Add token management helpers for API credentials
This commit is contained in:
@@ -4,6 +4,7 @@ import (
|
||||
"errors"
|
||||
"slices"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"git.julianfamily.org/keepassgo/apiapproval"
|
||||
"git.julianfamily.org/keepassgo/apitokens"
|
||||
@@ -73,6 +74,65 @@ func TestResolveApprovalDelegatesToManager(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestIssueRotateDisableRevokeAndDeleteAPIToken(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
session := &mutableStubSession{model: vault.Model{}}
|
||||
state := State{Session: session}
|
||||
now := time.Date(2026, 3, 29, 12, 0, 0, 0, time.UTC)
|
||||
expiresAt := now.Add(24 * time.Hour)
|
||||
|
||||
issued, secret, err := state.IssueAPIToken("CLI", "grpc-cli", &expiresAt, now)
|
||||
if err != nil {
|
||||
t.Fatalf("IssueAPIToken() error = %v", err)
|
||||
}
|
||||
if issued.ID == "" || secret == "" {
|
||||
t.Fatalf("IssueAPIToken() = %#v, %q, want non-empty id and secret", issued, secret)
|
||||
}
|
||||
|
||||
tokens, err := state.APITokens()
|
||||
if err != nil {
|
||||
t.Fatalf("APITokens() error = %v", err)
|
||||
}
|
||||
if len(tokens) != 1 || tokens[0].ID != issued.ID {
|
||||
t.Fatalf("APITokens() = %#v, want issued token", tokens)
|
||||
}
|
||||
|
||||
rotated, rotatedSecret, err := state.RotateAPIToken(issued.ID, now.Add(time.Hour))
|
||||
if err != nil {
|
||||
t.Fatalf("RotateAPIToken() error = %v", err)
|
||||
}
|
||||
if rotated.ID != issued.ID || rotatedSecret == "" || rotatedSecret == secret {
|
||||
t.Fatalf("RotateAPIToken() = %#v, %q, want same id and new secret", rotated, rotatedSecret)
|
||||
}
|
||||
|
||||
if err := state.DisableAPIToken(issued.ID); err != nil {
|
||||
t.Fatalf("DisableAPIToken() error = %v", err)
|
||||
}
|
||||
if err := state.RevokeAPIToken(issued.ID, now.Add(2*time.Hour)); err != nil {
|
||||
t.Fatalf("RevokeAPIToken() error = %v", err)
|
||||
}
|
||||
|
||||
tokens, err = state.APITokens()
|
||||
if err != nil {
|
||||
t.Fatalf("APITokens() after revoke error = %v", err)
|
||||
}
|
||||
if len(tokens) != 1 || !tokens[0].Disabled || tokens[0].RevokedAt == nil {
|
||||
t.Fatalf("APITokens() after revoke = %#v, want disabled revoked token", tokens)
|
||||
}
|
||||
|
||||
if err := state.DeleteAPIToken(issued.ID); err != nil {
|
||||
t.Fatalf("DeleteAPIToken() error = %v", err)
|
||||
}
|
||||
tokens, err = state.APITokens()
|
||||
if err != nil {
|
||||
t.Fatalf("APITokens() after delete error = %v", err)
|
||||
}
|
||||
if len(tokens) != 0 {
|
||||
t.Fatalf("APITokens() after delete = %#v, want empty", tokens)
|
||||
}
|
||||
}
|
||||
|
||||
func TestVisibleEntriesUsesGlobalSearchWhenQueryPresent(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user