From c1915cf3fc583ba7ce68571c946ec5fee6e4cf42 Mon Sep 17 00:00:00 2001 From: Juliusz Chroboczek Date: Thu, 9 May 2024 00:46:52 +0200 Subject: [PATCH] Don't include group and name in token API. The group and name are in the path, this avoids redundancies. --- webserver/api.go | 20 ++++++++++-------- webserver/api_test.go | 48 ++++++++++++++++++++++++++++--------------- 2 files changed, 42 insertions(+), 26 deletions(-) diff --git a/webserver/api.go b/webserver/api.go index 1d7370f..8dc1c38 100644 --- a/webserver/api.go +++ b/webserver/api.go @@ -550,21 +550,24 @@ func tokensHandler(w http.ResponseWriter, r *http.Request, g, pth string) { } t := pth[1:] if r.Method == "HEAD" || r.Method == "GET" { - tok, etag, err := token.Get(t) + old, etag, err := token.Get(t) if err != nil { httpError(w, err) return } - if tok.Group != g { + if old.Group != g { http.NotFound(w, r) return } + tok := old.Clone() + tok.Token = "" + tok.Group = "" w.Header().Set("etag", etag) done := checkPreconditions(w, r, etag) if done { return } - sendJSON(w, r, t) + sendJSON(w, r, tok) return } else if r.Method == "PUT" { old, etag, err := token.Get(t) @@ -591,14 +594,13 @@ func tokensHandler(w http.ResponseWriter, r *http.Request, g, pth string) { if done { return } - if newtoken.Group != g { - http.Error(w, "wrong group", http.StatusBadRequest) - return - } - if newtoken.Token != t { - http.Error(w, "token mismatch", http.StatusBadRequest) + if newtoken.Group != "" || newtoken.Token != "" { + http.Error(w, "overspecified token", + http.StatusBadRequest) return } + newtoken.Group = g + newtoken.Token = t _, err = token.Update(&newtoken, etag) if err != nil { httpError(w, err) diff --git a/webserver/api_test.go b/webserver/api_test.go index c27356d..d804ef1 100644 --- a/webserver/api_test.go +++ b/webserver/api_test.go @@ -300,13 +300,16 @@ func TestApi(t *testing.T) { } tokenpath := "/galene-api/v0/.groups/test/.tokens/" + tokname - resp, err = do("GET", tokenpath, - "", "", "", "") - if err != nil || resp.StatusCode != http.StatusOK { + var tok token.Stateful + err = getJSON(tokenpath, &tok) + if err != nil { t.Errorf("Get token: %v %v", err, resp.StatusCode) } - tok := tokens[0].Clone() + if tok.Token != "" || tok.Group != "" { + t.Errorf("Get token: %v %v", tok.Token, tok.Group) + } + e := time.Now().Add(time.Hour) tok.Expires = &e resp, err = do("PUT", tokenpath, @@ -315,31 +318,42 @@ func TestApi(t *testing.T) { t.Errorf("Update token: %v %v", err, resp.StatusCode) } - tok.Token = "badtoken" + tok.Token = tokens[0].Token resp, err = do("PUT", tokenpath, "application/json", "", "", marshalToString(tok)) if err != nil || resp.StatusCode != http.StatusBadRequest { - t.Errorf("Update mismatched token: %v %v", err, resp.StatusCode) + t.Errorf("Update token with name: %v %v", err, resp.StatusCode) } - tok.Group = "bad" + tok.Token = "" + tok.Group = "test" resp, err = do("PUT", tokenpath, "application/json", "", "", marshalToString(tok)) if err != nil || resp.StatusCode != http.StatusBadRequest { - t.Errorf("Update token (bad group): %v %v", err, resp.StatusCode) + t.Errorf("Update token with group: %v %v", err, resp.StatusCode) } - tokens, etag, err = token.List("test") - if err != nil || len(tokens) != 1 { - t.Errorf("Token list: %v %v", tokens, err) - } - if !tokens[0].Expires.Equal(e) { - t.Errorf("Got %v, expected %v", tokens[0].Expires, e) + err = getJSON(tokenpath, &tok) + if err != nil || !tok.Expires.Equal(e) { + t.Errorf("Got %v, expected %v (%v)", tok.Expires, e, err) } - resp, err = do("GET", tokenpath, "", "", "", "") - if err != nil || resp.StatusCode != http.StatusOK { - t.Errorf("Get token: %v %v", err, resp.StatusCode) + resp, err = do("PUT", "/galene-api/v0/.groups/test2", + "application/json", "", "*", "{}") + if err != nil || resp.StatusCode != http.StatusCreated { + t.Errorf("Create test2: %v %v", err, resp.StatusCode) + } + + tokenpath2 := "/galene-api/v0/.groups/test2/.tokens/" + tokname + resp, err = do("GET", tokenpath2, "", "", "", "") + if err != nil || resp.StatusCode != http.StatusNotFound { + t.Errorf("Get token in bad group: %v %v", err, resp.StatusCode) + } + + resp, err = do("PUT", tokenpath2, + "application/json", "", "", "{}") + if err != nil || resp.StatusCode != http.StatusConflict { + t.Errorf("Put token in bad group: %v %v", err, resp.StatusCode) } resp, err = do("DELETE", tokenpath, "", "", "", "")