def test_grant_token(default_user, session): """Test grant access token.""" runner = CliRunner() # non-existing email user result = runner.invoke( reana_admin, [ "token-grant", "--admin-access-token", default_user.access_token, "-e", "*****@*****.**", ], ) assert "does not exist" in result.output # non-existing id user result = runner.invoke( reana_admin, [ "token-grant", "--admin-access-token", default_user.access_token, "--id", "fake_id", ], ) assert "does not exist" in result.output # non-requested-token user user = User(email="*****@*****.**") session.add(user) session.commit() result = runner.invoke( reana_admin, [ "token-grant", "--admin-access-token", default_user.access_token, "-e", user.email, ], ) assert "token status is None, do you want to proceed?" in result.output # abort grant result = runner.invoke( reana_admin, [ "token-grant", "--admin-access-token", default_user.access_token, "-e", user.email, ], input="\n", ) assert "Grant token aborted" in result.output # confirm grant result = runner.invoke( reana_admin, [ "token-grant", "--admin-access-token", default_user.access_token, "-e", user.email, ], input="y\n", ) assert f"Token for user {user.id_} ({user.email}) granted" in result.output assert user.access_token assert default_user.audit_logs[-1].action is AuditLogAction.grant_token # user with active token active_user = User(email="*****@*****.**", access_token="valid_token") session.add(active_user) session.commit() result = runner.invoke( reana_admin, [ "token-grant", "--admin-access-token", default_user.access_token, "--id", str(active_user.id_), ], ) assert "has already an active access token" in result.output # typical ui user workflow ui_user = User(email="*****@*****.**") session.add(ui_user) session.commit() ui_user.request_access_token() assert ui_user.access_token_status is UserTokenStatus.requested.name assert ui_user.access_token is None result = runner.invoke( reana_admin, [ "token-grant", "--admin-access-token", default_user.access_token, "--id", str(ui_user.id_), ], ) assert ui_user.access_token_status is UserTokenStatus.active.name assert ui_user.access_token assert default_user.audit_logs[-1].action is AuditLogAction.grant_token
def test_revoke_token(default_user, session): """Test revoke access token.""" runner = CliRunner() # non-active-token user user = User(email="*****@*****.**") session.add(user) session.commit() result = runner.invoke( reana_admin, [ "token-revoke", "--admin-access-token", default_user.access_token, "-e", user.email, ], ) assert "does not have an active access token" in result.output # user with requested token user.request_access_token() assert user.access_token_status == UserTokenStatus.requested.name result = runner.invoke( reana_admin, [ "token-revoke", "--admin-access-token", default_user.access_token, "-e", user.email, ], ) assert "does not have an active access token" in result.output # user with active token user.access_token = "active_token" session.commit() assert user.access_token result = runner.invoke( reana_admin, [ "token-revoke", "--admin-access-token", default_user.access_token, "--id", str(user.id_), ], ) assert "was successfully revoked" in result.output assert user.access_token_status == UserTokenStatus.revoked.name assert default_user.audit_logs[-1].action is AuditLogAction.revoke_token # try to revoke again result = runner.invoke( reana_admin, [ "token-revoke", "--admin-access-token", default_user.access_token, "--id", str(user.id_), ], ) assert "does not have an active access token" in result.output