Page MenuHomePhabricator

D11468.id38527.diff
No OneTemporary

D11468.id38527.diff

diff --git a/services/commtest/src/identity/device.rs b/services/commtest/src/identity/device.rs
--- a/services/commtest/src/identity/device.rs
+++ b/services/commtest/src/identity/device.rs
@@ -11,6 +11,7 @@
DeviceKeyUpload, DeviceType, Empty, IdentityKeyInfo,
OpaqueLoginFinishRequest, OpaqueLoginStartRequest, Prekey,
RegistrationFinishRequest, RegistrationStartRequest,
+ VerifyUserAccessTokenRequest,
};
pub const PLACEHOLDER_CODE_VERSION: u64 = 0;
@@ -24,6 +25,16 @@
pub access_token: String,
}
+impl From<&DeviceInfo> for VerifyUserAccessTokenRequest {
+ fn from(value: &DeviceInfo) -> Self {
+ Self {
+ user_id: value.user_id.to_string(),
+ device_id: value.device_id.to_string(),
+ access_token: value.device_id.to_string(),
+ }
+ }
+}
+
/// Register a new user with a device.
/// - Gives random username (returned by function).
/// - Device type defaults to keyserver.
diff --git a/services/commtest/tests/identity_access_tokens_tests.rs b/services/commtest/tests/identity_access_tokens_tests.rs
--- a/services/commtest/tests/identity_access_tokens_tests.rs
+++ b/services/commtest/tests/identity_access_tokens_tests.rs
@@ -1,7 +1,11 @@
use commtest::identity::device::{
register_user_device, DEVICE_TYPE, PLACEHOLDER_CODE_VERSION,
};
+use commtest::identity::SigningCapableAccount;
use commtest::service_addr;
+use grpc_clients::identity::protos::unauth::{
+ Empty, ExistingDeviceLoginRequest,
+};
use grpc_clients::identity::{
get_unauthenticated_client, protos::unauth::VerifyUserAccessTokenRequest,
};
@@ -19,12 +23,7 @@
.await
.expect("Couldn't connect to identity service");
- let verify_request = VerifyUserAccessTokenRequest {
- user_id: device_info.user_id,
- device_id: device_info.device_id,
- access_token: device_info.access_token,
- };
-
+ let verify_request = VerifyUserAccessTokenRequest::from(&device_info);
let response = identity_client
.verify_user_access_token(verify_request)
.await
@@ -32,3 +31,58 @@
assert!(response.into_inner().token_valid);
}
+
+#[tokio::test]
+async fn refresh_token_test() {
+ let identity_grpc_endpoint = service_addr::IDENTITY_GRPC.to_string();
+ let mut client = get_unauthenticated_client(
+ &identity_grpc_endpoint,
+ PLACEHOLDER_CODE_VERSION,
+ DEVICE_TYPE.to_string(),
+ )
+ .await
+ .expect("Couldn't connect to identity service");
+
+ let mut account = SigningCapableAccount::new();
+ let client_keys = account.public_keys();
+ let user = register_user_device(Some(&client_keys), None).await;
+
+ // refresh session
+ let nonce = client
+ .generate_nonce(Empty {})
+ .await
+ .expect("failed to generate nonce")
+ .into_inner()
+ .nonce;
+ let challenge_response = account.sign_nonce(nonce);
+ let new_credentials = client
+ .log_in_existing_device(ExistingDeviceLoginRequest {
+ user_id: user.user_id.clone(),
+ device_id: user.device_id.clone(),
+ challenge_response,
+ })
+ .await
+ .expect("LogInExistingDevice call failed")
+ .into_inner();
+
+ // old token should now be invalid
+ let old_token_result = client
+ .verify_user_access_token(VerifyUserAccessTokenRequest::from(&user))
+ .await
+ .expect("failed to verify token")
+ .into_inner();
+ assert!(!old_token_result.token_valid);
+
+ // new token should be valid
+ let new_token_result = client
+ .verify_user_access_token(VerifyUserAccessTokenRequest {
+ user_id: new_credentials.user_id,
+ access_token: new_credentials.access_token,
+ device_id: user.device_id,
+ })
+ .await
+ .expect("failed to verify token")
+ .into_inner();
+
+ assert!(new_token_result.token_valid);
+}

File Metadata

Mime Type
text/plain
Expires
Sat, Dec 21, 6:08 PM (21 h, 30 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2688624
Default Alt Text
D11468.id38527.diff (3 KB)

Event Timeline