(t *testing.T)
| 281 | } |
| 282 | |
| 283 | func TestTokenAdminSetMaxLifetimeShorter(t *testing.T) { |
| 284 | t.Parallel() |
| 285 | |
| 286 | ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) |
| 287 | defer cancel() |
| 288 | dc := coderdtest.DeploymentValues(t) |
| 289 | dc.Sessions.MaximumTokenDuration = serpent.Duration(time.Hour * 24 * 14) |
| 290 | dc.Sessions.MaximumAdminTokenDuration = serpent.Duration(time.Hour * 24 * 7) |
| 291 | client := coderdtest.New(t, &coderdtest.Options{ |
| 292 | DeploymentValues: dc, |
| 293 | }) |
| 294 | adminUser := coderdtest.CreateFirstUser(t, client) |
| 295 | nonAdminClient, _ := coderdtest.CreateAnotherUser(t, client, adminUser.OrganizationID) |
| 296 | |
| 297 | // Admin should NOT be able to create a token with a lifetime longer than the admin max. |
| 298 | _, err := client.CreateToken(ctx, codersdk.Me, codersdk.CreateTokenRequest{ |
| 299 | Lifetime: time.Hour * 24 * 8, |
| 300 | }) |
| 301 | require.Error(t, err) |
| 302 | require.Contains(t, err.Error(), "lifetime must be less") |
| 303 | |
| 304 | // Admin should be able to create a token with a lifetime shorter than the admin max. |
| 305 | _, err = client.CreateToken(ctx, codersdk.Me, codersdk.CreateTokenRequest{ |
| 306 | Lifetime: time.Hour * 24 * 6, |
| 307 | }) |
| 308 | require.NoError(t, err) |
| 309 | |
| 310 | // Non-admin should be able to create a token with a lifetime longer than the admin max. |
| 311 | _, err = nonAdminClient.CreateToken(ctx, codersdk.Me, codersdk.CreateTokenRequest{ |
| 312 | Lifetime: time.Hour * 24 * 10, |
| 313 | }) |
| 314 | require.NoError(t, err) |
| 315 | |
| 316 | // Non-admin should NOT be able to create a token with a lifetime longer than the non-admin max. |
| 317 | _, err = nonAdminClient.CreateToken(ctx, codersdk.Me, codersdk.CreateTokenRequest{ |
| 318 | Lifetime: time.Hour * 24 * 15, |
| 319 | }) |
| 320 | require.Error(t, err) |
| 321 | require.Contains(t, err.Error(), "lifetime must be less") |
| 322 | } |
| 323 | |
| 324 | func TestTokenCustomDefaultLifetime(t *testing.T) { |
| 325 | t.Parallel() |
nothing calls this directly
no test coverage detected