diff --git a/server/server.go b/server/server.go index c96d8f7..775319e 100644 --- a/server/server.go +++ b/server/server.go @@ -39,7 +39,6 @@ import ( - tiers - api - tokens -- MEDIUM: Test new token endpoints & never-expiring token - LOW: UI: Flickering upgrade banner when logging in - LOW: get rid of reservation id, replace with DELETE X-Topic: ... diff --git a/server/server_account.go b/server/server_account.go index 30298b5..e2a9ee8 100644 --- a/server/server_account.go +++ b/server/server_account.go @@ -192,7 +192,6 @@ func (s *Server) handleAccountPasswordChange(w http.ResponseWriter, r *http.Requ } func (s *Server) handleAccountTokenCreate(w http.ResponseWriter, r *http.Request, v *visitor) error { - // TODO rate limit req, err := readJSONWithLimit[apiAccountTokenIssueRequest](r.Body, jsonBodyBytesLimit, true) // Allow empty body! if err != nil { return err @@ -228,7 +227,6 @@ func (s *Server) handleAccountTokenCreate(w http.ResponseWriter, r *http.Request } func (s *Server) handleAccountTokenUpdate(w http.ResponseWriter, r *http.Request, v *visitor) error { - // TODO rate limit u := v.User() req, err := readJSONWithLimit[apiAccountTokenUpdateRequest](r.Body, jsonBodyBytesLimit, true) // Allow empty body! if err != nil { @@ -267,7 +265,6 @@ func (s *Server) handleAccountTokenUpdate(w http.ResponseWriter, r *http.Request } func (s *Server) handleAccountTokenDelete(w http.ResponseWriter, r *http.Request, v *visitor) error { - // TODO rate limit u := v.User() token := readParam(r, "X-Token", "Token") // DELETEs cannot have a body, and we don't want it in the path if token == "" { diff --git a/server/server_account_test.go b/server/server_account_test.go index 2194764..c68dd8e 100644 --- a/server/server_account_test.go +++ b/server/server_account_test.go @@ -313,6 +313,17 @@ func TestAccount_ExtendToken(t *testing.T) { require.Nil(t, err) require.Equal(t, token.Token, extendedToken.Token) require.True(t, token.Expires < extendedToken.Expires) + + expires := time.Now().Add(999 * time.Hour) + body := fmt.Sprintf(`{"token":"%s", "label":"some label", "expires": %d}`, token.Token, expires.Unix()) + rr = request(t, s, "PATCH", "/v1/account/token", body, map[string]string{ + "Authorization": util.BearerAuth(token.Token), + }) + require.Equal(t, 200, rr.Code) + token, err = util.UnmarshalJSON[apiAccountTokenResponse](io.NopCloser(rr.Body)) + require.Nil(t, err) + require.Equal(t, "some label", token.Label) + require.Equal(t, expires.Unix(), token.Expires) } func TestAccount_ExtendToken_NoTokenProvided(t *testing.T) {