2021-08-26 14:37:55 +02:00
|
|
|
'use strict';
|
|
|
|
|
|
2022-08-23 19:19:56 +02:00
|
|
|
const { omit } = require('lodash');
|
2023-04-05 10:32:20 +02:00
|
|
|
const { createStrapiInstance } = require('api-tests/strapi');
|
|
|
|
|
const { createAuthRequest } = require('api-tests/request');
|
|
|
|
|
const constants = require('../../../packages/core/admin/server/services/constants');
|
2021-08-26 14:37:55 +02:00
|
|
|
|
2022-11-07 16:30:12 +01:00
|
|
|
describe('Admin API Token v2 CRUD (api)', () => {
|
2021-08-26 14:37:55 +02:00
|
|
|
let rq;
|
|
|
|
|
let strapi;
|
2023-03-23 13:01:44 +01:00
|
|
|
let now;
|
|
|
|
|
let nowSpy;
|
2021-08-26 14:37:55 +02:00
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
const deleteAllTokens = async () => {
|
|
|
|
|
const tokens = await strapi.admin.services['api-token'].list();
|
|
|
|
|
const promises = [];
|
|
|
|
|
tokens.forEach(({ id }) => {
|
|
|
|
|
promises.push(strapi.admin.services['api-token'].revoke(id));
|
|
|
|
|
});
|
|
|
|
|
await Promise.all(promises);
|
|
|
|
|
};
|
2021-09-06 15:14:45 +02:00
|
|
|
|
2021-08-26 14:37:55 +02:00
|
|
|
// Initialization Actions
|
|
|
|
|
beforeAll(async () => {
|
|
|
|
|
strapi = await createStrapiInstance();
|
|
|
|
|
rq = await createAuthRequest({ strapi });
|
2023-03-23 13:01:44 +01:00
|
|
|
// To eliminate latency in the request and predict the expiry timestamp, we freeze Date.now()
|
|
|
|
|
now = Date.now();
|
|
|
|
|
nowSpy = jest.spyOn(Date, 'now').mockImplementation(() => now);
|
2022-08-08 17:09:17 +02:00
|
|
|
|
|
|
|
|
// delete tokens
|
|
|
|
|
await deleteAllTokens();
|
2021-08-26 14:37:55 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Cleanup actions
|
|
|
|
|
afterAll(async () => {
|
2023-03-23 13:01:44 +01:00
|
|
|
nowSpy.mockRestore();
|
2021-08-26 14:37:55 +02:00
|
|
|
await strapi.destroy();
|
|
|
|
|
});
|
|
|
|
|
|
2023-03-23 15:02:08 +01:00
|
|
|
afterEach(async () => {
|
|
|
|
|
await deleteAllTokens();
|
|
|
|
|
});
|
|
|
|
|
|
2022-08-23 13:51:47 +02:00
|
|
|
// create a predictable valid token that we can test with (delete, list, etc)
|
2022-08-08 22:51:01 +02:00
|
|
|
let currentTokens = 0;
|
2022-08-08 17:09:17 +02:00
|
|
|
const createValidToken = async (token = {}) => {
|
2022-08-24 10:01:36 +02:00
|
|
|
currentTokens += 1;
|
|
|
|
|
|
2022-08-12 09:50:10 +02:00
|
|
|
const body = {
|
|
|
|
|
type: 'read-only',
|
2022-08-24 10:01:36 +02:00
|
|
|
name: `token_${String(currentTokens)}`,
|
2022-08-12 09:50:10 +02:00
|
|
|
description: 'generic description',
|
|
|
|
|
...token,
|
|
|
|
|
};
|
|
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
const req = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
2022-08-12 09:50:10 +02:00
|
|
|
body,
|
2022-08-08 17:09:17 +02:00
|
|
|
});
|
|
|
|
|
|
2022-08-08 22:53:25 +02:00
|
|
|
expect(req.status).toEqual(201);
|
2022-08-08 17:09:17 +02:00
|
|
|
return req.body.data;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
test('Fails to create an api token (missing parameters from the body)', async () => {
|
2021-08-26 14:37:55 +02:00
|
|
|
const body = {
|
2022-08-08 17:09:17 +02:00
|
|
|
name: 'api-token_tests-failBody',
|
2021-08-26 14:37:55 +02:00
|
|
|
description: 'api-token_tests-description',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
2022-08-24 18:05:36 +02:00
|
|
|
expect(res.body).toStrictEqual({
|
2021-10-20 17:30:05 +02:00
|
|
|
data: null,
|
|
|
|
|
error: {
|
|
|
|
|
status: 400,
|
|
|
|
|
name: 'ValidationError',
|
|
|
|
|
message: 'type is a required field',
|
|
|
|
|
details: {
|
|
|
|
|
errors: [
|
|
|
|
|
{
|
|
|
|
|
path: ['type'],
|
|
|
|
|
name: 'ValidationError',
|
|
|
|
|
message: 'type is a required field',
|
|
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
},
|
2021-08-26 14:37:55 +02:00
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
test('Fails to create an api token (invalid `type` in the body)', async () => {
|
2021-08-27 16:23:19 +02:00
|
|
|
const body = {
|
2022-08-08 17:09:17 +02:00
|
|
|
name: 'api-token_tests-failType',
|
2021-08-27 16:23:19 +02:00
|
|
|
description: 'api-token_tests-description',
|
|
|
|
|
type: 'invalid-type',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
2022-08-24 18:05:36 +02:00
|
|
|
expect(res.body).toStrictEqual({
|
2021-10-20 17:30:05 +02:00
|
|
|
data: null,
|
|
|
|
|
error: {
|
|
|
|
|
status: 400,
|
|
|
|
|
name: 'ValidationError',
|
2022-08-08 15:00:46 +02:00
|
|
|
message: 'type must be one of the following values: read-only, full-access, custom',
|
2021-10-20 17:30:05 +02:00
|
|
|
details: {
|
|
|
|
|
errors: [
|
|
|
|
|
{
|
|
|
|
|
path: ['type'],
|
|
|
|
|
name: 'ValidationError',
|
2022-08-08 15:00:46 +02:00
|
|
|
message: 'type must be one of the following values: read-only, full-access, custom',
|
2021-10-20 17:30:05 +02:00
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
},
|
2021-08-27 16:23:19 +02:00
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2022-08-23 14:14:04 +02:00
|
|
|
test('Creates a read-only api token', async () => {
|
2021-08-26 14:37:55 +02:00
|
|
|
const body = {
|
2022-08-08 17:09:17 +02:00
|
|
|
name: 'api-token_tests-readonly',
|
2021-08-26 14:37:55 +02:00
|
|
|
description: 'api-token_tests-description',
|
2021-09-01 09:18:31 +02:00
|
|
|
type: 'read-only',
|
2021-08-26 14:37:55 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(201);
|
2022-08-24 18:05:36 +02:00
|
|
|
expect(res.body.data).toStrictEqual({
|
2021-08-27 16:23:19 +02:00
|
|
|
accessKey: expect.any(String),
|
|
|
|
|
name: body.name,
|
2022-08-08 15:00:46 +02:00
|
|
|
permissions: [],
|
2021-08-27 16:23:19 +02:00
|
|
|
description: body.description,
|
|
|
|
|
type: body.type,
|
|
|
|
|
id: expect.any(Number),
|
2022-08-24 18:05:36 +02:00
|
|
|
createdAt: expect.toBeISODate(),
|
2022-08-19 16:36:28 +02:00
|
|
|
lastUsedAt: null,
|
2022-08-24 18:05:36 +02:00
|
|
|
updatedAt: expect.toBeISODate(),
|
2022-08-24 09:00:04 +02:00
|
|
|
expiresAt: null,
|
|
|
|
|
lifespan: null,
|
2021-08-27 16:23:19 +02:00
|
|
|
});
|
2022-08-08 17:09:17 +02:00
|
|
|
});
|
2021-09-06 15:14:45 +02:00
|
|
|
|
2022-08-24 09:00:04 +02:00
|
|
|
test('Creates a token without a lifespan', async () => {
|
|
|
|
|
const body = {
|
|
|
|
|
name: 'api-token_tests-no-lifespan',
|
|
|
|
|
description: 'api-token_tests-description',
|
|
|
|
|
type: 'read-only',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(201);
|
2022-08-24 18:05:36 +02:00
|
|
|
expect(res.body.data).toStrictEqual({
|
2021-08-27 16:23:19 +02:00
|
|
|
accessKey: expect.any(String),
|
|
|
|
|
name: body.name,
|
2022-08-08 15:00:46 +02:00
|
|
|
permissions: [],
|
2021-08-27 16:23:19 +02:00
|
|
|
description: body.description,
|
|
|
|
|
type: body.type,
|
|
|
|
|
id: expect.any(Number),
|
2022-08-24 18:05:36 +02:00
|
|
|
createdAt: expect.toBeISODate(),
|
2022-08-19 16:36:28 +02:00
|
|
|
lastUsedAt: null,
|
2022-08-24 18:05:36 +02:00
|
|
|
updatedAt: expect.toBeISODate(),
|
2022-08-23 13:51:47 +02:00
|
|
|
expiresAt: null,
|
|
|
|
|
lifespan: null,
|
2021-08-27 16:23:19 +02:00
|
|
|
});
|
2022-08-08 17:09:17 +02:00
|
|
|
});
|
2021-09-06 15:14:45 +02:00
|
|
|
|
2022-11-10 17:44:51 +01:00
|
|
|
test('Creates a token with a 7-day lifespan', async () => {
|
2022-08-23 14:14:04 +02:00
|
|
|
const body = {
|
2022-11-10 17:44:51 +01:00
|
|
|
name: 'api-token_tests-lifespan7',
|
2022-08-23 14:14:04 +02:00
|
|
|
description: 'api-token_tests-description',
|
|
|
|
|
type: 'read-only',
|
2022-08-24 19:02:38 +02:00
|
|
|
lifespan: 7 * 24 * 60 * 60 * 1000, // 7 days
|
2022-08-23 14:14:04 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(201);
|
|
|
|
|
expect(res.body.data).toStrictEqual({
|
|
|
|
|
accessKey: expect.any(String),
|
|
|
|
|
name: body.name,
|
|
|
|
|
permissions: [],
|
|
|
|
|
description: body.description,
|
|
|
|
|
type: body.type,
|
|
|
|
|
id: expect.any(Number),
|
2022-08-24 18:05:36 +02:00
|
|
|
createdAt: expect.toBeISODate(),
|
2022-08-23 14:14:04 +02:00
|
|
|
lastUsedAt: null,
|
2022-08-24 18:05:36 +02:00
|
|
|
updatedAt: expect.toBeISODate(),
|
|
|
|
|
expiresAt: expect.toBeISODate(),
|
2022-11-10 17:44:51 +01:00
|
|
|
lifespan: String(body.lifespan),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Datetime stored in some databases may lose ms accuracy, so allow a range of 2 seconds for timing edge cases
|
|
|
|
|
expect(Date.parse(res.body.data.expiresAt)).toBeGreaterThan(now + body.lifespan - 2000);
|
|
|
|
|
expect(Date.parse(res.body.data.expiresAt)).toBeLessThan(now + body.lifespan + 2000);
|
|
|
|
|
|
|
|
|
|
jest.useRealTimers();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Creates a token with a 30-day lifespan', async () => {
|
|
|
|
|
const body = {
|
|
|
|
|
name: 'api-token_tests-lifespan30',
|
|
|
|
|
description: 'api-token_tests-description',
|
|
|
|
|
type: 'read-only',
|
2022-11-10 18:10:48 +01:00
|
|
|
lifespan: 30 * 24 * 60 * 60 * 1000, // 30 days
|
2022-11-10 17:44:51 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(201);
|
|
|
|
|
expect(res.body.data).toStrictEqual({
|
|
|
|
|
accessKey: expect.any(String),
|
|
|
|
|
name: body.name,
|
|
|
|
|
permissions: [],
|
|
|
|
|
description: body.description,
|
|
|
|
|
type: body.type,
|
|
|
|
|
id: expect.any(Number),
|
|
|
|
|
createdAt: expect.toBeISODate(),
|
|
|
|
|
lastUsedAt: null,
|
|
|
|
|
updatedAt: expect.toBeISODate(),
|
|
|
|
|
expiresAt: expect.toBeISODate(),
|
|
|
|
|
lifespan: String(body.lifespan),
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// Datetime stored in some databases may lose ms accuracy, so allow a range of 2 seconds for timing edge cases
|
|
|
|
|
expect(Date.parse(res.body.data.expiresAt)).toBeGreaterThan(now + body.lifespan - 2000);
|
|
|
|
|
expect(Date.parse(res.body.data.expiresAt)).toBeLessThan(now + body.lifespan + 2000);
|
|
|
|
|
|
|
|
|
|
jest.useRealTimers();
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Creates a token with a 90-day lifespan', async () => {
|
|
|
|
|
const body = {
|
|
|
|
|
name: 'api-token_tests-lifespan90',
|
|
|
|
|
description: 'api-token_tests-description',
|
|
|
|
|
type: 'read-only',
|
|
|
|
|
lifespan: 90 * 24 * 60 * 60 * 1000, // 90 days
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(201);
|
|
|
|
|
expect(res.body.data).toStrictEqual({
|
|
|
|
|
accessKey: expect.any(String),
|
|
|
|
|
name: body.name,
|
|
|
|
|
permissions: [],
|
|
|
|
|
description: body.description,
|
|
|
|
|
type: body.type,
|
|
|
|
|
id: expect.any(Number),
|
|
|
|
|
createdAt: expect.toBeISODate(),
|
|
|
|
|
lastUsedAt: null,
|
|
|
|
|
updatedAt: expect.toBeISODate(),
|
|
|
|
|
expiresAt: expect.toBeISODate(),
|
|
|
|
|
lifespan: String(body.lifespan),
|
2022-08-23 14:14:04 +02:00
|
|
|
});
|
2022-08-24 18:05:36 +02:00
|
|
|
|
2022-08-24 19:05:13 +02:00
|
|
|
// Datetime stored in some databases may lose ms accuracy, so allow a range of 2 seconds for timing edge cases
|
2022-08-24 19:02:38 +02:00
|
|
|
expect(Date.parse(res.body.data.expiresAt)).toBeGreaterThan(now + body.lifespan - 2000);
|
|
|
|
|
expect(Date.parse(res.body.data.expiresAt)).toBeLessThan(now + body.lifespan + 2000);
|
2022-08-24 18:05:36 +02:00
|
|
|
|
|
|
|
|
jest.useRealTimers();
|
2022-08-23 14:14:04 +02:00
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Creates a token with a null lifespan', async () => {
|
|
|
|
|
const body = {
|
|
|
|
|
name: 'api-token_tests-nulllifespan',
|
|
|
|
|
description: 'api-token_tests-description',
|
|
|
|
|
type: 'read-only',
|
|
|
|
|
lifespan: null,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(201);
|
|
|
|
|
expect(res.body.data).toStrictEqual({
|
|
|
|
|
accessKey: expect.any(String),
|
|
|
|
|
name: body.name,
|
|
|
|
|
permissions: [],
|
|
|
|
|
description: body.description,
|
|
|
|
|
type: body.type,
|
|
|
|
|
id: expect.any(Number),
|
2022-08-24 18:05:36 +02:00
|
|
|
createdAt: expect.toBeISODate(),
|
2022-08-23 14:14:04 +02:00
|
|
|
lastUsedAt: null,
|
2022-08-24 18:05:36 +02:00
|
|
|
updatedAt: expect.toBeISODate(),
|
2022-08-23 14:14:04 +02:00
|
|
|
expiresAt: null,
|
|
|
|
|
lifespan: body.lifespan,
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Fails to create a token with invalid lifespan', async () => {
|
|
|
|
|
const body = {
|
|
|
|
|
name: 'api-token_tests-lifespan',
|
|
|
|
|
description: 'api-token_tests-description',
|
|
|
|
|
type: 'read-only',
|
|
|
|
|
lifespan: -1,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
2022-08-24 18:05:36 +02:00
|
|
|
expect(res.body).toStrictEqual({
|
2022-08-23 14:14:04 +02:00
|
|
|
data: null,
|
|
|
|
|
error: {
|
|
|
|
|
status: 400,
|
|
|
|
|
name: 'ValidationError',
|
2022-08-26 10:33:18 +02:00
|
|
|
message: expect.stringContaining('lifespan must be one of the following values'),
|
2022-08-24 18:05:36 +02:00
|
|
|
details: {
|
|
|
|
|
errors: expect.arrayContaining([
|
|
|
|
|
expect.objectContaining({
|
2022-08-26 10:33:18 +02:00
|
|
|
message: expect.stringContaining('lifespan must be one of the following values'),
|
2022-08-24 18:05:36 +02:00
|
|
|
name: 'ValidationError',
|
|
|
|
|
}),
|
|
|
|
|
]),
|
|
|
|
|
},
|
2022-08-23 14:14:04 +02:00
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2022-08-09 10:53:16 +02:00
|
|
|
test('Fails to create a non-custom api token with permissions', async () => {
|
2022-08-08 17:09:17 +02:00
|
|
|
const body = {
|
2022-08-09 10:49:44 +02:00
|
|
|
name: 'api-token_tests-readonlyFailWithPermissions',
|
2022-08-08 17:09:17 +02:00
|
|
|
description: 'api-token_tests-description',
|
2022-08-08 22:54:58 +02:00
|
|
|
type: 'read-only',
|
|
|
|
|
permissions: ['admin::thing.action'],
|
2022-08-08 17:09:17 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
2022-08-09 10:49:44 +02:00
|
|
|
expect(res.statusCode).toBe(400);
|
2022-08-24 18:05:36 +02:00
|
|
|
expect(res.body).toStrictEqual({
|
2022-08-09 10:49:44 +02:00
|
|
|
data: null,
|
|
|
|
|
error: {
|
|
|
|
|
status: 400,
|
2022-08-09 10:53:16 +02:00
|
|
|
name: 'ValidationError',
|
2022-08-11 10:48:40 +02:00
|
|
|
message: 'Non-custom tokens should not reference permissions',
|
2022-08-09 10:53:16 +02:00
|
|
|
details: {},
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2022-08-10 10:55:49 +02:00
|
|
|
test('Creates a non-custom api token with empty permissions attribute', async () => {
|
2022-08-09 10:53:16 +02:00
|
|
|
const body = {
|
|
|
|
|
name: 'api-token_tests-fullAccessFailWithEmptyPermissions',
|
|
|
|
|
description: 'api-token_tests-description',
|
|
|
|
|
type: 'full-access',
|
|
|
|
|
permissions: [],
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
2022-08-11 10:48:40 +02:00
|
|
|
expect(res.statusCode).toBe(201);
|
2022-08-23 17:24:29 +02:00
|
|
|
expect(res.body.data).toMatchObject({
|
2022-08-11 10:48:40 +02:00
|
|
|
accessKey: expect.any(String),
|
|
|
|
|
name: body.name,
|
|
|
|
|
permissions: [],
|
|
|
|
|
description: body.description,
|
|
|
|
|
type: body.type,
|
|
|
|
|
id: expect.any(Number),
|
|
|
|
|
createdAt: expect.any(String),
|
2022-08-19 16:36:28 +02:00
|
|
|
lastUsedAt: null,
|
2022-08-18 11:02:24 +02:00
|
|
|
updatedAt: expect.any(String),
|
2022-08-23 13:51:47 +02:00
|
|
|
expiresAt: null,
|
|
|
|
|
lifespan: null,
|
2022-08-08 17:09:17 +02:00
|
|
|
});
|
2021-08-26 14:37:55 +02:00
|
|
|
});
|
|
|
|
|
|
2022-08-23 14:14:04 +02:00
|
|
|
test('Creates a custom api token', async () => {
|
2022-08-29 16:33:41 +02:00
|
|
|
strapi.contentAPI.permissions.providers.action.keys = jest.fn(() => [
|
|
|
|
|
'admin::subject.action',
|
|
|
|
|
'plugin::foo.bar.action',
|
|
|
|
|
]);
|
|
|
|
|
|
2022-08-08 17:21:10 +02:00
|
|
|
const body = {
|
2022-08-09 10:23:15 +02:00
|
|
|
name: 'api-token_tests-customSuccess',
|
2022-08-08 17:21:10 +02:00
|
|
|
description: 'api-token_tests-description',
|
|
|
|
|
type: 'custom',
|
2022-08-08 22:54:08 +02:00
|
|
|
permissions: ['admin::subject.action', 'plugin::foo.bar.action'],
|
2022-08-08 17:21:10 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
2022-08-08 22:54:08 +02:00
|
|
|
expect(res.statusCode).toBe(201);
|
2022-08-23 17:24:29 +02:00
|
|
|
expect(res.body.data).toMatchObject({
|
2022-08-08 17:21:10 +02:00
|
|
|
accessKey: expect.any(String),
|
|
|
|
|
name: body.name,
|
2022-11-29 14:02:44 +01:00
|
|
|
permissions: expect.arrayContaining(body.permissions),
|
2022-08-08 17:21:10 +02:00
|
|
|
description: body.description,
|
|
|
|
|
type: body.type,
|
|
|
|
|
id: expect.any(Number),
|
|
|
|
|
createdAt: expect.any(String),
|
2022-08-19 16:36:28 +02:00
|
|
|
lastUsedAt: null,
|
2022-08-18 11:02:24 +02:00
|
|
|
updatedAt: expect.any(String),
|
2022-08-23 13:51:47 +02:00
|
|
|
expiresAt: null,
|
|
|
|
|
lifespan: null,
|
2022-08-08 17:21:10 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2022-08-09 10:23:15 +02:00
|
|
|
test('Fails to create a custom api token without permissions', async () => {
|
2022-08-08 22:54:58 +02:00
|
|
|
const body = {
|
2022-08-09 10:23:15 +02:00
|
|
|
name: 'api-token_tests-customFail',
|
2022-08-08 22:54:58 +02:00
|
|
|
description: 'api-token_tests-description',
|
|
|
|
|
type: 'custom',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
2022-08-09 10:49:44 +02:00
|
|
|
expect(res.body).toMatchObject({
|
|
|
|
|
data: null,
|
|
|
|
|
error: {
|
|
|
|
|
status: 400,
|
|
|
|
|
name: 'ValidationError',
|
2022-08-11 10:48:40 +02:00
|
|
|
message: 'Missing permissions attribute for custom token',
|
2022-08-09 10:49:44 +02:00
|
|
|
details: {},
|
|
|
|
|
},
|
|
|
|
|
});
|
2022-08-08 22:54:58 +02:00
|
|
|
});
|
|
|
|
|
|
2022-08-29 16:33:41 +02:00
|
|
|
test('Fails to create a custom api token with unknown permissions', async () => {
|
|
|
|
|
strapi.contentAPI.permissions.providers.action.keys = jest.fn(() => ['action-A', 'action-B']);
|
|
|
|
|
|
|
|
|
|
const body = {
|
|
|
|
|
name: 'api-token_tests-customFail',
|
|
|
|
|
description: 'api-token_tests-description',
|
|
|
|
|
type: 'custom',
|
|
|
|
|
permissions: ['action-A', 'action-C'],
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toMatchObject({
|
|
|
|
|
data: null,
|
|
|
|
|
error: {
|
|
|
|
|
status: 400,
|
|
|
|
|
name: 'ValidationError',
|
|
|
|
|
message: 'Unknown permissions provided: action-C',
|
|
|
|
|
details: {},
|
|
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
test('Creates an api token without a description (successfully)', async () => {
|
2021-08-26 14:37:55 +02:00
|
|
|
const body = {
|
2021-09-28 11:17:44 +02:00
|
|
|
name: 'api-token_tests-without-description',
|
2021-09-01 09:18:31 +02:00
|
|
|
type: 'full-access',
|
2021-08-26 14:37:55 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(201);
|
2022-08-23 17:24:29 +02:00
|
|
|
expect(res.body.data).toMatchObject({
|
2021-08-27 16:23:19 +02:00
|
|
|
accessKey: expect.any(String),
|
|
|
|
|
name: body.name,
|
2022-08-08 15:00:46 +02:00
|
|
|
permissions: [],
|
2021-08-27 16:23:19 +02:00
|
|
|
description: '',
|
|
|
|
|
type: body.type,
|
|
|
|
|
id: expect.any(Number),
|
2021-10-05 13:13:45 +02:00
|
|
|
createdAt: expect.any(String),
|
2022-08-19 16:36:28 +02:00
|
|
|
lastUsedAt: null,
|
2022-08-18 11:02:24 +02:00
|
|
|
updatedAt: expect.any(String),
|
2022-08-23 13:51:47 +02:00
|
|
|
expiresAt: null,
|
|
|
|
|
lifespan: null,
|
2021-08-27 16:23:19 +02:00
|
|
|
});
|
2021-08-26 14:37:55 +02:00
|
|
|
});
|
2021-08-27 16:35:34 +02:00
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
test('Creates an api token with trimmed description and name (successfully)', async () => {
|
2021-08-27 16:35:34 +02:00
|
|
|
const body = {
|
2022-08-08 17:09:17 +02:00
|
|
|
name: ' api-token_tests-spaces-at-the-end ',
|
|
|
|
|
description: ' api-token_tests-description-with-spaces-at-the-end ',
|
2021-09-01 09:18:31 +02:00
|
|
|
type: 'read-only',
|
2021-08-27 16:35:34 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(201);
|
2022-08-23 17:24:29 +02:00
|
|
|
expect(res.body.data).toMatchObject({
|
2021-08-27 16:35:34 +02:00
|
|
|
accessKey: expect.any(String),
|
2021-09-28 11:17:44 +02:00
|
|
|
name: 'api-token_tests-spaces-at-the-end',
|
2022-08-08 15:00:46 +02:00
|
|
|
permissions: [],
|
2021-08-27 16:35:34 +02:00
|
|
|
description: 'api-token_tests-description-with-spaces-at-the-end',
|
|
|
|
|
type: body.type,
|
|
|
|
|
id: expect.any(Number),
|
2021-10-05 13:13:45 +02:00
|
|
|
createdAt: expect.any(String),
|
2022-08-19 16:36:28 +02:00
|
|
|
lastUsedAt: null,
|
2022-08-18 11:02:24 +02:00
|
|
|
updatedAt: expect.any(String),
|
2022-08-23 13:51:47 +02:00
|
|
|
expiresAt: null,
|
|
|
|
|
lifespan: null,
|
2021-08-27 16:35:34 +02:00
|
|
|
});
|
|
|
|
|
});
|
2021-08-27 08:39:08 +02:00
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
test('List all tokens (successfully)', async () => {
|
|
|
|
|
await deleteAllTokens();
|
|
|
|
|
|
2022-08-29 16:33:41 +02:00
|
|
|
strapi.contentAPI.permissions.providers.action.keys = jest.fn(() => [
|
|
|
|
|
'admin::model.model.read',
|
|
|
|
|
'admin::model.model.create',
|
|
|
|
|
]);
|
|
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
// create 4 tokens
|
2022-08-18 12:24:13 +02:00
|
|
|
const tokens = [];
|
2022-08-12 09:52:47 +02:00
|
|
|
tokens.push(
|
|
|
|
|
await createValidToken({
|
|
|
|
|
type: 'custom',
|
|
|
|
|
permissions: ['admin::model.model.read', 'admin::model.model.create'],
|
|
|
|
|
})
|
|
|
|
|
);
|
|
|
|
|
tokens.push(await createValidToken({ type: 'full-access' }));
|
|
|
|
|
tokens.push(await createValidToken({ type: 'read-only' }));
|
2022-08-26 10:33:18 +02:00
|
|
|
tokens.push(await createValidToken({ lifespan: constants.API_TOKEN_LIFESPANS.DAYS_7 }));
|
2022-08-08 17:09:17 +02:00
|
|
|
tokens.push(await createValidToken());
|
|
|
|
|
|
2021-08-27 08:39:08 +02:00
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'GET',
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(200);
|
2022-08-23 14:14:04 +02:00
|
|
|
expect(res.body.data.length).toBe(tokens.length);
|
2022-08-23 19:19:56 +02:00
|
|
|
// check that each token exists in data
|
|
|
|
|
tokens.forEach((token) => {
|
|
|
|
|
const t = res.body.data.find((t) => t.id === token.id);
|
2022-08-23 20:08:45 +02:00
|
|
|
if (t.permissions) {
|
|
|
|
|
t.permissions = t.permissions.sort();
|
2022-08-24 18:05:36 +02:00
|
|
|
Object.assign(token, { permissions: token.permissions.sort() });
|
2022-08-23 20:08:45 +02:00
|
|
|
}
|
2022-08-24 18:05:36 +02:00
|
|
|
expect(t).toStrictEqual(omit(token, ['accessKey']));
|
2022-08-23 19:19:56 +02:00
|
|
|
});
|
2021-08-27 08:39:08 +02:00
|
|
|
});
|
2021-08-31 15:31:54 +02:00
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
test('Deletes a token (successfully)', async () => {
|
|
|
|
|
const token = await createValidToken();
|
|
|
|
|
|
2021-08-31 15:31:54 +02:00
|
|
|
const res = await rq({
|
2022-08-08 17:09:17 +02:00
|
|
|
url: `/admin/api-tokens/${token.id}`,
|
2021-08-31 15:31:54 +02:00
|
|
|
method: 'DELETE',
|
|
|
|
|
});
|
|
|
|
|
|
2021-09-02 10:47:06 +02:00
|
|
|
expect(res.statusCode).toBe(200);
|
2022-08-23 17:24:29 +02:00
|
|
|
expect(res.body.data).toMatchObject({
|
2022-08-08 17:09:17 +02:00
|
|
|
name: token.name,
|
|
|
|
|
permissions: token.permissions,
|
|
|
|
|
description: token.description,
|
|
|
|
|
type: token.type,
|
|
|
|
|
id: token.id,
|
|
|
|
|
createdAt: token.createdAt,
|
2022-08-19 16:36:28 +02:00
|
|
|
lastUsedAt: null,
|
2022-08-18 11:02:24 +02:00
|
|
|
updatedAt: expect.any(String),
|
2022-08-23 13:51:47 +02:00
|
|
|
expiresAt: null,
|
|
|
|
|
lifespan: null,
|
2021-09-02 10:47:06 +02:00
|
|
|
});
|
2021-08-31 15:31:54 +02:00
|
|
|
});
|
|
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
test('Does not return an error if the ressource to delete does not exist', async () => {
|
2021-08-31 15:31:54 +02:00
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens/42',
|
|
|
|
|
method: 'DELETE',
|
|
|
|
|
});
|
|
|
|
|
|
2021-09-02 10:47:06 +02:00
|
|
|
expect(res.statusCode).toBe(200);
|
|
|
|
|
expect(res.body.data).toBeNull();
|
2021-08-31 15:31:54 +02:00
|
|
|
});
|
2021-09-02 11:56:14 +02:00
|
|
|
|
2022-08-12 09:52:47 +02:00
|
|
|
test('Retrieves a non-custom token (successfully)', async () => {
|
|
|
|
|
const token = await createValidToken({
|
|
|
|
|
type: 'read-only',
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: `/admin/api-tokens/${token.id}`,
|
|
|
|
|
method: 'GET',
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(200);
|
2022-08-23 17:24:29 +02:00
|
|
|
expect(res.body.data).toMatchObject({
|
2022-08-12 09:52:47 +02:00
|
|
|
name: token.name,
|
|
|
|
|
permissions: token.permissions,
|
|
|
|
|
description: token.description,
|
|
|
|
|
type: token.type,
|
|
|
|
|
id: token.id,
|
|
|
|
|
createdAt: token.createdAt,
|
2022-08-19 16:36:28 +02:00
|
|
|
lastUsedAt: null,
|
2022-08-18 11:02:24 +02:00
|
|
|
updatedAt: expect.any(String),
|
2022-08-23 13:51:47 +02:00
|
|
|
expiresAt: null,
|
|
|
|
|
lifespan: null,
|
2022-08-12 09:52:47 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
test('Retrieves a custom token (successfully)', async () => {
|
|
|
|
|
const token = await createValidToken({
|
|
|
|
|
type: 'custom',
|
|
|
|
|
permissions: ['admin::model.model.read'],
|
|
|
|
|
});
|
2022-08-08 17:09:17 +02:00
|
|
|
|
2021-09-02 11:56:14 +02:00
|
|
|
const res = await rq({
|
2022-08-08 17:09:17 +02:00
|
|
|
url: `/admin/api-tokens/${token.id}`,
|
2021-09-02 11:56:14 +02:00
|
|
|
method: 'GET',
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(200);
|
2022-08-23 17:24:29 +02:00
|
|
|
expect(res.body.data).toMatchObject({
|
2022-08-08 17:09:17 +02:00
|
|
|
name: token.name,
|
|
|
|
|
permissions: token.permissions,
|
|
|
|
|
description: token.description,
|
|
|
|
|
type: token.type,
|
|
|
|
|
id: token.id,
|
|
|
|
|
createdAt: token.createdAt,
|
2022-08-19 16:36:28 +02:00
|
|
|
lastUsedAt: null,
|
2022-08-18 11:02:24 +02:00
|
|
|
updatedAt: expect.any(String),
|
2022-08-23 13:51:47 +02:00
|
|
|
expiresAt: null,
|
|
|
|
|
lifespan: null,
|
2021-09-02 11:56:14 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
test('Returns a 404 if the ressource to retrieve does not exist', async () => {
|
2021-09-02 11:56:14 +02:00
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens/42',
|
|
|
|
|
method: 'GET',
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(404);
|
2021-10-20 17:30:05 +02:00
|
|
|
expect(res.body).toMatchObject({
|
|
|
|
|
data: null,
|
|
|
|
|
error: {
|
|
|
|
|
status: 404,
|
|
|
|
|
name: 'NotFoundError',
|
|
|
|
|
message: 'API Token not found',
|
|
|
|
|
details: {},
|
|
|
|
|
},
|
|
|
|
|
});
|
2021-09-02 11:56:14 +02:00
|
|
|
});
|
2021-09-06 13:30:52 +02:00
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
test('Updates a token (successfully)', async () => {
|
|
|
|
|
// create a token
|
2021-09-06 13:30:52 +02:00
|
|
|
const body = {
|
2022-08-08 17:09:17 +02:00
|
|
|
name: 'api-token_tests-name',
|
2021-09-06 13:30:52 +02:00
|
|
|
description: 'api-token_tests-description',
|
|
|
|
|
type: 'read-only',
|
|
|
|
|
};
|
|
|
|
|
const res = await rq({
|
2022-08-08 17:09:17 +02:00
|
|
|
url: '/admin/api-tokens',
|
|
|
|
|
method: 'POST',
|
2021-09-06 13:30:52 +02:00
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
const token = res.body.data;
|
|
|
|
|
|
|
|
|
|
const updatedBody = {
|
|
|
|
|
name: 'api-token_tests-updated-name',
|
|
|
|
|
description: 'api-token_tests-description',
|
|
|
|
|
type: 'read-only',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const updatedRes = await rq({
|
|
|
|
|
url: `/admin/api-tokens/${token.id}`,
|
|
|
|
|
method: 'PUT',
|
|
|
|
|
body: updatedBody,
|
2021-09-06 13:30:52 +02:00
|
|
|
});
|
2021-09-08 14:38:43 +02:00
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
expect(updatedRes.statusCode).toBe(200);
|
2022-08-23 17:24:29 +02:00
|
|
|
expect(updatedRes.body.data).toMatchObject({
|
2022-08-08 17:09:17 +02:00
|
|
|
name: updatedBody.name,
|
|
|
|
|
permissions: [],
|
|
|
|
|
description: updatedBody.description,
|
|
|
|
|
type: updatedBody.type,
|
|
|
|
|
id: token.id,
|
|
|
|
|
createdAt: token.createdAt,
|
2022-08-19 16:36:28 +02:00
|
|
|
lastUsedAt: null,
|
2022-08-18 11:02:24 +02:00
|
|
|
updatedAt: expect.any(String),
|
2022-08-23 13:51:47 +02:00
|
|
|
expiresAt: null,
|
|
|
|
|
lifespan: null,
|
2022-08-08 17:09:17 +02:00
|
|
|
});
|
2022-08-18 11:02:24 +02:00
|
|
|
// expect(updatedRes.body.data.updated)
|
2021-09-06 13:30:52 +02:00
|
|
|
});
|
|
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
test('Returns a 404 if the ressource to update does not exist', async () => {
|
2021-09-06 13:30:52 +02:00
|
|
|
const body = {
|
|
|
|
|
name: 'api-token_tests-updated-name',
|
2021-09-08 14:38:43 +02:00
|
|
|
description: 'api-token_tests-updated-description',
|
2021-09-06 13:30:52 +02:00
|
|
|
type: 'read-only',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens/42',
|
|
|
|
|
method: 'PUT',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(404);
|
2021-10-20 17:30:05 +02:00
|
|
|
expect(res.body).toMatchObject({
|
|
|
|
|
data: null,
|
|
|
|
|
error: {
|
|
|
|
|
status: 404,
|
|
|
|
|
name: 'NotFoundError',
|
|
|
|
|
message: 'API Token not found',
|
|
|
|
|
details: {},
|
|
|
|
|
},
|
|
|
|
|
});
|
2021-09-06 13:30:52 +02:00
|
|
|
});
|
|
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
test('Updates a token with partial payload (successfully)', async () => {
|
|
|
|
|
const token = await createValidToken();
|
|
|
|
|
|
2021-09-06 13:30:52 +02:00
|
|
|
const body = {
|
2021-09-08 14:38:43 +02:00
|
|
|
description: 'api-token_tests-re-updated-description',
|
2021-09-06 13:30:52 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
2022-08-08 17:09:17 +02:00
|
|
|
url: `/admin/api-tokens/${token.id}`,
|
2021-09-06 13:30:52 +02:00
|
|
|
method: 'PUT',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
2021-09-08 14:38:43 +02:00
|
|
|
expect(res.statusCode).toBe(200);
|
|
|
|
|
expect(res.body.data).toMatchObject({
|
2022-08-08 17:09:17 +02:00
|
|
|
name: token.name,
|
|
|
|
|
permissions: token.permissions,
|
|
|
|
|
description: body.description, // updated field
|
|
|
|
|
type: token.type,
|
|
|
|
|
id: token.id,
|
|
|
|
|
createdAt: token.createdAt,
|
2022-08-19 16:36:28 +02:00
|
|
|
lastUsedAt: null,
|
2022-08-18 11:02:24 +02:00
|
|
|
updatedAt: expect.any(String),
|
2022-08-23 13:51:47 +02:00
|
|
|
expiresAt: null,
|
|
|
|
|
lifespan: null,
|
2021-09-06 13:30:52 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
test('Fails to update an api token (invalid `type` in the body)', async () => {
|
2021-09-06 13:30:52 +02:00
|
|
|
const body = {
|
|
|
|
|
name: 'api-token_tests-name',
|
|
|
|
|
description: 'api-token_tests-description',
|
|
|
|
|
type: 'invalid-type',
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: '/admin/api-tokens/1',
|
|
|
|
|
method: 'PUT',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(400);
|
|
|
|
|
expect(res.body).toMatchObject({
|
2021-10-20 17:30:05 +02:00
|
|
|
data: null,
|
|
|
|
|
error: {
|
|
|
|
|
details: {
|
|
|
|
|
errors: [
|
|
|
|
|
{
|
2022-08-08 15:00:46 +02:00
|
|
|
message: 'type must be one of the following values: read-only, full-access, custom',
|
2021-10-20 17:30:05 +02:00
|
|
|
name: 'ValidationError',
|
|
|
|
|
path: ['type'],
|
|
|
|
|
},
|
|
|
|
|
],
|
|
|
|
|
},
|
2022-08-08 15:00:46 +02:00
|
|
|
message: 'type must be one of the following values: read-only, full-access, custom',
|
2021-10-20 17:30:05 +02:00
|
|
|
name: 'ValidationError',
|
|
|
|
|
status: 400,
|
2021-09-06 13:30:52 +02:00
|
|
|
},
|
|
|
|
|
});
|
|
|
|
|
});
|
2021-09-08 14:38:43 +02:00
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
test('Updates a token when passing a `null` description (successfully)', async () => {
|
|
|
|
|
const token = await createValidToken();
|
|
|
|
|
|
2021-09-08 14:38:43 +02:00
|
|
|
const body = {
|
|
|
|
|
description: null,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
2022-08-08 17:09:17 +02:00
|
|
|
url: `/admin/api-tokens/${token.id}`,
|
2021-09-08 14:38:43 +02:00
|
|
|
method: 'PUT',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(200);
|
|
|
|
|
expect(res.body.data).toMatchObject({
|
2022-08-08 17:09:17 +02:00
|
|
|
name: token.name,
|
|
|
|
|
permissions: token.permissions,
|
2021-09-08 14:38:43 +02:00
|
|
|
description: '',
|
2022-08-08 17:09:17 +02:00
|
|
|
type: token.type,
|
|
|
|
|
id: token.id,
|
|
|
|
|
createdAt: token.createdAt,
|
2022-08-19 16:36:28 +02:00
|
|
|
lastUsedAt: null,
|
2022-08-18 11:02:24 +02:00
|
|
|
updatedAt: expect.any(String),
|
2022-08-23 13:51:47 +02:00
|
|
|
expiresAt: null,
|
|
|
|
|
lifespan: null,
|
2021-09-08 14:38:43 +02:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2022-08-08 17:09:17 +02:00
|
|
|
test('Updates a token but not the description if no description is passed (successfully)', async () => {
|
|
|
|
|
const token = await createValidToken();
|
|
|
|
|
|
2021-09-08 14:38:43 +02:00
|
|
|
const body = {
|
2022-08-08 17:09:17 +02:00
|
|
|
name: 'api-token_tests-newNameWithoutDescUpdate',
|
2021-09-08 14:38:43 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
2022-08-08 17:09:17 +02:00
|
|
|
url: `/admin/api-tokens/${token.id}`,
|
2021-09-08 14:38:43 +02:00
|
|
|
method: 'PUT',
|
|
|
|
|
body,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(200);
|
|
|
|
|
expect(res.body.data).toMatchObject({
|
|
|
|
|
name: body.name,
|
2022-08-08 17:09:17 +02:00
|
|
|
description: token.description,
|
|
|
|
|
permissions: token.permissions,
|
|
|
|
|
type: token.type,
|
|
|
|
|
id: token.id,
|
|
|
|
|
createdAt: token.createdAt,
|
2022-08-19 16:36:28 +02:00
|
|
|
lastUsedAt: null,
|
2022-08-18 11:02:24 +02:00
|
|
|
updatedAt: expect.any(String),
|
2022-08-23 13:51:47 +02:00
|
|
|
expiresAt: null,
|
|
|
|
|
lifespan: null,
|
2021-09-08 14:38:43 +02:00
|
|
|
});
|
|
|
|
|
});
|
2022-08-22 09:26:20 +02:00
|
|
|
|
2022-08-18 14:12:34 +02:00
|
|
|
test('Regenerates an api token access key', async () => {
|
2022-08-18 14:03:59 +02:00
|
|
|
const token = await createValidToken();
|
|
|
|
|
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: `/admin/api-tokens/${token.id}/regenerate`,
|
|
|
|
|
method: 'POST',
|
|
|
|
|
});
|
|
|
|
|
|
2022-08-18 14:12:34 +02:00
|
|
|
expect(res.statusCode).toBe(201);
|
2022-08-18 14:03:59 +02:00
|
|
|
expect(res.body.data).toMatchObject({
|
|
|
|
|
accessKey: expect.any(String),
|
|
|
|
|
});
|
2022-08-22 12:22:36 +02:00
|
|
|
expect(res.body.data.accessKey).not.toEqual(token.accessKey);
|
2022-08-18 14:03:59 +02:00
|
|
|
});
|
2022-08-18 14:12:34 +02:00
|
|
|
|
2022-08-22 12:33:00 +02:00
|
|
|
test('Regenerate throws a NotFound if provided an invalid id', async () => {
|
|
|
|
|
const res = await rq({
|
|
|
|
|
url: `/admin/api-tokens/999999/regenerate`,
|
|
|
|
|
method: 'POST',
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
expect(res.statusCode).toBe(404);
|
|
|
|
|
expect(res.body.error).toMatchObject({
|
|
|
|
|
name: 'NotFoundError',
|
|
|
|
|
status: 404,
|
|
|
|
|
});
|
2022-08-18 14:03:59 +02:00
|
|
|
});
|
2022-08-18 14:12:34 +02:00
|
|
|
|
2022-08-23 13:03:15 +02:00
|
|
|
test.todo('Custom token can only be created with valid permissions that exist');
|
2021-08-26 14:37:55 +02:00
|
|
|
});
|
