From f9f2fdc2c8951c5018bcf7d4d208e754fd8a4d4b Mon Sep 17 00:00:00 2001
From: Ben Schumacher <benschumacher@gmail.com>
Date: Mon, 18 May 2015 11:49:26 -0600
Subject: [PATCH 1/3] Unit tests for PostToken API

---
 pkg/server/token.go      | 17 +++++++-
 pkg/server/token_test.go | 87 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 102 insertions(+), 2 deletions(-)
 create mode 100644 pkg/server/token_test.go

diff --git a/pkg/server/token.go b/pkg/server/token.go
index 7b1f21b1..38629b5d 100644
--- a/pkg/server/token.go
+++ b/pkg/server/token.go
@@ -6,6 +6,7 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/gin-gonic/gin/binding"
 
+	"github.com/drone/drone/pkg/server/session"
 	common "github.com/drone/drone/pkg/types"
 )
 
@@ -13,7 +14,6 @@ import (
 func PostToken(c *gin.Context) {
 	settings := ToSettings(c)
 	store := ToDatastore(c)
-	sess := ToSession(c)
 	user := ToUser(c)
 
 	// if a session secret is not defined there is no way to
@@ -39,13 +39,24 @@ func PostToken(c *gin.Context) {
 
 	err := store.AddToken(token)
 	if err != nil {
-		c.Fail(400, err)
+		c.Fail(500, err)
+		return
+	}
+
+	var sess session.Session
+	val, _ := c.Get("session")
+	if val != nil {
+		sess = val.(session.Session)
+	} else {
+		sess = session.New(settings.Session)
 	}
 
 	jwt, err := sess.GenerateToken(token)
 	if err != nil {
 		c.Fail(400, err)
+		return
 	}
+
 	c.JSON(200, struct {
 		*common.Token
 		Hash string `json:"hash"`
@@ -61,10 +72,12 @@ func DelToken(c *gin.Context) {
 	token, err := store.TokenLabel(user, label)
 	if err != nil {
 		c.Fail(404, err)
+		return
 	}
 	err = store.DelToken(token)
 	if err != nil {
 		c.Fail(400, err)
+		return
 	}
 
 	c.Writer.WriteHeader(200)
diff --git a/pkg/server/token_test.go b/pkg/server/token_test.go
new file mode 100644
index 00000000..12c59df9
--- /dev/null
+++ b/pkg/server/token_test.go
@@ -0,0 +1,87 @@
+package server
+
+import (
+	"bytes"
+	"database/sql"
+	"encoding/json"
+	"net/http"
+	"testing"
+
+	"github.com/dgrijalva/jwt-go"
+	"github.com/drone/drone/pkg/server/recorder"
+	"github.com/drone/drone/pkg/server/session"
+	"github.com/drone/drone/pkg/settings"
+	"github.com/drone/drone/pkg/store/mock"
+	"github.com/drone/drone/pkg/types"
+	. "github.com/franela/goblin"
+	"github.com/gin-gonic/gin"
+	"github.com/stretchr/testify/mock"
+)
+
+var tokenTests = []struct {
+	inLabel    string
+	inBody     string
+	inSession  *settings.Session
+	inHaveSess bool
+	storeErr   error
+	outCode    int
+	outKind    string
+}{
+	{"", `{}`, nil, false, nil, 500, ""},
+	{"", `{}`, &settings.Session{Secret: "Otto"}, false, sql.ErrNoRows, 500, ""},
+	{"app1", `{"label": "app1"}`, &settings.Session{Secret: "Otto"}, true, nil, 200, types.TokenUser},
+	{"app2", `{"label": "app2"}`, &settings.Session{Secret: "Otto"}, false, nil, 200, types.TokenUser},
+}
+
+func TestToken(t *testing.T) {
+	store := new(mocks.Store)
+
+	g := Goblin(t)
+	g.Describe("Token", func() {
+		g.It("should create tokens", func() {
+			for _, test := range tokenTests {
+				rw := recorder.New()
+				ctx := gin.Context{Engine: gin.Default(), Writer: rw}
+				body := bytes.NewBufferString(test.inBody)
+				ctx.Request, _ = http.NewRequest("POST", "/api/user/tokens", body)
+
+				ctx.Set("datastore", store)
+				ctx.Set("user", &types.User{Login: "Freya"})
+
+				config := settings.Settings{Session: test.inSession}
+				ctx.Set("settings", &config)
+				if test.inSession != nil {
+					// only set these up if we've got Session configuration
+					if test.inHaveSess {
+						ctx.Set("session", session.New(test.inSession))
+					}
+
+					// prepare the mock datastore
+					store.On("AddToken", mock.AnythingOfType("*types.Token")).Return(test.storeErr).Once()
+				}
+
+				PostToken(&ctx)
+
+				g.Assert(rw.Code).Equal(test.outCode)
+				if test.outCode != 200 {
+					continue
+				}
+
+				var respjson map[string]interface{}
+				json.Unmarshal(rw.Body.Bytes(), &respjson)
+				g.Assert(respjson["kind"]).Equal(types.TokenUser)
+				g.Assert(respjson["label"]).Equal(test.inLabel)
+
+				// this is probably going too far... maybe just validate hash is not empty?
+				jwt.Parse(respjson["hash"].(string), func(token *jwt.Token) (interface{}, error) {
+					_, ok := token.Method.(*jwt.SigningMethodHMAC)
+					g.Assert(ok).IsTrue()
+					g.Assert(token.Claims["label"]).Equal(test.inLabel)
+					return nil, nil
+				})
+			}
+		})
+
+		g.It("should delete tokens")
+	})
+}

From a5c62fc572e4870630090d19f6fad364de77a135 Mon Sep 17 00:00:00 2001
From: Ben Schumacher <benschumacher@gmail.com>
Date: Mon, 18 May 2015 12:42:00 -0600
Subject: [PATCH 2/3] Drop settings in PostToken -- it isn't needed

---
 pkg/server/token.go | 18 +-----------------
 1 file changed, 1 insertion(+), 17 deletions(-)

diff --git a/pkg/server/token.go b/pkg/server/token.go
index 38629b5d..24b32f28 100644
--- a/pkg/server/token.go
+++ b/pkg/server/token.go
@@ -6,23 +6,15 @@ import (
 	"github.com/gin-gonic/gin"
 	"github.com/gin-gonic/gin/binding"
 
-	"github.com/drone/drone/pkg/server/session"
 	common "github.com/drone/drone/pkg/types"
 )
 
 // POST /api/user/tokens
 func PostToken(c *gin.Context) {
-	settings := ToSettings(c)
+	sess := ToSession(c)
 	store := ToDatastore(c)
 	user := ToUser(c)
 
-	// if a session secret is not defined there is no way to
-	// generate jwt user tokens, so we must throw an error
-	if settings.Session == nil || len(settings.Session.Secret) == 0 {
-		c.String(500, "User tokens are not configured")
-		return
-	}
-
 	in := &common.Token{}
 	if !c.BindWith(in, binding.JSON) {
 		return
@@ -43,14 +35,6 @@ func PostToken(c *gin.Context) {
 		return
 	}
 
-	var sess session.Session
-	val, _ := c.Get("session")
-	if val != nil {
-		sess = val.(session.Session)
-	} else {
-		sess = session.New(settings.Session)
-	}
-
 	jwt, err := sess.GenerateToken(token)
 	if err != nil {
 		c.Fail(400, err)

From d40a65b6a356210e3a0ff5f8a4fe542514292263 Mon Sep 17 00:00:00 2001
From: Ben Schumacher <benschumacher@gmail.com>
Date: Mon, 18 May 2015 12:46:08 -0600
Subject: [PATCH 3/3] Update test to reflect current behavior

---
 pkg/server/token_test.go | 33 ++++++++++++---------------------
 1 file changed, 12 insertions(+), 21 deletions(-)

diff --git a/pkg/server/token_test.go b/pkg/server/token_test.go
index 12c59df9..85492050 100644
--- a/pkg/server/token_test.go
+++ b/pkg/server/token_test.go
@@ -19,18 +19,15 @@ import (
 )
 
 var tokenTests = []struct {
-	inLabel    string
-	inBody     string
-	inSession  *settings.Session
-	inHaveSess bool
-	storeErr   error
-	outCode    int
-	outKind    string
+	inLabel  string
+	inBody   string
+	storeErr error
+	outCode  int
+	outKind  string
 }{
-	{"", `{}`, nil, false, nil, 500, ""},
-	{"", `{}`, &settings.Session{Secret: "Otto"}, false, sql.ErrNoRows, 500, ""},
-	{"app1", `{"label": "app1"}`, &settings.Session{Secret: "Otto"}, true, nil, 200, types.TokenUser},
-	{"app2", `{"label": "app2"}`, &settings.Session{Secret: "Otto"}, false, nil, 200, types.TokenUser},
+	{"", `{}`, sql.ErrNoRows, 500, ""},
+	{"app1", `{"label": "app1"}`, nil, 200, types.TokenUser},
+	{"app2", `{"label": "app2"}`, nil, 200, types.TokenUser},
 }
 
 func TestToken(t *testing.T) {
@@ -48,18 +45,12 @@ func TestToken(t *testing.T) {
 				ctx.Set("datastore", store)
 				ctx.Set("user", &types.User{Login: "Freya"})
 
-				config := settings.Settings{Session: test.inSession}
+				config := settings.Settings{Session: &settings.Session{Secret: "Otto"}}
 				ctx.Set("settings", &config)
-				if test.inSession != nil {
-					// only set these up if we've got Session configuration
-					if test.inHaveSess {
-						ctx.Set("session", session.New(test.inSession))
-					}
-
-					// prepare the mock datastore
-					store.On("AddToken", mock.AnythingOfType("*types.Token")).Return(test.storeErr).Once()
-				}
+				ctx.Set("session", session.New(config.Session))
 
+				// prepare the mock
+				store.On("AddToken", mock.AnythingOfType("*types.Token")).Return(test.storeErr).Once()
 				PostToken(&ctx)
 
 				g.Assert(rw.Code).Equal(test.outCode)