WIP: public api regenerate

jeanp413 · jeanp413 · commit 4ab854fd331f · 2022-11-22T18:25:31.000Z
diff --git a/components/gitpod-db/go/dbtest/conn.go b/components/gitpod-db/go/dbtest/conn.go
@@ -37,7 +37,7 @@ func ConnectForTests(t *testing.T) *gorm.DB {
 		Host:     "localhost:23306",
 		Database: "gitpod",
 	})
-	require.NoError(t, err, "Failed to establish connection to  In a workspace, run `leeway build components/gitpod-db/go:init-testdb` once to bootstrap the ")
+	require.NoError(t, err, "Failed to establish connection to  In a workspace, run `leeway build components/gitpod-db/go:init-testdb` once to bootstrap the db")
 
 	return conn
 }
diff --git a/components/gitpod-db/go/personal_access_token.go b/components/gitpod-db/go/personal_access_token.go
@@ -14,6 +14,7 @@ import (
 
 	"github.com/google/uuid"
 	"gorm.io/gorm"
+	"gorm.io/gorm/clause"
 )
 
 type PersonalAccessToken struct {
@@ -87,6 +88,40 @@ func CreatePersonalAccessToken(ctx context.Context, conn *gorm.DB, req PersonalA
 	return token, nil
 }
 
+func UpdatePersonalAccessToken(ctx context.Context, conn *gorm.DB, tokenID uuid.UUID, userID uuid.UUID, hash string, expirationTime time.Time) (PersonalAccessToken, error) {
+	if tokenID == uuid.Nil {
+		return PersonalAccessToken{}, fmt.Errorf("Invalid or empty tokenID")
+	}
+	if userID == uuid.Nil {
+		return PersonalAccessToken{}, fmt.Errorf("Invalid or empty userID")
+	}
+	if hash == "" {
+		return PersonalAccessToken{}, fmt.Errorf("Token hash required")
+	}
+	if expirationTime.IsZero() {
+		return PersonalAccessToken{}, fmt.Errorf("Expiration time required")
+	}
+
+	db := conn.WithContext(ctx)
+
+	var token PersonalAccessToken
+	db = db.
+		Model(&token).
+		Clauses(clause.Returning{}).
+		Where("id = ?", tokenID).
+		Where("userId = ?", userID).
+		Where("deleted = ?", 0).
+		Select("hash", "expirationTime").Updates(PersonalAccessToken{Hash: hash, ExpirationTime: expirationTime})
+	if db.Error != nil {
+		if errors.Is(db.Error, gorm.ErrRecordNotFound) {
+			return PersonalAccessToken{}, fmt.Errorf("Token with ID %s does not exist: %w", tokenID, ErrorNotFound)
+		}
+		return PersonalAccessToken{}, fmt.Errorf("Failed to update token: %v", db.Error)
+	}
+
+	return token, nil
+}
+
 func ListPersonalAccessTokensForUser(ctx context.Context, conn *gorm.DB, userID uuid.UUID, pagination Pagination) (*PaginatedResult[PersonalAccessToken], error) {
 	if userID == uuid.Nil {
 		return nil, fmt.Errorf("user ID is a required argument to list personal access tokens for user, got nil")
diff --git a/components/public-api-server/pkg/apiv1/tokens.go b/components/public-api-server/pkg/apiv1/tokens.go
@@ -159,18 +159,41 @@ func (s *TokensService) RegeneratePersonalAccessToken(ctx context.Context, req *
 		return nil, err
 	}
 
+	expiry := req.Msg.GetExpirationTime()
+	if !expiry.IsValid() {
+		return nil, connect.NewError(connect.CodeInvalidArgument, errors.New("Received invalid Expiration Time, it is a required parameter."))
+	}
+
 	conn, err := getConnection(ctx, s.connectionPool)
 	if err != nil {
 		return nil, err
 	}
 
-	_, _, err = s.getUser(ctx, conn)
+	_, userID, err := s.getUser(ctx, conn)
 	if err != nil {
 		return nil, err
 	}
+	pat, err := auth.GeneratePersonalAccessToken(s.signer)
+	if err != nil {
+		log.WithError(err).Errorf("Failed to regenerate personal access token for user %s", userID.String())
+		return nil, connect.NewError(connect.CodeInternal, errors.New("Failed to regenerate personal access token."))
+	}
 
-	log.Infof("Handling RegeneratePersonalAccessToken request for Token ID '%s'", tokenID.String())
-	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("gitpod.experimental.v1.TokensService.RegeneratePersonalAccessToken is not implemented"))
+	hash, err := pat.ValueHash()
+	if err != nil {
+		log.WithError(err).Errorf("Failed to regenerate personal access token value hash for user %s", userID.String())
+		return nil, connect.NewError(connect.CodeInternal, errors.New("Failed to compute personal access token hash."))
+	}
+
+	token, err := db.UpdatePersonalAccessToken(ctx, s.dbConn, tokenID, userID, hash, expiry.AsTime().UTC())
+	if err != nil {
+		log.WithError(err).Errorf("Failed to store personal access token for user %s", userID.String())
+		return nil, connect.NewError(connect.CodeInternal, errors.New("Failed to store personal access token."))
+	}
+
+	return connect.NewResponse(&v1.RegeneratePersonalAccessTokenResponse{
+		Token: personalAccessTokenToAPI(token, pat.String()),
+	}), nil
 }
 
 func (s *TokensService) UpdatePersonalAccessToken(ctx context.Context, req *connect.Request[v1.UpdatePersonalAccessTokenRequest]) (*connect.Response[v1.UpdatePersonalAccessTokenResponse], error) {
diff --git a/components/public-api-server/pkg/apiv1/tokens_test.go b/components/public-api-server/pkg/apiv1/tokens_test.go
@@ -22,8 +22,10 @@ import (
 	protocol "github.com/gitpod-io/gitpod/gitpod-protocol"
 	"github.com/gitpod-io/gitpod/public-api-server/pkg/auth"
 	"github.com/golang/mock/gomock"
+	"github.com/google/go-cmp/cmp"
 	"github.com/google/uuid"
 	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/testing/protocmp"
 	"google.golang.org/protobuf/types/known/timestamppb"
 	"gorm.io/gorm"
 )
@@ -332,14 +334,16 @@ func TestTokensService_ListPersonalAccessTokens(t *testing.T) {
 
 func TestTokensService_RegeneratePersonalAccessToken(t *testing.T) {
 	user := newUser(&protocol.User{})
+	user2 := newUser(&protocol.User{})
 
 	t.Run("permission denied when feature flag is disabled", func(t *testing.T) {
 		serverMock, _, client := setupTokensService(t, withTokenFeatureDisabled)
 
 		serverMock.EXPECT().GetLoggedInUser(gomock.Any()).Return(user, nil)
 
 		_, err := client.RegeneratePersonalAccessToken(context.Background(), connect.NewRequest(&v1.RegeneratePersonalAccessTokenRequest{
-			Id: uuid.New().String(),
+			Id:             uuid.New().String(),
+			ExpirationTime: timestamppb.Now(),
 		}))
 
 		require.Error(t, err, "This feature is currently in beta. If you would like to be part of the beta, please contact us.")
@@ -364,16 +368,48 @@ func TestTokensService_RegeneratePersonalAccessToken(t *testing.T) {
 		require.Equal(t, connect.CodeInvalidArgument, connect.CodeOf(err))
 	})
 
-	t.Run("unimplemented when feature flag enabled", func(t *testing.T) {
-		serverMock, _, client := setupTokensService(t, withTokenFeatureEnabled)
+	t.Run("regenerate correct token", func(t *testing.T) {
+		serverMock, dbConn, client := setupTokensService(t, withTokenFeatureEnabled)
+
+		tokens := dbtest.CreatePersonalAccessTokenRecords(t, dbConn,
+			dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{
+				UserID: uuid.MustParse(user.ID),
+			}),
+			dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{
+				UserID: uuid.MustParse(user2.ID),
+			}),
+		)
 
 		serverMock.EXPECT().GetLoggedInUser(gomock.Any()).Return(user, nil)
 
-		_, err := client.RegeneratePersonalAccessToken(context.Background(), connect.NewRequest(&v1.RegeneratePersonalAccessTokenRequest{
-			Id: uuid.New().String(),
+		origResponse, err := client.GetPersonalAccessToken(context.Background(), connect.NewRequest(&v1.GetPersonalAccessTokenRequest{
+			Id: tokens[0].ID.String(),
 		}))
 
-		require.Equal(t, connect.CodeUnimplemented, connect.CodeOf(err))
+		require.NoError(t, err)
+
+		newTimestamp := timestamppb.Now()
+		response, err := client.RegeneratePersonalAccessToken(context.Background(), connect.NewRequest(&v1.RegeneratePersonalAccessTokenRequest{
+			Id:             tokens[0].ID.String(),
+			ExpirationTime: newTimestamp,
+		}))
+
+		require.NoError(t, err)
+
+		// require.Equal(t, response.Msg.Token.ExpirationTime, newTimestamp)
+		// require.NotEqual(t, response.Msg.Token.Value, origResponse.Msg.Token.Value)
+
+		requireNotEqualProto(t, &v1.RegeneratePersonalAccessTokenResponse{
+			Token: personalAccessTokenToAPI(tokens[0], origResponse.Msg.Token.Value),
+		}, response.Msg)
+
+		// fake code
+		tokens[0].Hash = response.Msg.Token.Value
+		tokens[0].ExpirationTime = response.Msg.Token.GetExpirationTime().AsTime()
+
+		requireEqualProto(t, &v1.RegeneratePersonalAccessTokenResponse{
+			Token: personalAccessTokenToAPI(tokens[0], ""),
+		}, response.Msg)
 	})
 }
 
@@ -500,3 +536,12 @@ func setupTokensService(t *testing.T, expClient experiments.Client) (*protocol.M
 
 	return serverMock, dbConn, client
 }
+
+func requireNotEqualProto(t *testing.T, expected interface{}, actual interface{}) {
+	t.Helper()
+
+	diff := cmp.Diff(expected, actual, protocmp.Transform())
+	if diff == "" {
+		require.Fail(t, diff, "they should not equal")
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ func ConnectForTests(t testing.T) gorm.DB {`
`37`	`37`	`Host: "localhost:23306",`
`38`	`38`	`Database: "gitpod",`
`39`	`39`	`})`
`40`		- require.NoError(t, err, "Failed to establish connection to In a workspace, run `leeway build components/gitpod-db/go:init-testdb` once to bootstrap the ")
	`40`	+ require.NoError(t, err, "Failed to establish connection to In a workspace, run `leeway build components/gitpod-db/go:init-testdb` once to bootstrap the db")
`41`	`41`
`42`	`42`	`return conn`
`43`	`43`	`}`