def test_grant_token(default_user, session):
"""Test grant access token."""
runner = CliRunner()
# non-existing email user
result = runner.invoke(
reana_admin,
[
"token-grant",
"--admin-access-token",
default_user.access_token,
"-e",
"*****@*****.**",
],
)
assert "does not exist" in result.output
# non-existing id user
result = runner.invoke(
reana_admin,
[
"token-grant",
"--admin-access-token",
default_user.access_token,
"--id",
"fake_id",
],
)
assert "does not exist" in result.output
# non-requested-token user
user = User(email="*****@*****.**")
session.add(user)
session.commit()
result = runner.invoke(
reana_admin,
[
"token-grant",
"--admin-access-token",
default_user.access_token,
"-e",
user.email,
],
)
assert "token status is None, do you want to proceed?" in result.output
# abort grant
result = runner.invoke(
reana_admin,
[
"token-grant",
"--admin-access-token",
default_user.access_token,
"-e",
user.email,
],
input="\n",
)
assert "Grant token aborted" in result.output
# confirm grant
result = runner.invoke(
reana_admin,
[
"token-grant",
"--admin-access-token",
default_user.access_token,
"-e",
user.email,
],
input="y\n",
)
assert f"Token for user {user.id_} ({user.email}) granted" in result.output
assert user.access_token
assert default_user.audit_logs[-1].action is AuditLogAction.grant_token
# user with active token
active_user = User(email="*****@*****.**", access_token="valid_token")
session.add(active_user)
session.commit()
result = runner.invoke(
reana_admin,
[
"token-grant",
"--admin-access-token",
default_user.access_token,
"--id",
str(active_user.id_),
],
)
assert "has already an active access token" in result.output
# typical ui user workflow
ui_user = User(email="*****@*****.**")
session.add(ui_user)
session.commit()
ui_user.request_access_token()
assert ui_user.access_token_status is UserTokenStatus.requested.name
assert ui_user.access_token is None
result = runner.invoke(
reana_admin,
[
"token-grant",
"--admin-access-token",
default_user.access_token,
"--id",
str(ui_user.id_),
],
)
assert ui_user.access_token_status is UserTokenStatus.active.name
assert ui_user.access_token
assert default_user.audit_logs[-1].action is AuditLogAction.grant_token
def test_revoke_token(default_user, session):
"""Test revoke access token."""
runner = CliRunner()
# non-active-token user
user = User(email="*****@*****.**")
session.add(user)
session.commit()
result = runner.invoke(
reana_admin,
[
"token-revoke",
"--admin-access-token",
default_user.access_token,
"-e",
user.email,
],
)
assert "does not have an active access token" in result.output
# user with requested token
user.request_access_token()
assert user.access_token_status == UserTokenStatus.requested.name
result = runner.invoke(
reana_admin,
[
"token-revoke",
"--admin-access-token",
default_user.access_token,
"-e",
user.email,
],
)
assert "does not have an active access token" in result.output
# user with active token
user.access_token = "active_token"
session.commit()
assert user.access_token
result = runner.invoke(
reana_admin,
[
"token-revoke",
"--admin-access-token",
default_user.access_token,
"--id",
str(user.id_),
],
)
assert "was successfully revoked" in result.output
assert user.access_token_status == UserTokenStatus.revoked.name
assert default_user.audit_logs[-1].action is AuditLogAction.revoke_token
# try to revoke again
result = runner.invoke(
reana_admin,
[
"token-revoke",
"--admin-access-token",
default_user.access_token,
"--id",
str(user.id_),
],
)
assert "does not have an active access token" in result.output