matrix/authentication-service
1
0
Fork 0
mirror of https://github.com/matrix-org/matrix-authentication-service.git synced 2025-08-07 17:03:01 +03:00
Code Activity

Test the activity tracker on the introspection endpoint

Browse Source
This commit is contained in:
Quentin Gliech
2023-09-19 19:50:42 +02:00
parent 50558a7319
commit 894957934d
4 changed files with 53 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
crates/data-model/src/oauth2/session.rs
View File

@@ -13,6 +13,7 @@
// limitations under the License. // limitations under the License.
use std::net::IpAddr; use std::net::IpAddr;
use chrono::{DateTime, Utc}; use chrono::{DateTime, Utc};
use oauth2_types::scope::Scope; use oauth2_types::scope::Scope;
use serde::Serialize; use serde::Serialize;

14
crates/handlers/src/activity_tracker/mod.rs
View File

@@ -52,7 +52,7 @@ enum Message {
date_time: DateTime<Utc>, date_time: DateTime<Utc>,
ip: Option<IpAddr>, ip: Option<IpAddr>,
}, },
Flush, Flush(tokio::sync::oneshot::Sender<()>),
Shutdown(tokio::sync::oneshot::Sender<()>), Shutdown(tokio::sync::oneshot::Sender<()>),
} }
@@ -150,12 +150,20 @@ impl ActivityTracker {
/// Manually flush the activity tracker. /// Manually flush the activity tracker.
pub async fn flush(&self) { pub async fn flush(&self) {
let res = self.channel.send(Message::Flush).await; let (tx, rx) = tokio::sync::oneshot::channel();
let res = self.channel.send(Message::Flush(tx)).await;
if let Err(e) = res { match res {
Ok(_) => {
if let Err(e) = rx.await {
tracing::error!("Failed to flush activity tracker: {}", e); tracing::error!("Failed to flush activity tracker: {}", e);
} }
} }
Err(e) => {
tracing::error!("Failed to flush activity tracker: {}", e);
}
}
}
/// Regularly flush the activity tracker. /// Regularly flush the activity tracker.
async fn flush_loop(self, interval: std::time::Duration) { async fn flush_loop(self, interval: std::time::Duration) {

3
crates/handlers/src/activity_tracker/worker.rs
View File

@@ -137,10 +137,11 @@ impl Worker {
record.end_time = date_time.max(record.end_time); record.end_time = date_time.max(record.end_time);
} }
Message::Flush => { Message::Flush(tx) => {
self.message_counter.add(1, &[TYPE.string("flush")]); self.message_counter.add(1, &[TYPE.string("flush")]);
self.flush().await; self.flush().await;
let _ = tx.send(());
} }
Message::Shutdown(tx) => { Message::Shutdown(tx) => {
self.message_counter.add(1, &[TYPE.string("shutdown")]); self.message_counter.add(1, &[TYPE.string("shutdown")]);

38
crates/handlers/src/oauth2/introspection.rs
View File

@@ -463,6 +463,7 @@ mod tests {
use mas_data_model::{AccessToken, RefreshToken}; use mas_data_model::{AccessToken, RefreshToken};
use mas_iana::oauth::OAuthTokenTypeHint; use mas_iana::oauth::OAuthTokenTypeHint;
use mas_router::{OAuth2Introspection, OAuth2RegistrationEndpoint, SimpleRoute}; use mas_router::{OAuth2Introspection, OAuth2RegistrationEndpoint, SimpleRoute};
use mas_storage::Clock;
use oauth2_types::{ use oauth2_types::{
registration::ClientRegistrationResponse, registration::ClientRegistrationResponse,
requests::IntrospectionResponse, requests::IntrospectionResponse,
@@ -618,7 +619,20 @@ mod tests {
let response: IntrospectionResponse = response.json(); let response: IntrospectionResponse = response.json();
assert!(!response.active); // It shouldn't be active assert!(!response.active); // It shouldn't be active
// We should have recorded the session last activity
state.activity_tracker.flush().await;
let mut repo = state.repository().await.unwrap();
let session = repo
.oauth2_session()
.lookup(session.id)
.await
.unwrap()
.unwrap();
assert_eq!(session.last_active_at, Some(state.clock.now()));
repo.cancel().await.unwrap();
// Advance the clock to invalidate the access token // Advance the clock to invalidate the access token
let old_now = state.clock.now();
state.clock.advance(Duration::hours(1)); state.clock.advance(Duration::hours(1));
let request = Request::post(OAuth2Introspection::PATH) let request = Request::post(OAuth2Introspection::PATH)
@@ -629,6 +643,18 @@ mod tests {
let response: IntrospectionResponse = response.json(); let response: IntrospectionResponse = response.json();
assert!(!response.active); // It shouldn't be active anymore assert!(!response.active); // It shouldn't be active anymore
// That should not have updated the session last activity
state.activity_tracker.flush().await;
let mut repo = state.repository().await.unwrap();
let session = repo
.oauth2_session()
.lookup(session.id)
.await
.unwrap()
.unwrap();
assert_eq!(session.last_active_at, Some(old_now));
repo.cancel().await.unwrap();
// But the refresh token should still be valid // But the refresh token should still be valid
let request = Request::post(OAuth2Introspection::PATH) let request = Request::post(OAuth2Introspection::PATH)
.basic_auth(&introspecting_client_id, &introspecting_client_secret) .basic_auth(&introspecting_client_id, &introspecting_client_secret)
@@ -637,6 +663,18 @@ mod tests {
response.assert_status(StatusCode::OK); response.assert_status(StatusCode::OK);
let response: IntrospectionResponse = response.json(); let response: IntrospectionResponse = response.json();
assert!(response.active); assert!(response.active);
// But this time, we should have updated the session last activity
state.activity_tracker.flush().await;
let mut repo = state.repository().await.unwrap();
let session = repo
.oauth2_session()
.lookup(session.id)
.await
.unwrap()
.unwrap();
assert_eq!(session.last_active_at, Some(state.clock.now()));
repo.cancel().await.unwrap();
} }
#[sqlx::test(migrator = "mas_storage_pg::MIGRATOR")] #[sqlx::test(migrator = "mas_storage_pg::MIGRATOR")]