Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
gitpod-io
GitHub Repository: gitpod-io/gitpod
 Path: blob/main/components/gitpod-db/go/personal_access_token_test.go
2498 views
1
// Copyright (c) 2022 Gitpod GmbH. All rights reserved.

2
// Licensed under the GNU Affero General Public License (AGPL).

3
// See License.AGPL.txt in the project root for license information.

4


5
package db_test

6


7
import (

8
	"context"

9
	"strconv"

10
	"testing"

11
	"time"

12


13
	db "github.com/gitpod-io/gitpod/components/gitpod-db/go"

14
	"github.com/gitpod-io/gitpod/components/gitpod-db/go/dbtest"

15
	"github.com/google/uuid"

16
	"github.com/stretchr/testify/require"

17
)

18


19
func TestPersonalAccessToken_Get(t *testing.T) {

20
	conn := dbtest.ConnectForTests(t)

21


22
	firstUserId := uuid.New()

23
	secondUserId := uuid.New()

24


25
	token := dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{UserID: firstUserId})

26
	token2 := dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{UserID: secondUserId})

27


28
	tokenEntries := []db.PersonalAccessToken{token, token2}

29


30
	dbtest.CreatePersonalAccessTokenRecords(t, conn, tokenEntries...)

31


32
	t.Run("nil token ID is rejected", func(t *testing.T) {

33
		_, err := db.GetPersonalAccessTokenForUser(context.Background(), conn, uuid.Nil, token.UserID)

34
		require.Error(t, err)

35
	})

36


37
	t.Run("nil user ID is rejected", func(t *testing.T) {

38
		_, err := db.GetPersonalAccessTokenForUser(context.Background(), conn, token.ID, uuid.Nil)

39
		require.Error(t, err)

40
	})

41


42
	t.Run("not matching user", func(t *testing.T) {

43
		_, err := db.GetPersonalAccessTokenForUser(context.Background(), conn, token.ID, token2.UserID)

44
		require.Error(t, err, db.ErrorNotFound)

45
	})

46


47
	t.Run("not matching token", func(t *testing.T) {

48
		_, err := db.GetPersonalAccessTokenForUser(context.Background(), conn, token2.ID, token.UserID)

49
		require.Error(t, err, db.ErrorNotFound)

50
	})

51


52
	t.Run("both token and user don't exist in the DB", func(t *testing.T) {

53
		_, err := db.GetPersonalAccessTokenForUser(context.Background(), conn, uuid.New(), uuid.New())

54
		require.Error(t, err, db.ErrorNotFound)

55
	})

56


57
	t.Run("valid", func(t *testing.T) {

58
		returned, err := db.GetPersonalAccessTokenForUser(context.Background(), conn, token.ID, token.UserID)

59
		require.NoError(t, err)

60
		require.Equal(t, token.ID, returned.ID)

61
		require.Equal(t, token.UserID, returned.UserID)

62
	})

63


64
}

65


66
func TestPersonalAccessToken_Create(t *testing.T) {

67
	conn := dbtest.ConnectForTests(t)

68


69
	request := db.PersonalAccessToken{

70
		ID:             uuid.New(),

71
		UserID:         uuid.New(),

72
		Hash:           "another-secure-hash",

73
		Name:           "another-name",

74
		Scopes:         []string{"read", "write"},

75
		ExpirationTime: time.Now().Add(5),

76
		CreatedAt:      time.Now(),

77
		LastModified:   time.Now(),

78
	}

79


80
	result, err := db.CreatePersonalAccessToken(context.Background(), conn, request)

81
	require.NoError(t, err)

82


83
	require.Equal(t, request.ID, result.ID)

84
}

85


86
func TestPersonalAccessToken_UpdateHash(t *testing.T) {

87
	conn := dbtest.ConnectForTests(t)

88


89
	firstUserId := uuid.New()

90
	secondUserId := uuid.New()

91


92
	token := dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{UserID: firstUserId})

93
	token2 := dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{UserID: secondUserId})

94


95
	tokenEntries := []db.PersonalAccessToken{token, token2}

96


97
	dbtest.CreatePersonalAccessTokenRecords(t, conn, tokenEntries...)

98


99
	var newHash = "another-secure-hash"

100
	var newExpirationTime = time.Now().Add(24 * time.Hour).UTC().Truncate(time.Millisecond)

101


102
	t.Run("not matching user", func(t *testing.T) {

103
		_, err := db.UpdatePersonalAccessTokenHash(context.Background(), conn, token.ID, token2.UserID, newHash, newExpirationTime)

104
		require.Error(t, err, db.ErrorNotFound)

105
	})

106


107
	t.Run("not matching token", func(t *testing.T) {

108
		_, err := db.UpdatePersonalAccessTokenHash(context.Background(), conn, token2.ID, token.UserID, newHash, newExpirationTime)

109
		require.Error(t, err, db.ErrorNotFound)

110
	})

111


112
	t.Run("both token and user don't exist in the DB", func(t *testing.T) {

113
		_, err := db.UpdatePersonalAccessTokenHash(context.Background(), conn, uuid.New(), uuid.New(), newHash, newExpirationTime)

114
		require.Error(t, err, db.ErrorNotFound)

115
	})

116


117
	t.Run("valid", func(t *testing.T) {

118
		returned, err := db.UpdatePersonalAccessTokenHash(context.Background(), conn, token.ID, token.UserID, newHash, newExpirationTime)

119
		require.NoError(t, err)

120
		require.Equal(t, token.ID, returned.ID)

121
		require.Equal(t, token.UserID, returned.UserID)

122
		require.Equal(t, newHash, returned.Hash)

123
		require.Equal(t, token.Name, returned.Name)

124
		require.Equal(t, token.Scopes, returned.Scopes)

125
		require.Equal(t, newExpirationTime, returned.ExpirationTime)

126
		require.Equal(t, token.CreatedAt, returned.CreatedAt)

127
	})

128
}

129


130
func TestPersonalAccessToken_Delete(t *testing.T) {

131
	conn := dbtest.ConnectForTests(t)

132


133
	firstUserId := uuid.New()

134
	secondUserId := uuid.New()

135


136
	token := dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{UserID: firstUserId})

137
	token2 := dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{UserID: secondUserId})

138


139
	tokenEntries := []db.PersonalAccessToken{token, token2}

140


141
	dbtest.CreatePersonalAccessTokenRecords(t, conn, tokenEntries...)

142


143
	t.Run("not matching user", func(t *testing.T) {

144
		count, err := db.DeletePersonalAccessTokenForUser(context.Background(), conn, token.ID, token2.UserID)

145
		require.Error(t, err, db.ErrorNotFound)

146
		require.Equal(t, int64(0), count)

147
	})

148


149
	t.Run("not matching token", func(t *testing.T) {

150
		count, err := db.DeletePersonalAccessTokenForUser(context.Background(), conn, token2.ID, token.UserID)

151
		require.Error(t, err, db.ErrorNotFound)

152
		require.Equal(t, int64(0), count)

153
	})

154


155
	t.Run("both token and user don't exist in the DB", func(t *testing.T) {

156
		count, err := db.DeletePersonalAccessTokenForUser(context.Background(), conn, uuid.New(), uuid.New())

157
		require.Error(t, err, db.ErrorNotFound)

158
		require.Equal(t, int64(0), count)

159
	})

160


161
	t.Run("valid", func(t *testing.T) {

162
		count, err := db.DeletePersonalAccessTokenForUser(context.Background(), conn, token.ID, token.UserID)

163
		require.NoError(t, err)

164
		require.Equal(t, int64(1), count)

165
		_, err = db.GetPersonalAccessTokenForUser(context.Background(), conn, token.ID, token.UserID)

166
		require.Error(t, err, db.ErrorNotFound)

167
	})

168
}

169


170
func TestListPersonalAccessTokensForUser(t *testing.T) {

171
	ctx := context.Background()

172
	conn := dbtest.ConnectForTests(t)

173
	pagination := db.Pagination{

174
		Page:     1,

175
		PageSize: 10,

176
	}

177


178
	userA := uuid.New()

179
	userB := uuid.New()

180


181
	now := time.Now().UTC()

182


183
	dbtest.CreatePersonalAccessTokenRecords(t, conn,

184
		dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{

185
			UserID:    userA,

186
			CreatedAt: now.Add(-1 * time.Minute),

187
		}),

188
		dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{

189
			UserID:    userA,

190
			CreatedAt: now,

191
		}),

192
		dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{

193
			UserID: userB,

194
		}),

195
	)

196


197
	tokensForUserA, err := db.ListPersonalAccessTokensForUser(ctx, conn, userA, pagination)

198
	require.NoError(t, err)

199
	require.Len(t, tokensForUserA.Results, 2)

200


201
	tokensForUserB, err := db.ListPersonalAccessTokensForUser(ctx, conn, userB, pagination)

202
	require.NoError(t, err)

203
	require.Len(t, tokensForUserB.Results, 1)

204


205
	tokensForUserWithNoData, err := db.ListPersonalAccessTokensForUser(ctx, conn, uuid.New(), pagination)

206
	require.NoError(t, err)

207
	require.Len(t, tokensForUserWithNoData.Results, 0)

208
}

209


210
func TestListPersonalAccessTokens_DeletedTokensAreNotListed(t *testing.T) {

211
	conn := dbtest.ConnectForTests(t)

212


213
	token := dbtest.CreatePersonalAccessTokenRecords(t, conn,

214
		dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{}),

215
	)[0]

216


217
	_, err := db.DeletePersonalAccessTokenForUser(context.Background(), conn, token.ID, token.UserID)

218
	require.NoError(t, err)

219


220
	listed, err := db.ListPersonalAccessTokensForUser(context.Background(), conn, token.UserID, db.Pagination{

221
		Page:     1,

222
		PageSize: 10,

223
	})

224
	require.NoError(t, err)

225
	require.Empty(t, listed.Results)

226
	require.EqualValues(t, 0, listed.Total)

227
}

228


229
func TestListPersonalAccessTokensForUser_PaginateThroughResults(t *testing.T) {

230
	ctx := context.Background()

231
	conn := dbtest.ConnectForTests(t).Debug()

232


233
	userA := uuid.New()

234


235
	total := 11

236
	var toCreate []db.PersonalAccessToken

237
	for i := 0; i < total; i++ {

238
		toCreate = append(toCreate, dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{

239
			UserID: userA,

240
			Name:   strconv.Itoa(i),

241
		}))

242
	}

243


244
	dbtest.CreatePersonalAccessTokenRecords(t, conn, toCreate...)

245


246
	batch1, err := db.ListPersonalAccessTokensForUser(ctx, conn, userA, db.Pagination{

247
		Page:     1,

248
		PageSize: 5,

249
	})

250
	require.NoError(t, err)

251
	require.Len(t, batch1.Results, 5)

252
	require.EqualValues(t, batch1.Total, total)

253


254
	batch2, err := db.ListPersonalAccessTokensForUser(ctx, conn, userA, db.Pagination{

255
		Page:     2,

256
		PageSize: 5,

257
	})

258
	require.NoError(t, err)

259
	require.Len(t, batch2.Results, 5)

260
	require.EqualValues(t, batch2.Total, total)

261


262
	batch3, err := db.ListPersonalAccessTokensForUser(ctx, conn, userA, db.Pagination{

263
		Page:     3,

264
		PageSize: 5,

265
	})

266
	require.NoError(t, err)

267
	require.Len(t, batch3.Results, 1)

268
	require.EqualValues(t, batch3.Total, total)

269
}

270


271
func TestUpdatePersonalAccessTokenForUser(t *testing.T) {

272


273
	newName := "second"

274
	newScopes := db.Scopes([]string{})

275


276
	t.Run("not found when record does not exist", func(t *testing.T) {

277
		conn := dbtest.ConnectForTests(t)

278


279
		_, err := db.UpdatePersonalAccessTokenForUser(context.Background(), conn, db.UpdatePersonalAccessTokenOpts{

280
			TokenID: uuid.New(),

281
			UserID:  uuid.New(),

282
			Name:    &newName,

283
		})

284
		require.Error(t, err)

285
		require.ErrorIs(t, err, db.ErrorNotFound)

286
	})

287


288
	t.Run("no modified field completes gracefully", func(t *testing.T) {

289
		conn := dbtest.ConnectForTests(t)

290
		name := "first"

291


292
		created := dbtest.CreatePersonalAccessTokenRecords(t, conn, dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{

293
			Name: name,

294
		}))[0]

295


296
		udpated, err := db.UpdatePersonalAccessTokenForUser(context.Background(), conn, db.UpdatePersonalAccessTokenOpts{

297
			TokenID: created.ID,

298
			UserID:  created.UserID,

299
			Name:    &name,

300
		})

301
		require.NoError(t, err)

302
		require.Equal(t, name, udpated.Name)

303
		require.Len(t, udpated.Scopes, 0)

304
	})

305


306
	t.Run("no update when all options are nil", func(t *testing.T) {

307
		conn := dbtest.ConnectForTests(t)

308


309
		created := dbtest.CreatePersonalAccessTokenRecords(t, conn, dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{

310
			Name: "first",

311
		}))[0]

312


313
		udpated, err := db.UpdatePersonalAccessTokenForUser(context.Background(), conn, db.UpdatePersonalAccessTokenOpts{

314
			TokenID: created.ID,

315
			UserID:  created.UserID,

316
		})

317
		require.NoError(t, err)

318
		require.Equal(t, created, udpated)

319
	})

320


321
	t.Run("updates name when it is not nil", func(t *testing.T) {

322
		conn := dbtest.ConnectForTests(t)

323


324
		created := dbtest.CreatePersonalAccessTokenRecords(t, conn, dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{

325
			Name: "first",

326
		}))[0]

327


328
		udpated, err := db.UpdatePersonalAccessTokenForUser(context.Background(), conn, db.UpdatePersonalAccessTokenOpts{

329
			TokenID: created.ID,

330
			UserID:  created.UserID,

331
			Name:    &newName,

332
		})

333
		require.NoError(t, err)

334
		require.Equal(t, newName, udpated.Name)

335
		require.Equal(t, created.Scopes, udpated.Scopes)

336
	})

337


338
	t.Run("updates scopes when it is not nil", func(t *testing.T) {

339
		conn := dbtest.ConnectForTests(t)

340


341
		created := dbtest.CreatePersonalAccessTokenRecords(t, conn, dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{

342
			Name:   "first",

343
			Scopes: db.Scopes([]string{"foo"}),

344
		}))[0]

345


346
		udpated, err := db.UpdatePersonalAccessTokenForUser(context.Background(), conn, db.UpdatePersonalAccessTokenOpts{

347
			TokenID: created.ID,

348
			UserID:  created.UserID,

349
			Scopes:  &newScopes,

350
		})

351
		require.NoError(t, err)

352
		require.Equal(t, created.Name, udpated.Name)

353
		require.Len(t, udpated.Scopes, len(newScopes))

354
	})

355
}

356


357