yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-11-03 03:17:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

add token usage tests

Browse Source
This commit is contained in:
Ben Irvin 2022-08-23 15:04:24 +02:00
parent 8803dbbd46
commit 7e446b7414
2 changed files with 69 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
packages/core/admin/server/services/api-token.js
View File

@ -48,6 +48,8 @@ const SELECT_FIELDS = [
/** @constant {Array<string>} */ /** @constant {Array<string>} */
const POPULATE_FIELDS = ['permissions']; const POPULATE_FIELDS = ['permissions'];
// TODO: we need to ensure the permissions are actually valid registered permissions!
/** /**
* Assert that a token's permissions attribute is valid for its type * Assert that a token's permissions attribute is valid for its type
* *

67
packages/core/admin/server/tests/admin-api-token-usage.test.e2e.js Normal file
View File

@ -0,0 +1,67 @@
'use strict';
const { createStrapiInstance } = require('../../../../../test/helpers/strapi');
const { createAuthRequest } = require('../../../../../test/helpers/request');
describe('Admin API Token v2 usage (e2e)', () => {
// let rq;
// let strapi;
// const deleteAllTokens = async () => {
// const tokens = await strapi.admin.services['api-token'].list();
// const promises = [];
// tokens.forEach(({ id }) => {
// promises.push(strapi.admin.services['api-token'].revoke(id));
// });
// await Promise.all(promises);
// };
// // Initialization Actions
// beforeAll(async () => {
// strapi = await createStrapiInstance();
// rq = await createAuthRequest({ strapi });
// // delete tokens
// await deleteAllTokens();
// });
// // Cleanup actions
// afterAll(async () => {
// await strapi.destroy();
// });
// // create a predictable valid token that we can test with (delete, list, etc)
// let currentTokens = 0;
// const createValidToken = async (token = {}) => {
// const body = {
// type: 'read-only',
// // eslint-disable-next-line no-plusplus
// name: `token_${String(currentTokens++)}`,
// description: 'generic description',
// ...token,
// };
// const req = await rq({
// url: '/admin/api-tokens',
// method: 'POST',
// body,
// });
// expect(req.status).toEqual(201);
// return req.body.data;
// };
// const makeRequest = async () => {};
// test('Token can be used to access resource it has permissions for', async () => {
// const token = await createValidToken({ type: 'read-only' });
// });
// test("Token can't access resource it doesn't have permission for", async () => {
// const token = await createValidToken({ type: 'read-only' });
// });
test.todo('Regenerated access key works');
test.todo('Custom tokens access content for which they are authorized');
test.todo('Custom tokens fail to access content for which they are not authorized');
test.todo("Expired token can't be used");
});