yujunjun/strapi
1
0
Fork 0
mirror of https://github.com/strapi/strapi.git synced 2025-11-25 14:41:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

regenerate throws on invalid id

Browse Source
This commit is contained in:
Ben Irvin 2022-08-22 12:33:00 +02:00
parent dabbd42ca7
commit aa5a1c7ed7
3 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
packages/core/admin/server/services/__tests__/api-token.test.js
View File

@ -1,5 +1,6 @@
'use strict'; 'use strict';
const { NotFoundError } = require('@strapi/utils/lib/errors');
const crypto = require('crypto'); const crypto = require('crypto');
const { omit } = require('lodash/fp'); const { omit } = require('lodash/fp');
const apiTokenService = require('../api-token'); const apiTokenService = require('../api-token');
@ -267,6 +268,32 @@ describe('API Token', () => {
}); });
expect(res).toEqual({ accessKey: mockedApiToken.hexedString }); expect(res).toEqual({ accessKey: mockedApiToken.hexedString });
}); });
test('It throws a NotFound if the id is not found', async () => {
const update = jest.fn(() => Promise.resolve(null));
global.strapi = {
query() {
return { update };
},
config: {
get: jest.fn(() => ''),
},
};
const id = 1;
await expect(async () => {
await apiTokenService.regenerate(id);
}).rejects.toThrowError(NotFoundError);
expect(update).toHaveBeenCalledWith({
where: { id },
select: ['id', 'accessKey'],
data: {
accessKey: apiTokenService.hash(mockedApiToken.hexedString),
},
});
});
}); });
describe('update', () => { describe('update', () => {

4
packages/core/admin/server/services/api-token.js
View File

@ -146,6 +146,10 @@ const regenerate = async (id) => {
}, },
}); });
if (!apiToken) {
throw new NotFoundError('The provided token id does not exist');
}
return { return {
...apiToken, ...apiToken,
accessKey, accessKey,

13
packages/core/admin/server/tests/admin-api-token.test.e2e.js
View File

@ -624,6 +624,19 @@ describe('Admin API Token v2 CRUD (e2e)', () => {
expect(res.body.data.accessKey).not.toEqual(token.accessKey); expect(res.body.data.accessKey).not.toEqual(token.accessKey);
}); });
test('Regenerate throws a NotFound if provided an invalid id', async () => {
const res = await rq({
url: `/admin/api-tokens/999999/regenerate`,
method: 'POST',
});
expect(res.statusCode).toBe(404);
expect(res.body.error).toMatchObject({
name: 'NotFoundError',
status: 404,
});
});
test.todo('Regenerated access key works'); test.todo('Regenerated access key works');
test.todo('Tokens access content for which they are authorized'); test.todo('Tokens access content for which they are authorized');
test.todo('Tokens fail to access content for which they are not authorized'); test.todo('Tokens fail to access content for which they are not authorized');