nolint:tparallel,paralleltest // Subtests share the same coderdtest instance and auditor.
(t *testing.T)
| 547 | |
| 548 | //nolint:tparallel,paralleltest // Subtests share the same coderdtest instance and auditor. |
| 549 | func TestExpireAPIKey(t *testing.T) { |
| 550 | t.Parallel() |
| 551 | |
| 552 | auditor := audit.NewMock() |
| 553 | adminClient := coderdtest.New(t, &coderdtest.Options{Auditor: auditor}) |
| 554 | admin := coderdtest.CreateFirstUser(t, adminClient) |
| 555 | memberClient, member := coderdtest.CreateAnotherUser(t, adminClient, admin.OrganizationID) |
| 556 | |
| 557 | t.Run("OwnerCanExpireOwnToken", func(t *testing.T) { |
| 558 | ctx := testutil.Context(t, testutil.WaitLong) |
| 559 | |
| 560 | // Create a token. |
| 561 | res, err := adminClient.CreateToken(ctx, codersdk.Me, codersdk.CreateTokenRequest{ |
| 562 | Lifetime: time.Hour * 24 * 7, |
| 563 | }) |
| 564 | require.NoError(t, err) |
| 565 | keyID := strings.Split(res.Key, "-")[0] |
| 566 | |
| 567 | // Verify the token is not expired. |
| 568 | key, err := adminClient.APIKeyByID(ctx, codersdk.Me, keyID) |
| 569 | require.NoError(t, err) |
| 570 | require.True(t, key.ExpiresAt.After(dbtime.Now())) |
| 571 | |
| 572 | auditor.ResetLogs() |
| 573 | |
| 574 | // Expire the token. |
| 575 | err = adminClient.ExpireAPIKey(ctx, codersdk.Me, keyID) |
| 576 | require.NoError(t, err) |
| 577 | |
| 578 | // Verify the token is expired. |
| 579 | key, err = adminClient.APIKeyByID(ctx, codersdk.Me, keyID) |
| 580 | require.NoError(t, err) |
| 581 | require.True(t, key.ExpiresAt.Before(dbtime.Now())) |
| 582 | |
| 583 | // Verify audit log. |
| 584 | als := auditor.AuditLogs() |
| 585 | require.Len(t, als, 1) |
| 586 | require.Equal(t, database.AuditActionWrite, als[0].Action) |
| 587 | require.Equal(t, database.ResourceTypeApiKey, als[0].ResourceType) |
| 588 | require.Equal(t, admin.UserID.String(), als[0].UserID.String()) |
| 589 | }) |
| 590 | |
| 591 | t.Run("AdminCanExpireOtherUsersToken", func(t *testing.T) { |
| 592 | ctx := testutil.Context(t, testutil.WaitLong) |
| 593 | |
| 594 | // Create a token for the member. |
| 595 | res, err := memberClient.CreateToken(ctx, codersdk.Me, codersdk.CreateTokenRequest{ |
| 596 | Lifetime: time.Hour * 24 * 7, |
| 597 | }) |
| 598 | require.NoError(t, err) |
| 599 | keyID := strings.Split(res.Key, "-")[0] |
| 600 | |
| 601 | // Admin expires the member's token. |
| 602 | err = adminClient.ExpireAPIKey(ctx, member.ID.String(), keyID) |
| 603 | require.NoError(t, err) |
| 604 | |
| 605 | // Verify the token is expired. |
| 606 | key, err := memberClient.APIKeyByID(ctx, codersdk.Me, keyID) |
nothing calls this directly
no test coverage detected