add token usage tests

2025-11-02 02:44:55 +00:00 · 2022-08-23 15:04:24 +02:00 · 2022-08-23 15:04:24 +02:00 · 7e446b7414
commit 7e446b7414
parent 8803dbbd46
2 changed files with 69 additions and 0 deletions
--- a/packages/core/admin/server/services/api-token.js
+++ b/packages/core/admin/server/services/api-token.js
@ -48,6 +48,8 @@ const SELECT_FIELDS = [
 /** @constant {Array<string>} */
 const POPULATE_FIELDS = ['permissions'];

+// TODO: we need to ensure the permissions are actually valid registered permissions!
+
 /**
 * Assert that a token's permissions attribute is valid for its type
 *
--- a/packages/core/admin/server/tests/admin-api-token-usage.test.e2e.js
+++ b/packages/core/admin/server/tests/admin-api-token-usage.test.e2e.js
@ -0,0 +1,67 @@
+'use strict';
+
+const { createStrapiInstance } = require('../../../../../test/helpers/strapi');
+const { createAuthRequest } = require('../../../../../test/helpers/request');
+
+describe('Admin API Token v2 usage (e2e)', () => {
+  // let rq;
+  // let strapi;
+
+  // const deleteAllTokens = async () => {
+  //   const tokens = await strapi.admin.services['api-token'].list();
+  //   const promises = [];
+  //   tokens.forEach(({ id }) => {
+  //     promises.push(strapi.admin.services['api-token'].revoke(id));
+  //   });
+  //   await Promise.all(promises);
+  // };
+
+  // // Initialization Actions
+  // beforeAll(async () => {
+  //   strapi = await createStrapiInstance();
+  //   rq = await createAuthRequest({ strapi });
+
+  //   // delete tokens
+  //   await deleteAllTokens();
+  // });
+
+  // // Cleanup actions
+  // afterAll(async () => {
+  //   await strapi.destroy();
+  // });
+
+  // // create a predictable valid token that we can test with (delete, list, etc)
+  // let currentTokens = 0;
+  // const createValidToken = async (token = {}) => {
+  //   const body = {
+  //     type: 'read-only',
+  //     // eslint-disable-next-line no-plusplus
+  //     name: `token_${String(currentTokens++)}`,
+  //     description: 'generic description',
+  //     ...token,
+  //   };
+
+  //   const req = await rq({
+  //     url: '/admin/api-tokens',
+  //     method: 'POST',
+  //     body,
+  //   });
+
+  //   expect(req.status).toEqual(201);
+  //   return req.body.data;
+  // };
+
+  // const makeRequest = async () => {};
+
+  // test('Token can be used to access resource it has permissions for', async () => {
+  //   const token = await createValidToken({ type: 'read-only' });
+  // });
+  // test("Token can't access resource it doesn't have permission for", async () => {
+  //   const token = await createValidToken({ type: 'read-only' });
+  // });
+
+  test.todo('Regenerated access key works');
+  test.todo('Custom tokens access content for which they are authorized');
+  test.todo('Custom tokens fail to access content for which they are not authorized');
+  test.todo("Expired token can't be used");
+});