1
Fork 0
mirror of https://github.com/jech/galene.git synced 2024-11-22 08:35:57 +01:00

Don't include group and name in token API.

The group and name are in the path, this avoids redundancies.
This commit is contained in:
Juliusz Chroboczek 2024-05-09 00:46:52 +02:00
parent ea4086243b
commit c1915cf3fc
2 changed files with 42 additions and 26 deletions

View file

@ -550,21 +550,24 @@ func tokensHandler(w http.ResponseWriter, r *http.Request, g, pth string) {
} }
t := pth[1:] t := pth[1:]
if r.Method == "HEAD" || r.Method == "GET" { if r.Method == "HEAD" || r.Method == "GET" {
tok, etag, err := token.Get(t) old, etag, err := token.Get(t)
if err != nil { if err != nil {
httpError(w, err) httpError(w, err)
return return
} }
if tok.Group != g { if old.Group != g {
http.NotFound(w, r) http.NotFound(w, r)
return return
} }
tok := old.Clone()
tok.Token = ""
tok.Group = ""
w.Header().Set("etag", etag) w.Header().Set("etag", etag)
done := checkPreconditions(w, r, etag) done := checkPreconditions(w, r, etag)
if done { if done {
return return
} }
sendJSON(w, r, t) sendJSON(w, r, tok)
return return
} else if r.Method == "PUT" { } else if r.Method == "PUT" {
old, etag, err := token.Get(t) old, etag, err := token.Get(t)
@ -591,14 +594,13 @@ func tokensHandler(w http.ResponseWriter, r *http.Request, g, pth string) {
if done { if done {
return return
} }
if newtoken.Group != g { if newtoken.Group != "" || newtoken.Token != "" {
http.Error(w, "wrong group", http.StatusBadRequest) http.Error(w, "overspecified token",
return http.StatusBadRequest)
}
if newtoken.Token != t {
http.Error(w, "token mismatch", http.StatusBadRequest)
return return
} }
newtoken.Group = g
newtoken.Token = t
_, err = token.Update(&newtoken, etag) _, err = token.Update(&newtoken, etag)
if err != nil { if err != nil {
httpError(w, err) httpError(w, err)

View file

@ -300,13 +300,16 @@ func TestApi(t *testing.T) {
} }
tokenpath := "/galene-api/v0/.groups/test/.tokens/" + tokname tokenpath := "/galene-api/v0/.groups/test/.tokens/" + tokname
resp, err = do("GET", tokenpath, var tok token.Stateful
"", "", "", "") err = getJSON(tokenpath, &tok)
if err != nil || resp.StatusCode != http.StatusOK { if err != nil {
t.Errorf("Get token: %v %v", err, resp.StatusCode) t.Errorf("Get token: %v %v", err, resp.StatusCode)
} }
tok := tokens[0].Clone() if tok.Token != "" || tok.Group != "" {
t.Errorf("Get token: %v %v", tok.Token, tok.Group)
}
e := time.Now().Add(time.Hour) e := time.Now().Add(time.Hour)
tok.Expires = &e tok.Expires = &e
resp, err = do("PUT", tokenpath, resp, err = do("PUT", tokenpath,
@ -315,31 +318,42 @@ func TestApi(t *testing.T) {
t.Errorf("Update token: %v %v", err, resp.StatusCode) t.Errorf("Update token: %v %v", err, resp.StatusCode)
} }
tok.Token = "badtoken" tok.Token = tokens[0].Token
resp, err = do("PUT", tokenpath, resp, err = do("PUT", tokenpath,
"application/json", "", "", marshalToString(tok)) "application/json", "", "", marshalToString(tok))
if err != nil || resp.StatusCode != http.StatusBadRequest { if err != nil || resp.StatusCode != http.StatusBadRequest {
t.Errorf("Update mismatched token: %v %v", err, resp.StatusCode) t.Errorf("Update token with name: %v %v", err, resp.StatusCode)
} }
tok.Group = "bad" tok.Token = ""
tok.Group = "test"
resp, err = do("PUT", tokenpath, resp, err = do("PUT", tokenpath,
"application/json", "", "", marshalToString(tok)) "application/json", "", "", marshalToString(tok))
if err != nil || resp.StatusCode != http.StatusBadRequest { if err != nil || resp.StatusCode != http.StatusBadRequest {
t.Errorf("Update token (bad group): %v %v", err, resp.StatusCode) t.Errorf("Update token with group: %v %v", err, resp.StatusCode)
} }
tokens, etag, err = token.List("test") err = getJSON(tokenpath, &tok)
if err != nil || len(tokens) != 1 { if err != nil || !tok.Expires.Equal(e) {
t.Errorf("Token list: %v %v", tokens, err) t.Errorf("Got %v, expected %v (%v)", tok.Expires, e, err)
}
if !tokens[0].Expires.Equal(e) {
t.Errorf("Got %v, expected %v", tokens[0].Expires, e)
} }
resp, err = do("GET", tokenpath, "", "", "", "") resp, err = do("PUT", "/galene-api/v0/.groups/test2",
if err != nil || resp.StatusCode != http.StatusOK { "application/json", "", "*", "{}")
t.Errorf("Get token: %v %v", err, resp.StatusCode) if err != nil || resp.StatusCode != http.StatusCreated {
t.Errorf("Create test2: %v %v", err, resp.StatusCode)
}
tokenpath2 := "/galene-api/v0/.groups/test2/.tokens/" + tokname
resp, err = do("GET", tokenpath2, "", "", "", "")
if err != nil || resp.StatusCode != http.StatusNotFound {
t.Errorf("Get token in bad group: %v %v", err, resp.StatusCode)
}
resp, err = do("PUT", tokenpath2,
"application/json", "", "", "{}")
if err != nil || resp.StatusCode != http.StatusConflict {
t.Errorf("Put token in bad group: %v %v", err, resp.StatusCode)
} }
resp, err = do("DELETE", tokenpath, "", "", "", "") resp, err = do("DELETE", tokenpath, "", "", "", "")