regenerate throws on invalid id

2025-11-02 02:44:55 +00:00 · 2022-08-22 12:33:00 +02:00 · 2022-08-22 12:33:00 +02:00 · aa5a1c7ed7
commit aa5a1c7ed7
parent dabbd42ca7
3 changed files with 44 additions and 0 deletions
--- a/packages/core/admin/server/services/tests/api-token.test.js
+++ b/packages/core/admin/server/services/tests/api-token.test.js
@ -1,5 +1,6 @@
 'use strict';

+const { NotFoundError } = require('@strapi/utils/lib/errors');
 const crypto = require('crypto');
 const { omit } = require('lodash/fp');
 const apiTokenService = require('../api-token');
@ -267,6 +268,32 @@ describe('API Token', () => {
      });
      expect(res).toEqual({ accessKey: mockedApiToken.hexedString });
    });
+
+    test('It throws a NotFound if the id is not found', async () => {
+      const update = jest.fn(() => Promise.resolve(null));
+
+      global.strapi = {
+        query() {
+          return { update };
+        },
+        config: {
+          get: jest.fn(() => ''),
+        },
+      };
+
+      const id = 1;
+      await expect(async () => {
+        await apiTokenService.regenerate(id);
+      }).rejects.toThrowError(NotFoundError);
+
+      expect(update).toHaveBeenCalledWith({
+        where: { id },
+        select: ['id', 'accessKey'],
+        data: {
+          accessKey: apiTokenService.hash(mockedApiToken.hexedString),
+        },
+      });
+    });
  });

  describe('update', () => {
--- a/packages/core/admin/server/services/api-token.js
+++ b/packages/core/admin/server/services/api-token.js
@ -146,6 +146,10 @@ const regenerate = async (id) => {
    },
  });

+  if (!apiToken) {
+    throw new NotFoundError('The provided token id does not exist');
+  }
+
  return {
    ...apiToken,
    accessKey,
--- a/packages/core/admin/server/tests/admin-api-token.test.e2e.js
+++ b/packages/core/admin/server/tests/admin-api-token.test.e2e.js
@ -624,6 +624,19 @@ describe('Admin API Token v2 CRUD (e2e)', () => {
    expect(res.body.data.accessKey).not.toEqual(token.accessKey);
  });

+  test('Regenerate throws a NotFound if provided an invalid id', async () => {
+    const res = await rq({
+      url: `/admin/api-tokens/999999/regenerate`,
+      method: 'POST',
+    });
+
+    expect(res.statusCode).toBe(404);
+    expect(res.body.error).toMatchObject({
+      name: 'NotFoundError',
+      status: 404,
+    });
+  });
+
  test.todo('Regenerated access key works');
  test.todo('Tokens access content for which they are authorized');
  test.todo('Tokens fail to access content for which they are not authorized');