wsd: test: access_token_ttl tests

Change-Id: I0b213c975fd5265b5ffe1fa12cb5759a9782ff1f
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>

Author: Ashod

test/UnitWOPI.cpp

@@ -26,6 +26,7 @@
 
 #include <Poco/Net/HTTPRequest.h>
 
+#include <chrono>
 #include <thread>
 #include <sys/types.h>
 #include <unistd.h>
@@ -612,12 +613,353 @@ class UnitWopiHttpHeaders : public WopiTestServer
     }
 };
 
+/// This tests that loading a document with access_token_ttl
+/// works correctly and the token expiry is tracked.
+class UnitWopiAccessTokenTtl : public WopiTestServer
+{
+    using Base = WopiTestServer;
+
+    STATE_ENUM(Phase, Load, WaitLoadStatus, Modify, Save, Done)
+    _phase;
+
+public:
+    UnitWopiAccessTokenTtl()
+        : WopiTestServer("UnitWopiAccessTokenTtl")
+        , _phase(Phase::Load)
+    {
+    }
+
+    /// The document is loaded.
+    bool onDocumentLoaded(const std::string& message) override
+    {
+        TST_LOG("Got: [" << message << ']');
+        LOK_ASSERT_STATE(_phase, Phase::WaitLoadStatus);
+
+        TRANSITION_STATE(_phase, Phase::Modify);
+
+        // Modify the currently opened document; type 'a'.
+        WSD_CMD("key type=input char=97 key=0");
+        WSD_CMD("key type=up char=0 key=512");
+
+        return true;
+    }
+
+    bool onDocumentModified(const std::string& message) override
+    {
+        TST_LOG("Got: [" << message << ']');
+        LOK_ASSERT_STATE(_phase, Phase::Modify);
+
+        TRANSITION_STATE(_phase, Phase::Save);
+        WSD_CMD("save dontTerminateEdit=0 dontSaveIfUnmodified=0");
+
+        return true;
+    }
+
+    std::unique_ptr<http::Response>
+    assertPutFileRequest(const Poco::Net::HTTPRequest& /*request*/) override
+    {
+        LOK_ASSERT_STATE(_phase, Phase::Save);
+        TRANSITION_STATE(_phase, Phase::Done);
+
+        passTest("PutFile succeeded with access_token_ttl");
+        return nullptr;
+    }
+
+    void invokeWSDTest() override
+    {
+        switch (_phase)
+        {
+            case Phase::Load:
+            {
+                TRANSITION_STATE(_phase, Phase::WaitLoadStatus);
+
+                // TTL 15 minutes from now, in milliseconds (as per WOPI spec).
+                const uint64_t expiryTimeMs =
+                    static_cast<uint64_t>(time(nullptr) + (15 * 60)) * 1000;
+                initWebsocket("/wopi/files/0?access_token=secret&access_token_ttl=" +
+                              std::to_string(expiryTimeMs));
+
+                WSD_CMD("load url=" + getWopiSrc());
+                break;
+            }
+            case Phase::WaitLoadStatus:
+            case Phase::Modify:
+            case Phase::Save:
+            case Phase::Done:
+            {
+                // just wait for the results
+                break;
+            }
+        }
+    }
+};
+
+/// Test the save -> 401 -> tokenexpired -> resetaccesstoken -> retry -> success flow.
+class UnitWopiTokenRefreshOnSave : public WopiTestServer
+{
+    using Base = WopiTestServer;
+
+    STATE_ENUM(Phase, Load, WaitLoadStatus, Modify, WaitSave, WaitTokenExpired, Done)
+    _phase;
+
+    int _putFileCount;
+
+    static constexpr auto OriginalToken = "original_token_123";
+    static constexpr auto RefreshedToken = "refreshed_token_456";
+
+public:
+    UnitWopiTokenRefreshOnSave()
+        : WopiTestServer("UnitWopiTokenRefreshOnSave")
+        , _phase(Phase::Load)
+        , _putFileCount(0)
+    {
+    }
+
+    bool onDocumentLoaded(const std::string& message) override
+    {
+        TST_LOG("Got: [" << message << ']');
+        LOK_ASSERT_STATE(_phase, Phase::WaitLoadStatus);
+
+        TRANSITION_STATE(_phase, Phase::Modify);
+
+        // Modify the document; type 'a'.
+        WSD_CMD("key type=input char=97 key=0");
+        WSD_CMD("key type=up char=0 key=512");
+
+        return true;
+    }
+
+    bool onDocumentModified(const std::string& message) override
+    {
+        TST_LOG("Got: [" << message << ']');
+        LOK_ASSERT_STATE(_phase, Phase::Modify);
+
+        TRANSITION_STATE(_phase, Phase::WaitSave);
+        WSD_CMD("save dontTerminateEdit=0 dontSaveIfUnmodified=0");
+
+        return true;
+    }
+
+    std::unique_ptr<http::Response>
+    assertPutFileRequest(const Poco::Net::HTTPRequest& request) override
+    {
+        ++_putFileCount;
+        TST_LOG("PutFile #" << _putFileCount << " URI: " << request.getURI());
+
+        if (_putFileCount == 1)
+        {
+            // First PutFile: verify original token and return 401.
+            for (const auto& param : Poco::URI(request.getURI()).getQueryParameters())
+            {
+                if (param.first == "access_token")
+                {
+                    LOK_ASSERT_EQUAL_STR(std::string(OriginalToken), param.second);
+                    break;
+                }
+            }
+
+            TST_LOG("Returning 401 to trigger token refresh");
+            return std::make_unique<http::Response>(http::StatusCode::Unauthorized);
+        }
+
+        // Second PutFile: verify the refreshed token is used.
+        LOK_ASSERT_EQUAL(2, _putFileCount);
+        for (const auto& param : Poco::URI(request.getURI()).getQueryParameters())
+        {
+            if (param.first == "access_token")
+            {
+                LOK_ASSERT_EQUAL_STR(std::string(RefreshedToken), param.second);
+                break;
+            }
+        }
+
+        TRANSITION_STATE(_phase, Phase::Done);
+        passTest("PutFile retry with refreshed token succeeded");
+        return nullptr;
+    }
+
+    bool onFilterSendWebSocketMessage(const std::string_view message, const WSOpCode /* code */,
+                                      const bool /* flush */, int& /*unitReturn*/) override
+    {
+        if (message == "tokenexpired")
+        {
+            TST_LOG("Got tokenexpired, sending resetaccesstoken with new token and TTL");
+            LOK_ASSERT_STATE(_phase, Phase::WaitSave);
+            TRANSITION_STATE(_phase, Phase::WaitTokenExpired);
+
+            // TTL 30 minutes from now, in milliseconds.
+            const uint64_t expiryMs =
+                static_cast<uint64_t>(time(nullptr) + 30 * 60) * 1000;
+            WSD_CMD("resetaccesstoken " + std::string(RefreshedToken) + ' ' +
+                    std::to_string(expiryMs));
+        }
+
+        return false;
+    }
+
+    void invokeWSDTest() override
+    {
+        switch (_phase)
+        {
+            case Phase::Load:
+            {
+                TRANSITION_STATE(_phase, Phase::WaitLoadStatus);
+
+                initWebsocket("/wopi/files/0?access_token=" + std::string(OriginalToken) +
+                              "&access_token_ttl=0");
+
+                WSD_CMD("load url=" + getWopiSrc());
+                break;
+            }
+            case Phase::WaitLoadStatus:
+            case Phase::Modify:
+            case Phase::WaitSave:
+            case Phase::WaitTokenExpired:
+            case Phase::Done:
+            {
+                // just wait for the results
+                break;
+            }
+        }
+    }
+};
+
+/// Test the save -> 401 -> tokenexpired -> no refresh -> saveunauthorized flow.
+/// When no resetaccesstoken is sent, the second upload retry also gets 401,
+/// which triggers immediate failure (since _pendingTokenRefresh is already active).
+class UnitWopiTokenRefreshTimeout : public WopiTestServer
+{
+    using Base = WopiTestServer;
+
+    STATE_ENUM(Phase, Load, WaitLoadStatus, Modify, WaitSave, WaitTimeout, Done)
+    _phase;
+    int _defLifetimeMins;
+    int _refreshTimeoutSecs;
+    int _ttlOffsetMins;
+    bool _gotTokenExpired;
+
+public:
+    UnitWopiTokenRefreshTimeout(int defLifetimeMins, int refreshTimeoutSecs, int ttlOffsetMins)
+        : WopiTestServer("UnitWopiTokenRefreshTimeout")
+        , _phase(Phase::Load)
+        , _defLifetimeMins(defLifetimeMins)
+        , _refreshTimeoutSecs(refreshTimeoutSecs)
+        , _ttlOffsetMins(ttlOffsetMins)
+        , _gotTokenExpired(false)
+    {
+    }
+
+    void configure(Poco::Util::LayeredConfiguration& config) override
+    {
+        WopiTestServer::configure(config);
+
+        config.setUInt("storage.wopi.access_token.default_lifetime_mins", _defLifetimeMins);
+        config.setUInt("storage.wopi.access_token.refresh_timeout_secs", _refreshTimeoutSecs);
+        config.setUInt("storage.wopi.access_token.ttl_offset_minutes", _ttlOffsetMins);
+    }
+
+    bool onDocumentLoaded(const std::string& message) override
+    {
+        TST_LOG("Got: [" << message << ']');
+        LOK_ASSERT_STATE(_phase, Phase::WaitLoadStatus);
+
+        TRANSITION_STATE(_phase, Phase::Modify);
+
+        // Modify the document; type 'a'.
+        WSD_CMD("key type=input char=97 key=0");
+        WSD_CMD("key type=up char=0 key=512");
+
+        return true;
+    }
+
+    bool onDocumentModified(const std::string& message) override
+    {
+        TST_LOG("Got: [" << message << ']');
+        LOK_ASSERT_STATE(_phase, Phase::Modify);
+
+        TRANSITION_STATE(_phase, Phase::WaitSave);
+        WSD_CMD("save dontTerminateEdit=0 dontSaveIfUnmodified=0");
+
+        return true;
+    }
+
+    std::unique_ptr<http::Response>
+    assertPutFileRequest(const Poco::Net::HTTPRequest& /*request*/) override
+    {
+        // Always return 401. The first 401 triggers tokenexpired and sets
+        // _pendingTokenRefresh.active. The upload retry fires a second PutFile;
+        // that second 401 hits the else branch (already active) and immediately
+        // sends saveunauthorized.
+        TST_LOG("Returning 401 (no token refresh will arrive)");
+        return std::make_unique<http::Response>(http::StatusCode::Unauthorized);
+    }
+
+    bool onFilterSendWebSocketMessage(const std::string_view message, const WSOpCode /* code */,
+                                      const bool /* flush */, int& /*unitReturn*/) override
+    {
+        if (message == "tokenexpired")
+        {
+            TST_LOG("Got tokenexpired, deliberately NOT sending resetaccesstoken");
+            LOK_ASSERT_STATE(_phase, Phase::WaitSave);
+            TRANSITION_STATE(_phase, Phase::WaitTimeout);
+            _gotTokenExpired = true;
+            // Let the refresh-request time out.
+        }
+
+        return false;
+    }
+
+    bool onDocumentError(const std::string& message) override
+    {
+        TST_LOG("Got error: [" << message << ']');
+
+        if (message.find("kind=saveunauthorized") != std::string::npos)
+        {
+            LOK_ASSERT_STATE(_phase, Phase::WaitTimeout);
+            LOK_ASSERT_MESSAGE("tokenexpired should have been sent before timeout", _gotTokenExpired);
+
+            TRANSITION_STATE(_phase, Phase::Done);
+            passTest("Token refresh timeout correctly produced saveunauthorized");
+            return true;
+        }
+
+        return false;
+    }
+
+    void invokeWSDTest() override
+    {
+        switch (_phase)
+        {
+            case Phase::Load:
+            {
+                TRANSITION_STATE(_phase, Phase::WaitLoadStatus);
+
+                initWebsocket("/wopi/files/0?access_token=anything&access_token_ttl=0");
+
+                WSD_CMD("load url=" + getWopiSrc());
+                break;
+            }
+            case Phase::WaitLoadStatus:
+            case Phase::Modify:
+            case Phase::WaitSave:
+            case Phase::WaitTimeout:
+            case Phase::Done:
+            {
+                // just wait for the results
+                break;
+            }
+        }
+    }
+};
+
 UnitBase** unit_create_wsd_multi(void)
 {
     return new UnitBase* []
     {
         new UnitWOPI(), new UnitWOPILoadEncoded(),
-            /*new UnitOverload(),*/ new UnitWopiUnavailable(), new UnitWopiHttpHeaders(), nullptr
+            /*new UnitOverload(),*/ new UnitWopiUnavailable(), new UnitWopiHttpHeaders(),
+            new UnitWopiAccessTokenTtl(), new UnitWopiTokenRefreshOnSave(),
+            new UnitWopiTokenRefreshTimeout(0, 5, 0), nullptr
     };
 }