(t *testing.T)
| 240 | } |
| 241 | |
| 242 | func TestTokenAdminSetMaxLifetime(t *testing.T) { |
| 243 | t.Parallel() |
| 244 | |
| 245 | ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) |
| 246 | defer cancel() |
| 247 | dc := coderdtest.DeploymentValues(t) |
| 248 | dc.Sessions.MaximumTokenDuration = serpent.Duration(time.Hour * 24 * 7) |
| 249 | dc.Sessions.MaximumAdminTokenDuration = serpent.Duration(time.Hour * 24 * 14) |
| 250 | client := coderdtest.New(t, &coderdtest.Options{ |
| 251 | DeploymentValues: dc, |
| 252 | }) |
| 253 | adminUser := coderdtest.CreateFirstUser(t, client) |
| 254 | nonAdminClient, _ := coderdtest.CreateAnotherUser(t, client, adminUser.OrganizationID) |
| 255 | |
| 256 | // Admin should be able to create a token with a lifetime longer than the non-admin max. |
| 257 | _, err := client.CreateToken(ctx, codersdk.Me, codersdk.CreateTokenRequest{ |
| 258 | Lifetime: time.Hour * 24 * 10, |
| 259 | }) |
| 260 | require.NoError(t, err) |
| 261 | |
| 262 | // Admin should NOT be able to create a token with a lifetime longer than the admin max. |
| 263 | _, err = client.CreateToken(ctx, codersdk.Me, codersdk.CreateTokenRequest{ |
| 264 | Lifetime: time.Hour * 24 * 15, |
| 265 | }) |
| 266 | require.Error(t, err) |
| 267 | require.Contains(t, err.Error(), "lifetime must be less") |
| 268 | |
| 269 | // Non-admin should NOT be able to create a token with a lifetime longer than the non-admin max. |
| 270 | _, err = nonAdminClient.CreateToken(ctx, codersdk.Me, codersdk.CreateTokenRequest{ |
| 271 | Lifetime: time.Hour * 24 * 8, |
| 272 | }) |
| 273 | require.Error(t, err) |
| 274 | require.Contains(t, err.Error(), "lifetime must be less") |
| 275 | |
| 276 | // Non-admin should be able to create a token with a lifetime shorter than the non-admin max. |
| 277 | _, err = nonAdminClient.CreateToken(ctx, codersdk.Me, codersdk.CreateTokenRequest{ |
| 278 | Lifetime: time.Hour * 24 * 6, |
| 279 | }) |
| 280 | require.NoError(t, err) |
| 281 | } |
| 282 | |
| 283 | func TestTokenAdminSetMaxLifetimeShorter(t *testing.T) { |
| 284 | t.Parallel() |
nothing calls this directly
no test coverage detected