diff --git a/app/controllers/provider/admin/user/access_tokens_controller.rb b/app/controllers/provider/admin/user/access_tokens_controller.rb
index 65457162c2..00f18ed7dc 100644
--- a/app/controllers/provider/admin/user/access_tokens_controller.rb
+++ b/app/controllers/provider/admin/user/access_tokens_controller.rb
@@ -11,9 +11,9 @@ class AccessTokensController < BaseController
before_action :disable_client_cache
before_action :load_access_token, only: %i[edit update destroy]
- def index
- @access_tokens = access_tokens
- end
+ helper_method :access_tokens, :service_tokens
+
+ def index; end
def new
@presenter = AccessTokensNewPresenter.new(current_account)
@@ -23,13 +23,13 @@ def new
def edit; end
def create
- @presenter = AccessTokensNewPresenter.new(current_account)
@access_token = access_tokens.build(access_token_params)
if @access_token.save
- flash[:token] = @access_token.id
- redirect_to provider_admin_user_access_tokens_path, success: t('.success')
+ flash.now[:success] = t('.success')
+ render :show, locals: { token: @access_token }
else
+ @presenter = AccessTokensNewPresenter.new(current_account)
render :new
end
end
@@ -60,6 +60,10 @@ def access_tokens
@access_tokens ||= current_user.access_tokens
end
+ def service_tokens
+ @service_tokens ||= current_user.decorate.accessible_services_with_token
+ end
+
def load_access_token
@access_token = access_tokens.find(params[:id])
end
diff --git a/app/decorators/user_decorator.rb b/app/decorators/user_decorator.rb
index ceb158cb2c..ca8e3f41a0 100644
--- a/app/decorators/user_decorator.rb
+++ b/app/decorators/user_decorator.rb
@@ -12,4 +12,11 @@ def display_name
def informal_name
first_name.presence || last_name.presence || username
end
+
+ def accessible_services_with_token
+ return Service.none unless has_permission?(:plans)
+
+ accessible_services.joins(:service_tokens)
+ .includes(:service_tokens)
+ end
end
diff --git a/app/helpers/buttons_helper.rb b/app/helpers/buttons_helper.rb
index ea2bf5eb74..5bbed54524 100644
--- a/app/helpers/buttons_helper.rb
+++ b/app/helpers/buttons_helper.rb
@@ -83,6 +83,7 @@ def action_button_to(action, url, options = {})
fancy_button_to(label, url, options)
end
+ # DEPRECATED: Replace with form to be independent of rails-ujs (data-method: 'delete')
# Button for deleting stuff.
#
# This is a shortcut for
diff --git a/app/helpers/patternfly_components_helper.rb b/app/helpers/patternfly_components_helper.rb
index 3190161b7d..6caba47695 100644
--- a/app/helpers/patternfly_components_helper.rb
+++ b/app/helpers/patternfly_components_helper.rb
@@ -62,27 +62,20 @@ def pf_toast_alert(title, **options)
end
end
- # TODO: this action button is used only in app/views/provider/admin/account/users/index.html.slim
- # right now, but could be used in other tables. Eliminate existing repetition by using this helper
def pf_delete_table_action(url, button_options = {})
- form_attributes = { method: :delete }
-
- button_class = 'pf-c-button pf-m-link pf-m-danger'
-
- confirm = button_options.delete(:confirm) || 'It will be permanently delete. Are you sure?'
+ confirm = button_options.delete(:confirm) || I18n.t('shared.delete_button_confirm')
+ title = button_options.delete(:title) || I18n.t('shared.delete_button_title')
button_attributes = { type: :submit,
- class: button_class.strip,
+ class: 'pf-c-button pf-m-link pf-m-danger',
+ title:,
'data-confirm': confirm }.merge(button_options)
- span = tag.span class: 'pf-c-button__icon pf-m-start' do
- tag.i class: "fas fa-trash", 'aria-hidden': 'true'
- end
- label = 'Delete'
-
- form_tag(url, form_attributes) do
+ form_tag(url, method: :delete) do
tag.button(**button_attributes) do
- span + label
+ tag.span class: 'pf-c-button__icon pf-m-start' do
+ tag.i class: 'fas fa-trash', 'aria-hidden': 'true'
+ end
end
end
end
diff --git a/app/javascript/packs/access_tokens.scss b/app/javascript/packs/access_tokens.scss
deleted file mode 100644
index 8edcb41c7a..0000000000
--- a/app/javascript/packs/access_tokens.scss
+++ /dev/null
@@ -1,2 +0,0 @@
-@import '~@patternfly/patternfly/components/DescriptionList/description-list.css';
-@import '~@patternfly/patternfly/components/Table/table.css';
diff --git a/app/javascript/packs/pf_form.scss b/app/javascript/packs/pf_form.scss
index ef0e7b5b30..3869a93168 100644
--- a/app/javascript/packs/pf_form.scss
+++ b/app/javascript/packs/pf_form.scss
@@ -1,3 +1,4 @@
+@import '~@patternfly/patternfly/components/ActionList/action-list.css';
@import '~@patternfly/patternfly/components/Button/button.css';
@import '~@patternfly/patternfly/components/Check/check.css';
@import '~@patternfly/patternfly/components/Form/form.css';
@@ -8,3 +9,9 @@
margin-top: var(--pf-c-check__body--MarginTop);
}
}
+
+.pf-c-form__actions {
+ .pf-c-button.pf-m-danger {
+ margin-left: auto;
+ }
+}
diff --git a/app/javascript/packs/pf_text.scss b/app/javascript/packs/pf_text.scss
new file mode 100644
index 0000000000..3e356926cb
--- /dev/null
+++ b/app/javascript/packs/pf_text.scss
@@ -0,0 +1 @@
+@import '@patternfly/patternfly/utilities/Text/text.css';
diff --git a/app/lib/api_docs/provider_user_data.rb b/app/lib/api_docs/provider_user_data.rb
index 1f79a81f2a..e78d355f97 100644
--- a/app/lib/api_docs/provider_user_data.rb
+++ b/app/lib/api_docs/provider_user_data.rb
@@ -14,8 +14,8 @@ def access_token
end
def service_tokens
- tokens = @user.accessible_service_tokens.map do |service_token|
- { name: service_token.service.name, value: service_token.value }
+ tokens = @user.decorate.accessible_services_with_token.map do |service|
+ { name: service.name, value: service.active_service_token.value }
end
tokens.presence || [{ name: "You don't have access to any services, contact an administrator of this account.", value: '' }]
end
diff --git a/app/lib/fields/patternfly_form_builder.rb b/app/lib/fields/patternfly_form_builder.rb
index 32324b35ec..f8119a4037 100644
--- a/app/lib/fields/patternfly_form_builder.rb
+++ b/app/lib/fields/patternfly_form_builder.rb
@@ -19,6 +19,11 @@ def output_html(field, options = {})
typed_input_field.input(self, builder_options)
end
+ def cancel_link(href, opts = {})
+ opts.reverse_merge!(class: 'pf-c-button pf-m-link', type: :button)
+ template.link_to(I18n.t('shared.cancel_button'), href, **opts)
+ end
+
def commit_button(title, opts = {})
raise ArgumentError, 'button_html prop will be ignored, use standard html attributes' if opts.key?(:button_html)
diff --git a/app/models/access_token.rb b/app/models/access_token.rb
index 20a4685268..8eeb3765ed 100644
--- a/app/models/access_token.rb
+++ b/app/models/access_token.rb
@@ -1,10 +1,16 @@
+# frozen_string_literal: true
+
class AccessToken < ApplicationRecord
+ DIGEST_PREFIX = 'SHA384$'
+
TIMESTAMP_FORMAT = '%FT%T%:z'.freeze
PAST_TIME = Time.at(0).utc.freeze
private_constant :PAST_TIME
belongs_to :owner, class_name: 'User', inverse_of: :access_tokens
+ attr_reader :plaintext_value
+
validates :name, length: { maximum: 255 }
serialize :scopes, type: Array
@@ -39,7 +45,7 @@ def permission_name
class Scopes
extend Forwardable
- delegate %i(each count select any? map) => :scopes
+ delegate %i[each empty? count select any? map] => :scopes
def initialize(scopes)
@scopes = scopes
@@ -98,14 +104,32 @@ def self.allowed_scopes
validate :validate_scope_exists
validate :validate_expiration_date, on: %i[create]
- after_initialize :generate_value
+ after_initialize :generate_if_missing, if: :new_record?
attr_accessible :owner, :name, :scopes, :permission, :expires_at
- attr_readonly :value
+ def self.compute_digest(plaintext_value)
+ return nil if plaintext_value.blank?
+
+ hash = OpenSSL::Digest::SHA384.hexdigest(plaintext_value.to_s)
+ "#{DIGEST_PREFIX}#{hash}"
+ end
+
+ def self.find_from_value(plaintext_value)
+ return nil if plaintext_value.blank?
+
+ scrubbed = plaintext_value.to_s.scrub
+ digest = compute_digest(scrubbed)
+
+ # Fast path: find by digest (new tokens)
+ token = find_by(value: digest)
+ return token if token
- def self.find_from_value(value)
- find_by(value: value.to_s.scrub)
+ # Reject if the input looks like a stored hash (has our prefix)
+ return nil if scrubbed.start_with?(DIGEST_PREFIX)
+
+ # Slow path: find by plaintext (legacy tokens, no migration)
+ find_by(value: scrubbed)
rescue ActiveRecord::StatementInvalid, ArgumentError # utf-8 issues
nil
end
@@ -155,8 +179,12 @@ def validate_expiration_date
errors.add :expires_at, :invalid, message: "Date must follow ISO8601 format and be future. Example: #{1.week.from_now.utc.iso8601}."
end
- def generate_value
- self.value ||= self.class.random_id
+ def generate_if_missing
+ return if persisted?
+ return if @plaintext_value.present?
+
+ @plaintext_value = self.class.random_id
+ self.value = self.class.compute_digest(@plaintext_value)
end
def available_permissions
@@ -167,8 +195,8 @@ def human_permission
PERMISSIONS.key(permission)
end
- def show_value?(*)
- saved_changes.include?(:value)
+ def show_plaintext_value?(*)
+ @plaintext_value.present?
end
def available_scopes
@@ -180,7 +208,7 @@ def human_scopes
end
def self.random_id
- SecureRandom.hex(32)
+ SecureRandom.hex(48)
end
def expired?
diff --git a/app/models/user.rb b/app/models/user.rb
index ed6e1fe2e6..da1c00ef22 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -182,15 +182,6 @@ def allowed_access_token_scopes
AccessToken.scopes.allowed_for(self)
end
- def accessible_service_tokens
- if has_permission?(:plans)
- accessible_services.joins(:service_tokens)
- .includes(:service_tokens).map(&:active_service_token)
- else
- []
- end
- end
-
def accessible_cinstances
account.provided_cinstances.permitted_for(self)
diff --git a/app/representers/access_token_representer.rb b/app/representers/access_token_representer.rb
index c763709319..6d3c9ba6a7 100644
--- a/app/representers/access_token_representer.rb
+++ b/app/representers/access_token_representer.rb
@@ -12,5 +12,5 @@ class AccessTokenRepresenter < ThreeScale::Representer
property :scopes
property :permission
property :expires_at
- property :value, if: :show_value?
+ property :plaintext_value, as: :value, if: :show_plaintext_value?
end
diff --git a/app/views/provider/admin/account/users/index.html.slim b/app/views/provider/admin/account/users/index.html.slim
index 0e7ba29569..179346ec4a 100644
--- a/app/views/provider/admin/account/users/index.html.slim
+++ b/app/views/provider/admin/account/users/index.html.slim
@@ -19,14 +19,15 @@ table class="pf-c-table pf-m-grid-lg" role="grid" aria-label="Users table" data-
- presenter.users.each do |user|
tr role="row" id=(dom_id(user))
td role="cell" data-label="Name"
+ - name = user.display_name
- if current_user == user
- = link_to user.display_name, edit_provider_admin_user_personal_details_path(origin: 'users'),
- title: t('.personal_details')
+ = link_to name, edit_provider_admin_user_personal_details_path(origin: 'users'),
+ title: t('.personal_details')
- elsif can?(:edit, user)
- = link_to user.display_name, edit_provider_admin_account_user_path(user),
- title: t('.edit')
+ = link_to name, edit_provider_admin_account_user_path(user),
+ title: t('.edit')
- else
- = user.display_name
+ = name
td role="cell" data-label="Email"
= user.email
@@ -55,10 +56,5 @@ table class="pf-c-table pf-m-grid-lg" role="grid" aria-label="Users table" data-
- else
- if can?(:destroy, user)
div class="pf-c-overflow-menu__item"
- = pf_delete_table_action provider_admin_account_user_path(user), confirm: t('.delete_user_confirm')
- - if can?(:edit, user)
- div class="pf-c-overflow-menu__item"
- a class="pf-c-button pf-m-link" href=edit_provider_admin_account_user_path(user)
- span class="pf-c-button__icon pf-m-start"
- i class="fas fa-pencil-alt" aria-hidden="true"
- = t('.edit')
+ = pf_delete_table_action provider_admin_account_user_path(user), title: t('.delete_user_title', name:),
+ confirm: t('.delete_user_confirm')
diff --git a/app/views/provider/admin/user/access_tokens/edit.html.slim b/app/views/provider/admin/user/access_tokens/edit.html.slim
index 165f3cf402..f7272735f0 100644
--- a/app/views/provider/admin/user/access_tokens/edit.html.slim
+++ b/app/views/provider/admin/user/access_tokens/edit.html.slim
@@ -12,7 +12,7 @@ div class="pf-c-card"
= f.actions do
= f.commit_button t('.submit_button_label')
+ = f.cancel_link provider_admin_user_access_tokens_path
= f.delete_button 'Delete', provider_admin_user_access_token_path(@access_token),
- data: { confirm: 'Are you sure?' },
- title: 'Delete Access Token'
-
+ data: { confirm: t('.delete_confirm') },
+ title: t('.delete_title')
diff --git a/app/views/provider/admin/user/access_tokens/index.html.slim b/app/views/provider/admin/user/access_tokens/index.html.slim
index 163a7edcc6..fc38a71528 100644
--- a/app/views/provider/admin/user/access_tokens/index.html.slim
+++ b/app/views/provider/admin/user/access_tokens/index.html.slim
@@ -1,120 +1,83 @@
+- content_for :title, t('.title')
+- content_for :page_header_title, t('.title')
+
- content_for :javascripts
- = javascript_packs_with_chunks_tag 'access_tokens'
+ = javascript_packs_with_chunks_tag 'table_toolbar', 'pf_table'
+ = stylesheet_packs_chunks_tag 'pf_spacing', 'pf_text'
-- if flash[:token]
- - token = @access_tokens.last
- - content_for :page_header_title, 'Copy the new token and store it somewhere safe'
- div class="pf-c-card"
- div class="pf-c-card__body"
- div class="pf-c-content"
- p Make sure to copy your new personal access token now. You won't be able to see it again as it isn't stored for security reasons.
- br
- dl class="pf-c-description-list pf-m-horizontal"
- div class="pf-c-description-list__group"
- dt class="pf-c-description-list__term"
- span class="pf-c-description-list__text"
- | Name
- dd class="pf-c-description-list__description"
- div class="pf-c-description-list__text"
- = token.name
- div class="pf-c-description-list__group"
- dt class="pf-c-description-list__term"
- span class="pf-c-description-list__text"
- | Scopes
- dd class="pf-c-description-list__description"
- div class="pf-c-description-list__text"
- = token.human_scopes.to_sentence
- div class="pf-c-description-list__group"
- dt class="pf-c-description-list__term"
- span class="pf-c-description-list__text"
- | Permission
- dd class="pf-c-description-list__description"
- div class="pf-c-description-list__text"
- = token.human_permission
- div class="pf-c-description-list__group"
- dt class="pf-c-description-list__term"
- span class="pf-c-description-list__text"
- | Expires at
- dd class="pf-c-description-list__description"
- div class="pf-c-description-list__text"
- = token.expires_at.present? ? l(token.expires_at) : t('access_token_options.no_expiration')
- div class="pf-c-description-list__group"
- dt class="pf-c-description-list__term"
- span class="pf-c-description-list__text"
- | Token
- dd class="pf-c-description-list__description"
- div class="pf-c-description-list__text"
- = token.value
+- allowed_scopes = current_user.allowed_access_token_scopes
+
+div class="pf-c-card" id="access-tokens"
+ div class="pf-c-card__header"
+ div class="pf-c-card__title"
+ = t('.access_tokens.title')
+ - if allowed_scopes.any?
+ div class="pf-c-card__actions pf-m-no-offset"
+ a class="pf-c-button pf-m-primary" type="button" href=new_provider_admin_user_access_token_path
+ = t('.access_tokens.add')
+
+ div class="pf-c-card__body"
+ = t('.access_tokens.body_html', href: provider_admin_api_docs_path)
- div class="pf-c-page__main-section"
- div class="pf-l-flex"
- div class="pf-l-flex__item pf-m-align-right"
- = link_to 'I have copied the token', provider_admin_user_access_tokens_path, class: 'pf-c-button pf-m-primary'
-- else
- - content_for :page_header_title, 'Tokens'
- section id="access-tokens"
- h2 Access Tokens
- p
- ' Access tokens are personal tokens that let you authenticate against the Account Management API, the Analytics API and the Billing API through HTTP Basic Auth. You can create multiple access tokens with custom scopes and permissions. We suggest you create tokens with the minimal scopes & permissions needed for the task at hand. Use Access Tokens from within the
- = link_to '3scale API docs', provider_admin_api_docs_path
- | .
+ - if allowed_scopes.empty?
+ div class="pf-c-card__body"
+ = pf_inline_alert t('.access_tokens.missing_permission'), variant: :info
- table class="pf-c-table pf-m-grid-lg" role="grid" aria-label="Access tokens table"
- - allowed_scopes = current_user.allowed_access_token_scopes
+ - else
+ table class="pf-c-table" role="grid" aria-label="Access tokens table"
thead
tr role="row"
- th role="columnheader" scope="col" Name
- th role="columnheader" scope="col" Scopes
- th role="columnheader" scope="col" Expiration
- th role="columnheader" scope="col" Permission
+ th role="columnheader" scope="col" = t('.access_tokens.name')
+ th role="columnheader" scope="col" = t('.access_tokens.scopes')
+ th role="columnheader" scope="col" = t('.access_tokens.expiration')
+ th role="columnheader" scope="col" = t('.access_tokens.permission')
th role="columnheader" scope="col" class="pf-c-table__action pf-m-fit-content"
- = fancy_link_to 'Add Access Token', new_provider_admin_user_access_token_path, class: 'new' if allowed_scopes.any?
tbody role="rowgroup"
- - if @access_tokens.any? && allowed_scopes.any?
- - @access_tokens.each do |token|
+ - if access_tokens.empty?
+ tr role="row"
+ td role="cell" colspan="100"
+ = render 'shared/empty_state', title: t('.access_tokens.empty'),
+ body: t('.access_tokens.empty_body')
+ - else
+ - access_tokens.each do |token|
tr role="row"
- td role="cell" data-label="Name" = token.name
+ - name = token.name
+ td role="cell" data-label="Name"
+ = link_to name, edit_provider_admin_user_access_token_path(token), title: t('.access_tokens.edit', name:)
td role="cell" data-label="Scopes" = token.human_scopes.to_sentence
td role="cell" data-label="Expiration" = token.expires_at.present? ? l(token.expires_at) : t('access_token_options.no_expiration')
td role="cell" data-label="Permission" = token.human_permission
td role="cell" class="pf-c-table__action"
- div class="pf-c-overflow-menu"
- div class="pf-c-overflow-menu__content"
- div class="pf-c-overflow-menu__group pf-m-button-group"
- div class="pf-c-overflow-menu__item"
- = link_to 'Edit', edit_provider_admin_user_access_token_path(token), class: 'action edit'
- - else
- tr role="row"
- td role="cell" colspan='4'
- - if allowed_scopes.any?
- | No access tokens yet…
- - else
- | You can't create access tokens because you don't have access to the Account Management API, the Analytics API, and/or the Billing API. Please contact an administrator of this account.
+ = pf_delete_table_action provider_admin_user_access_token_path(token),
+ title: t('.access_tokens.delete', name:),
+ confirm: t('.access_tokens.delete_confirm', name:)
+
+div class="pf-c-card pf-u-mt-lg" id="service-tokens"
+ div class="pf-c-card__header"
+ div class="pf-c-card__title"
+ = t('.service_tokens.title')
- section#service-tokens.Section
- h2 Service Tokens
- p
- ' Service tokens let you authenticate against the Service Management API. Service tokens are auto generated, unique per service and shared between the users of this account. Use Service Tokens from within the
- = link_to '3scale API docs', provider_admin_api_docs_path
- | .
+ div class="pf-c-card__body"
+ = t('.service_tokens.body_html', href: provider_admin_api_docs_path)
+
+ - if service_tokens.empty?
+ div class="pf-c-card__body"
+ = pf_inline_alert t('.service_tokens.empty'), variant: :info
- table class="pf-c-table pf-m-grid-lg" role="grid" aria-label="Service tokens table"
+ - else
+ table class="pf-c-table" role="grid" aria-label="Service tokens table"
thead
tr role="row"
- th role="columnheader" scope="col" class="pf-m-fit-content" Service name
- th role="columnheader" scope="col" Scope
- th role="columnheader" scope="col" Permission
- th role="columnheader" scope="col" Token
+ th role="columnheader" scope="col" class="pf-m-fit-content" = t('.service_tokens.name')
+ th role="columnheader" scope="col" = t('.service_tokens.scope_col')
+ th role="columnheader" scope="col" = t('.service_tokens.permission_col')
+ th role="columnheader" scope="col" = t('.service_tokens.token')
tbody
- - accessible_service_tokens = current_user.accessible_service_tokens
- - if accessible_service_tokens.any?
- - accessible_service_tokens.each do |service_token|
- tr role="row"
- td role="cell" data-label="Service name" = service_token.service.name
- td role="cell" data-label="Scope" Service management API
- td role="cell" data-label="Permission" Read & Write
- td role="cell" data-label="Token"
- code.u-code = service_token.value
- - else
+ - service_tokens.each do |service|
tr role="row"
- td colspan='4' You don't have access to any service. Contact an admin of this account to request access if needed.
+ td role="cell" data-label="Service name" = service.name
+ td role="cell" data-label="Scope" = t('.service_tokens.scope_value')
+ td role="cell" data-label="Permission" = t('.service_tokens.permission_value')
+ td role="cell" data-label="Token" class="pf-u-font-family-monospace"
+ = service.active_service_token.value
+
diff --git a/app/views/provider/admin/user/access_tokens/show.html.slim b/app/views/provider/admin/user/access_tokens/show.html.slim
new file mode 100644
index 0000000000..312c2cfd98
--- /dev/null
+++ b/app/views/provider/admin/user/access_tokens/show.html.slim
@@ -0,0 +1,51 @@
+- content_for :title, t('provider.admin.user.access_tokens.index.title')
+- content_for :page_header_title, t('.title')
+
+- content_for :javascripts
+ = stylesheet_packs_chunks_tag 'pf_description_list'
+
+div class="pf-c-card"
+ div class="pf-c-card__body"
+ dl class="pf-c-description-list pf-m-horizontal"
+ div class="pf-c-description-list__group"
+ dt class="pf-c-description-list__term"
+ span class="pf-c-description-list__text"
+ = t('.name')
+ dd class="pf-c-description-list__description"
+ div class="pf-c-description-list__text"
+ = token.name
+ div class="pf-c-description-list__group"
+ dt class="pf-c-description-list__term"
+ span class="pf-c-description-list__text"
+ = t('.scopes')
+ dd class="pf-c-description-list__description"
+ div class="pf-c-description-list__text"
+ = token.human_scopes.to_sentence
+ div class="pf-c-description-list__group"
+ dt class="pf-c-description-list__term"
+ span class="pf-c-description-list__text"
+ = t('.permissions')
+ dd class="pf-c-description-list__description"
+ div class="pf-c-description-list__text"
+ = token.human_permission
+ div class="pf-c-description-list__group"
+ dt class="pf-c-description-list__term"
+ span class="pf-c-description-list__text"
+ = t('.expires_at')
+ dd class="pf-c-description-list__description"
+ div class="pf-c-description-list__text"
+ = token.expires_at.present? ? l(token.expires_at) : t('access_token_options.no_expiration')
+ div class="pf-c-description-list__group"
+ dt class="pf-c-description-list__term"
+ span class="pf-c-description-list__text"
+ = t('.token')
+ dd class="pf-c-description-list__description"
+ div class="pf-c-description-list__text"
+ = token.value
+ div class="pf-c-card__footer"
+ = pf_inline_alert t('.body'), variant: :warning
+
+div class="pf-c-page__main-section"
+ div class="pf-l-flex"
+ div class="pf-l-flex__item pf-m-align-right"
+ = link_to t('.confirm'), provider_admin_user_access_tokens_path, class: 'pf-c-button pf-m-primary'
diff --git a/app/views/shared/_empty_search_state.html.slim b/app/views/shared/_empty_search_state.html.slim
index 1594261ade..248a8e69db 100644
--- a/app/views/shared/_empty_search_state.html.slim
+++ b/app/views/shared/_empty_search_state.html.slim
@@ -2,7 +2,7 @@
- body = local_assigns[:body] || t('.body')
- content_for :javascripts do
- = javascript_packs_with_chunks_tag 'empty_state'
+ = stylesheet_packs_chunks_tag 'empty_state'
tr role="row"
td role="cell" colspan="100"
diff --git a/app/workers/restore_apicast_master_token_worker.rb b/app/workers/restore_apicast_master_token_worker.rb
index ec7700d648..bf0f2991d1 100644
--- a/app/workers/restore_apicast_master_token_worker.rb
+++ b/app/workers/restore_apicast_master_token_worker.rb
@@ -17,6 +17,6 @@ def perform(*)
master = Account.master
access_token = master.access_tokens.find_by!(name: token_name)
# Need to do that because `:value` is a readonly attribute
- AccessToken.where(id: access_token.id).limit(1).update_all(value: token) # rubocop:disable Rails/SkipsModelValidations
+ AccessToken.where(id: access_token.id).limit(1).update_all(value: AccessToken.compute_digest(token)) # rubocop:disable Rails/SkipsModelValidations
end
end
diff --git a/config/locales/en.yml b/config/locales/en.yml
index c1b0d67295..029b38c4c1 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -561,6 +561,7 @@ en:
index:
authorization_exists: yes
authorization_exists_not: not yet
+ delete_user_title: Delete user %{name}
delete_user_confirm: Are you sure you want to delete this user?
edit: Edit
invite_new_user: Invite a new user
@@ -882,17 +883,75 @@ en:
user:
access_tokens:
+ show:
+ body:
+ Make sure to copy your new personal access token now. You won't be able to see it
+ again as it isn't stored for security reasons.
+ confirm: I have copied the token
+ title: Copy the new token and store it somewhere safe
+ name: Name
+ scopes: Scopes
+ permissions: Permissions
+ expires_at: Expires at
+ token: Token
+
create:
success: Access token was successfully created
+
destroy:
success: Access token was successfully deleted
error: Access token could not be deleted
+
edit:
+ delete_confirm: The token will be permanently deleted. Do you want to continue?
+ delete_title: Delete this access token
page_header_title: Edit Access Token
submit_button_label: Update Access Token
+
+ index:
+ service_tokens:
+ body_html:
+ Service tokens let you authenticate against the Service Management API. Service
+ tokens are auto generated, unique per service and shared between the users of this
+ account. Use Service Tokens from within the 3scale API docs.
+ empty: You don't have access to any service. Contact an admin of this account to request access if needed.
+ name: Service name
+ permission_col: Permission
+ permission_value: Read & Write
+ scope_col: Scope
+ scope_value: Service management API
+ title: Service Tokens
+ token: Token
+
+ access_tokens:
+ add: Add Access Token
+ body_html:
+ Access tokens are personal tokens that let you authenticate against the Account
+ Management API, the Analytics API and the Billing API through HTTP Basic Auth. You
+ can create multiple access tokens with custom scopes and permissions. We suggest you
+ create tokens with the minimal scopes & permissions needed for the task at hand. Use
+ Access Tokens from within the 3scale API docs.
+ delete_confirm: Token "%{name}" will be permanently deleted. Do you want to continue?
+ delete: Delete token %{name}
+ edit: Edit token %{name}
+ empty_body: There aren't any access tokens yet
+ empty: No access tokens
+ expiration: Expiration
+ missing_permission:
+ You can't create access tokens because you don't have access to the Account Management
+ API, the Analytics API, and/or the Billing API. Please contact an administrator of
+ this account.
+ name: Name
+ permission: Permission
+ scopes: Scopes
+ title: Access Tokens
+
+ title: Tokens
+
new:
page_header_title: New Access Token
submit_button_label: Create Access Token
+
update:
success: Access token was successfully updated
notification_preferences:
@@ -2442,6 +2501,9 @@ en:
annotations:
managed_title: Managed by %{value}
managed_description: This resource is managed externally and any modifications may be overwritten.
+ cancel_button: Cancel
+ delete_button_confirm: It will be permanently deleted. Are you sure?
+ delete_button_title: Delete
empty_search_state:
title: No results
body: There are no items matching your search criteria.
diff --git a/db/migrate/20260310134934_hash_access_token_values.rb b/db/migrate/20260310134934_hash_access_token_values.rb
new file mode 100644
index 0000000000..fbcea9d99a
--- /dev/null
+++ b/db/migrate/20260310134934_hash_access_token_values.rb
@@ -0,0 +1,38 @@
+class HashAccessTokenValues < ActiveRecord::Migration[7.1]
+ disable_ddl_transaction! if System::Database.postgres?
+
+ BATCH_SIZE = 1000
+ DIGEST_PREFIX = 'SHA384$'.freeze
+
+ def up
+ say "Hashing legacy access token values..."
+
+ loop do
+ rows_updated = exec_update(batch_update_sql)
+ break if rows_updated == 0
+
+ sleep(0.1)
+ end
+
+ say "Done."
+ end
+
+ private
+
+ def batch_update_sql
+ if System::Database.mysql?
+ "UPDATE access_tokens SET value = CONCAT('#{DIGEST_PREFIX}', SHA2(value, 384)) " \
+ "WHERE value NOT LIKE '#{DIGEST_PREFIX}%' LIMIT #{BATCH_SIZE}"
+ elsif System::Database.postgres?
+ "UPDATE access_tokens SET value = '#{DIGEST_PREFIX}' || encode(sha384(value::bytea), 'hex') " \
+ "WHERE id IN (SELECT id FROM access_tokens WHERE value NOT LIKE '#{DIGEST_PREFIX}%' LIMIT #{BATCH_SIZE})"
+ elsif System::Database.oracle?
+ "UPDATE access_tokens SET value = '#{DIGEST_PREFIX}' || LOWER(STANDARD_HASH(value, 'SHA384')) " \
+ "WHERE ROWID IN (SELECT ROWID FROM access_tokens WHERE value NOT LIKE '#{DIGEST_PREFIX}%' AND ROWNUM <= #{BATCH_SIZE})"
+ end
+ end
+
+ def down
+ raise ActiveRecord::IrreversibleMigration
+ end
+end
diff --git a/db/oracle_schema.rb b/db/oracle_schema.rb
index 7daec94b3c..a6a7895557 100644
--- a/db/oracle_schema.rb
+++ b/db/oracle_schema.rb
@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema[7.1].define(version: 2025_05_22_195407) do
+ActiveRecord::Schema[7.1].define(version: 2026_03_10_134934) do
create_table "access_tokens", force: :cascade do |t|
t.integer "owner_id", precision: 38, null: false
t.text "scopes"
diff --git a/db/postgres_schema.rb b/db/postgres_schema.rb
index cba28b48e0..76eb94c934 100644
--- a/db/postgres_schema.rb
+++ b/db/postgres_schema.rb
@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema[7.1].define(version: 2025_05_22_195407) do
+ActiveRecord::Schema[7.1].define(version: 2026_03_10_134934) do
# These are extensions that must be enabled in order to support this database
enable_extension "plpgsql"
diff --git a/db/schema.rb b/db/schema.rb
index 55e74eb89f..850a8d0f29 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
#
# It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema[7.1].define(version: 2025_05_22_195407) do
+ActiveRecord::Schema[7.1].define(version: 2026_03_10_134934) do
create_table "access_tokens", charset: "utf8mb3", collation: "utf8mb3_bin", force: :cascade do |t|
t.bigint "owner_id", null: false
t.text "scopes"
diff --git a/db/seeds.rb b/db/seeds.rb
index ff1fdb08d0..2d2068ef8f 100644
--- a/db/seeds.rb
+++ b/db/seeds.rb
@@ -143,21 +143,21 @@
apicast_access_token = master_user.access_tokens.create!(name: 'APIcast', scopes: %w[account_management], permission: 'ro') do |token|
if (value = ENV['APICAST_ACCESS_TOKEN'].presence)
- token.value = value
+ token.value = AccessToken.compute_digest(value)
end
- end.value
+ end.plaintext_value
master_access_token = master_user.access_tokens.create!(name: 'Master Token', scopes: %w[account_management], permission: 'rw') do |token|
if (value = ENV['MASTER_ACCESS_TOKEN'].presence)
- token.value = value
+ token.value = AccessToken.compute_digest(value)
end
- end.value
+ end.plaintext_value
if (admin_access_token = ENV['ADMIN_ACCESS_TOKEN'].presence)
access_token = user.access_tokens.build(name: 'Administration', permission: 'rw')
access_token.scopes = access_token.class.scopes.values
- access_token.value = admin_access_token
+ access_token.value = AccessToken.compute_digest(admin_access_token)
access_token.save!
end
diff --git a/features/old/accounts/users.feature b/features/old/accounts/users.feature
index 5152036f0f..f1fda6c49e 100644
--- a/features/old/accounts/users.feature
+++ b/features/old/accounts/users.feature
@@ -14,7 +14,7 @@ Feature: User management
And current domain is the admin domain of provider "foo.3scale.localhost"
When I log in as provider "foo.3scale.localhost"
And I go to the provider users page
- And I follow "Edit" for user "alice"
+ And I follow "alice"
Then I should see "Edit user"
And I fill in "Email" with "alice@foo.3scale.localhost"
And I press "Update User"
@@ -25,7 +25,7 @@ Feature: User management
And current domain is the admin domain of provider "foo.3scale.localhost"
When I log in as provider "foo.3scale.localhost"
And I go to the provider users page
- And I follow "Edit" for user "alice"
+ And I follow "alice"
And I fill in "Email" with ""
And I press "Update User"
Then I should see "should look like an email address"
@@ -36,7 +36,7 @@ Feature: User management
When I log in as provider "foo.3scale.localhost"
And I go to the provider users page
Then I should see "member" that belongs to user "bob"
- When I follow "Edit" for user "bob"
+ When I follow "bob"
And I choose "Admin" in the user role field
And I press "Update User"
Then user "bob" should have role "admin"
diff --git a/features/old/buyers/users.feature b/features/old/buyers/users.feature
index 816b656f99..cc95975e52 100644
--- a/features/old/buyers/users.feature
+++ b/features/old/buyers/users.feature
@@ -31,7 +31,7 @@ Feature: Buyer users management
When I go to the buyer users page for "SpaceWidgets"
Then I should see buyer user "SpaceWidgets"
And I should see link to the buyer user edit page for "SpaceWidgets"
- When I follow "Edit" for user "SpaceWidgets"
+ When I follow "SpaceWidgets"
Then I should not see "Delete"
Scenario: User details
diff --git a/features/provider/admin/account/users/index.feature b/features/provider/admin/account/users/index.feature
index 258b5e85f4..e18aa3df20 100644
--- a/features/provider/admin/account/users/index.feature
+++ b/features/provider/admin/account/users/index.feature
@@ -67,7 +67,7 @@ Feature: Account Settings > Users > Listing
Scenario: Admin can delete users from then table
Given they go to the provider users page
- When they select action "Delete" of "hunk"
+ When they press "Delete user hunk"
And confirm the dialog
Then they should see a toast alert with text "User was successfully deleted"
And they should see the following table:
@@ -77,7 +77,7 @@ Feature: Account Settings > Users > Listing
Scenario: Admin can edit users from the table
Given they go to the provider users page
- And they select action "Edit" of "hunk"
+ And they follow "hunk"
When the form is submitted with:
| Username | honk |
| Email | honk@umbrella.corp |
@@ -93,8 +93,7 @@ Feature: Account Settings > Users > Listing
| Username | First name | Last name | Role | Email |
| ospen | Oswell | Spencer | admin | ospen@umbrella.corp |
When they go to the provider users page
- Then the actions of row "Oswell Spencer" are:
- | Edit |
- | Delete |
- But the actions of row "Albert Wesker" are:
- | Personal details |
+ Then there should be a link to "Oswell Spencer"
+ And there should be a button to "Delete user Oswell Spencer"
+ And there should be a link to "Personal details"
+ But there should not be a button to "Delete user Albert Wesker"
diff --git a/features/provider/admin/user/access_tokens.feature b/features/provider/admin/user/access_tokens.feature
index 7b27eb3360..3b32e5df1c 100644
--- a/features/provider/admin/user/access_tokens.feature
+++ b/features/provider/admin/user/access_tokens.feature
@@ -28,6 +28,18 @@ Feature: Provider Admin Access tokens
| Potato | Analytics API | Never expires | Read Only |
| Banana | Billing API | Never expires | Read & Write |
+ Scenario: Delete access token directly from the table
+ Given the table should contain the following:
+ | Name | Scopes | Expiration | Permission |
+ | Potato | Analytics API | Never expires | Read Only |
+ | Banana | Billing API | Never expires | Read & Write |
+ When they press "Delete token Potato"
+ And confirm the dialog
+ Then they should see a toast alert with text "Access token was successfully deleted"
+ And the table should contain the following:
+ | Name | Scopes | Expiration | Permission |
+ | Banana | Billing API | Never expires | Read & Write |
+
Rule: New page
Background:
Given they go to the new access token page
@@ -77,7 +89,7 @@ Feature: Provider Admin Access tokens
Scenario: Navigation to edit page
Given they go to the personal tokens page
- When they follow "Edit" in the 1st row within the access tokens table
+ When they follow "LeToken" in the 1st row within the access tokens table
Then the current page is the access token's edit page
Scenario: Edit access token
@@ -86,7 +98,7 @@ Feature: Provider Admin Access tokens
| Billing API | No |
| Permission | Read & Write |
Then they should see a toast alert with text "Access token was successfully updated"
- Then the table should contain the following:
+ And the table should contain the following:
| Name | Scopes | Permission |
| New Token Name | Analytics API | Read & Write |
@@ -97,7 +109,7 @@ Feature: Provider Admin Access tokens
Scenario: Delete access token
Given the current page is access token "LeToken" edit page
- When they follow "Delete"
+ When they follow "Delete this access token"
And confirm the dialog
Then the current page is the personal tokens page
And they should see a toast alert with text "Access token was successfully deleted"
diff --git a/features/step_definitions/provider_steps.rb b/features/step_definitions/provider_steps.rb
index b67fef22a0..7feba60bee 100644
--- a/features/step_definitions/provider_steps.rb
+++ b/features/step_definitions/provider_steps.rb
@@ -294,13 +294,6 @@ def create_provider_with_plan(name, plan) # TODO: RENAME THIS NOWWW
end
end
-When(/^I have opened edit page for the active member$/) do
- visit provider_admin_account_users_path
- user = User.find_by!(username: 'alex')
- find("tr#user_#{user.id} .pf-c-table__action").click_link('Edit')
- assert_text 'Edit User'
-end
-
Then(/^no permissions should be checked$/) do
within('.FeatureAccessList') do
all('input[type=checkbox]').each do |input|
diff --git a/features/step_definitions/user_management/common_steps.rb b/features/step_definitions/user_management/common_steps.rb
index 2e2e2c8500..1136e41135 100644
--- a/features/step_definitions/user_management/common_steps.rb
+++ b/features/step_definitions/user_management/common_steps.rb
@@ -2,16 +2,6 @@
# TODO: these steps can be replaced for ".* that belongs to .*"
-When "I follow {string} for {user}" do |link_text, user|
- find("tr#user_#{user.id} .pf-c-table__action").click_link(link_text)
-end
-
-When "I press {string} for {user}" do |button_text, user|
- within("#user_#{user.id}") do
- click_button(button_text)
- end
-end
-
When /^I choose "([^"]*)" in the user role field$/ do |role|
with_scope('#user_role_input') do
choose(role)
diff --git a/features/users/permissions.feature b/features/users/permissions.feature
index f3f2596360..27dc676bdf 100644
--- a/features/users/permissions.feature
+++ b/features/users/permissions.feature
@@ -9,13 +9,13 @@ Feature: Member permissions
And provider "foo.3scale.localhost" has "groups" switch allowed
Scenario: Enable and disable billing section
- When I have opened edit page for the active member
+ When go to the provider user edit page for "alex"
Then no permissions should be checked
When I check "Setup and manage customer billing"
And I press "Update User"
- And I have opened edit page for the active member
+ And go to the provider user edit page for "alex"
Then the "Setup and manage customer billing" checkbox should be checked
When I uncheck "Setup and manage customer billing"
And I press "Update User"
- And I have opened edit page for the active member
+ And go to the provider user edit page for "alex"
Then no permissions should be checked
diff --git a/spec/acceptance/api/access_token_spec.rb b/spec/acceptance/api/access_token_spec.rb
index abfa7bf6c4..24c300314d 100644
--- a/spec/acceptance/api/access_token_spec.rb
+++ b/spec/acceptance/api/access_token_spec.rb
@@ -4,12 +4,13 @@
resource 'AccessToken' do
let(:resource) { FactoryBot.build(:access_token) }
- let(:expected_properties) { %w[id name scopes permission value] }
+ let(:expected_properties) { %w[id name scopes permission] }
json(:resource) do
let(:root) { 'access_token' }
it { subject.should have_properties(expected_properties).from(resource) }
+ it { should include('value' => resource.plaintext_value) }
end
json(:collection) do
@@ -20,6 +21,7 @@
subject.each do |subject_access_token|
subject_access_token.should include('access_token')
subject_access_token.fetch('access_token').should have_properties(expected_properties).from(resource)
+ subject_access_token.fetch('access_token').should include('value' => resource.plaintext_value)
end
end
end
diff --git a/spec/acceptance/api/signup_result_with_access_token_spec.rb b/spec/acceptance/api/signup_result_with_access_token_spec.rb
index 16aac5d6ac..26f658dd81 100644
--- a/spec/acceptance/api/signup_result_with_access_token_spec.rb
+++ b/spec/acceptance/api/signup_result_with_access_token_spec.rb
@@ -11,7 +11,7 @@
result
end
let(:expected_account_properties) { %w[id created_at updated_at admin_domain domain from_email state] }
- let(:expected_access_token_properties) { %w[id name scopes permission value] }
+ let(:expected_access_token_properties) { %w[id name scopes permission] }
json(:resource) do
let(:root) { 'signup' }
@@ -19,6 +19,7 @@
it do
subject.fetch('account').should have_properties(expected_account_properties).from(resource.account)
subject.fetch('access_token').should have_properties(expected_access_token_properties).from(resource.access_token)
+ subject.fetch('access_token').should include('value' => resource.access_token.plaintext_value)
end
it { should_not include('errors') }
@@ -46,6 +47,7 @@
context 'access_token' do
subject { xml.root.xpath('./access_token') }
it { should have_tags(expected_access_token_properties).from(resource.access_token) }
+ it { should have_tag('value', text: resource.access_token.plaintext_value) }
end
it { should_not have_tag('errors') }
diff --git a/test/decorators/user_decorator_test.rb b/test/decorators/user_decorator_test.rb
index 21a77cd907..b393f6168d 100644
--- a/test/decorators/user_decorator_test.rb
+++ b/test/decorators/user_decorator_test.rb
@@ -52,4 +52,26 @@ def setup
user.username = 'Baz'
assert_equal 'Baz', decorator.informal_name
end
+
+ test 'accessible_services_with_token without plans permission' do
+ provider = FactoryBot.create(:simple_provider)
+ user = FactoryBot.create(:member, account: provider)
+ FactoryBot.create(:service, account: provider)
+
+ decorator = user.decorate
+
+ assert_equal 0, decorator.accessible_services_with_token.count
+ end
+
+ test 'accessible_services_with_token returns services with tokens' do
+ provider = FactoryBot.create(:simple_provider)
+ user = FactoryBot.create(:member, :with_plans_permission, account: provider)
+
+ service = FactoryBot.create(:service, account: provider)
+ service.service_tokens.create!(value: 'token-value')
+
+ decorator = user.decorate
+
+ assert_equal 1, decorator.accessible_services_with_token.count
+ end
end
diff --git a/test/factories/access_token.rb b/test/factories/access_token.rb
index 1697b4c162..52c2ea5976 100644
--- a/test/factories/access_token.rb
+++ b/test/factories/access_token.rb
@@ -1,9 +1,11 @@
+# frozen_string_literal: true
+
FactoryBot.define do
- factory :access_token, class: ::AccessToken do
+ factory :access_token, class: AccessToken do
association :owner, factory: :user
scopes { ['stats'] }
permission { 'rw' }
- sequence(:name) { |n| "Alaska_#{n}" }
- sequence(:value) { |n| "wild_#{n}" }
+ sequence(:name) { |n| "token_#{n}" }
+ # value is generated automatically by after_initialize callback in model
end
end
diff --git a/test/factories/user.rb b/test/factories/user.rb
index 96ffc22369..5449dd9706 100644
--- a/test/factories/user.rb
+++ b/test/factories/user.rb
@@ -35,5 +35,11 @@
factory(:member, :parent => :user) do
role { :member }
+
+ trait :with_plans_permission do
+ after(:create) do |user|
+ user.member_permission_ids = ['plans']
+ end
+ end
end
end
diff --git a/test/functional/admin/api/cms/templates_controller_test.rb b/test/functional/admin/api/cms/templates_controller_test.rb
index 9be0fd4693..9fcd717cdd 100644
--- a/test/functional/admin/api/cms/templates_controller_test.rb
+++ b/test/functional/admin/api/cms/templates_controller_test.rb
@@ -9,7 +9,7 @@ class Admin::Api::CMS::TemplatesControllerTest < ActionController::TestCase
def setup
@provider = FactoryBot.create(:provider_account)
host! @provider.external_admin_domain
- @token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[cms]).value
+ @token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[cms]).plaintext_value
end
class TemplatesControllerMethodsTest < Admin::Api::CMS::TemplatesControllerTest
diff --git a/test/functional/admin/api/credit_cards_controller_test.rb b/test/functional/admin/api/credit_cards_controller_test.rb
index 77a16b7094..b45bd0af74 100644
--- a/test/functional/admin/api/credit_cards_controller_test.rb
+++ b/test/functional/admin/api/credit_cards_controller_test.rb
@@ -8,7 +8,7 @@ def setup
provider = FactoryBot.create(:provider_account)
@buyer = FactoryBot.create(:buyer_account, provider_account: provider)
host! provider.external_admin_domain
- @token = FactoryBot.create(:access_token, owner: provider.admin_users.first!, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: provider.admin_users.first!, scopes: %w[account_management]).plaintext_value
@params = {
id: @buyer.provider_account_id,
diff --git a/test/functional/admin/api/services/mapping_rules_controller_test.rb b/test/functional/admin/api/services/mapping_rules_controller_test.rb
index 3232e480c8..842bfb598f 100644
--- a/test/functional/admin/api/services/mapping_rules_controller_test.rb
+++ b/test/functional/admin/api/services/mapping_rules_controller_test.rb
@@ -6,7 +6,7 @@ module Admin::Api::Services
class MappingRulesControllerTest < ActionController::TestCase
def setup
provider = FactoryBot.create(:provider_account)
- @token = FactoryBot.create(:access_token, owner: provider.admin_users.first!, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: provider.admin_users.first!, scopes: %w[account_management]).plaintext_value
assert @service = provider.first_service!
assert @proxy = @service.proxy
diff --git a/test/functional/api/web_hooks_failures_controller_test.rb b/test/functional/api/web_hooks_failures_controller_test.rb
index a9ef9efad3..0981a3da16 100644
--- a/test/functional/api/web_hooks_failures_controller_test.rb
+++ b/test/functional/api/web_hooks_failures_controller_test.rb
@@ -6,7 +6,7 @@ class Admin::Api::WebHooksFailuresControllerTest < ActionController::TestCase
def setup
@provider = FactoryBot.create(:provider_account)
- @token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).plaintext_value
host! @provider.external_admin_domain
end
diff --git a/test/functional/provider/admin/user/access_tokens_controller_test.rb b/test/functional/provider/admin/user/access_tokens_controller_test.rb
new file mode 100644
index 0000000000..e769295f73
--- /dev/null
+++ b/test/functional/provider/admin/user/access_tokens_controller_test.rb
@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+require 'test_helper'
+
+class Provider::Admin::User::AccessTokensControllerTest < ActionController::TestCase
+
+ def setup
+ @provider = FactoryBot.create(:provider_account)
+ @admin = @provider.admins.first
+
+ host! @provider.external_admin_domain
+ login_as @admin
+ end
+
+ test 'index renders the tokens list' do
+ get :index
+
+ assert_response :success
+ assert_template 'index'
+ end
+
+ test 'index falls back to normal index when flash[:token] references a nonexistent token' do
+ get :index, flash: { token: 'nonexistent' }
+
+ assert_response :success
+ assert_template 'index'
+ end
+
+ test 'index does not expose tokens from other users' do
+ other_user = FactoryBot.create(:simple_user, account: @provider)
+ other_token = FactoryBot.create(:access_token, owner: other_user)
+
+ get :index, flash: { token: other_token.id }
+
+ assert_response :success
+ assert_template 'index'
+ end
+
+ test 'show is rendered when a token is created' do
+ expires_at = 1.week.from_now.utc.iso8601
+ post :create, params: { access_token: { name: 'Le Token', scopes: ['account_management'], permission: 'ro', expires_at: } }
+
+ assert_response :success
+ assert_template :show
+ end
+end
diff --git a/test/integration/admin/api/account/authentication_providers_controller_test.rb b/test/integration/admin/api/account/authentication_providers_controller_test.rb
index 663141baad..96d670535a 100644
--- a/test/integration/admin/api/account/authentication_providers_controller_test.rb
+++ b/test/integration/admin/api/account/authentication_providers_controller_test.rb
@@ -108,7 +108,7 @@ def setup
FactoryBot.create(:auth0_authentication_provider, account: @provider, account_type: AuthenticationProvider.account_types[:provider])
FactoryBot.create(:keycloak_authentication_provider, account: @provider, account_type: AuthenticationProvider.account_types[:provider])
FactoryBot.create(:auth0_authentication_provider, account: FactoryBot.build_stubbed(:simple_provider), account_type: AuthenticationProvider.account_types[:provider])
- get admin_api_account_authentication_providers_path(format: :json, access_token: @access_token.value)
+ get admin_api_account_authentication_providers_path(format: :json, access_token: @access_token.plaintext_value)
assert_response :ok
authentication_providers = JSON.parse(response.body)['authentication_providers']
assert authentication_providers.present?
@@ -122,7 +122,7 @@ def setup
FactoryBot.create(:auth0_authentication_provider, account: @provider, account_type: AuthenticationProvider.account_types[:provider])
FactoryBot.create(:keycloak_authentication_provider, account: @provider, account_type: AuthenticationProvider.account_types[:provider])
FactoryBot.create(:auth0_authentication_provider, account: FactoryBot.build_stubbed(:simple_provider), account_type: AuthenticationProvider.account_types[:provider])
- get admin_api_account_authentication_providers_path(format: :xml, access_token: @access_token.value)
+ get admin_api_account_authentication_providers_path(format: :xml, access_token: @access_token.plaintext_value)
assert_response :ok
assert_xml './authentication_providers/authentication_provider', 2
end
@@ -130,13 +130,13 @@ def setup
test '#index ensures provider can use provider_sso' do
Logic::RollingUpdates.stubs(:enabled?).returns(true)
@provider.stubs(:provider_can_use?).with(:provider_sso).returns(false)
- get admin_api_account_authentication_providers_path(format: :json, access_token: @access_token.value)
+ get admin_api_account_authentication_providers_path(format: :json, access_token: @access_token.plaintext_value)
assert_response :not_found
end
test '#show returns the requested authentication provider' do
authentication_provider = FactoryBot.create(:self_authentication_provider, account: @provider, account_type: AuthenticationProvider.account_types[:provider])
- get admin_api_account_authentication_provider_path(authentication_provider, format: :json, access_token: @access_token.value)
+ get admin_api_account_authentication_provider_path(authentication_provider, format: :json, access_token: @access_token.plaintext_value)
assert_response :ok
assert_equal authentication_provider.id, JSON.parse(response.body).dig('authentication_provider', 'id')
end
@@ -145,7 +145,7 @@ def setup
Logic::RollingUpdates.stubs(:enabled?).returns(true)
@provider.stubs(:provider_can_use?).with(:provider_sso).returns(false)
authentication_provider = FactoryBot.create(:self_authentication_provider, account: @provider, account_type: AuthenticationProvider.account_types[:provider])
- get admin_api_account_authentication_provider_path(authentication_provider, format: :json, access_token: @access_token.value)
+ get admin_api_account_authentication_provider_path(authentication_provider, format: :json, access_token: @access_token.plaintext_value)
assert_response :not_found
end
@@ -161,6 +161,6 @@ def authentication_provider_params(different_attributes: {})
client_id: 'cid', client_secret: 'csecret', site: 'http://example',
kind: 'auth0', skip_ssl_certificate_verification: true, published: true
}.merge(different_attributes)
- { authentication_provider: attributes, format: :json, access_token: @access_token.value }
+ { authentication_provider: attributes, format: :json, access_token: @access_token.plaintext_value }
end
end
diff --git a/test/integration/admin/api/account/proxy_configs_controller_test.rb b/test/integration/admin/api/account/proxy_configs_controller_test.rb
index 040dd8dee3..81a56bce1c 100644
--- a/test/integration/admin/api/account/proxy_configs_controller_test.rb
+++ b/test/integration/admin/api/account/proxy_configs_controller_test.rb
@@ -195,7 +195,7 @@ def content_hosts(*hosts)
end
def access_token_value(user:)
- FactoryBot.create(:access_token, owner: user, scopes: %w[account_management]).value
+ FactoryBot.create(:access_token, owner: user, scopes: %w[account_management]).plaintext_value
end
def response_proxy_config_ids
diff --git a/test/integration/admin/api/account_plans_controller_test.rb b/test/integration/admin/api/account_plans_controller_test.rb
index 3bb4bbee53..5de46e6382 100644
--- a/test/integration/admin/api/account_plans_controller_test.rb
+++ b/test/integration/admin/api/account_plans_controller_test.rb
@@ -6,7 +6,7 @@ class Admin::Api::AccountPlansControllerTest < ActionDispatch::IntegrationTest
def setup
@provider = FactoryBot.create(:provider_account)
- @token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).plaintext_value
host! @provider.external_admin_domain
end
diff --git a/test/integration/admin/api/accounts_controller_test.rb b/test/integration/admin/api/accounts_controller_test.rb
index d9fd0d167f..eb6b6c8092 100644
--- a/test/integration/admin/api/accounts_controller_test.rb
+++ b/test/integration/admin/api/accounts_controller_test.rb
@@ -42,7 +42,7 @@ class TenantAdminTest < Admin::Api::AccountsControllerTest
buyer_user = FactoryBot.create(:admin, account: buyer)
buyer_user.update(email: nil)
- get find_admin_api_accounts_path(format: :json, access_token: token.value)
+ get find_admin_api_accounts_path(format: :json, access_token: token.plaintext_value)
assert_response :not_found
end
end
@@ -138,13 +138,13 @@ def test_show
buyer.payment_detail.destroy!
assert_difference(PaymentDetail.method(:count), 0) do
- get admin_api_account_path(buyer, format: :xml, access_token: token.value)
+ get admin_api_account_path(buyer, format: :xml, access_token: token.plaintext_value)
assert_response :success
end
buyer.settings.destroy!
assert_difference(Settings.method(:count), 0) do
- get admin_api_account_path(buyer, format: :xml, access_token: token.value)
+ get admin_api_account_path(buyer, format: :xml, access_token: token.plaintext_value)
assert_response :success
end
@@ -165,7 +165,7 @@ class WebHooksTest < Admin::Api::AccountsControllerTest
FactoryBot.create(:webhook, account: provider, account_updated_on: true, active: true)
assert_difference(WebHookWorker.jobs.method(:size)) do
- put admin_api_account_path(buyer, format: :json), params: { monthly_billing_enabled: true, access_token: token.value }
+ put admin_api_account_path(buyer, format: :json), params: { monthly_billing_enabled: true, access_token: token.plaintext_value }
assert_response :success
end
end
@@ -185,7 +185,7 @@ class WebHooksTest < Admin::Api::AccountsControllerTest
FactoryBot.create(:webhook, account: provider, account_deleted_on: true, active: true)
assert_difference(WebHookWorker.jobs.method(:size)) do
- delete admin_api_account_path(buyer, access_token: token.value)
+ delete admin_api_account_path(buyer, access_token: token.plaintext_value)
assert_response :success
end
end
@@ -210,7 +210,7 @@ def buyer
end
def update_params
- @update_params ||= { monthly_billing_enabled: true, access_token: token.value }
+ @update_params ||= { monthly_billing_enabled: true, access_token: token.plaintext_value }
end
def token(user: provider.admin_user)
diff --git a/test/integration/admin/api/api_docs_services_controller_test.rb b/test/integration/admin/api/api_docs_services_controller_test.rb
index c6884b4a21..36c87b76ac 100644
--- a/test/integration/admin/api/api_docs_services_controller_test.rb
+++ b/test/integration/admin/api/api_docs_services_controller_test.rb
@@ -5,7 +5,7 @@
class Admin::Api::ApiDocsServicesControllerTest < ActionDispatch::IntegrationTest
def setup
- @token = FactoryBot.create(:access_token, owner: current_account.admin_users.first!, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: current_account.admin_users.first!, scopes: %w[account_management]).plaintext_value
host! current_account.internal_admin_domain
end
@@ -33,7 +33,7 @@ class ProviderAccountTest < Admin::Api::ApiDocsServicesControllerTest
@provider = FactoryBot.create(:provider_account)
@service = @provider.default_service
@api_docs_service = FactoryBot.create(:api_docs_service, account: @provider, service: nil)
- @token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).plaintext_value
end
BOOLEAN_API_DOCS_SERVICE_PARAMS = %i[published skip_swagger_validations].freeze
@@ -191,7 +191,7 @@ class MemberPermissions < ActionDispatch::IntegrationTest
protected
def path_params
- { access_token: access_token.value, format: :json }
+ { access_token: access_token.plaintext_value, format: :json }
end
def api_doc_params(**extra_params)
diff --git a/test/integration/admin/api/application_plan_limits_controller_test.rb b/test/integration/admin/api/application_plan_limits_controller_test.rb
index d0a7dd31fe..26a5aaa45f 100644
--- a/test/integration/admin/api/application_plan_limits_controller_test.rb
+++ b/test/integration/admin/api/application_plan_limits_controller_test.rb
@@ -9,7 +9,7 @@ class Admin::Api::ApplicationPlanLimitsControllerTest < ActionDispatch::Integrat
setup do
@provider = FactoryBot.create(:provider_account)
- @token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).plaintext_value
host! @provider.external_admin_domain
@service = FactoryBot.create(:simple_service, account: @provider)
@app_plan = FactoryBot.create(:simple_application_plan, issuer: service)
diff --git a/test/integration/admin/api/application_plan_metric_pricing_rules_controller_test.rb b/test/integration/admin/api/application_plan_metric_pricing_rules_controller_test.rb
index c3e79c0699..d3890d90fd 100644
--- a/test/integration/admin/api/application_plan_metric_pricing_rules_controller_test.rb
+++ b/test/integration/admin/api/application_plan_metric_pricing_rules_controller_test.rb
@@ -8,7 +8,7 @@ def setup
service = FactoryBot.create(:service, account: @provider)
@plan = FactoryBot.create(:application_plan, issuer: service)
@metric = FactoryBot.create(:metric, owner: service)
- @access_token_value = FactoryBot.create(:access_token, owner: @provider.admin_user, scopes: %w[account_management]).value
+ @access_token_value = FactoryBot.create(:access_token, owner: @provider.admin_user, scopes: %w[account_management]).plaintext_value
host! provider.external_admin_domain
end
diff --git a/test/integration/admin/api/application_plans_controller_test.rb b/test/integration/admin/api/application_plans_controller_test.rb
index f7f13f2615..8b58a7a617 100644
--- a/test/integration/admin/api/application_plans_controller_test.rb
+++ b/test/integration/admin/api/application_plans_controller_test.rb
@@ -6,7 +6,7 @@ class Admin::Api::ApplicationPlansControllerTest < ActionDispatch::IntegrationTe
def setup
Settings::Switch.any_instance.stubs(:allowed?).returns(true)
- @token = FactoryBot.create(:access_token, owner: current_account.admin_users.first!, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: current_account.admin_users.first!, scopes: %w[account_management]).plaintext_value
host! current_account.internal_admin_domain
@service = FactoryBot.create(:service, account: current_account)
end
diff --git a/test/integration/admin/api/authentication_providers_controller_test.rb b/test/integration/admin/api/authentication_providers_controller_test.rb
index f7f03ec654..74af82afdc 100644
--- a/test/integration/admin/api/authentication_providers_controller_test.rb
+++ b/test/integration/admin/api/authentication_providers_controller_test.rb
@@ -100,7 +100,7 @@ def setup
FactoryBot.create(:redhat_customer_portal_authentication_provider, account: provider)
FactoryBot.create(:keycloak_authentication_provider, account: provider)
FactoryBot.create(:redhat_customer_portal_authentication_provider, account: FactoryBot.build_stubbed(:simple_provider))
- get admin_api_authentication_providers_path(format: :json, access_token: access_token.value)
+ get admin_api_authentication_providers_path(format: :json, access_token: access_token.plaintext_value)
assert_response :ok
authentication_providers = JSON.parse(response.body)['authentication_providers']
assert authentication_providers.present?
@@ -114,14 +114,14 @@ def setup
FactoryBot.create(:redhat_customer_portal_authentication_provider, account: provider)
FactoryBot.create(:keycloak_authentication_provider, account: provider)
FactoryBot.create(:redhat_customer_portal_authentication_provider, account: FactoryBot.build_stubbed(:simple_provider))
- get admin_api_authentication_providers_path(format: :xml, access_token: access_token.value)
+ get admin_api_authentication_providers_path(format: :xml, access_token: access_token.plaintext_value)
assert_response :ok
assert_xml './authentication_providers/authentication_provider', 2
end
test '#show returns the requested authentication provider' do
authentication_provider = FactoryBot.create(:authentication_provider, account: provider)
- get admin_api_authentication_provider_path(authentication_provider, format: :json, access_token: access_token.value)
+ get admin_api_authentication_provider_path(authentication_provider, format: :json, access_token: access_token.plaintext_value)
assert_response :ok
assert_equal authentication_provider.id, JSON.parse(response.body).dig('authentication_provider', 'id')
end
@@ -130,7 +130,7 @@ def setup
authentication_provider = FactoryBot.create(:authentication_provider, account: provider)
AuthenticationProvider.any_instance.expects(:authorization_scope).with('show').returns('show')
Ability.any_instance.expects(:authorize!).raises(CanCan::AccessDenied)
- get admin_api_authentication_provider_path(authentication_provider, format: :json, access_token: access_token.value)
+ get admin_api_authentication_provider_path(authentication_provider, format: :json, access_token: access_token.plaintext_value)
assert_response :forbidden
end
@@ -144,6 +144,6 @@ def authentication_provider_params(different_attributes: {}, format: :json)
token_url: 'http://token_url', user_info_url: 'http://user_info_url', authorize_url: 'http://authorize_url',
kind: 'github', skip_ssl_certificate_verification: true, automatically_approve_accounts: true
}.merge(different_attributes)
- { authentication_provider: attributes, format: format, access_token: access_token.value }
+ { authentication_provider: attributes, format: format, access_token: access_token.plaintext_value }
end
end
diff --git a/test/integration/admin/api/backend_apis/mapping_rules_controller_test.rb b/test/integration/admin/api/backend_apis/mapping_rules_controller_test.rb
index 5b12a90a81..467e010c4f 100644
--- a/test/integration/admin/api/backend_apis/mapping_rules_controller_test.rb
+++ b/test/integration/admin/api/backend_apis/mapping_rules_controller_test.rb
@@ -21,14 +21,14 @@ def setup
end
attr_reader :access_token
- delegate :value, to: :access_token, prefix: true
+ delegate :plaintext_value, to: :access_token, prefix: true
test 'index' do
FactoryBot.create_list(:proxy_rule, 2, owner: backend_api, proxy: nil) # two more of the same backend api
FactoryBot.create(:proxy_rule, owner: FactoryBot.create(:backend_api, account: provider), proxy: nil) # other backend api
FactoryBot.create(:proxy_rule, proxy: FactoryBot.create(:simple_service, account: provider).proxy) # owned by a proxy, not a backend api
- get admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_value }
+ get admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :success
assert(response_mapping_rules = JSON.parse(response.body)['mapping_rules'])
@@ -38,7 +38,7 @@ def setup
end
test 'show' do
- get admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_value }
+ get admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_plaintext_value }
assert_response :success
assert_equal mapping_rule.id, JSON.parse(response.body).dig('mapping_rule', 'id')
@@ -46,7 +46,7 @@ def setup
test 'create' do
assert_difference(ProxyRule.method(:count)) do
- post admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_value, **mapping_rule_params }
+ post admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_plaintext_value, **mapping_rule_params }
assert_response :created
end
@@ -58,14 +58,14 @@ def setup
test 'create without metric_id gives an error' do
assert_no_difference(ProxyRule.method(:count)) do
- post admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_value, **mapping_rule_params.except(:metric_id) }
+ post admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_plaintext_value, **mapping_rule_params.except(:metric_id) }
assert_response :unprocessable_entity
assert_contains JSON.parse(response.body).dig('errors', 'metric_id'), 'can\'t be blank'
end
end
test 'update' do
- put admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_value, **mapping_rule_params }
+ put admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_plaintext_value, **mapping_rule_params }
assert_response :success
mapping_rule.reload
mapping_rule_params.each do |field_name, expected_value|
@@ -74,13 +74,13 @@ def setup
end
test 'update with errors in the model' do
- put admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_value, http_method: 'invalid' }
+ put admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_plaintext_value, http_method: 'invalid' }
assert_response :unprocessable_entity
assert_contains JSON.parse(response.body).dig('errors', 'http_method'), 'is not included in the list'
end
test 'destroy' do
- delete admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_value }
+ delete admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_plaintext_value }
assert_response :success
assert_raises(ActiveRecord::RecordNotFound) { mapping_rule.reload }
end
@@ -88,7 +88,7 @@ def setup
test 'index can be paginated' do
FactoryBot.create_list(:proxy_rule, 5, owner: backend_api, proxy_id: nil)
- get admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_value, per_page: 3, page: 2 }
+ get admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_plaintext_value, per_page: 3, page: 2 }
assert_response :success
response_ids = JSON.parse(response.body)['mapping_rules'].map { |response| response.dig('mapping_rule', 'id') }
@@ -99,19 +99,19 @@ def setup
backend_api = FactoryBot.create(:backend_api, account: provider, state: :deleted)
mapping_rule = FactoryBot.create(:proxy_rule, owner: backend_api, proxy: nil)
- get admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_value }
+ get admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :not_found
- get admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_value }
+ get admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_plaintext_value }
assert_response :not_found
- post admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_value, **mapping_rule_params }
+ post admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_plaintext_value, **mapping_rule_params }
assert_response :not_found
- put admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_value, **mapping_rule_params }
+ put admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_plaintext_value, **mapping_rule_params }
assert_response :not_found
- delete admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_value }
+ delete admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_plaintext_value }
assert_response :not_found
end
@@ -124,7 +124,7 @@ def setup
rule_1.move_to_top
rule_3.move_to_bottom
- get admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_value }
+ get admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :success
assert(response_mapping_rules = JSON.parse(response.body)['mapping_rules'])
@@ -144,42 +144,42 @@ def setup
end
attr_reader :member, :access_token
- delegate :value, to: :access_token, prefix: true
+ delegate :plaintext_value, to: :access_token, prefix: true
test 'member with permission' do
member.admin_sections = %w[partners plans]
member.save!
- get admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_value }
+ get admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_plaintext_value }
assert_response :success
- put admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_value, **mapping_rule_params }
+ put admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_plaintext_value, **mapping_rule_params }
assert_response :success
- delete admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_value }
+ delete admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_plaintext_value }
assert_response :success
- post admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_value, **mapping_rule_params }
+ post admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_plaintext_value, **mapping_rule_params }
assert_response :success
- get admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_value }
+ get admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :success
end
test 'member without permission' do
- get admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_value }
+ get admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_plaintext_value }
assert_response :forbidden
- put admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_value, **mapping_rule_params }
+ put admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_plaintext_value, **mapping_rule_params }
assert_response :forbidden
- delete admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_value }
+ delete admin_api_backend_api_mapping_rule_path(backend_api, mapping_rule), params: { access_token: access_token_plaintext_value }
assert_response :forbidden
- post admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_value, **mapping_rule_params }
+ post admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_plaintext_value, **mapping_rule_params }
assert_response :forbidden
- get admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_value }
+ get admin_api_backend_api_mapping_rules_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :forbidden
end
end
diff --git a/test/integration/admin/api/backend_apis/metric_methods_controller_test.rb b/test/integration/admin/api/backend_apis/metric_methods_controller_test.rb
index 907d3db8f6..3aedaf55ec 100644
--- a/test/integration/admin/api/backend_apis/metric_methods_controller_test.rb
+++ b/test/integration/admin/api/backend_apis/metric_methods_controller_test.rb
@@ -22,14 +22,14 @@ def setup
end
attr_reader :access_token
- delegate :value, to: :access_token, prefix: true
+ delegate :plaintext_value, to: :access_token, prefix: true
test 'index' do
FactoryBot.create_list(:metric, 2, owner: backend_api, service_id: nil, parent: hits) # two more method metrics of the backend api
FactoryBot.create(:metric, owner: FactoryBot.create(:backend_api, account: provider), service_id: nil) # other backend api
FactoryBot.create(:metric, owner: FactoryBot.create(:service, account: provider)) # owned by service, not a backend api
- get admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_value }
+ get admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_plaintext_value }
assert_response :success
assert(response_metrics = JSON.parse(response.body)['methods'])
@@ -39,7 +39,7 @@ def setup
end
test 'show' do
- get admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_value }
+ get admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_plaintext_value }
assert_response :success
assert_equal method_metric.id, JSON.parse(response.body).dig('method', 'id')
@@ -47,7 +47,7 @@ def setup
test 'create' do
assert_difference(Metric.method(:count)) do
- post admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_value, friendly_name: 'my friendly name', unit: 'hit' }
+ post admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_plaintext_value, friendly_name: 'my friendly name', unit: 'hit' }
assert_response :created
end
method_metric = hits.children.find(JSON.parse(response.body).dig('method', 'id'))
@@ -57,13 +57,13 @@ def setup
end
test 'create with errors in the model' do
- post admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_value, friendly_name: '' }
+ post admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_plaintext_value, friendly_name: '' }
assert_response :unprocessable_entity
assert_contains JSON.parse(response.body).dig('errors', 'friendly_name'), 'can\'t be blank'
end
test 'update' do
- put admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_value, friendly_name: 'my friendly name', unit: 'hit' }
+ put admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_plaintext_value, friendly_name: 'my friendly name', unit: 'hit' }
assert_response :success
method_metric.reload
assert_equal 'my friendly name', method_metric.friendly_name
@@ -71,24 +71,24 @@ def setup
end
test 'update with errors in the model' do
- put admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_value, friendly_name: '' }
+ put admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_plaintext_value, friendly_name: '' }
assert_response :unprocessable_entity
assert_contains JSON.parse(response.body).dig('errors', 'friendly_name'), 'can\'t be blank'
end
test 'system_name can be created but not updated' do
- post admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_value, friendly_name: 'my friendly name', unit: 'hit', system_name: 'first-system-name' }
+ post admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_plaintext_value, friendly_name: 'my friendly name', unit: 'hit', system_name: 'first-system-name' }
method_metric = hits.children.find(JSON.parse(response.body).dig('method', 'id'))
assert_equal "first-system-name.#{backend_api.id}", method_metric.system_name
- put admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_value, friendly_name: 'my friendly name', unit: 'hit', system_name: 'edited' }
+ put admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_plaintext_value, friendly_name: 'my friendly name', unit: 'hit', system_name: 'edited' }
assert_equal "first-system-name.#{backend_api.id}", method_metric.reload.system_name
end
test 'destroy' do
method_metric = FactoryBot.create(:metric, owner: backend_api, service_id: nil, parent: hits)
assert_difference(Metric.method(:count), -1) do
- delete admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_value }
+ delete admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_plaintext_value }
assert_response :success
end
assert_raises(ActiveRecord::RecordNotFound) { method_metric.reload }
@@ -97,7 +97,7 @@ def setup
test 'index can be paginated' do
FactoryBot.create_list(:metric, 5, owner: backend_api, parent: hits, service_id: nil)
- get admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_value, per_page: 3, page: 2 }
+ get admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_plaintext_value, per_page: 3, page: 2 }
assert_response :success
response_ids = JSON.parse(response.body)['methods'].map { |response| response.dig('method', 'id') }
@@ -109,28 +109,28 @@ def setup
hits = backend_api.metrics.hits
method_metric = FactoryBot.create(:metric, owner: backend_api, service_id: nil, parent: hits)
- get admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_value }
+ get admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_plaintext_value }
assert_response :not_found
- delete admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_value }
+ delete admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_plaintext_value }
assert_response :not_found
- put admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_value, friendly_name: 'my friendly name', unit: 'hit' }
+ put admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_plaintext_value, friendly_name: 'my friendly name', unit: 'hit' }
assert_response :not_found
- post admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_value, friendly_name: 'my friendly name', unit: 'hit' }
+ post admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_plaintext_value, friendly_name: 'my friendly name', unit: 'hit' }
assert_response :not_found
- get admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_value }
+ get admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_plaintext_value }
assert_response :not_found
end
test 'when no params are sent, the error message is the same as in the other metrics endpoint' do
- post admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_value }
+ post admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_plaintext_value }
assert_response :unprocessable_entity
assert_contains JSON.parse(response.body).dig('errors', 'friendly_name'), 'can\'t be blank'
- put admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_value }
+ put admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_plaintext_value }
assert_response :success
end
end
@@ -145,42 +145,42 @@ def setup
end
attr_reader :member, :access_token
- delegate :value, to: :access_token, prefix: true
+ delegate :plaintext_value, to: :access_token, prefix: true
test 'member with permission' do
member.admin_sections = %w[partners plans]
member.save!
- get admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_value }
+ get admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_plaintext_value }
assert_response :success
- put admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_value, friendly_name: 'my friendly name', unit: 'hit' }
+ put admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_plaintext_value, friendly_name: 'my friendly name', unit: 'hit' }
assert_response :success
- delete admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_value }
+ delete admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_plaintext_value }
assert_response :success
- post admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_value, friendly_name: 'my friendly name', unit: 'hit' }
+ post admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_plaintext_value, friendly_name: 'my friendly name', unit: 'hit' }
assert_response :success
- get admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_value }
+ get admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_plaintext_value }
assert_response :success
end
test 'member without permission' do
- get admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_value }
+ get admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_plaintext_value }
assert_response :forbidden
- put admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_value, friendly_name: 'my friendly name', unit: 'hit' }
+ put admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_plaintext_value, friendly_name: 'my friendly name', unit: 'hit' }
assert_response :forbidden
- delete admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_value }
+ delete admin_api_backend_api_metric_method_path(backend_api, hits, method_metric), params: { access_token: access_token_plaintext_value }
assert_response :forbidden
- post admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_value, friendly_name: 'my friendly name', unit: 'hit' }
+ post admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_plaintext_value, friendly_name: 'my friendly name', unit: 'hit' }
assert_response :forbidden
- get admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_value }
+ get admin_api_backend_api_metric_methods_path(backend_api, hits), params: { access_token: access_token_plaintext_value }
assert_response :forbidden
end
end
diff --git a/test/integration/admin/api/backend_apis/metrics_controller_test.rb b/test/integration/admin/api/backend_apis/metrics_controller_test.rb
index 3ffe7285da..fbe793422e 100644
--- a/test/integration/admin/api/backend_apis/metrics_controller_test.rb
+++ b/test/integration/admin/api/backend_apis/metrics_controller_test.rb
@@ -21,14 +21,14 @@ def setup
end
attr_reader :access_token
- delegate :value, to: :access_token, prefix: true
+ delegate :plaintext_value, to: :access_token, prefix: true
test 'index' do
FactoryBot.create(:metric, owner: backend_api, parent: backend_api.metrics.hits, service_id: nil) # a method metric
FactoryBot.create(:metric, owner: FactoryBot.create(:backend_api, account: provider), service_id: nil) # other backend api
FactoryBot.create(:metric, owner: FactoryBot.create(:service, account: provider)) # owned by a service, not a backend api
- get admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_value }
+ get admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :success
assert(response_metrics = JSON.parse(response.body)['metrics'])
@@ -38,7 +38,7 @@ def setup
end
test 'show' do
- get admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_value }
+ get admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_plaintext_value }
assert_response :success
assert_equal metric.id, JSON.parse(response.body).dig('metric', 'id')
@@ -46,7 +46,7 @@ def setup
test 'create' do
assert_difference(Metric.method(:count)) do
- post admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_value, friendly_name: 'metric friendly name', unit: 'hit' }
+ post admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_plaintext_value, friendly_name: 'metric friendly name', unit: 'hit' }
assert_response :created
end
metric = backend_api.metrics.find(JSON.parse(response.body).dig('metric', 'id'))
@@ -56,13 +56,13 @@ def setup
end
test 'create with errors in the model' do
- post admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_value, friendly_name: '', unit: 'hit' }
+ post admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_plaintext_value, friendly_name: '', unit: 'hit' }
assert_response :unprocessable_entity
assert_contains JSON.parse(response.body).dig('errors', 'friendly_name'), 'can\'t be blank'
end
test 'update' do
- put admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_value, friendly_name: 'metric friendly name', unit: 'hit' }
+ put admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_plaintext_value, friendly_name: 'metric friendly name', unit: 'hit' }
assert_response :success
metric.reload
assert_equal 'metric friendly name', metric.friendly_name
@@ -71,22 +71,22 @@ def setup
test 'cannot update system_name' do
old_system_name = metric.system_name
- put admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_value, system_name: 'new_system_name' }
+ put admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_plaintext_value, system_name: 'new_system_name' }
assert_response :success
assert_equal old_system_name, metric.reload.system_name
end
test 'system_name can be created but not updated' do
- post admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_value, friendly_name: 'metric friendly name', unit: 'hit', system_name: 'first-system-name' }
+ post admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_plaintext_value, friendly_name: 'metric friendly name', unit: 'hit', system_name: 'first-system-name' }
metric = backend_api.metrics.find(JSON.parse(response.body).dig('metric', 'id'))
assert_equal "first-system-name.#{backend_api.id}", metric.attributes['system_name']
- put admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_value, friendly_name: 'metric friendly name', unit: 'hit', system_name: 'edited' }
+ put admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_plaintext_value, friendly_name: 'metric friendly name', unit: 'hit', system_name: 'edited' }
assert_equal "first-system-name.#{backend_api.id}", metric.reload.attributes['system_name']
end
test 'update with errors in the model' do
- put admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_value, friendly_name: '' }
+ put admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_plaintext_value, friendly_name: '' }
assert_response :unprocessable_entity
assert_contains JSON.parse(response.body).dig('errors', 'friendly_name'), 'can\'t be blank'
end
@@ -94,7 +94,7 @@ def setup
test 'destroy' do
metric = FactoryBot.create(:metric, owner: backend_api, service_id: nil)
assert_difference(Metric.method(:count), -1) do
- delete admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_value }
+ delete admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_plaintext_value }
assert_response :success
end
assert_raises(ActiveRecord::RecordNotFound) { metric.reload }
@@ -103,7 +103,7 @@ def setup
test 'index can be paginated' do
FactoryBot.create_list(:metric, 5, owner: backend_api, service_id: nil)
- get admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_value, per_page: 3, page: 2 }
+ get admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_plaintext_value, per_page: 3, page: 2 }
assert_response :success
response_ids = JSON.parse(response.body)['metrics'].map { |response| response.dig('metric', 'id') }
@@ -114,29 +114,29 @@ def setup
backend_api = FactoryBot.create(:backend_api, account: provider, state: :deleted)
metric = FactoryBot.create(:metric, owner: backend_api, service_id: nil)
- get admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_value }
+ get admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_plaintext_value }
assert_response :not_found
- delete admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_value }
+ delete admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_plaintext_value }
assert_response :not_found
- put admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_value, friendly_name: 'metric friendly name', unit: 'hit' }
+ put admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_plaintext_value, friendly_name: 'metric friendly name', unit: 'hit' }
assert_response :not_found
- post admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_value, friendly_name: 'metric friendly name', unit: 'hit' }
+ post admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_plaintext_value, friendly_name: 'metric friendly name', unit: 'hit' }
assert_response :not_found
- get admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_value }
+ get admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :not_found
end
test 'when no params are sent, the error message is the same as in the other metrics endpoint' do
- post admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_value }
+ post admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :unprocessable_entity
assert_contains JSON.parse(response.body).dig('errors', 'friendly_name'), 'can\'t be blank'
assert_contains JSON.parse(response.body).dig('errors', 'unit'), 'can\'t be blank'
- put admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_value }
+ put admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_plaintext_value }
assert_response :success
end
end
@@ -151,42 +151,42 @@ def setup
end
attr_reader :member, :access_token
- delegate :value, to: :access_token, prefix: true
+ delegate :plaintext_value, to: :access_token, prefix: true
test 'member with permission' do
member.admin_sections = %w[partners plans]
member.save!
- get admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_value }
+ get admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_plaintext_value }
assert_response :success
- put admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_value, friendly_name: 'metric friendly name', unit: 'hit' }
+ put admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_plaintext_value, friendly_name: 'metric friendly name', unit: 'hit' }
assert_response :success
- delete admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_value }
+ delete admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_plaintext_value }
assert_response :success
- post admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_value, friendly_name: 'metric friendly name', unit: 'hit' }
+ post admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_plaintext_value, friendly_name: 'metric friendly name', unit: 'hit' }
assert_response :success
- get admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_value }
+ get admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :success
end
test 'member without permission' do
- get admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_value }
+ get admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_plaintext_value }
assert_response :forbidden
- put admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_value, friendly_name: 'metric friendly name', unit: 'hit' }
+ put admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_plaintext_value, friendly_name: 'metric friendly name', unit: 'hit' }
assert_response :forbidden
- delete admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_value }
+ delete admin_api_backend_api_metric_path(backend_api, metric), params: { access_token: access_token_plaintext_value }
assert_response :forbidden
- post admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_value, friendly_name: 'metric friendly name', unit: 'hit' }
+ post admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_plaintext_value, friendly_name: 'metric friendly name', unit: 'hit' }
assert_response :forbidden
- get admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_value }
+ get admin_api_backend_api_metrics_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :forbidden
end
end
diff --git a/test/integration/admin/api/backend_apis_controller_test.rb b/test/integration/admin/api/backend_apis_controller_test.rb
index 7276775241..a4a3e331bb 100644
--- a/test/integration/admin/api/backend_apis_controller_test.rb
+++ b/test/integration/admin/api/backend_apis_controller_test.rb
@@ -13,7 +13,7 @@ def setup
test 'show' do
backend_api_configs = FactoryBot.create_list(:backend_api_config, 2, backend_api: backend_api)
- get admin_api_backend_api_path(backend_api), params: { access_token: access_token_value }
+ get admin_api_backend_api_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :success
backend_api_response = JSON.parse(response.body)
@@ -21,7 +21,7 @@ def setup
end
test 'destroy' do
- delete admin_api_backend_api_path(backend_api), params: { access_token: access_token_value }
+ delete admin_api_backend_api_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :success
assert backend_api.reload.deleted?
end
@@ -29,27 +29,27 @@ def setup
test 'destroy with errors' do
provider.default_service.backend_api_configs.create!(backend_api: backend_api, path: 'whatever')
- delete admin_api_backend_api_path(backend_api), params: { access_token: access_token_value }
+ delete admin_api_backend_api_path(backend_api), params: { access_token: access_token_plaintext_value }
refute backend_api.reload.deleted?
assert_contains JSON.parse(response.body).dig('errors', 'base'), 'cannot be deleted because it is used by at least one Product'
end
test 'update' do
- put admin_api_backend_api_path(backend_api), params: { access_token: access_token_value, **permitted_params.merge(forbidden_params) }
+ put admin_api_backend_api_path(backend_api), params: { access_token: access_token_plaintext_value, **permitted_params.merge(forbidden_params) }
assert_response :success
backend_api.reload
assert_persists_right_params
end
test 'update with errors in the model' do
- put admin_api_backend_api_path(backend_api), params: { access_token: access_token_value, private_endpoint: '' }
+ put admin_api_backend_api_path(backend_api), params: { access_token: access_token_plaintext_value, private_endpoint: '' }
assert_response :unprocessable_entity
assert_contains JSON.parse(response.body).dig('errors', 'private_endpoint'), 'can\'t be blank'
end
test 'create' do
assert_difference(BackendApi.method(:count)) do
- post admin_api_backend_apis_path, params: { access_token: access_token_value, **permitted_params.merge(forbidden_params) }
+ post admin_api_backend_apis_path, params: { access_token: access_token_plaintext_value, **permitted_params.merge(forbidden_params) }
assert_response :created
end
assert(@backend_api = provider.backend_apis.find_by(id: JSON.parse(response.body).dig('backend_api', 'id')))
@@ -57,7 +57,7 @@ def setup
end
test 'create with errors in the model' do
- post admin_api_backend_apis_path, params: { access_token: access_token_value, private_endpoint: '' }
+ post admin_api_backend_apis_path, params: { access_token: access_token_plaintext_value, private_endpoint: '' }
assert_response :unprocessable_entity
assert_contains JSON.parse(response.body).dig('errors', 'private_endpoint'), 'can\'t be blank'
end
@@ -65,7 +65,7 @@ def setup
test 'index' do
FactoryBot.create_list(:backend_api, 2, account: provider)
FactoryBot.create(:backend_api) # belonging to another provider
- get admin_api_backend_apis_path, params: { access_token: access_token_value }
+ get admin_api_backend_apis_path, params: { access_token: access_token_plaintext_value }
assert_response :success
assert(response_collection_backend_apis = JSON.parse(response.body)['backend_apis'])
assert_equal provider.backend_apis.count, response_collection_backend_apis.length
@@ -77,34 +77,34 @@ def setup
test 'index can be paginated' do
FactoryBot.create_list(:backend_api, 5, account: provider)
provider.backend_apis.each_with_index { |backend_api, index| backend_api.update_column(:created_at, Date.today - index.days) }
- get admin_api_backend_apis_path, params: { access_token: access_token_value, per_page: 3, page: 2 }
+ get admin_api_backend_apis_path, params: { access_token: access_token_plaintext_value, per_page: 3, page: 2 }
assert_response :success
response_backend_api_ids = JSON.parse(response.body)['backend_apis'].map { |response_backend_api| response_backend_api.dig('backend_api', 'id') }
assert_equal provider.backend_apis.oldest_first.offset(3).limit(3).select(:id).map(&:id), response_backend_api_ids
end
test 'system_name can be created but not updated' do
- post admin_api_backend_apis_path, params: permitted_params.merge(system_name: 'first-system-name', access_token: access_token_value)
+ post admin_api_backend_apis_path, params: permitted_params.merge(system_name: 'first-system-name', access_token: access_token_plaintext_value)
backend_api = provider.backend_apis.last!
assert_equal 'first-system-name', backend_api.system_name
- put admin_api_backend_api_path(backend_api), params: permitted_params.merge(forbidden_params).merge(system_name: 'updated-system-name', access_token: access_token_value)
+ put admin_api_backend_api_path(backend_api), params: permitted_params.merge(forbidden_params).merge(system_name: 'updated-system-name', access_token: access_token_plaintext_value)
assert_equal 'first-system-name', backend_api.reload.system_name
end
test 'backend api marked as deleted cannot be found' do
backend_api.mark_as_deleted!
- get admin_api_backend_api_path(backend_api), params: { access_token: access_token_value }
+ get admin_api_backend_api_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :not_found
- delete admin_api_backend_api_path(backend_api), params: { access_token: access_token_value }
+ delete admin_api_backend_api_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :not_found
- put admin_api_backend_api_path(backend_api), params: { access_token: access_token_value, **permitted_params }
+ put admin_api_backend_api_path(backend_api), params: { access_token: access_token_plaintext_value, **permitted_params }
assert_response :not_found
- get admin_api_backend_apis_path, params: { access_token: access_token_value }
+ get admin_api_backend_apis_path, params: { access_token: access_token_plaintext_value }
assert_response :success
response_backend_api_ids = JSON.parse(response.body)['backend_apis'].map { |response_backend_api| response_backend_api.dig('backend_api', 'id') }
assert_not_includes response_backend_api_ids, backend_api.id
@@ -121,42 +121,42 @@ def setup
end
attr_reader :provider, :backend_api, :member, :access_token
- delegate :value, to: :access_token, prefix: true
+ delegate :plaintext_value, to: :access_token, prefix: true
test 'member with permission' do
member.admin_sections = %w[partners plans]
member.save!
- get admin_api_backend_api_path(backend_api), params: { access_token: access_token_value }
+ get admin_api_backend_api_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :success
- delete admin_api_backend_api_path(backend_api), params: { access_token: access_token_value }
+ delete admin_api_backend_api_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :forbidden
- put admin_api_backend_api_path(backend_api), params: { access_token: access_token_value, **backend_api_params }
+ put admin_api_backend_api_path(backend_api), params: { access_token: access_token_plaintext_value, **backend_api_params }
assert_response :success
- post admin_api_backend_apis_path, params: {access_token: access_token_value, **backend_api_params }
+ post admin_api_backend_apis_path, params: {access_token: access_token_plaintext_value, **backend_api_params }
assert_response :forbidden
- get admin_api_backend_apis_path, params: { access_token: access_token_value }
+ get admin_api_backend_apis_path, params: { access_token: access_token_plaintext_value }
assert_response :success
end
test 'member without permission' do
- get admin_api_backend_api_path(backend_api), params: { access_token: access_token_value }
+ get admin_api_backend_api_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :forbidden
- delete admin_api_backend_api_path(backend_api), params: { access_token: access_token_value }
+ delete admin_api_backend_api_path(backend_api), params: { access_token: access_token_plaintext_value }
assert_response :forbidden
- put admin_api_backend_api_path(backend_api), params: { access_token: access_token_value, **backend_api_params }
+ put admin_api_backend_api_path(backend_api), params: { access_token: access_token_plaintext_value, **backend_api_params }
assert_response :forbidden
- post admin_api_backend_apis_path, params: { access_token: access_token_value, **backend_api_params }
+ post admin_api_backend_apis_path, params: { access_token: access_token_plaintext_value, **backend_api_params }
assert_response :forbidden
- get admin_api_backend_apis_path, params: { access_token: access_token_value }
+ get admin_api_backend_apis_path, params: { access_token: access_token_plaintext_value }
assert_response :forbidden
end
@@ -173,12 +173,12 @@ def backend_api_params
private
- def access_token_value
- @access_token_value ||= create_access_token_value(@provider.admin_users.first!)
+ def access_token_plaintext_value
+ @access_token_plaintext_value ||= create_access_token_plaintext_value(@provider.admin_users.first!)
end
- def create_access_token_value(user)
- FactoryBot.create(:access_token, owner: user, scopes: %w[account_management], permission: 'rw').value
+ def create_access_token_plaintext_value(user)
+ FactoryBot.create(:access_token, owner: user, scopes: %w[account_management], permission: 'rw').plaintext_value
end
def backend_api
diff --git a/test/integration/admin/api/buyers_applications_controller_test.rb b/test/integration/admin/api/buyers_applications_controller_test.rb
index 6870b1e6bf..c033d90e50 100644
--- a/test/integration/admin/api/buyers_applications_controller_test.rb
+++ b/test/integration/admin/api/buyers_applications_controller_test.rb
@@ -9,7 +9,7 @@ def setup
@service = FactoryBot.create(:service, account: provider)
@plan = FactoryBot.create(:application_plan, issuer: @service)
@buyer = FactoryBot.create(:buyer_account, provider_account: provider)
- @token = FactoryBot.create(:access_token, owner: provider.admin_users.first!, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: provider.admin_users.first!, scopes: %w[account_management]).plaintext_value
host! provider.external_admin_domain
end
@@ -100,7 +100,7 @@ class ChangePlanTest < ActionDispatch::IntegrationTest
private
def request_plan_change(new_plan = create_new_plan_same_service)
- params = { access_token: @access_token.value, plan_id: new_plan.id }
+ params = { access_token: @access_token.plaintext_value, plan_id: new_plan.id }
put change_plan_admin_api_account_application_path(account_id: @buyer.id, id: @application.id, format: :xml), params: params
end
diff --git a/test/integration/admin/api/buyers_users_controller_test.rb b/test/integration/admin/api/buyers_users_controller_test.rb
index ce08f5355f..c645e08869 100644
--- a/test/integration/admin/api/buyers_users_controller_test.rb
+++ b/test/integration/admin/api/buyers_users_controller_test.rb
@@ -38,6 +38,6 @@ def params
end
def token_value
- @token_value ||= FactoryBot.create(:access_token, owner: provider.admin_user, scopes: 'account_management', permission: 'rw').value
+ @token_value ||= FactoryBot.create(:access_token, owner: provider.admin_user, scopes: 'account_management', permission: 'rw').plaintext_value
end
end
diff --git a/test/integration/admin/api/member_permissions_controller_test.rb b/test/integration/admin/api/member_permissions_controller_test.rb
index 462ea1bf13..7c08dd4003 100644
--- a/test/integration/admin/api/member_permissions_controller_test.rb
+++ b/test/integration/admin/api/member_permissions_controller_test.rb
@@ -11,7 +11,7 @@ class Admin::Api::MemberPermissionsControllerTest < ActionDispatch::IntegrationT
@service2_id = service_ids.last
@nonexistent_id = service_ids.max + 1
@user = FactoryBot.create(:active_user, account: provider)
- @token = FactoryBot.create(:access_token, owner: provider.admin_users.first!, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: provider.admin_users.first!, scopes: %w[account_management]).plaintext_value
host! provider.external_admin_domain
end
@@ -130,7 +130,7 @@ class Admin::Api::MemberPermissionsControllerTest < ActionDispatch::IntegrationT
test "member user can't update his own permissions" do
user.update_attribute :role, 'member'
- token = FactoryBot.create(:access_token, owner: user, scopes: %w[account_management]).value
+ token = FactoryBot.create(:access_token, owner: user, scopes: %w[account_management]).plaintext_value
# allowed_sections%5B%5D=settings&allowed_service_ids%5B%5D
params = { allowed_sections: ['settings'], allowed_service_ids: '', access_token: token }
diff --git a/test/integration/admin/api/metric_methods_controller_test.rb b/test/integration/admin/api/metric_methods_controller_test.rb
index ef6736236b..c3f2faa8aa 100644
--- a/test/integration/admin/api/metric_methods_controller_test.rb
+++ b/test/integration/admin/api/metric_methods_controller_test.rb
@@ -9,7 +9,7 @@ def setup
@service = FactoryBot.create(:service, account: provider)
@metric = @service.metrics.first
@method_metric = FactoryBot.create(:metric, owner: @service, parent_id: @metric.id, friendly_name: 'my method')
- @access_token_value = FactoryBot.create(:access_token, owner: provider.admin_users.first!, scopes: %w[account_management], permission: 'rw').value
+ @access_token_value = FactoryBot.create(:access_token, owner: provider.admin_users.first!, scopes: %w[account_management], permission: 'rw').plaintext_value
host! provider.external_admin_domain
end
diff --git a/test/integration/admin/api/objects_controller_test.rb b/test/integration/admin/api/objects_controller_test.rb
index 22da176e20..6a8a3e58eb 100644
--- a/test/integration/admin/api/objects_controller_test.rb
+++ b/test/integration/admin/api/objects_controller_test.rb
@@ -6,7 +6,7 @@ def setup
@provider = FactoryBot.create(:provider_account)
@service = @provider.default_service
@access_token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management])
- @token = @access_token.value
+ @token = @access_token.plaintext_value
host! @provider.external_admin_domain
end
diff --git a/test/integration/admin/api/personal/notification_preferences_controller_test.rb b/test/integration/admin/api/personal/notification_preferences_controller_test.rb
index 10bc47e271..26eb8413c4 100644
--- a/test/integration/admin/api/personal/notification_preferences_controller_test.rb
+++ b/test/integration/admin/api/personal/notification_preferences_controller_test.rb
@@ -6,7 +6,7 @@ class Admin::Api::Personal::NotificationPreferencesControllerTest < ActionDispat
def setup
provider = FactoryBot.create(:provider_account)
@user = provider.admin_users.first!
- @token = FactoryBot.create(:access_token, owner: @user, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: @user, scopes: %w[account_management]).plaintext_value
host! provider.external_admin_domain
end
diff --git a/test/integration/admin/api/registry/policies_controller_test.rb b/test/integration/admin/api/registry/policies_controller_test.rb
index d33512b4f5..d4318a78ea 100644
--- a/test/integration/admin/api/registry/policies_controller_test.rb
+++ b/test/integration/admin/api/registry/policies_controller_test.rb
@@ -32,7 +32,7 @@ def setup
end
test 'POST create returns forbidden when wrong scope' do
- token_admin_with_wrong_scope = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).value
+ token_admin_with_wrong_scope = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).plaintext_value
assert_no_difference(Policy.method(:count)) do
post admin_api_registry_policies_path(policy_params(token_admin_with_wrong_scope))
end
@@ -42,7 +42,7 @@ def setup
test 'POST create returns forbidden when no permission' do
member_user = FactoryBot.create(:member, account: @provider)
- token_member_with_right_scope_but_no_permission = FactoryBot.create(:access_token, owner: member_user, scopes: %w[policy_registry]).value
+ token_member_with_right_scope_but_no_permission = FactoryBot.create(:access_token, owner: member_user, scopes: %w[policy_registry]).plaintext_value
assert_no_difference(Policy.method(:count)) do
post admin_api_registry_policies_path(policy_params(token_member_with_right_scope_but_no_permission))
end
@@ -53,7 +53,7 @@ def setup
member_user = FactoryBot.create(:member, account: @provider)
member_user.member_permissions.create!(admin_section: :partners) # not policy_registry
- token_member_with_wrong_scope = FactoryBot.create(:access_token, owner: member_user, scopes: %w[account_management]).value
+ token_member_with_wrong_scope = FactoryBot.create(:access_token, owner: member_user, scopes: %w[account_management]).plaintext_value
assert_no_difference(Policy.method(:count)) do
post admin_api_registry_policies_path(policy_params(token_member_with_wrong_scope))
end
@@ -64,7 +64,7 @@ def setup
member_user = FactoryBot.create(:member, account: @provider)
member_user.member_permissions.create!(admin_section: :policy_registry)
- token_member_with_right_scope = FactoryBot.create(:access_token, owner: member_user, scopes: %w[policy_registry]).value
+ token_member_with_right_scope = FactoryBot.create(:access_token, owner: member_user, scopes: %w[policy_registry]).plaintext_value
assert_difference(@provider.policies.method(:count), 1) do
post admin_api_registry_policies_path(policy_params(token_member_with_right_scope))
end
@@ -81,7 +81,7 @@ def setup
test 'POST create disabled for master' do
host! master_account.internal_admin_domain
- access_token = FactoryBot.create(:access_token, owner: master_account.admin_users.first!, scopes: %w[policy_registry], permission: 'rw').value
+ access_token = FactoryBot.create(:access_token, owner: master_account.admin_users.first!, scopes: %w[policy_registry], permission: 'rw').plaintext_value
assert_no_difference(Policy.method(:count)) do
post admin_api_registry_policies_path(policy_params(access_token))
end
@@ -90,7 +90,7 @@ def setup
test 'GET show returns the policy' do
policy = FactoryBot.create(:policy, account: @provider)
- get admin_api_registry_policy_path(policy, access_token: @access_token.value)
+ get admin_api_registry_policy_path(policy, access_token: @access_token.plaintext_value)
assert_response :success
json = JSON.parse(response.body)['policy']
assert_equal policy.id, json['id']
@@ -98,14 +98,14 @@ def setup
test 'GET show finds the policy when name-version is passed as id' do
policy = FactoryBot.create(:policy, account: @provider, name: 'my_policy', version: '1.0')
- get admin_api_registry_policy_path('my_policy-1.0', access_token: @access_token.value)
+ get admin_api_registry_policy_path('my_policy-1.0', access_token: @access_token.plaintext_value)
assert_response :success
json = JSON.parse(response.body)['policy']
assert_equal policy.id, json['id']
end
test 'GET show returns not found when policy does not exist' do
- get admin_api_registry_policy_path(id: 'inexistent-policy', access_token: @access_token.value)
+ get admin_api_registry_policy_path(id: 'inexistent-policy', access_token: @access_token.plaintext_value)
assert_response :not_found
end
@@ -113,13 +113,13 @@ def setup
policy = FactoryBot.create(:policy, account: @provider, name: 'my-policy', version: '1.0')
assert_raises(ActionController::UrlGenerationError) do
- get admin_api_registry_policy_path('my-policy-1.0.json', access_token: @access_token.value)
+ get admin_api_registry_policy_path('my-policy-1.0.json', access_token: @access_token.plaintext_value)
end
end
test 'GET index returns the policies' do
FactoryBot.create_list(:policy, 3, account: @provider)
- get admin_api_registry_policies_path(access_token: @access_token.value)
+ get admin_api_registry_policies_path(access_token: @access_token.plaintext_value)
assert_response :success
expected_policy_ids = @provider.policies.pluck(:id)
assert_same_elements expected_policy_ids, JSON.parse(response.body)['policies'].map { |policy| policy.dig('policy', 'id') }
@@ -129,7 +129,7 @@ def setup
policy = FactoryBot.create(:policy, account: @provider, version: '1.0')
new_schema = JSON.parse(file_fixture('policies/apicast-policy.json').read).merge('description': 'New description')
new_schema['version'] = '1.0'
- put admin_api_registry_policy_path(policy, policy: { schema: new_schema.to_json }, access_token: @access_token.value)
+ put admin_api_registry_policy_path(policy, policy: { schema: new_schema.to_json }, access_token: @access_token.plaintext_value)
assert_response :success
assert_equal 'New description', policy.reload.schema['description']
end
@@ -138,19 +138,19 @@ def setup
policy = FactoryBot.create(:policy, account: @provider, name: 'my_policy', version: '1.0')
new_schema = JSON.parse(file_fixture('policies/apicast-policy.json').read).merge('description': 'New description')
new_schema['version'] = '1.0'
- put admin_api_registry_policy_path('my_policy-1.0', policy: { schema: new_schema.to_json }, access_token: @access_token.value)
+ put admin_api_registry_policy_path('my_policy-1.0', policy: { schema: new_schema.to_json }, access_token: @access_token.plaintext_value)
assert_response :success
assert_equal 'New description', policy.reload.schema['description']
end
test 'PUT update returns not found when policy does not exist' do
- put admin_api_registry_policy_path(id: 'inexistent-policy', policy: { version: '1.1' }, access_token: @access_token.value)
+ put admin_api_registry_policy_path(id: 'inexistent-policy', policy: { version: '1.1' }, access_token: @access_token.plaintext_value)
assert_response :not_found
end
test 'DELETE destroy deletes the policy' do
policy = FactoryBot.create(:policy, account: @provider)
- delete admin_api_registry_policy_path(policy, access_token: @access_token.value)
+ delete admin_api_registry_policy_path(policy, access_token: @access_token.plaintext_value)
assert_response :success
assert_empty response.body
end
@@ -242,11 +242,11 @@ def setup
private
def try_update_policy(policy_params)
- put admin_api_registry_policy_path(policy, policy: policy_params, access_token: access_token.value)
+ put admin_api_registry_policy_path(policy, policy: policy_params, access_token: access_token.plaintext_value)
end
def try_delete_policy
- delete admin_api_registry_policy_path(policy, access_token: access_token.value)
+ delete admin_api_registry_policy_path(policy, access_token: access_token.plaintext_value)
end
def add_policy_config_to(proxy, policy: self.policy)
@@ -261,7 +261,7 @@ def clear_policy_config_from(proxy)
end
end
- def policy_params(token = @access_token.value)
+ def policy_params(token = @access_token.plaintext_value)
@policy_attributes ||= FactoryBot.build(:policy).attributes.symbolize_keys.slice(:name, :version, :schema)
{ policy: @policy_attributes, access_token: token }
end
diff --git a/test/integration/admin/api/service_plans_controller_test.rb b/test/integration/admin/api/service_plans_controller_test.rb
index cf4ccaabed..2bb71587de 100644
--- a/test/integration/admin/api/service_plans_controller_test.rb
+++ b/test/integration/admin/api/service_plans_controller_test.rb
@@ -14,7 +14,7 @@ class Admin::Api::ServicePlansControllerTest < ActionDispatch::IntegrationTest
class ProviderAdminTest < self
setup do
- @token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).plaintext_value
host! @provider.external_admin_domain
end
diff --git a/test/integration/admin/api/services/backend_usages_controller_test.rb b/test/integration/admin/api/services/backend_usages_controller_test.rb
index d48faa92d7..75b6d9a073 100644
--- a/test/integration/admin/api/services/backend_usages_controller_test.rb
+++ b/test/integration/admin/api/services/backend_usages_controller_test.rb
@@ -18,7 +18,7 @@ def setup
end
attr_reader :access_token
- delegate :value, to: :access_token, prefix: true
+ delegate :plaintext_value, to: :access_token, prefix: true
test 'create' do
assert_difference(service.backend_api_configs.method(:count)) do
@@ -159,7 +159,7 @@ def setup
end
attr_reader :member, :access_token
- delegate :value, to: :access_token, prefix: true
+ delegate :plaintext_value, to: :access_token, prefix: true
test 'with permission to all services' do
get admin_api_service_backend_usages_path(collection_params)
@@ -237,7 +237,7 @@ def backend_api
end
def collection_params(other_params = {})
- { service_id: service.id, access_token: access_token_value }.merge(other_params)
+ { service_id: service.id, access_token: access_token_plaintext_value }.merge(other_params)
end
def resource_params(other_params = {})
diff --git a/test/integration/admin/api/services/proxies_controller_test.rb b/test/integration/admin/api/services/proxies_controller_test.rb
index 2543a3932f..47fffc6482 100644
--- a/test/integration/admin/api/services/proxies_controller_test.rb
+++ b/test/integration/admin/api/services/proxies_controller_test.rb
@@ -14,11 +14,11 @@ def setup
attr_reader :service, :token
def test_show
- get admin_api_service_proxy_path(service_id: service.id, format: :xml, access_token: token.value)
+ get admin_api_service_proxy_path(service_id: service.id, format: :xml, access_token: token.plaintext_value)
assert_response :success
xml = Hash.from_xml(response.body).fetch('proxy').except('created_at', 'updated_at')
- get admin_api_service_proxy_path(service_id: service.id, format: :json, access_token: token.value)
+ get admin_api_service_proxy_path(service_id: service.id, format: :json, access_token: token.plaintext_value)
assert_response :success
json = JSON.parse(response.body).fetch('proxy').except('created_at', 'updated_at')
@@ -29,7 +29,7 @@ def test_show
end
def test_update
- put admin_api_service_proxy_path(service_id: service.id, format: :xml, access_token: token.value), params: { proxy: { credentials_location: 'headers' } }
+ put admin_api_service_proxy_path(service_id: service.id, format: :xml, access_token: token.plaintext_value), params: { proxy: { credentials_location: 'headers' } }
assert_response :success
diff --git a/test/integration/admin/api/services/proxy/policies_controller_test.rb b/test/integration/admin/api/services/proxy/policies_controller_test.rb
index c430d22b07..04612c8705 100644
--- a/test/integration/admin/api/services/proxy/policies_controller_test.rb
+++ b/test/integration/admin/api/services/proxy/policies_controller_test.rb
@@ -8,13 +8,13 @@ def setup
@provider = FactoryBot.create(:provider_account)
@service = @provider.default_service
host! @provider.external_admin_domain
- @access_token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).value
+ @access_token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).plaintext_value
end
class PolicyRegistryAccessTokenScopeTest < PoliciesControllerTest
def setup
super
- @access_token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[policy_registry]).value
+ @access_token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[policy_registry]).plaintext_value
end
end
diff --git a/test/integration/admin/api/services_controller_test.rb b/test/integration/admin/api/services_controller_test.rb
index c192c0e912..9211bb7d6b 100644
--- a/test/integration/admin/api/services_controller_test.rb
+++ b/test/integration/admin/api/services_controller_test.rb
@@ -5,7 +5,7 @@
class Admin::Api::ServicesControllerTest < ActionDispatch::IntegrationTest
class MasterHostTest < Admin::Api::ServicesControllerTest
setup do
- @token = FactoryBot.create(:access_token, owner: master_account.admin_users.first!, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: master_account.admin_users.first!, scopes: %w[account_management]).plaintext_value
host! master_account.internal_admin_domain
end
@@ -125,7 +125,7 @@ class TenantHostTest < ActionDispatch::IntegrationTest
test 'a member user cannot create a service' do
member = FactoryBot.create(:member, account: provider)
- member_access_token_value = FactoryBot.create(:access_token, owner: member, scopes: %w[account_management], permission: 'rw').value
+ member_access_token_value = FactoryBot.create(:access_token, owner: member, scopes: %w[account_management], permission: 'rw').plaintext_value
assert_no_difference(provider_services.method(:count)) do
post admin_api_services_path(access_token: member_access_token_value, format: :json), params: permitted_params
@@ -243,7 +243,7 @@ def forbidden_params
end
def access_token_value
- @access_token_value ||= FactoryBot.create(:access_token, owner: provider.admin_users.first!, scopes: %w[account_management], permission: 'rw').value
+ @access_token_value ||= FactoryBot.create(:access_token, owner: provider.admin_users.first!, scopes: %w[account_management], permission: 'rw').plaintext_value
end
def provider_services
diff --git a/test/integration/admin/api/settings_controller_test.rb b/test/integration/admin/api/settings_controller_test.rb
index a2811bf48f..def0ad8e9a 100644
--- a/test/integration/admin/api/settings_controller_test.rb
+++ b/test/integration/admin/api/settings_controller_test.rb
@@ -6,7 +6,7 @@ class Admin::Api::SettingsControllerTest < ActionDispatch::IntegrationTest
def setup
provider = FactoryBot.create(:provider_account)
host! provider.external_admin_domain
- @token = FactoryBot.create(:access_token, owner: provider.admin_user, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: provider.admin_user, scopes: %w[account_management]).plaintext_value
@settings = provider.settings
end
diff --git a/test/integration/admin/api/signups_controller_test.rb b/test/integration/admin/api/signups_controller_test.rb
index 5d8fb06c28..1c62c6d05b 100644
--- a/test/integration/admin/api/signups_controller_test.rb
+++ b/test/integration/admin/api/signups_controller_test.rb
@@ -21,7 +21,7 @@ class WebHooksTest < Admin::Api::SignupsControllerTest
assert_difference(WebHookWorker.jobs.method(:size)) do
post admin_api_signup_path, params: {
format: :json,
- access_token: token.value,
+ access_token: token.plaintext_value,
org_name: 'company',
username: 'person'
}
diff --git a/test/integration/api/access_tokens_test.rb b/test/integration/api/access_tokens_test.rb
index cfd026268f..8daa33b079 100644
--- a/test/integration/api/access_tokens_test.rb
+++ b/test/integration/api/access_tokens_test.rb
@@ -17,14 +17,14 @@ def setup
user_id = @admin.id
assert_difference(AccessToken.method(:count), 1) do
- post_request(user_id, {access_token: access_token.value})
+ post_request(user_id, {access_token: access_token.plaintext_value})
assert_response :created, "Not created with response body #{response.body}"
end
assert_token_values(user_id)
assert_no_difference(AccessToken.method(:count)) do
- post_request(@member.id, {access_token: access_token.value})
+ post_request(@member.id, {access_token: access_token.plaintext_value})
assert_response :forbidden, "Not forbidden with response body #{response.body}"
end
end
@@ -34,7 +34,7 @@ def setup
user_id = @admin.id
assert_difference(AccessToken.method(:count), 1) do
- post_request(user_id, {access_token: access_token.value}, {value: 'foobar'})
+ post_request(user_id, {access_token: access_token.plaintext_value}, {value: 'foobar'})
assert_response :created, "Not created with response body #{response.body}"
end
assert_not_equal 'foobar', AccessToken.last!.value
@@ -44,7 +44,7 @@ def setup
access_token = FactoryBot.create(:access_token, owner: @admin, scopes: %w[account_management])
assert_no_difference(AccessToken.method(:count)) do
- post_request(@admin.id, {access_token: access_token.value}, {scopes: ['wrong']})
+ post_request(@admin.id, {access_token: access_token.plaintext_value}, {scopes: ['wrong']})
assert_response :unprocessable_entity, "Not created with response body #{response.body}"
assert_equal ['invalid'], JSON.parse(response.body).dig('errors', 'scopes')
end
@@ -56,7 +56,7 @@ def setup
user_id = @admin.id
expires_at = 1.day.from_now.utc.iso8601
assert_difference(AccessToken.method(:count), 1) do
- post_request(user_id, {access_token: access_token.value}, { expires_at: })
+ post_request(user_id, {access_token: access_token.plaintext_value}, { expires_at: })
assert_response :created, "Not created with response body #{response.body}"
end
assert_equal expires_at, AccessToken.last!.expires_at.iso8601
diff --git a/test/integration/api/personal/access_tokens_test.rb b/test/integration/api/personal/access_tokens_test.rb
index 9729d5beea..94b3c2a252 100644
--- a/test/integration/api/personal/access_tokens_test.rb
+++ b/test/integration/api/personal/access_tokens_test.rb
@@ -14,7 +14,7 @@ def setup
class ActionsOnAnAccessToken < Admin::Api::Personal::AccessTokensTest
test 'using a non-existent ID or value responds with not_found' do
- perform_request(id: 'wrong', access_token: admin_access_token.value)
+ perform_request(id: 'wrong', access_token: admin_access_token.plaintext_value)
assert_response :not_found
end
@@ -22,20 +22,20 @@ class ActionsOnAnAccessToken < Admin::Api::Personal::AccessTokensTest
another_admin = FactoryBot.create(:admin, account: provider, admin_sections: [:partners])
another_admins_token = FactoryBot.create(:access_token, scopes: %w[account_management], owner: another_admin)
- perform_request(id: admin_access_token.id, access_token: another_admins_token.value)
+ perform_request(id: admin_access_token.id, access_token: another_admins_token.plaintext_value)
assert_response :not_found
- perform_request(id: admin_access_token.value, access_token: another_admins_token.value)
+ perform_request(id: admin_access_token.id, access_token: another_admins_token.plaintext_value)
assert_response :not_found
end
test 'using the token ID works well' do
- perform_request(id: admin_access_token.id, access_token: admin_access_token.value)
+ perform_request(id: admin_access_token.id, access_token: admin_access_token.plaintext_value)
assert_it_worked
end
test 'using the token value works well' do
- perform_request(id: admin_access_token.value, access_token: admin_access_token.value)
+ perform_request(id: admin_access_token.plaintext_value, access_token: admin_access_token.plaintext_value)
assert_it_worked
end
@@ -72,7 +72,7 @@ def delete_access_token(id:, **query_params)
class Admin::Api::Personal::CreateAccessTokenTest < Admin::Api::Personal::AccessTokensTest
test 'POST creates an access token for the admin user of the access token' do
assert_difference admin.access_tokens.method(:count) do
- create_access_token(access_token: admin_access_token.value, params: access_token_params)
+ create_access_token(access_token: admin_access_token.plaintext_value, params: access_token_params)
assert_response :created
assert JSON.parse(response.body).dig('access_token', 'value')
end
@@ -81,7 +81,7 @@ class Admin::Api::Personal::CreateAccessTokenTest < Admin::Api::Personal::Access
test 'POST does not accept a custom value' do
value = 'foobar'
assert_difference @admin.access_tokens.method(:count) do
- create_access_token(access_token: admin_access_token.value, params: access_token_params({ value: value }))
+ create_access_token(access_token: admin_access_token.plaintext_value, params: access_token_params({ value: value }))
assert_response :created
assert_not_equal value, JSON.parse(response.body).dig('access_token', 'value')
end
@@ -89,7 +89,7 @@ class Admin::Api::Personal::CreateAccessTokenTest < Admin::Api::Personal::Access
test 'POST does not accept a wrong scope' do
assert_no_difference(AccessToken.method(:count)) do
- create_access_token(access_token: admin_access_token.value, params: access_token_params({ scopes: %w[wrong] }))
+ create_access_token(access_token: admin_access_token.plaintext_value, params: access_token_params({ scopes: %w[wrong] }))
assert_response :unprocessable_entity
assert_equal ['invalid'], JSON.parse(response.body).dig('errors', 'scopes')
end
@@ -98,7 +98,7 @@ class Admin::Api::Personal::CreateAccessTokenTest < Admin::Api::Personal::Access
test 'POST accepts an expiration time' do
expires_at = 1.day.from_now.utc.iso8601
assert_difference @admin.access_tokens.method(:count) do
- create_access_token(access_token: admin_access_token.value, params: access_token_params({ expires_at: }))
+ create_access_token(access_token: admin_access_token.plaintext_value, params: access_token_params({ expires_at: }))
assert_response :created
assert_equal expires_at, JSON.parse(response.body).dig('access_token', 'expires_at')
end
@@ -152,7 +152,7 @@ class Admin::Api::Personal::IndexAccessTokenTest < Admin::Api::Personal::AccessT
end
def get_access_tokens(**query_params)
- get admin_api_personal_access_tokens_path(access_token: admin_access_token.value, **query_params)
+ get admin_api_personal_access_tokens_path(access_token: admin_access_token.plaintext_value, **query_params)
end
alias perform_request get_access_tokens
@@ -182,7 +182,7 @@ def assert_it_worked(_access_token = nil)
unauthorized_access_token = FactoryBot.create(:access_token, owner: unauthorized_member, scopes: %w[account_management])
assert_no_difference(AccessToken.method(:count)) do
- perform_request(id: 'any', access_token: unauthorized_access_token.value)
+ perform_request(id: 'any', access_token: unauthorized_access_token.plaintext_value)
assert_response :forbidden
end
end
@@ -202,7 +202,7 @@ def assert_it_worked(_access_token = nil)
authorized_member_access_token = FactoryBot.create(:access_token, owner: authorized_member, scopes: %w[account_management])
access_token = FactoryBot.create(:access_token, owner: authorized_member)
- perform_request(id: access_token.id, access_token: authorized_member_access_token.value)
+ perform_request(id: access_token.id, access_token: authorized_member_access_token.plaintext_value)
assert_it_worked(access_token)
end
diff --git a/test/integration/api/sso_tokens_controller_test.rb b/test/integration/api/sso_tokens_controller_test.rb
index e42a64bd5a..e2f2f0bdac 100644
--- a/test/integration/api/sso_tokens_controller_test.rb
+++ b/test/integration/api/sso_tokens_controller_test.rb
@@ -5,7 +5,7 @@ def setup
provider = FactoryBot.create(:provider_account)
@admin = FactoryBot.create(:simple_admin, account: provider, username: 'alaska123')
@admin.activate!
- @access_token = FactoryBot.create(:access_token, owner: @admin, scopes: 'account_management', permission: 'rw').value
+ @access_token = FactoryBot.create(:access_token, owner: @admin, scopes: 'account_management', permission: 'rw').plaintext_value
host! provider.external_admin_domain
end
@@ -39,7 +39,7 @@ def setup
test 'provider_create' do
FactoryBot.create(:simple_admin, account: @provider, username: ThreeScale.config.impersonation_admin[:username])
- post provider_create_admin_api_sso_tokens_path(format: :json), params: { provider_id: @provider.id, access_token: @access_token.value }
+ post provider_create_admin_api_sso_tokens_path(format: :json), params: { provider_id: @provider.id, access_token: @access_token.plaintext_value }
assert_response :success
assert sso_token = JSON.parse(response.body)['sso_token']
@@ -51,7 +51,7 @@ def setup
FactoryBot.create(:simple_admin, account: @provider, username: ThreeScale.config.impersonation_admin[:username])
freeze_time do
- post provider_create_admin_api_sso_tokens_path(format: :json), params: { provider_id: @provider.id, access_token: @access_token.value, expires_in: 60 }
+ post provider_create_admin_api_sso_tokens_path(format: :json), params: { provider_id: @provider.id, access_token: @access_token.plaintext_value, expires_in: 60 }
assert_response :success
assert_equal (Time.now.utc + 60).httpdate, response.headers['Expires']
diff --git a/test/integration/application_controller_test.rb b/test/integration/application_controller_test.rb
index 3fa3020ddb..6ccf3f5d69 100644
--- a/test/integration/application_controller_test.rb
+++ b/test/integration/application_controller_test.rb
@@ -90,7 +90,7 @@ def setup
test "forgery protection is skipped for API requests with access token" do
provider = FactoryBot.create(:provider_account)
user = provider.admins.first
- token = FactoryBot.create(:access_token, owner: user, scopes: 'account_management', permission: 'rw').value
+ token = FactoryBot.create(:access_token, owner: user, scopes: 'account_management', permission: 'rw').plaintext_value
host! provider.external_admin_domain
ApplicationController.any_instance.expects(:verify_authenticity_token).never
@@ -107,7 +107,7 @@ def setup
test "forgery protection is skipped for API requests with basic auth and access token" do
provider = FactoryBot.create(:provider_account)
user = provider.admins.first
- token = FactoryBot.create(:access_token, owner: user, scopes: 'account_management', permission: 'rw').value
+ token = FactoryBot.create(:access_token, owner: user, scopes: 'account_management', permission: 'rw').plaintext_value
host! provider.external_admin_domain
ApplicationController.any_instance.expects(:verify_authenticity_token).never
diff --git a/test/integration/audited_hacks_async_test.rb b/test/integration/audited_hacks_async_test.rb
index 9967e113a8..2a521ef68d 100644
--- a/test/integration/audited_hacks_async_test.rb
+++ b/test/integration/audited_hacks_async_test.rb
@@ -22,7 +22,7 @@ class AuditedHacksAsyncTest < ActionDispatch::IntegrationTest
@audit_class = Audited.audit_class
- @access_token = FactoryBot.create(:access_token, owner: @admin, scopes: ['account_management']).value
+ @access_token = FactoryBot.create(:access_token, owner: @admin, scopes: ['account_management']).plaintext_value
audit_class.delete_all
end
diff --git a/test/integration/by_access_token_integration_test.rb b/test/integration/by_access_token_integration_test.rb
index ae864868bf..d7a53ade36 100644
--- a/test/integration/by_access_token_integration_test.rb
+++ b/test/integration/by_access_token_integration_test.rb
@@ -24,12 +24,12 @@ def test_index_with_access_token
assert_response :forbidden
# valid token
- get admin_api_accounts_path(format: :xml), params: { access_token: @token.value }
+ get admin_api_accounts_path(format: :xml), params: { access_token: @token.plaintext_value }
assert_response :success
# token belongs to a different admin domain
host! provider_2.internal_admin_domain
- get admin_api_accounts_path(format: :xml), params: { access_token: @token.value }
+ get admin_api_accounts_path(format: :xml), params: { access_token: @token.plaintext_value }
assert_response :forbidden
host! @provider.external_admin_domain
@@ -41,7 +41,7 @@ def test_index_with_access_token
@token.save!
# invalid scope
- get admin_api_accounts_path(format: :xml), params: { access_token: @token.value }
+ get admin_api_accounts_path(format: :xml), params: { access_token: @token.plaintext_value }
assert_response :forbidden
@token.scopes = ['account_management']
@@ -50,26 +50,26 @@ def test_index_with_access_token
@user.save!
# user does not have a permission
- get admin_api_accounts_path(format: :xml), params: { access_token: @token.value }
+ get admin_api_accounts_path(format: :xml), params: { access_token: @token.plaintext_value }
assert_response :forbidden
end
test 'validates the scope using HttpBasicAuth' do
- auth_headers = {'Authorization' => "Basic #{Base64.encode64(":#{@token.value}")}"}
+ auth_headers = {'Authorization' => "Basic #{Base64.encode64(":#{@token.plaintext_value}")}"}
get admin_api_registry_policies_path(format: :json), headers: auth_headers
assert_response :forbidden
end
test 'the token has no expiration date' do
- get admin_api_accounts_path(format: :xml), params: { access_token: @token.value }
+ get admin_api_accounts_path(format: :xml), params: { access_token: @token.plaintext_value }
- assert_response :success
- end
+ assert_response :success
+ end
test 'the token has a future expiration date' do
token = FactoryBot.create(:access_token, owner: @user, scopes: 'account_management', expires_at: 1.day.from_now.utc.iso8601)
- get admin_api_accounts_path(format: :xml), params: { access_token: token.value }
+ get admin_api_accounts_path(format: :xml), params: { access_token: token.plaintext_value }
assert_response :success
end
@@ -78,7 +78,39 @@ def test_index_with_access_token
token = FactoryBot.create(:access_token, owner: @user, scopes: 'account_management')
token.update_columns(expires_at: 1.minute.ago)
- get admin_api_accounts_path(format: :xml), params: { access_token: token.value }
+ get admin_api_accounts_path(format: :xml), params: { access_token: token.plaintext_value }
+
+ assert_response :forbidden
+ end
+
+ test 'authentication with legacy unmigrated token succeeds' do
+ token = FactoryBot.create(:access_token, owner: @user, scopes: 'account_management')
+ legacy_value = 'legacy_plaintext_token_for_integration'
+ token.update_columns(value: legacy_value)
+
+ get admin_api_accounts_path(format: :xml), params: { access_token: legacy_value }
+
+ assert_response :success
+ # No migration: DB value remains unchanged
+ assert_equal legacy_value, token.reload.read_attribute(:value)
+ end
+
+ test 'authentication with leaked database hash fails' do
+ token = FactoryBot.create(:access_token, owner: @user, scopes: 'account_management')
+ plaintext = token.plaintext_value
+
+ # Verify the token works with plaintext
+ get admin_api_accounts_path(format: :xml), params: { access_token: plaintext }
+ assert_response :success
+
+ # Get the actual hash stored in the database
+ leaked_hash = token.reload.read_attribute(:value)
+
+ # Verify the stored value has our prefix
+ assert leaked_hash.start_with?(AccessToken::DIGEST_PREFIX)
+
+ # An attacker trying to use the leaked hash directly should be blocked
+ get admin_api_accounts_path(format: :xml), params: { access_token: leaked_hash }
assert_response :forbidden
end
diff --git a/test/integration/cms/base_controller_test.rb b/test/integration/cms/base_controller_test.rb
index 61452cca29..2820d03a25 100644
--- a/test/integration/cms/base_controller_test.rb
+++ b/test/integration/cms/base_controller_test.rb
@@ -14,7 +14,7 @@ class RequestFormatTest < Admin::Api::CMS::BaseControllerTest
test 'responds to json' do
with_api_routes do
- get '/cms_api', params: { format: :json, access_token: @token.value }
+ get '/cms_api', params: { format: :json, access_token: @token.plaintext_value }
assert_response :ok
end
@@ -23,7 +23,7 @@ class RequestFormatTest < Admin::Api::CMS::BaseControllerTest
%i[xml html].each do |format|
test "does not respond to #{format.to_s}" do
with_api_routes do
- get '/cms_api', params: { format: format, access_token: @token.value }
+ get '/cms_api', params: { format: format, access_token: @token.plaintext_value }
assert_response :not_acceptable
end
@@ -40,7 +40,7 @@ class ProviderAccountTest < Admin::Api::CMS::BaseControllerTest
test 'admin user with cms scope has permission' do
token = FactoryBot.create(:access_token, owner: @provider.admin_users.first, scopes: ['cms'], permission: 'rw')
with_api_routes do
- get '/cms_api', params: { format: :json, access_token: token.value }
+ get '/cms_api', params: { format: :json, access_token: token.plaintext_value }
assert_response :ok
end
end
@@ -48,7 +48,7 @@ class ProviderAccountTest < Admin::Api::CMS::BaseControllerTest
test 'admin user without cms scope does not have permission' do
with_api_routes do
token = FactoryBot.create(:access_token, owner: @provider.admin_users.first)
- get '/cms_api', params: { format: :json, access_token: token.value }
+ get '/cms_api', params: { format: :json, access_token: token.plaintext_value }
assert_response :forbidden
end
end
@@ -57,7 +57,7 @@ class ProviderAccountTest < Admin::Api::CMS::BaseControllerTest
member = FactoryBot.create(:member, account: @provider, admin_sections: ['portal'])
token = FactoryBot.create(:access_token, owner: member, scopes: ['cms'], permission: 'rw')
with_api_routes do
- get '/cms_api', params: { format: :json, access_token: token.value }
+ get '/cms_api', params: { format: :json, access_token: token.plaintext_value }
assert_response :ok
end
end
@@ -66,7 +66,7 @@ class ProviderAccountTest < Admin::Api::CMS::BaseControllerTest
member = FactoryBot.create(:member, account: @provider, admin_sections: ['portal'])
token = FactoryBot.create(:access_token, owner: member)
with_api_routes do
- get '/cms_api', params: { format: :json, access_token: token.value }
+ get '/cms_api', params: { format: :json, access_token: token.plaintext_value }
assert_response :forbidden
end
end
@@ -75,7 +75,7 @@ class ProviderAccountTest < Admin::Api::CMS::BaseControllerTest
member = FactoryBot.create(:member, account: @provider)
token = FactoryBot.create(:access_token, owner: member, scopes: ['cms'], permission: 'rw')
with_api_routes do
- get '/cms_api', params: { format: :json, access_token: token.value }
+ get '/cms_api', params: { format: :json, access_token: token.plaintext_value }
assert_response :forbidden
end
end
@@ -98,7 +98,7 @@ class MasterAccountOnPremTest < MasterAccountTest
token = FactoryBot.create(:access_token, owner: user, permission: 'rw')
token.update_column(:scopes, ['cms']) # rubocop:disable Rails/SkipsModelValidations It must be done this way because it is invalid now.
with_api_routes do
- get '/cms_api', params: { format: :json, access_token: token.value }
+ get '/cms_api', params: { format: :json, access_token: token.plaintext_value }
assert_response :forbidden
end
end
@@ -110,7 +110,7 @@ class MasterAccountOnPremTest < MasterAccountTest
[admin, member].each do |user|
token = FactoryBot.create(:access_token, owner: user, scopes: ['account_management'], permission: 'rw')
with_api_routes do
- get '/cms_api', params: { format: :json, access_token: token.value }
+ get '/cms_api', params: { format: :json, access_token: token.plaintext_value }
assert_response :forbidden
end
end
@@ -124,7 +124,7 @@ class MasterAccountSaasTest < MasterAccountTest
[admin, member].each do |user|
token = FactoryBot.create(:access_token, owner: user, scopes: ['cms'], permission: 'rw')
with_api_routes do
- get '/cms_api', params: { format: :json, access_token: token.value }
+ get '/cms_api', params: { format: :json, access_token: token.plaintext_value }
assert_response :success
end
end
@@ -136,7 +136,7 @@ class MasterAccountSaasTest < MasterAccountTest
[admin, member].each do |user|
token = FactoryBot.create(:access_token, owner: user, scopes: ['account_management'], permission: 'rw')
with_api_routes do
- get '/cms_api', params: { format: :json, access_token: token.value }
+ get '/cms_api', params: { format: :json, access_token: token.plaintext_value }
assert_response :success
end
end
diff --git a/test/integration/finance/api/invoices_controller_test.rb b/test/integration/finance/api/invoices_controller_test.rb
index 61fea3a341..bb68e7dd91 100644
--- a/test/integration/finance/api/invoices_controller_test.rb
+++ b/test/integration/finance/api/invoices_controller_test.rb
@@ -27,7 +27,7 @@ class MasterOnPremisesTest < ActionDispatch::IntegrationTest
def setup
ThreeScale.config.stubs(onpremises: true)
- @access_token = FactoryBot.create(:access_token, owner: master_account.admin_users.first!, scopes: %w[finance]).value
+ @access_token = FactoryBot.create(:access_token, owner: master_account.admin_users.first!, scopes: %w[finance]).plaintext_value
@provider = master_account
@now = Time.zone.now
@later = @now + 2.months
@@ -66,7 +66,7 @@ def setup
@later = @now + 2.months
@buyer = FactoryBot.create(:buyer_account, provider_account: @provider, created_at: @now)
@provider.settings.allow_finance!
- @access_token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[finance]).value
+ @access_token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[finance]).plaintext_value
host! @provider.external_admin_domain
[@now, @later].each { |datetime| FactoryBot.create(:invoice_counter, provider_account: @provider, invoice_prefix: datetime.strftime('%Y-%m')) }
@@ -195,7 +195,7 @@ def setup
assert_difference(Audited.audit_class.method(:count)) do
Invoice.with_synchronous_auditing do
assert_difference(Invoice.method(:count)) do
- post api_invoices_path, params: invoice_params.merge!(access_token: token.value), headers: { accept: Mime[:json] }
+ post api_invoices_path, params: invoice_params.merge!(access_token: token.plaintext_value), headers: { accept: Mime[:json] }
assert_response :created
end
end
diff --git a/test/integration/finance/api/invoices_test.rb b/test/integration/finance/api/invoices_test.rb
index 4a3b751379..a8b1186ff4 100644
--- a/test/integration/finance/api/invoices_test.rb
+++ b/test/integration/finance/api/invoices_test.rb
@@ -34,7 +34,7 @@ class WithoutExistingInvoices < InvoicesUnscopedTest
member = FactoryBot.create(:member, account: @provider, admin_sections: [:finance])
token = FactoryBot.create(:access_token, owner: member)
- get "/api/invoices.xml?access_token=#{token.value}"
+ get "/api/invoices.xml?access_token=#{token.plaintext_value}"
assert_response :forbidden
end
@@ -44,7 +44,7 @@ class WithoutExistingInvoices < InvoicesUnscopedTest
member = FactoryBot.create(:member, account: @provider, admin_sections: [:finance])
token = FactoryBot.create(:access_token, owner: member, scopes: ['finance'])
- get "/api/invoices.xml?access_token=#{token.value}"
+ get "/api/invoices.xml?access_token=#{token.plaintext_value}"
assert_response :success
end
@@ -54,7 +54,7 @@ class WithoutExistingInvoices < InvoicesUnscopedTest
member = FactoryBot.create(:member, account: @provider, admin_sections: [])
token = FactoryBot.create(:access_token, owner: member, scopes: ['finance'])
- get "/api/invoices.xml?access_token=#{token.value}"
+ get "/api/invoices.xml?access_token=#{token.plaintext_value}"
assert_response :forbidden
end
diff --git a/test/integration/finance/api/line_items_controller_test.rb b/test/integration/finance/api/line_items_controller_test.rb
index e78cbcd937..dce7c2d33f 100644
--- a/test/integration/finance/api/line_items_controller_test.rb
+++ b/test/integration/finance/api/line_items_controller_test.rb
@@ -6,7 +6,7 @@ def setup
@provider = FactoryBot.create(:provider_with_billing)
@buyer = FactoryBot.create(:simple_buyer, provider_account: @provider)
@provider.settings.allow_finance!
- @token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).plaintext_value
host! @provider.external_admin_domain
@invoice = FactoryBot.create(:invoice, provider_account: @provider, buyer_account: @buyer)
@line_item = FactoryBot.create(:line_item, invoice: @invoice, name: 'fakeName')
@@ -17,7 +17,7 @@ def setup
@buyer = FactoryBot.create(:simple_account, provider_account: master_account)
@invoice = FactoryBot.create(:invoice, provider_account: master_account, buyer_account: @buyer)
@line_item = FactoryBot.create(:line_item, invoice: @invoice, name: 'fakeName')
- @token = FactoryBot.create(:access_token, owner: master_account.admin_users.first!, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: master_account.admin_users.first!, scopes: %w[account_management]).plaintext_value
host! master_account.internal_admin_domain
end
diff --git a/test/integration/finance/api/payment_callbacks/stripe_callbacks_controller_test.rb b/test/integration/finance/api/payment_callbacks/stripe_callbacks_controller_test.rb
index 81ff32a5a2..974c946316 100644
--- a/test/integration/finance/api/payment_callbacks/stripe_callbacks_controller_test.rb
+++ b/test/integration/finance/api/payment_callbacks/stripe_callbacks_controller_test.rb
@@ -23,7 +23,7 @@ class CreateTest < self
stripe_event = self.stripe_event(type: 'payment_intent.succeeded', payment_intent_data: { id: 'some-payment-intent-id' })
Stripe::Webhook.expects(:construct_event).returns(stripe_event)
- post api_payment_callbacks_stripe_callbacks_path, params: { access_token: access_token.value }
+ post api_payment_callbacks_stripe_callbacks_path, params: { access_token: access_token.plaintext_value }
assert_response :no_content
end
@@ -32,7 +32,7 @@ class CreateTest < self
gateway_options.gateway_settings[:endpoint_secret] = ''
gateway_options.save(validate: false)
- post api_payment_callbacks_stripe_callbacks_path, params: { access_token: access_token.value }
+ post api_payment_callbacks_stripe_callbacks_path, params: { access_token: access_token.plaintext_value }
assert_response :unprocessable_entity
assert_equal 'Configuration is missing', response.body
end
@@ -41,14 +41,14 @@ class CreateTest < self
exception = Stripe::SignatureVerificationError.new('invalid signature', 'invalid header content')
Stripe::Webhook.expects(:construct_event).raises(exception)
- post api_payment_callbacks_stripe_callbacks_path, params: { access_token: access_token.value }
+ post api_payment_callbacks_stripe_callbacks_path, params: { access_token: access_token.plaintext_value }
assert_response :bad_request
end
test 'invalid json payload' do
Stripe::Webhook.expects(:construct_event).raises(JSON::ParserError)
- post api_payment_callbacks_stripe_callbacks_path, params: { access_token: access_token.value }
+ post api_payment_callbacks_stripe_callbacks_path, params: { access_token: access_token.plaintext_value }
assert_response :bad_request
end
@@ -56,7 +56,7 @@ class CreateTest < self
stripe_event = self.stripe_event(type: 'payment_intent.requires_action', payment_intent_data: { id: 'some-payment-intent-id' })
Stripe::Webhook.expects(:construct_event).returns(stripe_event)
- post api_payment_callbacks_stripe_callbacks_path, params: { access_token: access_token.value }
+ post api_payment_callbacks_stripe_callbacks_path, params: { access_token: access_token.plaintext_value }
assert_response :not_found
end
@@ -64,7 +64,7 @@ class CreateTest < self
stripe_event = self.stripe_event(type: 'payment_intent.succeeded', payment_intent_data: { id: 'non-existent-payment-intent-id' })
Stripe::Webhook.expects(:construct_event).returns(stripe_event)
- post api_payment_callbacks_stripe_callbacks_path, params: { access_token: access_token.value }
+ post api_payment_callbacks_stripe_callbacks_path, params: { access_token: access_token.plaintext_value }
assert_response :no_content
end
@@ -77,7 +77,7 @@ class CreateTest < self
System::ErrorReporting.expects(:report_error).at_least_once # because the setup doesn't really build all required objects
System::ErrorReporting.expects(:report_error).with(instance_of(Finance::Api::PaymentCallbacks::StripeCallbacksController::StripeCallbackError), event: stripe_event, payment_intent: payment_intent)
- post api_payment_callbacks_stripe_callbacks_path, params: { access_token: access_token.value }
+ post api_payment_callbacks_stripe_callbacks_path, params: { access_token: access_token.plaintext_value }
assert_response :no_content
end
@@ -85,7 +85,7 @@ class CreateTest < self
provider_account.payment_gateway_type = :bogus
provider_account.save!
- post api_payment_callbacks_stripe_callbacks_path, params: { access_token: access_token.value }
+ post api_payment_callbacks_stripe_callbacks_path, params: { access_token: access_token.plaintext_value }
assert_response :not_found
end
end
diff --git a/test/integration/finance/api/payment_transactions_controller_test.rb b/test/integration/finance/api/payment_transactions_controller_test.rb
index cb503d7e4e..557aca6068 100644
--- a/test/integration/finance/api/payment_transactions_controller_test.rb
+++ b/test/integration/finance/api/payment_transactions_controller_test.rb
@@ -22,14 +22,14 @@ class Finance::Api::PaymentTransactionsControllerTest < ActionDispatch::Integrat
"avs_result"=>"Y", "error_code"=>"000", "auth_code"=>"005308"}
FactoryBot.create :payment_transaction, invoice: invoice, :params => gr
- get api_invoice_payment_transactions_path(invoice, format: :xml, access_token: access_token.value)
+ get api_invoice_payment_transactions_path(invoice, format: :xml, access_token: access_token.plaintext_value)
assert_response :ok
assert_payment_transactions @response.body
end
test "has payment_transactions root on the xml when the list in empty" do
- get api_invoice_payment_transactions_path(invoice, format: :xml, access_token: access_token.value)
+ get api_invoice_payment_transactions_path(invoice, format: :xml, access_token: access_token.plaintext_value)
assert_response :ok
assert_xml '/payment_transactions'
@@ -38,7 +38,7 @@ class Finance::Api::PaymentTransactionsControllerTest < ActionDispatch::Integrat
test "payment_transaction with nil params" do
FactoryBot.create :payment_transaction, invoice: @invoice, params: nil
- get api_invoice_payment_transactions_path(invoice, format: :xml, access_token: access_token.value)
+ get api_invoice_payment_transactions_path(invoice, format: :xml, access_token: access_token.plaintext_value)
assert_response :ok
end
@@ -61,7 +61,7 @@ class Finance::Api::PaymentTransactionsControllerTest < ActionDispatch::Integrat
FactoryBot.create(:payment_transaction, success: true, invoice: invoice)
host! without_finance.internal_admin_domain
- get api_invoice_payment_transactions_path(invoice, format: :xml, access_token: access_token.value)
+ get api_invoice_payment_transactions_path(invoice, format: :xml, access_token: access_token.plaintext_value)
assert_response :forbidden
assert_match 'Finance module not enabled for the account', @response.body
end
@@ -73,18 +73,18 @@ class Finance::Api::PaymentTransactionsControllerTest < ActionDispatch::Integrat
invoice = FactoryBot.create(:invoice, provider_account: without_finance, buyer_account: buyer)
FactoryBot.create(:payment_transaction, success: true, invoice: invoice)
host! without_finance.internal_admin_domain
- get api_invoice_payment_transactions_path(invoice, format: :xml, access_token: access_token.value)
+ get api_invoice_payment_transactions_path(invoice, format: :xml, access_token: access_token.plaintext_value)
assert_response :forbidden
end
test 'work only on provider admin domain' do
host! @provider.internal_domain
- get api_invoice_payment_transactions_path(invoice, format: :xml, access_token: access_token.value)
+ get api_invoice_payment_transactions_path(invoice, format: :xml, access_token: access_token.plaintext_value)
assert_response :not_found
end
test 'return 404 on non-existent invoice' do
- get api_invoice_payment_transactions_path(invoice_id: 'WHAT_42_EVER', format: :xml, access_token: access_token.value)
+ get api_invoice_payment_transactions_path(invoice_id: 'WHAT_42_EVER', format: :xml, access_token: access_token.plaintext_value)
assert_response :not_found
end
@@ -92,11 +92,11 @@ class Finance::Api::PaymentTransactionsControllerTest < ActionDispatch::Integrat
host! master_account.internal_admin_domain
invoice = FactoryBot.create(:invoice, provider_account: master_account)
access_token = FactoryBot.create(:access_token, owner: master_account.first_admin, scopes: ['finance'])
- get api_invoice_payment_transactions_path(invoice, format: :xml, access_token: access_token.value)
+ get api_invoice_payment_transactions_path(invoice, format: :xml, access_token: access_token.plaintext_value)
assert_response :success
ThreeScale.config.stubs(onpremises: true)
- get api_invoice_payment_transactions_path(invoice, format: :xml, access_token: access_token.value)
+ get api_invoice_payment_transactions_path(invoice, format: :xml, access_token: access_token.plaintext_value)
assert_response :forbidden
end
end
diff --git a/test/integration/master/api/finance/accounts/billing_jobs_controller_test.rb b/test/integration/master/api/finance/accounts/billing_jobs_controller_test.rb
index 9bd29d34e2..8dcef6932a 100644
--- a/test/integration/master/api/finance/accounts/billing_jobs_controller_test.rb
+++ b/test/integration/master/api/finance/accounts/billing_jobs_controller_test.rb
@@ -16,31 +16,31 @@ class Master::Api::Finance::Accounts::BillingJobsControllerTest < ActionDispatch
test 'create billing job' do
Finance::BillingService.expects(:async_call).with(@provider, Time.utc(2018,2,8), @provider.buyers.where(id: @buyer.id)).returns(true)
- post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: '2018-02-08'), params: { access_token: @access_token.value }
+ post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: '2018-02-08'), params: { access_token: @access_token.plaintext_value }
assert_response :accepted
end
test '#create schedules a worker' do
assert_difference BillingWorker.jobs.method(:size) do
- post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: '2018-02-08'), params: { access_token: @access_token.value }
+ post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: '2018-02-08'), params: { access_token: @access_token.plaintext_value }
assert_response :accepted
end
end
test 'create billing job with invalid account_id' do
- post master_api_provider_account_billing_jobs_path(@provider, account_id: 'invalid_account', date: '2018-02-08'), params: { access_token: @access_token.value }
+ post master_api_provider_account_billing_jobs_path(@provider, account_id: 'invalid_account', date: '2018-02-08'), params: { access_token: @access_token.plaintext_value }
assert_response :not_found
end
test 'create billing job with account_id from different scope' do
other_provider = FactoryBot.create(:provider_with_billing)
other_buyer = FactoryBot.create(:buyer_account, provider_account: other_provider)
- post master_api_provider_account_billing_jobs_path(@provider, other_buyer, date: '2018-02-08'), params: { access_token: @access_token.value }
+ post master_api_provider_account_billing_jobs_path(@provider, other_buyer, date: '2018-02-08'), params: { access_token: @access_token.plaintext_value }
assert_response :not_found
end
test 'create billing job without a date' do
- post master_api_provider_account_billing_jobs_path(@provider, @buyer), params: { access_token: @access_token.value }
+ post master_api_provider_account_billing_jobs_path(@provider, @buyer), params: { access_token: @access_token.plaintext_value }
assert_response :bad_request
end
@@ -49,7 +49,7 @@ class Master::Api::Finance::Accounts::BillingJobsControllerTest < ActionDispatch
Sidekiq::Testing.inline! do
billing_options = { only: [@provider.id], buyer_ids: [@buyer.id], now: Time.zone.parse(date).to_date, skip_notifications: true }
Finance::BillingStrategy.expects(:daily).with(billing_options).returns(mock_billing_success(date, @provider))
- post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: date), params: { access_token: @access_token.value }
+ post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: date), params: { access_token: @access_token.plaintext_value }
assert_response :accepted
end
end
@@ -60,13 +60,13 @@ class Master::Api::Finance::Accounts::BillingJobsControllerTest < ActionDispatch
Sidekiq::Testing.inline! do
billing_options = { only: [@provider.id], buyer_ids: [@buyer.id], now: date_utc, skip_notifications: true }
Finance::BillingStrategy.expects(:daily).with(billing_options).returns(mock_billing_success(date_utc, @provider))
- post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: date), params: { access_token: @access_token.value }
+ post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: date), params: { access_token: @access_token.plaintext_value }
assert_response :accepted
end
end
test 'invalid date' do
- post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: 'not a valid date'), params: { access_token: @access_token.value }
+ post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: 'not a valid date'), params: { access_token: @access_token.plaintext_value }
assert_response :bad_request
end
@@ -82,33 +82,33 @@ class PermissionsTest < ActionDispatch::IntegrationTest
test 'scope account_management is required to create jobs' do
unauthorized_token = FactoryBot.create(:access_token, owner: @master_admin, scopes: ['finance'])
- post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: '2018-02-08'), params: { access_token: unauthorized_token.value }
+ post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: '2018-02-08'), params: { access_token: unauthorized_token.plaintext_value }
assert_response :forbidden
authorized_token = FactoryBot.create(:access_token, owner: @master_admin, scopes: ['account_management'])
- post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: '2018-02-08'), params: { access_token: authorized_token.value }
+ post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: '2018-02-08'), params: { access_token: authorized_token.plaintext_value }
assert_response :accepted
end
test 'members can create jobs with proper admin permission' do
unauthorized_member = FactoryBot.create(:member, account: master_account, admin_sections: [])
unauthorized_token = FactoryBot.create(:access_token, owner: unauthorized_member, scopes: ['account_management'])
- post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: '2018-02-08'), params: { access_token: unauthorized_token.value }
+ post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: '2018-02-08'), params: { access_token: unauthorized_token.plaintext_value }
assert_response :forbidden
authorized_member = FactoryBot.create(:member, account: master_account, admin_sections: [:partners])
authorized_token = FactoryBot.create(:access_token, owner: authorized_member, scopes: ['account_management'])
- post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: '2018-02-08'), params: { access_token: authorized_token.value }
+ post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: '2018-02-08'), params: { access_token: authorized_token.plaintext_value }
assert_response :accepted
end
test 'only rw access tokens can create jobs' do
unauthorized_token = FactoryBot.create(:access_token, owner: @master_admin, scopes: ['account_management'], permission: 'ro')
- post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: '2018-02-08'), params: { access_token: unauthorized_token.value }
+ post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: '2018-02-08'), params: { access_token: unauthorized_token.plaintext_value }
assert_response :forbidden
authorized_token = FactoryBot.create(:access_token, owner: @master_admin, scopes: ['account_management'], permission: 'rw')
- post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: '2018-02-08'), params: { access_token: authorized_token.value }
+ post master_api_provider_account_billing_jobs_path(@provider, @buyer, date: '2018-02-08'), params: { access_token: authorized_token.plaintext_value }
assert_response :accepted
end
diff --git a/test/integration/master/api/finance/billing_jobs_controller_test.rb b/test/integration/master/api/finance/billing_jobs_controller_test.rb
index 3902c27643..4ca30a3e4e 100644
--- a/test/integration/master/api/finance/billing_jobs_controller_test.rb
+++ b/test/integration/master/api/finance/billing_jobs_controller_test.rb
@@ -16,13 +16,13 @@ class Master::Api::Finance::BillingJobsControllerTest < ActionDispatch::Integrat
test 'create billing job' do
Finance::BillingService.expects(:async_call).returns(true)
- post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: @access_token.value }
+ post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: @access_token.plaintext_value }
assert_response :accepted
end
test '#create schedules a worker' do
assert_difference BillingWorker.jobs.method(:size) do
- post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: @access_token.value }
+ post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: @access_token.plaintext_value }
assert_response :accepted
end
end
@@ -36,13 +36,13 @@ class Master::Api::Finance::BillingJobsControllerTest < ActionDispatch::Integrat
@provider.buyers.each do |buyer|
Finance::BillingStrategy.expects(:daily).with(billing_options.merge(buyer_ids: [buyer.id])).returns(mock_billing_success(billing_date, @provider))
end
- post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: @access_token.value }
+ post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: @access_token.plaintext_value }
assert_response :accepted
end
end
test 'create billing job without a date' do
- post master_api_provider_billing_jobs_path(@provider), params: { access_token: @access_token.value }
+ post master_api_provider_billing_jobs_path(@provider), params: { access_token: @access_token.plaintext_value }
assert_response :bad_request
end
@@ -51,7 +51,7 @@ class Master::Api::Finance::BillingJobsControllerTest < ActionDispatch::Integrat
Sidekiq::Testing.inline! do
billing_options = { only: [@provider.id], buyer_ids: [@buyer.id], now: Time.zone.parse(date).to_date, skip_notifications: true }
Finance::BillingStrategy.expects(:daily).with(billing_options).returns(mock_billing_success(date, @provider))
- post master_api_provider_billing_jobs_path(@provider, date: date), params: { access_token: @access_token.value }
+ post master_api_provider_billing_jobs_path(@provider, date: date), params: { access_token: @access_token.plaintext_value }
assert_response :accepted
end
end
@@ -62,25 +62,25 @@ class Master::Api::Finance::BillingJobsControllerTest < ActionDispatch::Integrat
Sidekiq::Testing.inline! do
billing_options = { only: [@provider.id], buyer_ids: [@buyer.id], now: date_utc, skip_notifications: true }
Finance::BillingStrategy.expects(:daily).with(billing_options).returns(mock_billing_success(date_utc, @provider))
- post master_api_provider_billing_jobs_path(@provider, date: date), params: { access_token: @access_token.value }
+ post master_api_provider_billing_jobs_path(@provider, date: date), params: { access_token: @access_token.plaintext_value }
assert_response :accepted
end
end
test 'invalid date' do
- post master_api_provider_billing_jobs_path(@provider, date: 'not a valid date'), params: { access_token: @access_token.value }
+ post master_api_provider_billing_jobs_path(@provider, date: 'not a valid date'), params: { access_token: @access_token.plaintext_value }
assert_response :bad_request
end
test 'forbids for providers without billing enabled' do
provider = FactoryBot.create(:simple_provider)
- post master_api_provider_billing_jobs_path(provider, date: '2018-02-08'), params: { access_token: @access_token.value }
+ post master_api_provider_billing_jobs_path(provider, date: '2018-02-08'), params: { access_token: @access_token.plaintext_value }
assert_response :forbidden
assert_equal 'Finance module not enabled for the account', JSON.parse(response.body)['error']
FactoryBot.create(:prepaid_billing, account: provider)
Finance::BillingService.expects(:async_call).returns(true)
- post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: @access_token.value }
+ post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: @access_token.plaintext_value }
assert_response :accepted
end
@@ -96,33 +96,33 @@ class PermissionsTest < ActionDispatch::IntegrationTest
test 'scope account_management is required to create jobs' do
unauthorized_token = FactoryBot.create(:access_token, owner: @master_admin, scopes: ['finance'])
- post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: unauthorized_token.value }
+ post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: unauthorized_token.plaintext_value }
assert_response :forbidden
authorized_token = FactoryBot.create(:access_token, owner: @master_admin, scopes: ['account_management'])
- post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: authorized_token.value }
+ post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: authorized_token.plaintext_value }
assert_response :accepted
end
test 'members can create jobs with proper admin permission' do
unauthorized_member = FactoryBot.create(:member, account: master_account, admin_sections: [])
unauthorized_token = FactoryBot.create(:access_token, owner: unauthorized_member, scopes: ['account_management'])
- post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: unauthorized_token.value }
+ post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: unauthorized_token.plaintext_value }
assert_response :forbidden
authorized_member = FactoryBot.create(:member, account: master_account, admin_sections: [:partners])
authorized_token = FactoryBot.create(:access_token, owner: authorized_member, scopes: ['account_management'])
- post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: authorized_token.value }
+ post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: authorized_token.plaintext_value }
assert_response :accepted
end
test 'only rw access tokens can create jobs' do
unauthorized_token = FactoryBot.create(:access_token, owner: @master_admin, scopes: ['account_management'], permission: 'ro')
- post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: unauthorized_token.value }
+ post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: unauthorized_token.plaintext_value }
assert_response :forbidden
authorized_token = FactoryBot.create(:access_token, owner: @master_admin, scopes: ['account_management'], permission: 'rw')
- post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: authorized_token.value }
+ post master_api_provider_billing_jobs_path(@provider, date: '2018-02-08'), params: { access_token: authorized_token.plaintext_value }
assert_response :accepted
end
diff --git a/test/integration/master/api/providers_controller_integration_test.rb b/test/integration/master/api/providers_controller_integration_test.rb
index ecb877266f..84f452447a 100644
--- a/test/integration/master/api/providers_controller_integration_test.rb
+++ b/test/integration/master/api/providers_controller_integration_test.rb
@@ -124,7 +124,7 @@ def setup
token = FactoryBot.create(:access_token, owner: master_account.admins.first, scopes: 'account_management')
assert_difference Account.method(:count), 1 do
assert_difference User.method(:count), 2 do # the main user and the impersonation_admin user
- post master_api_providers_path, params: signup_params({ api_key: '', access_token: token.value })
+ post master_api_providers_path, params: signup_params({ api_key: '', access_token: token.plaintext_value })
assert_response :created
end
end
@@ -134,7 +134,7 @@ def setup
assert_no_difference Account.method(:count) do
user = FactoryBot.create(:member, account: master_account)
token = FactoryBot.create(:access_token, owner: user, scopes: 'account_management')
- post master_api_providers_path, params: signup_params({ access_token: token.value }).except(:api_key)
+ post master_api_providers_path, params: signup_params({ access_token: token.plaintext_value }).except(:api_key)
assert_response :forbidden
assert_equal 'Your access token does not have the correct permissions', JSON.parse(response.body)['error']
end
@@ -144,7 +144,7 @@ def setup
assert_difference Account.method(:count) do
user = FactoryBot.create(:member, account: master_account, member_permission_ids: [:partners])
token = FactoryBot.create(:access_token, owner: user, scopes: 'account_management')
- post master_api_providers_path, params: signup_params({ access_token: token.value }).except(:api_key)
+ post master_api_providers_path, params: signup_params({ access_token: token.plaintext_value }).except(:api_key)
assert_response :created
end
end
@@ -178,7 +178,7 @@ def setup
from_email: 'from@email.com', support_email: 'support@email.com',
finance_support_email: 'finance@email.com', site_access_code: 'new-access-code',
account_extra_field: 'testing-account-extra-field', state_event: 'suspend'
- }, access_token: token.value, format: :json }
+ }, access_token: token.plaintext_value, format: :json }
put master_api_provider_path(provider, update_params)
assert_response :ok
@@ -198,7 +198,7 @@ def setup
provider.schedule_for_deletion!
update_params = { account: { from_email: 'from@email.com', state_event: 'resume'},
- access_token: token.value, format: :json }
+ access_token: token.plaintext_value, format: :json }
put master_api_provider_path(provider, update_params)
assert_response :ok
@@ -213,7 +213,7 @@ def setup
token = FactoryBot.create(:access_token, owner: user, scopes: 'account_management')
freeze_time do
- delete master_api_provider_path(provider, access_token: token.value, format: :json)
+ delete master_api_provider_path(provider, access_token: token.plaintext_value, format: :json)
assert_response :ok
assert_equal '', response.body
assert provider.reload.scheduled_for_deletion?
@@ -225,7 +225,7 @@ def setup
provider = FactoryBot.create(:provider_account, provider_account: master_account)
user = FactoryBot.create(:member, account: master_account)
token = FactoryBot.create(:access_token, owner: user, scopes: 'account_management')
- delete master_api_provider_path(provider, access_token: token.value, format: :json)
+ delete master_api_provider_path(provider, access_token: token.plaintext_value, format: :json)
assert_response :forbidden
assert_equal 'Your access token does not have the correct permissions', JSON.parse(response.body)['error']
end
@@ -234,7 +234,7 @@ def setup
provider = FactoryBot.create(:provider_account, provider_account: master_account)
token = FactoryBot.create(:access_token, owner: master_account.admin_users.first, scopes: 'account_management')
- get master_api_provider_path(provider, access_token: token.value, format: :json)
+ get master_api_provider_path(provider, access_token: token.plaintext_value, format: :json)
assert_response :ok
assert_equal provider.reload.id, JSON.parse(response.body).dig('signup', 'account', 'id')
@@ -277,7 +277,7 @@ def setup
test '#plan_upgrade successful upgrade' do
new_plan = FactoryBot.create(:application_plan, issuer: master_account.default_service)
- put plan_upgrade_master_api_provider_path(provider, access_token: token.value, plan_id: new_plan.id, format: :xml)
+ put plan_upgrade_master_api_provider_path(provider, access_token: token.plaintext_value, plan_id: new_plan.id, format: :xml)
assert_response :ok
assert_equal new_plan.id, provider.reload.bought_application_plans.first.id
@@ -286,7 +286,7 @@ def setup
test '#plan_upgrade missing plan' do
current_plan_id = provider.reload.bought_application_plans.first.id
new_plan_id = 999
- put plan_upgrade_master_api_provider_path(provider, access_token: token.value, plan_id: new_plan_id, format: :xml)
+ put plan_upgrade_master_api_provider_path(provider, access_token: token.plaintext_value, plan_id: new_plan_id, format: :xml)
assert_response :not_found
assert_equal current_plan_id, provider.reload.bought_application_plans.first.id
@@ -298,7 +298,7 @@ def setup
new_plan = FactoryBot.create(:application_plan_without_rules, issuer: master_account.default_service, name: new_plan_name)
current_plan_id = provider.reload.bought_application_plans.first.id
- put plan_upgrade_master_api_provider_path(provider, access_token: token.value, plan_id: new_plan.id, format: :xml)
+ put plan_upgrade_master_api_provider_path(provider, access_token: token.plaintext_value, plan_id: new_plan.id, format: :xml)
assert_response :bad_request
assert_equal current_plan_id, provider.reload.bought_application_plans.first.id
diff --git a/test/integration/master/api/proxy/configs_controller_test.rb b/test/integration/master/api/proxy/configs_controller_test.rb
index ea05389ef3..af1554400c 100644
--- a/test/integration/master/api/proxy/configs_controller_test.rb
+++ b/test/integration/master/api/proxy/configs_controller_test.rb
@@ -18,7 +18,7 @@ def setup
production_current_versions << FactoryBot.create_list(:proxy_config, 3, proxy: proxy, environment: 'production').last
end
- get master_api_proxy_configs_path(environment: 'production'), params: {access_token: @token.value}
+ get master_api_proxy_configs_path(environment: 'production'), params: {access_token: @token.plaintext_value}
assert_response :success
assert_same_elements production_current_versions.map(&:id),
@@ -30,7 +30,7 @@ def setup
FactoryBot.create(:proxy_config, proxy: proxy, environment: 'sandbox', content: content_hosts('v1.example.com'))
latest_proxy_config = FactoryBot.create(:proxy_config, proxy: proxy, environment: 'sandbox', content: content_hosts('v2.example.com'))
- get master_api_proxy_configs_path(environment: 'sandbox'), params: {access_token: @token.value, host: 'v2.example.com'}
+ get master_api_proxy_configs_path(environment: 'sandbox'), params: {access_token: @token.plaintext_value, host: 'v2.example.com'}
assert_response :success
assert_equal [latest_proxy_config.id], proxy_config_ids(response.body)
@@ -38,7 +38,7 @@ def setup
FactoryBot.create(:proxy_config, proxy: proxy, environment: 'sandbox', hosts: %w[example.com])
- get master_api_proxy_configs_path(environment: 'sandbox'), params: {access_token: @token.value, host: 'v1.example.com'}
+ get master_api_proxy_configs_path(environment: 'sandbox'), params: {access_token: @token.plaintext_value, host: 'v1.example.com'}
assert_response :success
assert_empty proxy_config_ids(response.body)
@@ -46,7 +46,7 @@ def setup
_old_proxy_config, new_proxy_config = FactoryBot.create_list(:proxy_config, 2, proxy: proxy, environment: 'sandbox', content: content_hosts('foo.example.com'))
- get master_api_proxy_configs_path(environment: 'sandbox'), params: {access_token: @token.value, host: 'foo.example.com'}
+ get master_api_proxy_configs_path(environment: 'sandbox'), params: {access_token: @token.plaintext_value, host: 'foo.example.com'}
assert_equal [new_proxy_config.id], proxy_config_ids(response.body)
end
diff --git a/test/integration/multitenant_enforcement_test.rb b/test/integration/multitenant_enforcement_test.rb
index 7459b1953f..84f8ea941c 100644
--- a/test/integration/multitenant_enforcement_test.rb
+++ b/test/integration/multitenant_enforcement_test.rb
@@ -23,7 +23,7 @@ class MultitenantEnforcementTest < ActionDispatch::IntegrationTest
service = @provider.first_service!
plan = FactoryBot.create(:application_plan, issuer: service)
plan.update_column(:tenant_id, @provider.tenant_id + 1)
- token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).value
+ token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).plaintext_value
assert_raises ThreeScale::Middleware::Multitenant::TenantChecker::TenantLeak do
get admin_api_service_application_plans_path(service_id: service.id, format: :json, access_token: token)
end
@@ -54,7 +54,7 @@ class MultitenantEnforcementTest < ActionDispatch::IntegrationTest
plan = FactoryBot.create(:application_plan, issuer: service)
service.update_column(:tenant_id, @provider.tenant_id)
plan.update_column(:tenant_id, @provider.tenant_id + 1)
- token = FactoryBot.create(:access_token, owner: master_account.admin_users.first!, scopes: %w[account_management]).value
+ token = FactoryBot.create(:access_token, owner: master_account.admin_users.first!, scopes: %w[account_management]).plaintext_value
get admin_api_service_application_plans_path(service_id: service.id, format: :json, access_token: token)
assert_response :success
put admin_api_service_application_plan_path(service_id: service.id, id: plan.id, format: :json), params: {access_token: token, description: "desc1"}
@@ -68,7 +68,7 @@ class MultitenantEnforcementTest < ActionDispatch::IntegrationTest
service.update_column(:tenant_id, @provider.tenant_id)
plan.update_column(:tenant_id, @provider.tenant_id + 1)
- token = FactoryBot.create(:access_token, owner: master_account.admin_users.first!, scopes: %w[account_management]).value
+ token = FactoryBot.create(:access_token, owner: master_account.admin_users.first!, scopes: %w[account_management]).plaintext_value
auth_pair = []
auth_pair << ["", token]
auth_pair << [token, ""]
diff --git a/test/integration/stats/authentication_test.rb b/test/integration/stats/authentication_test.rb
index 7e0d481382..d03322e111 100644
--- a/test/integration/stats/authentication_test.rb
+++ b/test/integration/stats/authentication_test.rb
@@ -17,7 +17,7 @@ def setup
assert_media_type 'application/json'
token = FactoryBot.create(:access_token, owner: @provider_account.first_admin, scopes: ['stats'])
- get usage_stats_data_services_path(@service, format: :json), params: params.merge(access_token: token.value)
+ get usage_stats_data_services_path(@service, format: :json), params: params.merge(access_token: token.plaintext_value)
assert_response :success
assert_media_type 'application/json'
end
diff --git a/test/integration/stats/data/backend_apis_controller_test.rb b/test/integration/stats/data/backend_apis_controller_test.rb
index 79fb8e2668..ba77ce1724 100644
--- a/test/integration/stats/data/backend_apis_controller_test.rb
+++ b/test/integration/stats/data/backend_apis_controller_test.rb
@@ -15,7 +15,7 @@ def setup
attr_reader :provider, :backend_api, :metric, :access_token
test 'usage_response_code with no data as json' do
- get usage_stats_data_backend_apis_path(backend_api, format: :json, access_token: access_token.value), params: stats_params
+ get usage_stats_data_backend_apis_path(backend_api, format: :json, access_token: access_token.plaintext_value), params: stats_params
assert_response :success
assert_media_type 'application/json'
@@ -33,18 +33,18 @@ def setup
end
test 'inexistent source' do
- get usage_stats_data_backend_apis_path(backend_api_id: 0, format: :json, access_token: access_token.value), params: stats_params
+ get usage_stats_data_backend_apis_path(backend_api_id: 0, format: :json, access_token: access_token.plaintext_value), params: stats_params
assert_response :not_found
end
test 'user permissions: usage allowed for members with Analytics permissions' do
member_user = FactoryBot.create(:member, account: provider)
member_access_token = FactoryBot.create(:access_token, owner: member_user, scopes: ['stats'])
- get usage_stats_data_backend_apis_path(backend_api, format: :json, access_token: member_access_token.value), params: stats_params
+ get usage_stats_data_backend_apis_path(backend_api, format: :json, access_token: member_access_token.plaintext_value), params: stats_params
assert_response :forbidden
member_user.update(allowed_sections: [:monitoring])
- get usage_stats_data_backend_apis_path(backend_api, format: :json, access_token: member_access_token.value), params: stats_params
+ get usage_stats_data_backend_apis_path(backend_api, format: :json, access_token: member_access_token.plaintext_value), params: stats_params
assert_response :success
end
diff --git a/test/integration/stats/data/base_controller_test.rb b/test/integration/stats/data/base_controller_test.rb
index 6141a5539b..23d769ea7f 100644
--- a/test/integration/stats/data/base_controller_test.rb
+++ b/test/integration/stats/data/base_controller_test.rb
@@ -15,7 +15,7 @@ def setup
attr_reader :provider, :service, :metric, :access_token
test 'required params' do
- url_params = { service_id: service.id, format: :json, access_token: access_token.value }
+ url_params = { service_id: service.id, format: :json, access_token: access_token.plaintext_value }
stats_params = { metric_name: metric.system_name, period: 'day', timezone: ActiveSupport::TimeZone['UTC'].name, skip_change: false }
get usage_stats_data_services_path(url_params), params: stats_params
@@ -61,7 +61,7 @@ def setup
buyer_access_token = FactoryBot.create(:access_token, owner: buyer_user, scopes: ['stats'])
- url_params = { service_id: service.id, format: :json, access_token: buyer_access_token.value }
+ url_params = { service_id: service.id, format: :json, access_token: buyer_access_token.plaintext_value }
stats_params = { metric_name: metric.system_name, period: 'day', timezone: ActiveSupport::TimeZone['UTC'].name, skip_change: false }
get usage_stats_data_services_path(url_params), params: stats_params
diff --git a/test/integration/stats/data/requests_to_api_test.rb b/test/integration/stats/data/requests_to_api_test.rb
index a148103249..ffcec09497 100644
--- a/test/integration/stats/data/requests_to_api_test.rb
+++ b/test/integration/stats/data/requests_to_api_test.rb
@@ -21,7 +21,7 @@ def setup
test 'usage with access token' do
member = FactoryBot.create(:member, account: @provider_account, admin_sections: ['monitoring'])
token = FactoryBot.create(:access_token, owner: member, scopes: ['stats'])
- params = { period: 'day', metric_name: 'hits', access_token: token.value }
+ params = { period: 'day', metric_name: 'hits', access_token: token.plaintext_value }
# token includes the right scope, member has the right permission, all services are accessible
get usage_stats_data_applications_path(@application, format: :json), params: params
@@ -55,7 +55,7 @@ def setup
test 'summary with access token' do
member = FactoryBot.create(:member, account: @provider_account, admin_sections: ['monitoring'])
token = FactoryBot.create(:access_token, owner: member, scopes: ['stats'])
- params = { period: 'day', metric_name: 'hits', access_token: token.value }
+ params = { period: 'day', metric_name: 'hits', access_token: token.plaintext_value }
get summary_stats_data_applications_path(@application, format: :json), params: params
assert_response :success
diff --git a/test/integration/stats/data/service_controller_test.rb b/test/integration/stats/data/service_controller_test.rb
index d7593b2a40..f7319f642b 100644
--- a/test/integration/stats/data/service_controller_test.rb
+++ b/test/integration/stats/data/service_controller_test.rb
@@ -7,7 +7,7 @@ def setup
@application = FactoryBot.create :cinstance
host! @application.provider_account.internal_admin_domain
user = @application.provider_account.admins.first!
- @token = FactoryBot.create(:access_token, owner: user, scopes: %w[stats], permission: 'rw').value
+ @token = FactoryBot.create(:access_token, owner: user, scopes: %w[stats], permission: 'rw').plaintext_value
end
attr_reader :application, :token
diff --git a/test/integration/user-management-api/account_plans_test.rb b/test/integration/user-management-api/account_plans_test.rb
index 22f477549f..82a7dd0436 100644
--- a/test/integration/user-management-api/account_plans_test.rb
+++ b/test/integration/user-management-api/account_plans_test.rb
@@ -24,7 +24,7 @@ class AccessTokenTest < Admin::Api::AccountPlansTest
member = FactoryBot.create(:member, account: @provider, admin_sections: %w[])
token = FactoryBot.create(:access_token, owner: member, scopes: 'account_management')
- get admin_api_account_plans_path(format: :xml), params: { access_token: token.value }
+ get admin_api_account_plans_path(format: :xml), params: { access_token: token.plaintext_value }
assert_response :forbidden
end
@@ -32,7 +32,7 @@ class AccessTokenTest < Admin::Api::AccountPlansTest
member = FactoryBot.create(:member, account: @provider, admin_sections: %w[partners plans])
token = FactoryBot.create(:access_token, owner: member, scopes: 'account_management')
- get admin_api_account_plans_path(format: :xml), params: { access_token: token.value }
+ get admin_api_account_plans_path(format: :xml), params: { access_token: token.plaintext_value }
assert_response :success
end
@@ -40,7 +40,7 @@ class AccessTokenTest < Admin::Api::AccountPlansTest
admin = FactoryBot.create(:admin, account: @provider, admin_sections: [])
token = FactoryBot.create(:access_token, owner: admin, scopes: 'account_management')
- get admin_api_account_plans_path(format: :xml), params: { access_token: token.value }
+ get admin_api_account_plans_path(format: :xml), params: { access_token: token.plaintext_value }
assert_response :success
end
@@ -49,7 +49,7 @@ class AccessTokenTest < Admin::Api::AccountPlansTest
admin = FactoryBot.create(:admin, account: @provider, admin_sections: [])
token = FactoryBot.create(:access_token, owner: admin, scopes: 'account_management')
- get admin_api_account_plans_path(format: :xml), params: { access_token: token.value }
+ get admin_api_account_plans_path(format: :xml), params: { access_token: token.plaintext_value }
assert_response :success
end
end
diff --git a/test/integration/user-management-api/accounts_test.rb b/test/integration/user-management-api/accounts_test.rb
index 3151e47f27..c2545b3aa9 100644
--- a/test/integration/user-management-api/accounts_test.rb
+++ b/test/integration/user-management-api/accounts_test.rb
@@ -183,7 +183,7 @@ def setup
assert_not settings.monthly_billing_enabled
put admin_api_account_path(@buyer, format: :xml), params: {
- access_token: token.value,
+ access_token: token.plaintext_value,
monthly_billing_enabled: true,
monthly_charging_enabled: true,
org_name: 'ooooooooo'
@@ -243,7 +243,7 @@ def setup
protected
def access_token_params(token = @token)
- { access_token: token.value }
+ { access_token: token.plaintext_value }
end
alias params access_token_params
diff --git a/test/integration/user-management-api/application_plan_features_test.rb b/test/integration/user-management-api/application_plan_features_test.rb
index a3c8f3a8cf..d227ffcf78 100644
--- a/test/integration/user-management-api/application_plan_features_test.rb
+++ b/test/integration/user-management-api/application_plan_features_test.rb
@@ -44,7 +44,7 @@ def setup
private
def access_token_params(token = @token)
- { access_token: token.value }
+ { access_token: token.plaintext_value }
end
alias params access_token_params
diff --git a/test/integration/user-management-api/application_plan_limits_test.rb b/test/integration/user-management-api/application_plan_limits_test.rb
index 1cffe70412..c1fae1fe27 100644
--- a/test/integration/user-management-api/application_plan_limits_test.rb
+++ b/test/integration/user-management-api/application_plan_limits_test.rb
@@ -47,7 +47,7 @@ def setup
private
def access_token_params(token = @token)
- { access_token: token.value }
+ { access_token: token.plaintext_value }
end
alias params access_token_params
diff --git a/test/integration/user-management-api/application_plan_metric_limits_test.rb b/test/integration/user-management-api/application_plan_metric_limits_test.rb
index 573dd91c36..40c086d72e 100644
--- a/test/integration/user-management-api/application_plan_metric_limits_test.rb
+++ b/test/integration/user-management-api/application_plan_metric_limits_test.rb
@@ -46,7 +46,7 @@ def setup
private
def access_token_params(token = @token)
- { access_token: token.value }
+ { access_token: token.plaintext_value }
end
alias params access_token_params
diff --git a/test/integration/user-management-api/application_plan_metric_pricing_rules_test.rb b/test/integration/user-management-api/application_plan_metric_pricing_rules_test.rb
index 3b0f4642fe..cf4d673397 100644
--- a/test/integration/user-management-api/application_plan_metric_pricing_rules_test.rb
+++ b/test/integration/user-management-api/application_plan_metric_pricing_rules_test.rb
@@ -54,7 +54,7 @@ def setup
private
def access_token_params(token = @token)
- { access_token: token.value }
+ { access_token: token.plaintext_value }
end
alias params access_token_params
diff --git a/test/integration/user-management-api/application_plan_pricing_rules_test.rb b/test/integration/user-management-api/application_plan_pricing_rules_test.rb
index 5f7fea7e59..373d46a9ef 100644
--- a/test/integration/user-management-api/application_plan_pricing_rules_test.rb
+++ b/test/integration/user-management-api/application_plan_pricing_rules_test.rb
@@ -46,7 +46,7 @@ def setup
private
def access_token_params(token = @token)
- { access_token: token.value }
+ { access_token: token.plaintext_value }
end
alias params access_token_params
diff --git a/test/integration/user-management-api/application_plans_test.rb b/test/integration/user-management-api/application_plans_test.rb
index aa41d6d47d..c9fed8b628 100644
--- a/test/integration/user-management-api/application_plans_test.rb
+++ b/test/integration/user-management-api/application_plans_test.rb
@@ -48,7 +48,7 @@ def setup
private
def access_token_params(token = @token)
- { access_token: token.value }
+ { access_token: token.plaintext_value }
end
alias params access_token_params
diff --git a/test/integration/user-management-api/applications_test.rb b/test/integration/user-management-api/applications_test.rb
index 8ca909e62f..3ae7372921 100644
--- a/test/integration/user-management-api/applications_test.rb
+++ b/test/integration/user-management-api/applications_test.rb
@@ -41,17 +41,17 @@ def setup
get(admin_api_applications_path)
assert_response :forbidden
- get admin_api_applications_path, params: { access_token: token.value }
+ get admin_api_applications_path, params: { access_token: token.plaintext_value }
assert_response :success
assert_select "applications/application", false
user.update(member_permission_service_ids: [@service.id])
- get admin_api_applications_path, params: { access_token: token.value, service_id: service_2.id }
+ get admin_api_applications_path, params: { access_token: token.plaintext_value, service_id: service_2.id }
assert_response :success
assert_select "applications/application", false
user.update(member_permission_service_ids: [@service.id, service_2.id])
- get admin_api_applications_path, params: { access_token: token.value }
+ get admin_api_applications_path, params: { access_token: token.plaintext_value }
assert_response :success
assert_select "applications/application", 2
assert_select "applications/application/id", @application.id.to_s
@@ -59,7 +59,7 @@ def setup
assert_select "applications/application/id", application_2.id.to_s
assert_select "applications/application/service_id", service_2.id.to_s
- get admin_api_applications_path, params: { access_token: token.value, service_id: @service.id }
+ get admin_api_applications_path, params: { access_token: token.plaintext_value, service_id: @service.id }
assert_response :success
assert_select "applications/application", 1
assert_select "applications/application/id", @application.id.to_s
diff --git a/test/integration/user-management-api/base_controller_test.rb b/test/integration/user-management-api/base_controller_test.rb
index 487904a742..4a73d4a6f8 100644
--- a/test/integration/user-management-api/base_controller_test.rb
+++ b/test/integration/user-management-api/base_controller_test.rb
@@ -26,7 +26,7 @@ def test_wrapped_parameters_on_multipart_form
def test_unknown_format
with_api_routes do
- get '/api/version/2.php', params: {access_token: @token.value}
+ get '/api/version/2.php', params: {access_token: @token.plaintext_value}
assert_response :not_acceptable
end
end
@@ -37,7 +37,7 @@ class RepresentedPaginationMetadataTest < ActionDispatch::IntegrationTest
def setup
provider = FactoryBot.create(:provider_account)
- @token = FactoryBot.create(:access_token, owner: provider.admin_users.first!, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: provider.admin_users.first!, scopes: %w[account_management]).plaintext_value
host! provider.external_admin_domain
end
@@ -131,7 +131,7 @@ def setup
@provider = FactoryBot.create(:simple_provider)
@user = FactoryBot.create(:simple_admin, account: @provider)
@user.access_tokens.create!(name: 'API', scopes: %w[account_management], permission: 'ro') do |token|
- token.value = 'access_token'
+ token.value = AccessToken.compute_digest('access_token')
end
ThreeScale.config.stubs(tenant_mode: 'multitenant')
end
@@ -159,7 +159,7 @@ def test_master_tenant_mode_on_prem
ThreeScale.config.stubs(onpremises: true)
user = FactoryBot.create(:simple_admin, account: master_account)
user.access_tokens.create!(name: 'API', scopes: %w[account_management], permission: 'ro') do |token|
- token.value = 'master_access_token'
+ token.value = AccessToken.compute_digest('master_access_token')
end
with_api_routes do
@@ -193,7 +193,7 @@ def test_random_domain
def multipart
boundary = '----0123456789'
- parts = {body: '{"hello": "world"}', name: 'Multipart request', access_token: @token.value}
+ parts = {body: '{"hello": "world"}', name: 'Multipart request', access_token: @token.plaintext_value}
body = parts.map do |key, val|
%(Content-Disposition: form-data; name="#{key}"\r\n\r\n#{val}\r\n)
end.join("#{boundary}\r\n")
diff --git a/test/integration/user-management-api/buyers_application_keys_test.rb b/test/integration/user-management-api/buyers_application_keys_test.rb
index 27009a9390..48571b1d12 100644
--- a/test/integration/user-management-api/buyers_application_keys_test.rb
+++ b/test/integration/user-management-api/buyers_application_keys_test.rb
@@ -31,10 +31,10 @@ def setup
post(admin_api_account_application_keys_path(@buyer, app, key: 'alaska'))
assert_response :forbidden
- post(admin_api_account_application_keys_path(@buyer, app, key: 'alaska'), params: { access_token: token.value })
+ post(admin_api_account_application_keys_path(@buyer, app, key: 'alaska'), params: { access_token: token.plaintext_value })
assert_response :not_found
user.update(member_permission_service_ids: [app.issuer.id])
- post(admin_api_account_application_keys_path(@buyer, app, key: 'alaska'), params: { access_token: token.value })
+ post(admin_api_account_application_keys_path(@buyer, app, key: 'alaska'), params: { access_token: token.plaintext_value })
assert_response :success
end
diff --git a/test/integration/user-management-api/buyers_application_plans_test.rb b/test/integration/user-management-api/buyers_application_plans_test.rb
index 27ebd93c7a..60c36182ad 100644
--- a/test/integration/user-management-api/buyers_application_plans_test.rb
+++ b/test/integration/user-management-api/buyers_application_plans_test.rb
@@ -34,13 +34,13 @@ def setup
user.update(member_permission_ids: [:partners], member_permission_service_ids: [])
- get admin_api_account_application_plans_path(@buyer, access_token: token.value, format: :json)
+ get admin_api_account_application_plans_path(@buyer, access_token: token.plaintext_value, format: :json)
assert_response :success
assert_equal 0, JSON.parse(response.body)['plans'].count
user.update(member_permission_service_ids: [@provider.default_service.id])
- get admin_api_account_application_plans_path(@buyer, access_token: token.value, format: :json)
+ get admin_api_account_application_plans_path(@buyer, access_token: token.plaintext_value, format: :json)
assert_response :success
assert_equal 1, JSON.parse(response.body)['plans'].count
end
diff --git a/test/integration/user-management-api/buyers_application_referrer_filters_test.rb b/test/integration/user-management-api/buyers_application_referrer_filters_test.rb
index 101d7621a3..9c38a9faa8 100644
--- a/test/integration/user-management-api/buyers_application_referrer_filters_test.rb
+++ b/test/integration/user-management-api/buyers_application_referrer_filters_test.rb
@@ -28,10 +28,10 @@ def setup
get(admin_api_account_application_referrer_filters_path(@buyer, app))
assert_response :forbidden
- get(admin_api_account_application_referrer_filters_path(@buyer, app), params: { access_token: token.value })
+ get(admin_api_account_application_referrer_filters_path(@buyer, app), params: { access_token: token.plaintext_value })
assert_response :not_found
user.update(member_permission_service_ids: [app.issuer.id])
- get(admin_api_account_application_referrer_filters_path(@buyer, app), params: { access_token: token.value })
+ get(admin_api_account_application_referrer_filters_path(@buyer, app), params: { access_token: token.plaintext_value })
assert_response :success
end
diff --git a/test/integration/user-management-api/buyers_applications_test.rb b/test/integration/user-management-api/buyers_applications_test.rb
index dbc9c250a2..555f169c5e 100644
--- a/test/integration/user-management-api/buyers_applications_test.rb
+++ b/test/integration/user-management-api/buyers_applications_test.rb
@@ -31,7 +31,7 @@ def setup
ReferrerFilter.enable_backend!
stub_backend_get_keys
- @token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).value
+ @token = FactoryBot.create(:access_token, owner: @provider.admin_users.first!, scopes: %w[account_management]).plaintext_value
end
test 'index' do
diff --git a/test/integration/user-management-api/buyers_users_test.rb b/test/integration/user-management-api/buyers_users_test.rb
index d6fa3d7e4c..085dbcd355 100644
--- a/test/integration/user-management-api/buyers_users_test.rb
+++ b/test/integration/user-management-api/buyers_users_test.rb
@@ -35,7 +35,7 @@ def setup
User.any_instance.expects(:forget_me).never
- post admin_api_account_users_path(@buyer, format: :xml), params: { username: 'alex', email: 'alex@alaska.hu', access_token: token.value }
+ post admin_api_account_users_path(@buyer, format: :xml), params: { username: 'alex', email: 'alex@alaska.hu', access_token: token.plaintext_value }
assert_response :success
end
end
@@ -47,17 +47,17 @@ def setup
user = FactoryBot.create(:member, account: @provider)
token = FactoryBot.create(:access_token, owner: user)
- get admin_api_account_users_path(@buyer, format: :xml), params: { access_token: token.value }
+ get admin_api_account_users_path(@buyer, format: :xml), params: { access_token: token.plaintext_value }
assert_response :forbidden
user.admin_sections = ['partners']
user.save!
- get admin_api_account_users_path(@buyer, format: :xml), params: { access_token: token.value }
+ get admin_api_account_users_path(@buyer, format: :xml), params: { access_token: token.plaintext_value }
assert_response :forbidden
token.scopes = ['account_management']
token.save!
- get admin_api_account_users_path(@buyer, format: :xml), params: { access_token: token.value }
+ get admin_api_account_users_path(@buyer, format: :xml), params: { access_token: token.plaintext_value }
assert_response :success
end
@@ -66,12 +66,12 @@ def setup
user = FactoryBot.create(:member, account: @provider, admin_sections: ['partners'])
token = FactoryBot.create(:access_token, owner: user, scopes: ['account_management'])
- get admin_api_account_user_path(@buyer, id: @member.id, format: :xml), params: { access_token: token.value }
+ get admin_api_account_user_path(@buyer, id: @member.id, format: :xml), params: { access_token: token.plaintext_value }
assert_response :success
user.role = 'admin'
user.save!
- get admin_api_account_user_path(@buyer, id: @member.id, format: :xml), params: { access_token: token.value }
+ get admin_api_account_user_path(@buyer, id: @member.id, format: :xml), params: { access_token: token.plaintext_value }
assert_response :success
end
@@ -80,12 +80,12 @@ def setup
user = FactoryBot.create(:member, account: @provider, admin_sections: ['partners'])
token = FactoryBot.create(:access_token, owner: user, scopes: ['account_management'])
- put admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'Alex', access_token: token.value }
+ put admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'Alex', access_token: token.plaintext_value }
assert_response :success
user.role = 'admin'
user.save!
- put admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'Alex', access_token: token.value }
+ put admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'Alex', access_token: token.plaintext_value }
assert_response :success
end
@@ -94,12 +94,12 @@ def setup
user = FactoryBot.create(:member, account: @provider, admin_sections: ['partners'])
token = FactoryBot.create(:access_token, owner: user, scopes: ['account_management'])
- post admin_api_account_users_path(@buyer, format: :xml), params: { username: 'alex', email: 'alex@alaska.hu', access_token: token.value }
+ post admin_api_account_users_path(@buyer, format: :xml), params: { username: 'alex', email: 'alex@alaska.hu', access_token: token.plaintext_value }
assert_response :forbidden
user.role = 'admin'
user.save!
- post admin_api_account_users_path(@buyer, format: :xml), params: { username: 'alex', email: 'alex@alaska.hu', access_token: token.value }
+ post admin_api_account_users_path(@buyer, format: :xml), params: { username: 'alex', email: 'alex@alaska.hu', access_token: token.plaintext_value }
assert_response :success
end
@@ -108,16 +108,16 @@ def setup
user = FactoryBot.create(:member, account: @provider, admin_sections: ['partners'])
token = FactoryBot.create(:access_token, owner: user, scopes: ['account_management'])
- put admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.value }
+ put admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.plaintext_value }
assert_response :success
- put activate_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.value }
+ put activate_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.plaintext_value }
assert_response :success
user.role = 'admin'
user.save!
- put admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.value }
+ put admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.plaintext_value }
assert_response :success
- put activate_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.value }
+ put activate_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.plaintext_value }
assert_response :success
end
@@ -126,16 +126,16 @@ def setup
user = FactoryBot.create(:member, account: @provider, admin_sections: ['partners'])
token = FactoryBot.create(:access_token, owner: user, scopes: ['account_management'])
- put admin_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.value }
+ put admin_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.plaintext_value }
assert_response :success
- put member_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.value }
+ put member_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.plaintext_value }
assert_response :success
user.role = 'admin'
user.save!
- put admin_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.value }
+ put admin_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.plaintext_value }
assert_response :success
- put member_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.value }
+ put member_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.plaintext_value }
assert_response :success
end
@@ -145,13 +145,13 @@ def setup
token = FactoryBot.create(:access_token, owner: user, scopes: ['account_management'])
User.any_instance.expects(:destroy).returns(true)
- delete admin_api_account_user_path(@buyer, format: :xml, id: @member.id), params: { access_token: token.value }
+ delete admin_api_account_user_path(@buyer, format: :xml, id: @member.id), params: { access_token: token.plaintext_value }
assert_response :success
user.role = 'admin'
user.save!
User.any_instance.expects(:destroy).returns(true)
- delete admin_api_account_user_path(@buyer, format: :xml, id: @member.id), params: { access_token: token.value }
+ delete admin_api_account_user_path(@buyer, format: :xml, id: @member.id), params: { access_token: token.plaintext_value }
assert_response :success
end
@@ -161,19 +161,19 @@ def setup
token = FactoryBot.create(:access_token, owner: user, scopes: ['account_management'])
User.any_instance.expects(:suspend!).returns(true)
- put suspend_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.value }
+ put suspend_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.plaintext_value }
assert_response :success
User.any_instance.expects(:unsuspend).returns(true)
- put unsuspend_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.value }
+ put unsuspend_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.plaintext_value }
assert_response :success
user.role = 'admin'
user.save!
User.any_instance.expects(:suspend!).returns(true)
- put suspend_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.value }
+ put suspend_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.plaintext_value }
assert_response :success
User.any_instance.expects(:unsuspend).returns(true)
- put unsuspend_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.value }
+ put unsuspend_admin_api_account_user_path(@buyer.id, id: @member.id, format: :xml), params: { username: 'alex', access_token: token.plaintext_value }
assert_response :success
end
diff --git a/test/integration/user-management-api/credit_cards_test.rb b/test/integration/user-management-api/credit_cards_test.rb
index b6cfec651e..8cc5452387 100644
--- a/test/integration/user-management-api/credit_cards_test.rb
+++ b/test/integration/user-management-api/credit_cards_test.rb
@@ -50,13 +50,13 @@ def setup
user = FactoryBot.create(:member, account: @provider, admin_sections: ['finance'])
token = FactoryBot.create(:access_token, owner: user, scopes: 'finance')
- delete admin_api_account_credit_card_path(@buyer, format: :xml), params: { access_token: token.value }
+ delete admin_api_account_credit_card_path(@buyer, format: :xml), params: { access_token: token.plaintext_value }
assert_response :success
user.role = 'admin'
user.save!
- delete admin_api_account_credit_card_path(@buyer, format: :xml), params: { access_token: token.value }
+ delete admin_api_account_credit_card_path(@buyer, format: :xml), params: { access_token: token.plaintext_value }
assert_response :success
end
@@ -233,7 +233,7 @@ def valid_params(token)
billing_address_country: 'spain',
credit_card_expiration_year: '2013',
credit_card_expiration_month: '12',
- access_token: token.value
+ access_token: token.plaintext_value
}
end
end
diff --git a/test/integration/user-management-api/service_contracts_controller_test.rb b/test/integration/user-management-api/service_contracts_controller_test.rb
index 93b54ef887..4780e2186d 100644
--- a/test/integration/user-management-api/service_contracts_controller_test.rb
+++ b/test/integration/user-management-api/service_contracts_controller_test.rb
@@ -12,7 +12,7 @@ def setup
@buyer.buy! @application_plan
- @token = FactoryBot.create(:access_token, owner: current_account.admin_users.first!, scopes: 'account_management').value
+ @token = FactoryBot.create(:access_token, owner: current_account.admin_users.first!, scopes: 'account_management').plaintext_value
host! current_account.internal_admin_domain
end
diff --git a/test/integration/user-management-api/service_features_test.rb b/test/integration/user-management-api/service_features_test.rb
index 4d6c41ec04..23219dfc29 100644
--- a/test/integration/user-management-api/service_features_test.rb
+++ b/test/integration/user-management-api/service_features_test.rb
@@ -19,10 +19,10 @@ def setup
get admin_api_service_feature_path(@service, feature)
assert_response :forbidden
- get admin_api_service_feature_path(@service, feature), params: { access_token: token.value }
+ get admin_api_service_feature_path(@service, feature), params: { access_token: token.plaintext_value }
assert_response :not_found
user.update(member_permission_service_ids: [@service.id])
- get admin_api_service_feature_path(@service, feature), params: { access_token: token.value }
+ get admin_api_service_feature_path(@service, feature), params: { access_token: token.plaintext_value }
assert_response :success
end
diff --git a/test/integration/user-management-api/service_plans_test.rb b/test/integration/user-management-api/service_plans_test.rb
index 4c57071b72..ec4ea35cce 100644
--- a/test/integration/user-management-api/service_plans_test.rb
+++ b/test/integration/user-management-api/service_plans_test.rb
@@ -25,10 +25,10 @@ def setup
get admin_api_service_service_plan_path(service, plan)
assert_response :forbidden
- get admin_api_service_service_plan_path(service, plan), params: { access_token: token.value }
+ get admin_api_service_service_plan_path(service, plan), params: { access_token: token.plaintext_value }
assert_response :not_found
user.update(member_permission_service_ids: [service.id])
- get admin_api_service_service_plan_path(service, plan), params: { access_token: token.value }
+ get admin_api_service_service_plan_path(service, plan), params: { access_token: token.plaintext_value }
assert_response :success
end
diff --git a/test/integration/user-management-api/service_subscriptions_controller_test.rb b/test/integration/user-management-api/service_subscriptions_controller_test.rb
index 4ac3a5f522..7f7a6d0ea2 100644
--- a/test/integration/user-management-api/service_subscriptions_controller_test.rb
+++ b/test/integration/user-management-api/service_subscriptions_controller_test.rb
@@ -15,7 +15,7 @@ def setup
@buyer.buy! @application_plan
- @token = FactoryBot.create(:access_token, owner: current_account.admin_users.first!, scopes: 'account_management').value
+ @token = FactoryBot.create(:access_token, owner: current_account.admin_users.first!, scopes: 'account_management').plaintext_value
host! current_account.internal_admin_domain
end
diff --git a/test/integration/user-management-api/services/mapping_rules_test.rb b/test/integration/user-management-api/services/mapping_rules_test.rb
index 0efb396910..18cd537d5f 100644
--- a/test/integration/user-management-api/services/mapping_rules_test.rb
+++ b/test/integration/user-management-api/services/mapping_rules_test.rb
@@ -19,29 +19,29 @@ def test_crud_access_token
# index
get(admin_api_service_proxy_mapping_rules_path(access_token_params))
assert_response :forbidden
- get(admin_api_service_proxy_mapping_rules_path(access_token_params(token.value)))
+ get(admin_api_service_proxy_mapping_rules_path(access_token_params(token.plaintext_value)))
assert_response :not_found
user.update(member_permission_service_ids: [@service.id])
- get(admin_api_service_proxy_mapping_rules_path(access_token_params(token.value)))
+ get(admin_api_service_proxy_mapping_rules_path(access_token_params(token.plaintext_value)))
assert_response :success
# show
- params = access_token_params(token.value).merge(id: @proxy_rule.id)
+ params = access_token_params(token.plaintext_value).merge(id: @proxy_rule.id)
get(admin_api_service_proxy_mapping_rule_path(params))
assert_response :success
# create
- params = access_token_params(token.value).merge(mapping_rule_params)
+ params = access_token_params(token.plaintext_value).merge(mapping_rule_params)
post(admin_api_service_proxy_mapping_rules_path(params))
assert_response :success
# update
- params = access_token_params(token.value).merge(id: @proxy_rule.id).merge(mapping_rule_params)
+ params = access_token_params(token.plaintext_value).merge(id: @proxy_rule.id).merge(mapping_rule_params)
put(admin_api_service_proxy_mapping_rule_path(params))
assert_response :success
# destroy
- params = access_token_params(token.value).merge(id: @proxy_rule.id)
+ params = access_token_params(token.plaintext_value).merge(id: @proxy_rule.id)
delete(admin_api_service_proxy_mapping_rule_path(params))
assert_response :success
end
diff --git a/test/integration/user-management-api/services/proxies_test.rb b/test/integration/user-management-api/services/proxies_test.rb
index 0980af0c28..de9c70c11e 100644
--- a/test/integration/user-management-api/services/proxies_test.rb
+++ b/test/integration/user-management-api/services/proxies_test.rb
@@ -17,14 +17,14 @@ def test_crud_access_token
# show
get(admin_api_service_proxy_path(access_token_params))
assert_response :forbidden
- get(admin_api_service_proxy_path(access_token_params(token.value)))
+ get(admin_api_service_proxy_path(access_token_params(token.plaintext_value)))
assert_response :not_found
user.update(member_permission_service_ids: [@service.id])
- get(admin_api_service_proxy_path(access_token_params(token.value)))
+ get(admin_api_service_proxy_path(access_token_params(token.plaintext_value)))
assert_response :success
# update
- params = access_token_params(token.value).merge(proxy: { endpoint: 'https://alaska.wild' })
+ params = access_token_params(token.plaintext_value).merge(proxy: { endpoint: 'https://alaska.wild' })
put(admin_api_service_proxy_path(params))
assert_response :success
end
diff --git a/test/integration/user-management-api/services/proxy/configs_test.rb b/test/integration/user-management-api/services/proxy/configs_test.rb
index 04ef1b7587..1e515ce56e 100644
--- a/test/integration/user-management-api/services/proxy/configs_test.rb
+++ b/test/integration/user-management-api/services/proxy/configs_test.rb
@@ -89,16 +89,16 @@ def test_index_staging
_proxy_config_old = FactoryBot.create(:proxy_config, proxy: @service.proxy, environment: ProxyConfig::ENVIRONMENTS.first, content: content_hosts('v1.example.com'))
proxy_config_new = FactoryBot.create(:proxy_config, proxy: @service.proxy, environment: ProxyConfig::ENVIRONMENTS.first, content: content_hosts('v2.example.com'))
- get admin_api_proxy_configs_path(environment: ProxyConfig::ENVIRONMENTS.first, format: :json), params: { host: 'v1.example.com', access_token: @token.value }
+ get admin_api_proxy_configs_path(environment: ProxyConfig::ENVIRONMENTS.first, format: :json), params: { host: 'v1.example.com', access_token: @token.plaintext_value }
assert_empty proxy_config_ids
- get admin_api_proxy_configs_path(environment: ProxyConfig::ENVIRONMENTS.first, format: :json), params: { host: 'v2.example.com', access_token: @token.value }
+ get admin_api_proxy_configs_path(environment: ProxyConfig::ENVIRONMENTS.first, format: :json), params: { host: 'v2.example.com', access_token: @token.plaintext_value }
assert_equal [proxy_config_new.id], proxy_config_ids
_proxy_config_old, proxy_config_new = FactoryBot.create_list(:proxy_config, 2, proxy: @service.proxy, environment: ProxyConfig::ENVIRONMENTS.first, content: content_hosts('foo.example.com'))
- get admin_api_proxy_configs_path(environment: ProxyConfig::ENVIRONMENTS.first, format: :json), params: { host: 'foo.example.com', access_token: @token.value }
+ get admin_api_proxy_configs_path(environment: ProxyConfig::ENVIRONMENTS.first, format: :json), params: { host: 'foo.example.com', access_token: @token.plaintext_value }
assert_equal [proxy_config_new.id], proxy_config_ids
end
@@ -133,7 +133,7 @@ def content_hosts(*hosts)
def host_valid_params
{
host: @config.hosts.first,
- access_token: @token.value,
+ access_token: @token.plaintext_value,
}
end
@@ -141,7 +141,7 @@ def valid_params
{
service_id: @service.id,
environment: ProxyConfig::ENVIRONMENTS.first,
- access_token: @token.value,
+ access_token: @token.plaintext_value,
format: :json
}
end
diff --git a/test/integration/user-management-api/services/proxy/policies_test.rb b/test/integration/user-management-api/services/proxy/policies_test.rb
index 2d12c9d8cc..5a3adf835c 100644
--- a/test/integration/user-management-api/services/proxy/policies_test.rb
+++ b/test/integration/user-management-api/services/proxy/policies_test.rb
@@ -74,7 +74,7 @@ def test_invalid_json_policies_config
def valid_params
{
service_id: @service.id,
- access_token: @token.value,
+ access_token: @token.plaintext_value,
format: :json
}
end
@@ -92,7 +92,7 @@ def setup
@service = @provider.default_service
@another_service = FactoryBot.create(:simple_service, account: @provider)
@member = FactoryBot.create(:active_user, account: @provider, role: :member)
- @access_token = FactoryBot.create(:access_token, owner: @member, scopes: %w[policy_registry]).value
+ @access_token = FactoryBot.create(:access_token, owner: @member, scopes: %w[policy_registry]).plaintext_value
host! @provider.external_admin_domain
end
@@ -124,7 +124,7 @@ def setup
test 'correct member permissions but wrong token scope' do
member.update(allowed_sections: :policy_registry, allowed_service_ids: [service.id])
- new_token = FactoryBot.create(:access_token, owner: @member, scopes: %w[stats cms finance]).value
+ new_token = FactoryBot.create(:access_token, owner: @member, scopes: %w[stats cms finance]).plaintext_value
get admin_api_service_proxy_policies_path(service, access_token: new_token, format: :json)
@@ -133,7 +133,7 @@ def setup
test 'correct member permissions with invalid scope' do
member.update(allowed_sections: :policy_registry, allowed_service_ids: [service.id])
- new_token = FactoryBot.create(:access_token, owner: member.reload, scopes: %w[account_management]).value
+ new_token = FactoryBot.create(:access_token, owner: member.reload, scopes: %w[account_management]).plaintext_value
get admin_api_service_proxy_policies_path(service, access_token: new_token, format: :json)
@@ -142,7 +142,7 @@ def setup
test 'correct member permissions with correct scope' do
member.update(allowed_sections: :policy_registry, allowed_service_ids: [service.id])
- new_token = FactoryBot.create(:access_token, owner: member.reload, scopes: %w[policy_registry]).value
+ new_token = FactoryBot.create(:access_token, owner: member.reload, scopes: %w[policy_registry]).plaintext_value
get admin_api_service_proxy_policies_path(service, access_token: new_token, format: :json)
diff --git a/test/integration/user-management-api/services_test.rb b/test/integration/user-management-api/services_test.rb
index 5f6ff35bb7..0d5f7346d4 100644
--- a/test/integration/user-management-api/services_test.rb
+++ b/test/integration/user-management-api/services_test.rb
@@ -19,10 +19,10 @@ def setup
get admin_api_service_path(@service)
assert_response :forbidden
- get admin_api_service_path(@service), params: { access_token: token.value }
+ get admin_api_service_path(@service), params: { access_token: token.plaintext_value }
assert_response :not_found
user.update(member_permission_service_ids: [@service.id])
- get admin_api_service_path(@service), params: { access_token: token.value }
+ get admin_api_service_path(@service), params: { access_token: token.plaintext_value }
assert_response :success
end
@@ -102,7 +102,7 @@ def setup
_other_service = FactoryBot.create(:simple_service, account: @provider)
access_token = FactoryBot.create(:access_token, owner: @provider.admins.first, scopes: 'account_management')
- delete admin_api_service_path @service.id, access_token: access_token.value, format: :json
+ delete admin_api_service_path @service.id, access_token: access_token.plaintext_value, format: :json
assert_response 200
assert_raise(ActiveRecord::RecordNotFound) { Service.accessible.find(@service.id) }
@@ -123,12 +123,12 @@ def setup
ro_token = FactoryBot.create(:access_token, owner: user, scopes: 'account_management', permission: 'ro')
rw_token = FactoryBot.create(:access_token, owner: user, scopes: 'account_management', permission: 'rw')
- put admin_api_service_path(@service), params: { access_token: rw_token.value, format: :xml, name: 'new service name' }
+ put admin_api_service_path(@service), params: { access_token: rw_token.plaintext_value, format: :xml, name: 'new service name' }
assert_response :success
@service.reload
assert_equal 'new service name', @service.name
- put admin_api_service_path(@service), params: { access_token: ro_token.value, format: :xml, name: 'other service name' }
+ put admin_api_service_path(@service), params: { access_token: ro_token.plaintext_value, format: :xml, name: 'other service name' }
assert_response :forbidden
@service.reload
assert_equal 'new service name', @service.name
diff --git a/test/integration/user-management-api/signup_test.rb b/test/integration/user-management-api/signup_test.rb
index 731a848134..1c4b496d06 100644
--- a/test/integration/user-management-api/signup_test.rb
+++ b/test/integration/user-management-api/signup_test.rb
@@ -35,7 +35,7 @@ def setup
user = FactoryBot.create(:member, account: @provider)
token = FactoryBot.create(:access_token, owner: user)
- post admin_api_signup_path, params: { format: :xml, access_token: token.value, org_name: 'fiona', username: 'fiona' }
+ post admin_api_signup_path, params: { format: :xml, access_token: token.plaintext_value, org_name: 'fiona', username: 'fiona' }
assert_response :forbidden
user.admin_sections = ['partners']
@@ -43,7 +43,7 @@ def setup
token.scopes = ['account_management']
token.save!
- post admin_api_signup_path, params: { format: :xml, access_token: token.value, org_name: 'fiona', username: 'fiona' }
+ post admin_api_signup_path, params: { format: :xml, access_token: token.plaintext_value, org_name: 'fiona', username: 'fiona' }
assert_response :created
end
diff --git a/test/integration/user-management-api/users_test.rb b/test/integration/user-management-api/users_test.rb
index d3403c028a..6b986f623e 100644
--- a/test/integration/user-management-api/users_test.rb
+++ b/test/integration/user-management-api/users_test.rb
@@ -22,7 +22,7 @@ def setup
test 'index with access token as a member' do
token = FactoryBot.create(:access_token, owner: @member, scopes: ['account_management'])
- get admin_api_users_path(format: :xml), params: { access_token: token.value }
+ get admin_api_users_path(format: :xml), params: { access_token: token.plaintext_value }
assert_response :forbidden
end
@@ -31,11 +31,11 @@ def setup
token = FactoryBot.create(:access_token, owner: admin, scopes: ['account_management'])
Settings::Switch.any_instance.stubs(:allowed?).returns(false)
- get admin_api_users_path(format: :xml), params: { access_token: token.value }
+ get admin_api_users_path(format: :xml), params: { access_token: token.plaintext_value }
assert_response :forbidden
Settings::Switch.any_instance.stubs(:allowed?).returns(true)
- get admin_api_users_path(format: :xml), params: { access_token: token.value }
+ get admin_api_users_path(format: :xml), params: { access_token: token.plaintext_value }
assert_response :success
end
@@ -45,7 +45,7 @@ def setup
impersonation_admin.save!
Settings::Switch.any_instance.stubs(:allowed?).returns(true)
- get admin_api_users_path(format: :xml), params: { access_token: token.value }
+ get admin_api_users_path(format: :xml), params: { access_token: token.plaintext_value }
assert_response :success
refute_xpath ".//username", /impersonation_admin/
end
@@ -54,18 +54,18 @@ def setup
token = FactoryBot.create(:access_token, owner: @member, scopes: ['account_management'])
# member's opening his page
- get admin_api_user_path(format: :xml, id: @member.id), params: { access_token: token.value }
+ get admin_api_user_path(format: :xml, id: @member.id), params: { access_token: token.plaintext_value }
assert_response :success
# member's opening admin's page
- get admin_api_user_path(format: :xml, id: admin.id), params: { access_token: token.value }
+ get admin_api_user_path(format: :xml, id: admin.id), params: { access_token: token.plaintext_value }
assert_response :forbidden
end
test 'show with access token as an admin' do
token = FactoryBot.create(:access_token, owner: admin, scopes: ['account_management'])
- get admin_api_user_path(format: :xml, id: @member.id), params: { access_token: token.value }
+ get admin_api_user_path(format: :xml, id: @member.id), params: { access_token: token.plaintext_value }
assert_response :success
end
@@ -74,28 +74,28 @@ def setup
token = FactoryBot.create(:access_token, owner: admin, scopes: ['account_management'])
Settings::Switch.any_instance.stubs(:allowed?).returns(false)
- post admin_api_users_path(format: :xml), params: { username: 'aaa', email: 'aaa@aaa.hu', access_token: token.value }
+ post admin_api_users_path(format: :xml), params: { username: 'aaa', email: 'aaa@aaa.hu', access_token: token.plaintext_value }
assert_response :forbidden
Settings::Switch.any_instance.stubs(:allowed?).returns(true)
- post admin_api_users_path(format: :xml), params: { username: 'aaa', email: 'aaa@aaa.hu', access_token: token.value }
+ post admin_api_users_path(format: :xml), params: { username: 'aaa', email: 'aaa@aaa.hu', access_token: token.plaintext_value }
assert_response :success
end
test 'update with access token as a member' do
token = FactoryBot.create(:access_token, owner: @member, scopes: ['account_management'])
- put admin_api_user_path(format: :xml, id: @member.id, access_token: token.value)
+ put admin_api_user_path(format: :xml, id: @member.id, access_token: token.plaintext_value)
assert_response :success
- put admin_api_user_path(format: :xml, id: admin.id, access_token: token.value)
+ put admin_api_user_path(format: :xml, id: admin.id, access_token: token.plaintext_value)
assert_response :forbidden
end
test 'update with access token as an admin' do
token = FactoryBot.create(:access_token, owner: admin, scopes: ['account_management'])
- put admin_api_user_path(format: :xml, id: @member.id, access_token: token.value)
+ put admin_api_user_path(format: :xml, id: @member.id, access_token: token.plaintext_value)
assert_response :success
end
@@ -103,7 +103,7 @@ def setup
test 'destroy with access token as a member' do
token = FactoryBot.create(:access_token, owner: @member, scopes: ['account_management'])
- delete admin_api_user_path(format: :xml, id: admin.id, access_token: token.value)
+ delete admin_api_user_path(format: :xml, id: admin.id, access_token: token.plaintext_value)
assert_response :forbidden
end
@@ -111,7 +111,7 @@ def setup
test 'destroy with access token as an admin' do
token = FactoryBot.create(:access_token, owner: admin, scopes: ['account_management'])
- delete admin_api_user_path(format: :xml, id: @member.id, access_token: token.value)
+ delete admin_api_user_path(format: :xml, id: @member.id, access_token: token.plaintext_value)
assert_response :success
end
@@ -119,7 +119,7 @@ def setup
test 'admin/update_role with access token as a member' do
token = FactoryBot.create(:access_token, owner: @member, scopes: ['account_management'])
- put admin_api_user_path(format: :xml, id: admin.id, access_token: token.value)
+ put admin_api_user_path(format: :xml, id: admin.id, access_token: token.plaintext_value)
assert_response :forbidden
end
@@ -127,7 +127,7 @@ def setup
test 'admin/update_role with access token as an admin' do
token = FactoryBot.create(:access_token, owner: admin, scopes: ['account_management'])
- put admin_api_user_path(format: :xml, id: @member.id, access_token: token.value)
+ put admin_api_user_path(format: :xml, id: @member.id, access_token: token.plaintext_value)
assert_response :success
end
@@ -136,7 +136,7 @@ def setup
token = FactoryBot.create(:access_token, owner: admin, scopes: ['account_management'])
service = @provider.services.default
- put admin_api_user_path(format: :xml, id: @member.id, access_token: token.value), params: { member_permission_service_ids: [service.id], member_permission_ids: %w[monitoring services] }
+ put admin_api_user_path(format: :xml, id: @member.id, access_token: token.plaintext_value), params: { member_permission_service_ids: [service.id], member_permission_ids: %w[monitoring services] }
assert_response :success
@@ -150,7 +150,7 @@ def setup
service = @provider.services.default
admin_sections = @member.admin_sections
- put admin_api_user_path(format: :xml, id: @member.id, access_token: token.value), params: { member_permission_service_ids: [service.id], member_permission_ids: %w[monitoring] }
+ put admin_api_user_path(format: :xml, id: @member.id, access_token: token.plaintext_value), params: { member_permission_service_ids: [service.id], member_permission_ids: %w[monitoring] }
assert_response :success
@@ -165,10 +165,10 @@ def setup
admin.activate!
- put suspend_admin_api_user_path(format: :xml, id: admin.id, access_token: token.value)
+ put suspend_admin_api_user_path(format: :xml, id: admin.id, access_token: token.plaintext_value)
assert_response :forbidden
- put unsuspend_admin_api_user_path(format: :xml, id: admin.id, access_token: token.value)
+ put unsuspend_admin_api_user_path(format: :xml, id: admin.id, access_token: token.plaintext_value)
assert_response :forbidden
end
@@ -177,10 +177,10 @@ def setup
@member.activate!
- put suspend_admin_api_user_path(format: :xml, id: @member.id, access_token: token.value)
+ put suspend_admin_api_user_path(format: :xml, id: @member.id, access_token: token.plaintext_value)
assert_response :success
- put unsuspend_admin_api_user_path(format: :xml, id: @member.id, access_token: token.value)
+ put unsuspend_admin_api_user_path(format: :xml, id: @member.id, access_token: token.plaintext_value)
assert_response :success
end
diff --git a/test/integration/user-management-api/web_hooks_failures_test.rb b/test/integration/user-management-api/web_hooks_failures_test.rb
index 3f2d3960e4..e0d8f4211e 100644
--- a/test/integration/user-management-api/web_hooks_failures_test.rb
+++ b/test/integration/user-management-api/web_hooks_failures_test.rb
@@ -18,16 +18,16 @@ def setup
Settings::Switch.any_instance.stubs(:allowed?).returns(true)
# member should not be able to work with webhooks at all
- get admin_api_webhooks_failures_path, params: { access_token: token.value }
+ get admin_api_webhooks_failures_path, params: { access_token: token.plaintext_value }
assert_response :forbidden
user.role = 'admin'
user.save!
- get admin_api_webhooks_failures_path, params: { access_token: token.value }
+ get admin_api_webhooks_failures_path, params: { access_token: token.plaintext_value }
assert_response :success
Settings::Switch.any_instance.stubs(:allowed?).returns(false)
- get admin_api_webhooks_failures_path, params: { access_token: token.value }
+ get admin_api_webhooks_failures_path, params: { access_token: token.plaintext_value }
assert_response :forbidden
end
@@ -36,7 +36,7 @@ def setup
token = FactoryBot.create(:access_token, owner: user, scopes: 'account_management')
Settings::Switch.any_instance.stubs(:allowed?).returns(true)
- delete admin_api_webhooks_failures_path, params: { access_token: token.value }
+ delete admin_api_webhooks_failures_path, params: { access_token: token.plaintext_value }
assert_response :success
end
diff --git a/test/models/access_token_test.rb b/test/models/access_token_test.rb
index 3e65b49806..032f7e9819 100644
--- a/test/models/access_token_test.rb
+++ b/test/models/access_token_test.rb
@@ -3,7 +3,7 @@
class AccessTokenTest < ActiveSupport::TestCase
def setup
- @token = FactoryBot.build(:access_token, owner: nil)
+ @token = FactoryBot.create(:access_token)
end
def test_destroy_dependency
@@ -87,14 +87,55 @@ def test_scope_by_name
def test_find_from_id_or_value_and_bang
FactoryBot.create_list(:access_token, 2).each do |token|
assert_equal token.id, AccessToken.find_from_id_or_value(token.id).id
- assert_equal token.id, AccessToken.find_from_id_or_value(token.value).id
+ assert_equal token.id, AccessToken.find_from_id_or_value(token.plaintext_value).id
assert_equal token.id, AccessToken.find_from_id_or_value!(token.id).id
- assert_equal token.id, AccessToken.find_from_id_or_value!(token.value).id
+ assert_equal token.id, AccessToken.find_from_id_or_value!(token.plaintext_value).id
end
assert_nil AccessToken.find_from_id_or_value('fake')
assert_raise(ActiveRecord::RecordNotFound) { AccessToken.find_from_id_or_value!('fake') }
end
+ # find_from_value tests
+
+ def test_find_from_value_returns_nil_for_invalid_token
+ assert_nil AccessToken.find_from_value('nonexistent_token')
+ end
+
+ def test_find_from_value_returns_nil_for_blank_token
+ assert_nil AccessToken.find_from_value('')
+ assert_nil AccessToken.find_from_value(nil)
+ end
+
+ def test_find_from_value_finds_new_token_by_digest
+ found = AccessToken.find_from_value(@token.plaintext_value)
+
+ assert_equal @token.id, found&.id
+ assert @token.reload.read_attribute(:value).start_with?(AccessToken::DIGEST_PREFIX)
+ end
+
+ def test_find_from_value_finds_legacy_token
+ legacy_value = 'legacy_plaintext_token_value_64chars'
+ @token.update_columns(value: legacy_value)
+
+ found = AccessToken.find_from_value(legacy_value)
+
+ assert_equal @token.id, found&.id
+ # No migration: DB value remains unchanged
+ assert_equal legacy_value, @token.reload.read_attribute(:value)
+ end
+
+ def test_find_from_value_rejects_leaked_hash_as_token
+ stored_hash = @token.reload.read_attribute(:value)
+
+ # Verify the DB value has our prefix
+ assert stored_hash.start_with?(AccessToken::DIGEST_PREFIX)
+
+ # An attacker with access to the DB hash should NOT be able to authenticate
+ found = AccessToken.find_from_value(stored_hash)
+
+ assert_nil found, "Security vulnerability: leaked hash was accepted as a valid token"
+ end
+
test 'timestamps filled' do
access_token = FactoryBot.build(:access_token)
expected_created_at = -1
diff --git a/test/unit/models_test.rb b/test/unit/models_test.rb
index f9a5c14af3..ddd63c0141 100644
--- a/test/unit/models_test.rb
+++ b/test/unit/models_test.rb
@@ -72,7 +72,8 @@ class ModelsTest < ActiveSupport::TestCase
next if column_sql_type.match(/\Acharacter varying\Z/)
length = column_sql_type.match(/\(([\d]+)\)/)[1].to_i
- object = model.new({column_name => ('a' * (length + 1))}.merge(options), without_protection: true)
+ object = model.new(options, without_protection: true)
+ object.send("#{column_name}=", 'a' * (length + 1))
object.valid?
column_errors = object.errors[column_name].to_sentence
diff --git a/test/unit/user_test.rb b/test/unit/user_test.rb
index 576574e3ad..29dff2d498 100644
--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@@ -88,19 +88,6 @@ def test_any_sso_authorizations?
assert user.any_sso_authorizations?
end
- def test_accessible_service_tokens
- provider = FactoryBot.create(:simple_provider)
- service = FactoryBot.create(:service, account: provider)
- member = FactoryBot.build_stubbed(:member, account: provider)
-
- service.service_tokens.create!(value: 'money-makes-people-cautious')
-
- assert_equal 0, member.accessible_service_tokens.count
-
- member.member_permission_ids = ['plans']
- assert_equal 1, member.accessible_service_tokens.count
- end
-
def test_accessible_services
provider = FactoryBot.create(:simple_provider)
service = FactoryBot.create(:service, account: provider)
diff --git a/test/workers/restore_apicast_master_access_token_worker_test.rb b/test/workers/restore_apicast_master_access_token_worker_test.rb
index 0330f825ee..35b46a252e 100644
--- a/test/workers/restore_apicast_master_access_token_worker_test.rb
+++ b/test/workers/restore_apicast_master_access_token_worker_test.rb
@@ -17,6 +17,6 @@ def test_update_apicast_master_token
end
master_token.reload
- assert_equal random_token, master_token.value
+ assert_equal AccessToken.compute_digest(random_token), master_token.value
end
end