mirror/hatchet
1
0
Fork 0
mirror of https://github.com/hatchet-dev/hatchet.git synced 2026-04-30 06:30:12 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
d23e5d99635331bdbaa408723680b413f8c7b75d
hatchet/pkg/auth/token/token_test.go
T
abelanger5 5d87f380ef feat: managed worker pools (#725) 
* change api extension spec to register custom populators

* fix: support only bearer auth

* fix: correct authn logic

* fix: indexes on workflow runs, events

* feat: managed worker pools

* chore: lint fix

* hide workers view when not enabled

* support internal api tokens, minor improvements

* fix: actually write internal

* fix breaking changes

* don't allow revoking internal tokens

* fix: linting and remove metrics view

* fix: token

* address review and add feat flags
2024-07-16 13:33:46 +00:00

209 lines
4.6 KiB
Go
Raw Blame History

//go:build integration
package token_test
import (
"context"
"fmt"
"os"
"testing"
"github.com/google/uuid"
"github.com/stretchr/testify/assert"
"github.com/hatchet-dev/hatchet/internal/testutils"
"github.com/hatchet-dev/hatchet/pkg/auth/token"
"github.com/hatchet-dev/hatchet/pkg/config/database"
"github.com/hatchet-dev/hatchet/pkg/encryption"
"github.com/hatchet-dev/hatchet/pkg/random"
"github.com/hatchet-dev/hatchet/pkg/repository"
)
func TestCreateTenantToken(t *testing.T) { // make sure no cache is used for tests
testutils.RunTestWithDatabase(t, func(conf *database.Config) error {
jwtManager := getJWTManager(t, conf)
tenantId := uuid.New().String()
// create the tenant
slugSuffix, err := random.Generate(8)
if err != nil {
t.Fatal(err.Error())
}
_, err = conf.APIRepository.Tenant().CreateTenant(&repository.CreateTenantOpts{
ID: &tenantId,
Name: "test-tenant",
Slug: fmt.Sprintf("test-tenant-%s", slugSuffix),
})
if err != nil {
t.Fatal(err.Error())
}
token, err := jwtManager.GenerateTenantToken(context.Background(), tenantId, "test token", false, nil)
if err != nil {
t.Fatal(err.Error())
}
// validate the token
newTenantId, err := jwtManager.ValidateTenantToken(context.Background(), token.Token)
assert.NoError(t, err)
assert.Equal(t, tenantId, newTenantId)
return nil
})
}
func TestRevokeTenantToken(t *testing.T) {
_ = os.Setenv("CACHE_DURATION", "0")
testutils.RunTestWithDatabase(t, func(conf *database.Config) error {
jwtManager := getJWTManager(t, conf)
tenantId := uuid.New().String()
// create the tenant
slugSuffix, err := random.Generate(8)
if err != nil {
t.Fatal(err.Error())
}
_, err = conf.APIRepository.Tenant().CreateTenant(&repository.CreateTenantOpts{
ID: &tenantId,
Name: "test-tenant",
Slug: fmt.Sprintf("test-tenant-%s", slugSuffix),
})
if err != nil {
t.Fatal(err.Error())
}
token, err := jwtManager.GenerateTenantToken(context.Background(), tenantId, "test token", false, nil)
if err != nil {
t.Fatal(err.Error())
}
// validate the token
_, err = jwtManager.ValidateTenantToken(context.Background(), token.Token)
assert.NoError(t, err)
// revoke the token
apiTokens, err := conf.APIRepository.APIToken().ListAPITokensByTenant(tenantId)
if err != nil {
t.Fatal(err.Error())
}
assert.Len(t, apiTokens, 1)
err = conf.APIRepository.APIToken().RevokeAPIToken(apiTokens[0].ID)
if err != nil {
t.Fatal(err.Error())
}
// validate the token again
_, err = jwtManager.ValidateTenantToken(context.Background(), token.Token)
// error as the token was revoked
assert.Error(t, err)
return nil
})
}
func TestRevokeTenantTokenCache(t *testing.T) {
_ = os.Setenv("CACHE_DURATION", "60s")
testutils.RunTestWithDatabase(t, func(conf *database.Config) error {
jwtManager := getJWTManager(t, conf)
tenantId := uuid.New().String()
// create the tenant
slugSuffix, err := random.Generate(8)
if err != nil {
t.Fatal(err.Error())
}
_, err = conf.APIRepository.Tenant().CreateTenant(&repository.CreateTenantOpts{
ID: &tenantId,
Name: "test-tenant",
Slug: fmt.Sprintf("test-tenant-%s", slugSuffix),
})
if err != nil {
t.Fatal(err.Error())
}
token, err := jwtManager.GenerateTenantToken(context.Background(), tenantId, "test token", false, nil)
if err != nil {
t.Fatal(err.Error())
}
// validate the token
_, err = jwtManager.ValidateTenantToken(context.Background(), token.Token)
assert.NoError(t, err)
// revoke the token
apiTokens, err := conf.APIRepository.APIToken().ListAPITokensByTenant(tenantId)
if err != nil {
t.Fatal(err.Error())
}
assert.Len(t, apiTokens, 1)
err = conf.APIRepository.APIToken().RevokeAPIToken(apiTokens[0].ID)
if err != nil {
t.Fatal(err.Error())
}
// validate the token again
_, err = jwtManager.ValidateTenantToken(context.Background(), token.Token)
// no error as it is cached
assert.NoError(t, err)
return nil
})
}
func getJWTManager(t *testing.T, conf *database.Config) token.JWTManager {
t.Helper()
masterKeyBytes, privateJWTBytes, publicJWTBytes, err := encryption.GenerateLocalKeys()
if err != nil {
t.Fatal(err.Error())
}
encryptionService, err := encryption.NewLocalEncryption(masterKeyBytes, privateJWTBytes, publicJWTBytes)
if err != nil {
t.Fatal(err.Error())
}
tokenRepo := conf.EngineRepository.APIToken()
jwtManager, err := token.NewJWTManager(encryptionService, tokenRepo, &token.TokenOpts{
Issuer: "hatchet",
Audience: "hatchet",
})
if err != nil {
t.Fatal(err.Error())
}
return jwtManager
}
Reference in New Issue View Git Blame Copy Permalink