|
|
|
== "urn:li:corpuser:user"
|
|
|
|
|
)
|
2022-05-24 18:44:31 +01:00
|
|
|
assert res_data["data"]["listAccessTokens"]["tokens"][0]["id"] == user_tokenId
|
|
|
|
|
|
|
|
|
|
# User should be able to revoke his own token
|
|
|
|
|
res_data = revokeAccessToken(user_session, user_tokenId)
|
|
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["revokeAccessToken"]
|
2024-01-31 14:42:40 +05:30
|
|
|
assert res_data["data"]["revokeAccessToken"] is True
|
2022-07-06 02:57:23 +01:00
|
|
|
# Sleep for eventual consistency
|
2023-06-06 14:44:52 -07:00
|
|
|
wait_for_writes_to_sync()
|
2022-05-24 18:44:31 +01:00
|
|
|
|
|
|
|
|
# Using a normal account, check that all its tokens where removed.
|
2022-09-23 16:48:23 -07:00
|
|
|
res_data = listAccessTokens(
|
2022-10-04 10:20:04 -07:00
|
|
|
user_session, [{"field": "ownerUrn", "values": ["urn:li:corpuser:user"]}]
|
2022-09-23 16:48:23 -07:00
|
|
|
)
|
2022-05-24 18:44:31 +01:00
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["listAccessTokens"]["total"] is not None
|
|
|
|
|
assert len(res_data["data"]["listAccessTokens"]["tokens"]) == 0
|
|
|
|
|
|
2022-09-23 16:48:23 -07:00
|
|
|
|
2022-07-06 02:57:23 +01:00
|
|
|
@pytest.mark.dependency(depends=["test_healthchecks"])
|
|
|
|
|
def test_admin_can_manage_tokens_generated_by_other_user(wait_for_healthchecks):
|
2024-01-31 14:42:40 +05:30
|
|
|
admin_session = login_as(admin_user, admin_pass)
|
2022-05-24 18:44:31 +01:00
|
|
|
|
|
|
|
|
# Using a super account, there should be no tokens
|
|
|
|
|
res_data = listAccessTokens(admin_session)
|
|
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["listAccessTokens"]["total"] is not None
|
|
|
|
|
assert len(res_data["data"]["listAccessTokens"]["tokens"]) == 0
|
|
|
|
|
|
2022-07-06 02:57:23 +01:00
|
|
|
admin_session.cookies.clear()
|
2024-01-31 14:42:40 +05:30
|
|
|
user_session = login_as("user", "user")
|
2022-05-24 18:44:31 +01:00
|
|
|
res_data = generateAccessToken_v2(user_session, "urn:li:corpuser:user")
|
|
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["createAccessToken"]
|
|
|
|
|
assert res_data["data"]["createAccessToken"]["accessToken"]
|
2022-09-23 16:48:23 -07:00
|
|
|
assert (
|
|
|
|
|
res_data["data"]["createAccessToken"]["metadata"]["actorUrn"]
|
|
|
|
|
== "urn:li:corpuser:user"
|
|
|
|
|
)
|
|
|
|
|
assert (
|
|
|
|
|
res_data["data"]["createAccessToken"]["metadata"]["ownerUrn"]
|
|
|
|
|
== "urn:li:corpuser:user"
|
|
|
|
|
)
|
2022-05-24 18:44:31 +01:00
|
|
|
user_tokenId = res_data["data"]["createAccessToken"]["metadata"]["id"]
|
2022-07-06 02:57:23 +01:00
|
|
|
# Sleep for eventual consistency
|
2023-06-06 14:44:52 -07:00
|
|
|
wait_for_writes_to_sync()
|
2022-05-24 18:44:31 +01:00
|
|
|
|
|
|
|
|
# Admin should be able to list other tokens
|
2022-07-06 02:57:23 +01:00
|
|
|
user_session.cookies.clear()
|
2024-01-31 14:42:40 +05:30
|
|
|
admin_session = login_as(admin_user, admin_pass)
|
2022-09-23 16:48:23 -07:00
|
|
|
res_data = listAccessTokens(
|
2022-10-04 10:20:04 -07:00
|
|
|
admin_session, [{"field": "ownerUrn", "values": ["urn:li:corpuser:user"]}]
|
2022-09-23 16:48:23 -07:00
|
|
|
)
|
2022-05-24 18:44:31 +01:00
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["listAccessTokens"]["total"] is not None
|
|
|
|
|
assert len(res_data["data"]["listAccessTokens"]["tokens"]) == 1
|
2022-09-23 16:48:23 -07:00
|
|
|
assert (
|
|
|
|
|
res_data["data"]["listAccessTokens"]["tokens"][0]["actorUrn"]
|
|
|
|
|
== "urn:li:corpuser:user"
|
|
|
|
|
)
|
|
|
|
|
assert (
|
|
|
|
|
res_data["data"]["listAccessTokens"]["tokens"][0]["ownerUrn"]
|
|
|
|
|
== "urn:li:corpuser:user"
|
|
|
|
|
)
|
2022-05-24 18:44:31 +01:00
|
|
|
assert res_data["data"]["listAccessTokens"]["tokens"][0]["id"] == user_tokenId
|
|
|
|
|
|
|
|
|
|
# Admin can delete token created by someone else.
|
2022-07-06 02:57:23 +01:00
|
|
|
admin_session.cookies.clear()
|
2024-01-31 14:42:40 +05:30
|
|
|
admin_session = login_as(admin_user, admin_pass)
|
2022-05-24 18:44:31 +01:00
|
|
|
res_data = revokeAccessToken(admin_session, user_tokenId)
|
|
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["revokeAccessToken"]
|
2024-01-31 14:42:40 +05:30
|
|
|
assert res_data["data"]["revokeAccessToken"] is True
|
2022-07-06 02:57:23 +01:00
|
|
|
# Sleep for eventual consistency
|
2023-06-06 14:44:52 -07:00
|
|
|
wait_for_writes_to_sync()
|
2022-05-24 18:44:31 +01:00
|
|
|
|
|
|
|
|
# Using a normal account, check that all its tokens where removed.
|
2022-07-06 02:57:23 +01:00
|
|
|
user_session.cookies.clear()
|
2024-01-31 14:42:40 +05:30
|
|
|
user_session = login_as("user", "user")
|
2022-09-23 16:48:23 -07:00
|
|
|
res_data = listAccessTokens(
|
2022-10-04 10:20:04 -07:00
|
|
|
user_session, [{"field": "ownerUrn", "values": ["urn:li:corpuser:user"]}]
|
2022-09-23 16:48:23 -07:00
|
|
|
)
|
2022-05-24 18:44:31 +01:00
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["listAccessTokens"]["total"] is not None
|
|
|
|
|
assert len(res_data["data"]["listAccessTokens"]["tokens"]) == 0
|
|
|
|
|
|
|
|
|
|
# Using the super account, check that all tokens where removed.
|
2024-01-31 14:42:40 +05:30
|
|
|
admin_session = login_as(admin_user, admin_pass)
|
2022-09-23 16:48:23 -07:00
|
|
|
res_data = listAccessTokens(
|
2022-10-04 10:20:04 -07:00
|
|
|
admin_session, [{"field": "ownerUrn", "values": ["urn:li:corpuser:user"]}]
|
2022-09-23 16:48:23 -07:00
|
|
|
)
|
2022-05-24 18:44:31 +01:00
|
|
|
assert res_data
|
|
|
|
|
assert res_data["data"]
|
|
|
|
|
assert res_data["data"]["listAccessTokens"]["total"] is not None
|
|
|
|
|
assert len(res_data["data"]["listAccessTokens"]["tokens"]) == 0
|
|
|
|
|
|
2022-09-23 16:48:23 -07:00
|
|
|
|
2022-07-06 02:57:23 +01:00
|
|
|
@pytest.mark.dependency(depends=["test_healthchecks"])
|
|
|
|
|
def test_non_admin_can_not_generate_tokens_for_others(wait_for_healthchecks):
|
2024-01-31 14:42:40 +05:30
|
|
|
user_session = login_as("user", "user")
|
2022-07-06 02:57:23 +01:00
|
|
|
# Normal user should not be able to generate token for another user
|
2022-07-15 14:44:19 +01:00
|
|
|
res_data = generateAccessToken_v2(user_session, f"urn:li:corpuser:{admin_user}")
|
2022-05-24 18:44:31 +01:00
|
|
|
assert res_data
|
|
|
|
|
assert res_data["errors"]
|
2022-09-23 16:48:23 -07:00
|
|
|
assert (
|
|
|
|
|
res_data["errors"][0]["message"]
|
|
|
|
|
== "Unauthorized to perform this action. Please contact your DataHub administrator."
|
|
|
|
|
)
|
|
|
|
|
|
2022-06-30 16:00:50 +05:30
|
|
|
|
2022-05-24 18:44:31 +01:00
|
|
|
def generateAccessToken_v2(session, actorUrn):
|
2022-06-30 16:00:50 +05:30
|
|
|
# Create new token
|
2022-05-24 18:44:31 +01:00
|
|
|
json = {
|
|
|
|
|
"query": """mutation createAccessToken($input: CreateAccessTokenInput!) {\n
|
|
|
|
|
createAccessToken(input: $input) {\n
|
|
|
|
|
accessToken\n
|
|
|
|
|
metadata {\n
|
|
|
|
|
id\n
|
|
|
|
|
actorUrn\n
|
|
|
|
|
ownerUrn\n
|
|
|
|
|
name\n
|
|
|
|
|
description\n
|
|
|
|
|
}
|
|
|
|
|
}\n
|
|
|
|
|
}""",
|
|
|
|
|
"variables": {
|
2022-06-30 16:00:50 +05:30
|
|
|
"input": {
|
|
|
|
|
"type": "PERSONAL",
|
|
|
|
|
"actorUrn": actorUrn,
|
|
|
|
|
"duration": "ONE_HOUR",
|
|
|
|
|
"name": "my token",
|
|
|
|
|
}
|
|
|
|
|
},
|
2022-05-24 18:44:31 +01:00
|
|
|
}
|
|
|
|
|
|
2022-06-30 16:00:50 +05:30
|
|
|
response = session.post(f"{get_frontend_url()}/api/v2/graphql", json=json)
|
2022-05-24 18:44:31 +01:00
|
|
|
response.raise_for_status()
|
|
|
|
|
return response.json()
|
|
|
|
|
|
2022-06-30 16:00:50 +05:30
|
|
|
|
2022-05-24 18:44:31 +01:00
|
|
|
def listAccessTokens(session, filters=[]):
|
|
|
|
|
# Get count of existing tokens
|
|
|
|
|
input = {
|
2022-06-30 16:00:50 +05:30
|
|
|
"start": "0",
|
|
|
|
|
"count": "20",
|
2022-05-24 18:44:31 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if filters:
|
2022-06-30 16:00:50 +05:30
|
|
|
input["filters"] = filters
|
2022-05-24 18:44:31 +01:00
|
|
|
|
|
|
|
|
json = {
|
|
|
|
|
"query": """query listAccessTokens($input: ListAccessTokenInput!) {\n
|
|
|
|
|
listAccessTokens(input: $input) {\n
|
|
|
|
|
start\n
|
|
|
|
|
count\n
|
|
|
|
|
total\n
|
|
|
|
|
tokens {\n
|
|
|
|
|
urn\n
|
|
|
|
|
id\n
|
|
|
|
|
actorUrn\n
|
|
|
|
|
ownerUrn\n
|
|
|
|
|
}\n
|
|
|
|
|
}\n
|
|
|
|
|
}""",
|
2022-06-30 16:00:50 +05:30
|
|
|
"variables": {"input": input},
|
2022-05-24 18:44:31 +01:00
|
|
|
}
|
|
|
|
|
|
2022-06-30 16:00:50 +05:30
|
|
|
response = session.post(f"{get_frontend_url()}/api/v2/graphql", json=json)
|
2022-05-24 18:44:31 +01:00
|
|
|
response.raise_for_status()
|
|
|
|
|
return response.json()
|
|
|
|
|
|
2022-06-30 16:00:50 +05:30
|
|
|
|
2022-05-24 18:44:31 +01:00
|
|
|
def revokeAccessToken(session, tokenId):
|
|
|
|
|
# Revoke token
|
|
|
|
|
json = {
|
|
|
|
|
"query": """mutation revokeAccessToken($tokenId: String!) {\n
|
|
|
|
|
revokeAccessToken(tokenId: $tokenId)
|
|
|
|
|
}""",
|
2022-06-30 16:00:50 +05:30
|
|
|
"variables": {"tokenId": tokenId},
|
2022-05-24 18:44:31 +01:00
|
|
|
}
|
|
|
|
|
|
2022-06-30 16:00:50 +05:30
|
|
|
response = session.post(f"{get_frontend_url()}/api/v2/graphql", json=json)
|
2022-05-24 18:44:31 +01:00
|
|
|
response.raise_for_status()
|
2022-07-06 02:57:23 +01:00
|
|
|
|
2022-05-24 18:44:31 +01:00
|
|
|
return response.json()
|
|
|
|
|
|
2022-06-30 16:00:50 +05:30
|
|
|
|
2022-07-06 02:57:23 +01:00
|
|
|
def removeUser(session, urn):
|
|
|
|
|
# Remove user
|
|
|
|
|
json = {
|
|
|
|
|
"query": """mutation removeUser($urn: String!) {\n
|
|
|
|
|
removeUser(urn: $urn)
|
|
|
|
|
}""",
|
2022-09-23 16:48:23 -07:00
|
|
|
"variables": {"urn": urn},
|
2022-07-06 02:57:23 +01:00
|
|
|
}
|
|
|
|
|
|
2022-09-23 16:48:23 -07:00
|
|
|
response = session.post(f"{get_frontend_url()}/api/v2/graphql", json=json)
|
2022-07-06 02:57:23 +01:00
|
|
|
|
|
|
|
|
response.raise_for_status()
|
|
|
|
|
return response.json()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def listUsers(session):
|
|
|
|
|
input = {
|
2022-09-23 16:48:23 -07:00
|
|
|
"start": "0",
|
|
|
|
|
"count": "20",
|
2022-07-06 02:57:23 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# list users
|
|
|
|
|
json = {
|
|
|
|
|
"query": """query listUsers($input: ListUsersInput!) {\n
|
|
|
|
|
listUsers(input: $input) {\n
|
|
|
|
|
start\n
|
|
|
|
|
count\n
|
|
|
|
|
total\n
|
|
|
|
|
users {\n
|
|
|
|
|
username\n
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}""",
|
2022-09-23 16:48:23 -07:00
|
|
|
"variables": {"input": input},
|
2022-07-06 02:57:23 +01:00
|
|
|
}
|
|
|
|
|
|
2022-09-23 16:48:23 -07:00
|
|
|
response = session.post(f"{get_frontend_url()}/api/v2/graphql", json=json)
|
2022-07-06 02:57:23 +01:00
|
|
|
|
|
|
|
|
response.raise_for_status()
|
|
|
|
|
return response.json()
|
