diff --git a/pkg/server/token.go b/pkg/server/token.go index 7b1f21b1..24b32f28 100644 --- a/pkg/server/token.go +++ b/pkg/server/token.go @@ -11,18 +11,10 @@ import ( // POST /api/user/tokens func PostToken(c *gin.Context) { - settings := ToSettings(c) - store := ToDatastore(c) sess := ToSession(c) + store := ToDatastore(c) user := ToUser(c) - // if a session secret is not defined there is no way to - // generate jwt user tokens, so we must throw an error - if settings.Session == nil || len(settings.Session.Secret) == 0 { - c.String(500, "User tokens are not configured") - return - } - in := &common.Token{} if !c.BindWith(in, binding.JSON) { return @@ -39,13 +31,16 @@ func PostToken(c *gin.Context) { err := store.AddToken(token) if err != nil { - c.Fail(400, err) + c.Fail(500, err) + return } jwt, err := sess.GenerateToken(token) if err != nil { c.Fail(400, err) + return } + c.JSON(200, struct { *common.Token Hash string `json:"hash"` @@ -61,10 +56,12 @@ func DelToken(c *gin.Context) { token, err := store.TokenLabel(user, label) if err != nil { c.Fail(404, err) + return } err = store.DelToken(token) if err != nil { c.Fail(400, err) + return } c.Writer.WriteHeader(200) diff --git a/pkg/server/token_test.go b/pkg/server/token_test.go new file mode 100644 index 00000000..85492050 --- /dev/null +++ b/pkg/server/token_test.go @@ -0,0 +1,78 @@ +package server + +import ( + "bytes" + "database/sql" + "encoding/json" + "net/http" + "testing" + + "github.com/dgrijalva/jwt-go" + "github.com/drone/drone/pkg/server/recorder" + "github.com/drone/drone/pkg/server/session" + "github.com/drone/drone/pkg/settings" + "github.com/drone/drone/pkg/store/mock" + "github.com/drone/drone/pkg/types" + . "github.com/franela/goblin" + "github.com/gin-gonic/gin" + "github.com/stretchr/testify/mock" +) + +var tokenTests = []struct { + inLabel string + inBody string + storeErr error + outCode int + outKind string +}{ + {"", `{}`, sql.ErrNoRows, 500, ""}, + {"app1", `{"label": "app1"}`, nil, 200, types.TokenUser}, + {"app2", `{"label": "app2"}`, nil, 200, types.TokenUser}, +} + +func TestToken(t *testing.T) { + store := new(mocks.Store) + + g := Goblin(t) + g.Describe("Token", func() { + g.It("should create tokens", func() { + for _, test := range tokenTests { + rw := recorder.New() + ctx := gin.Context{Engine: gin.Default(), Writer: rw} + body := bytes.NewBufferString(test.inBody) + ctx.Request, _ = http.NewRequest("POST", "/api/user/tokens", body) + + ctx.Set("datastore", store) + ctx.Set("user", &types.User{Login: "Freya"}) + + config := settings.Settings{Session: &settings.Session{Secret: "Otto"}} + ctx.Set("settings", &config) + ctx.Set("session", session.New(config.Session)) + + // prepare the mock + store.On("AddToken", mock.AnythingOfType("*types.Token")).Return(test.storeErr).Once() + PostToken(&ctx) + + g.Assert(rw.Code).Equal(test.outCode) + if test.outCode != 200 { + continue + } + + var respjson map[string]interface{} + json.Unmarshal(rw.Body.Bytes(), &respjson) + g.Assert(respjson["kind"]).Equal(types.TokenUser) + g.Assert(respjson["label"]).Equal(test.inLabel) + + // this is probably going too far... maybe just validate hash is not empty? + jwt.Parse(respjson["hash"].(string), func(token *jwt.Token) (interface{}, error) { + _, ok := token.Method.(*jwt.SigningMethodHMAC) + g.Assert(ok).IsTrue() + g.Assert(token.Claims["label"]).Equal(test.inLabel) + return nil, nil + }) + } + }) + + g.It("should delete tokens") + }) +}