From f4b22a7024bbdd9d81698ca2be3632c74ca4db80 Mon Sep 17 00:00:00 2001
From: Viktor Platz <62332353+ViktorPlatz@users.noreply.github.com>
Date: Thu, 7 Dec 2023 09:13:16 +0100
Subject: [PATCH] list_access_info endpoint + delete_session + Implement role
 checking in access endpoints (#74)

* protobuf

* Add role check to create_access and fix tests

* Move comment

* add list access info endpoint

* add FromQueryResult so database can convert

* list access info endpoints tests

* get_access_by_model_id crud

* get_access_by_model_id crud tests

* protobufffffffffffffffffff

* clippy

* Implement role checking in create_access

* protobuf stuff

* Implement role checking in update_access

* Add editor_role_check_helper method

* Implement role checking in delete_access

* clippy fmt

* Add delete_session method and update protobuf pointer

* cargo fmt

* cargo fmt

* Fix delete_session parameter naming

* Add delete_session tests

* Merge session_context from GetUsers

* Add delete_by_token method to test helpers

* Use delete_by_token instead

* Remove unused import

* Remove duplicate method definition

---------

Co-authored-by: sabotack <sabotack.2001@gmail.com>
Co-authored-by: Ali Khorami <33497115+sabotack@users.noreply.github.com>
Co-authored-by: williamwoldum <wwoldu21@student.aau.dk>
---
 src/api/ecdar_api.rs           | 51 ++++++++++++++++--------
 src/tests/api/session_logic.rs | 72 +++++++++++++++++++++++++++++++++-
 2 files changed, 104 insertions(+), 19 deletions(-)

diff --git a/src/api/ecdar_api.rs b/src/api/ecdar_api.rs
index 2f52d12..5469afd 100644
--- a/src/api/ecdar_api.rs
+++ b/src/api/ecdar_api.rs
@@ -1,20 +1,22 @@
-use super::server::server::{
-    ecdar_api_auth_server::EcdarApiAuth,
-    ecdar_api_server::EcdarApi,
-    ecdar_backend_server::EcdarBackend,
-    get_auth_token_request::{user_credentials, UserCredentials},
-    CreateAccessRequest, CreateProjectRequest, CreateProjectResponse, CreateQueryRequest,
-    CreateUserRequest, DeleteAccessRequest, DeleteProjectRequest, DeleteQueryRequest,
-    GetAuthTokenRequest, GetAuthTokenResponse, GetProjectRequest, GetProjectResponse,
-    GetUsersRequest, GetUsersResponse, ListAccessInfoRequest, ListAccessInfoResponse,
-    ListProjectsInfoResponse, Query, QueryRequest, QueryResponse, SendQueryRequest,
-    SendQueryResponse, SimulationStartRequest, SimulationStepRequest, SimulationStepResponse,
-    UpdateAccessRequest, UpdateProjectRequest, UpdateQueryRequest, UpdateUserRequest,
-    UserTokenResponse,
+use super::{
+    context_collection::ContextCollection,
+    server::server::{
+        create_access_request::User,
+        ecdar_api_auth_server::EcdarApiAuth,
+        ecdar_api_server::EcdarApi,
+        ecdar_backend_server::EcdarBackend,
+        get_auth_token_request::{user_credentials, UserCredentials},
+        CreateAccessRequest, CreateProjectRequest, CreateProjectResponse, CreateQueryRequest,
+        CreateUserRequest, DeleteAccessRequest, DeleteProjectRequest, DeleteQueryRequest,
+        GetAuthTokenRequest, GetAuthTokenResponse, GetProjectRequest, GetProjectResponse,
+        GetUsersRequest, GetUsersResponse, ListAccessInfoRequest, ListAccessInfoResponse,
+        ListProjectsInfoResponse, Query, QueryRequest, QueryResponse, SendQueryRequest,
+        SendQueryResponse, SimulationStartRequest, SimulationStepRequest, SimulationStepResponse,
+        UpdateAccessRequest, UpdateProjectRequest, UpdateQueryRequest, UpdateUserRequest,
+        UserTokenResponse,
+    },
 };
 use crate::api::auth::TokenError;
-use crate::api::context_collection::ContextCollection;
-use crate::api::server::server::create_access_request::User;
 use crate::api::server::server::get_users_response::UserInfo;
 use crate::database::{session_context::SessionContextTrait, user_context::UserContextTrait};
 use crate::entities::{access, in_use, project, query, session, user};
@@ -974,8 +976,23 @@ impl EcdarApi for ConcreteEcdarApi {
         }))
     }
 
-    async fn delete_session(&self, _request: Request<()>) -> Result<Response<()>, Status> {
-        todo!()
+    /// Deletes the requester's session, found by their access token.
+    ///  
+    /// Returns the response that is received from Reveaal.
+    async fn delete_session(&self, request: Request<()>) -> Result<Response<()>, Status> {
+        let access_token = request
+            .token_string()
+            .ok_or(Status::unauthenticated("No access token provided"))?;
+
+        match self
+            .contexts
+            .session_context
+            .delete_by_token(TokenType::AccessToken, access_token)
+            .await
+        {
+            Ok(_) => Ok(Response::new(())),
+            Err(error) => Err(Status::new(Code::Internal, error.to_string())),
+        }
     }
 }
 
diff --git a/src/tests/api/session_logic.rs b/src/tests/api/session_logic.rs
index e3a58d7..f6df406 100644
--- a/src/tests/api/session_logic.rs
+++ b/src/tests/api/session_logic.rs
@@ -1,11 +1,15 @@
 use crate::api::ecdar_api::update_session;
+use std::str::FromStr;
 
 use crate::entities::session;
-use crate::tests::api::helpers::get_mock_services;
+use crate::tests::api::helpers::{get_mock_concrete_ecdar_api, get_mock_services};
 
+use crate::api::auth::TokenType;
+use crate::api::server::server::ecdar_api_server::EcdarApi;
+use mockall::predicate;
 use sea_orm::DbErr;
 use std::sync::Arc;
-use tonic::Code;
+use tonic::{metadata, Code, Request};
 
 #[tokio::test]
 async fn update_session_no_session_exists_creates_session_returns_err() {
@@ -104,3 +108,67 @@ async fn update_session_returns_error_when_database_error_occurs() {
     assert!(result.is_err());
     assert_eq!(result.unwrap_err().code(), Code::Internal);
 }
+
+#[tokio::test]
+async fn delete_session_returns_ok() {
+    let mut mock_services = get_mock_services();
+
+    mock_services
+        .session_context_mock
+        .expect_delete_by_token()
+        .with(
+            predicate::eq(TokenType::AccessToken),
+            predicate::eq("test_token".to_string()),
+        )
+        .returning(move |_, _| {
+            Ok(session::Model {
+                id: 1,
+                refresh_token: Default::default(),
+                access_token: "test_token".to_string(),
+                updated_at: Default::default(),
+                user_id: Default::default(),
+            })
+        });
+
+    let api = get_mock_concrete_ecdar_api(mock_services);
+
+    let mut request = Request::new(());
+    request.metadata_mut().insert(
+        "authorization",
+        metadata::MetadataValue::from_str("Bearer test_token").unwrap(),
+    );
+
+    let res = api.delete_session(request).await;
+
+    assert!(res.is_ok());
+}
+
+#[tokio::test]
+async fn delete_session_no_session_returns_err() {
+    let mut mock_services = get_mock_services();
+
+    mock_services
+        .session_context_mock
+        .expect_delete_by_token()
+        .with(
+            predicate::eq(TokenType::AccessToken),
+            predicate::eq("test_token".to_string()),
+        )
+        .returning(move |_, _| {
+            Err(DbErr::RecordNotFound(
+                "No session found with the provided access token".to_string(),
+            ))
+        });
+
+    let api = get_mock_concrete_ecdar_api(mock_services);
+
+    let mut request = Request::new(());
+    request.metadata_mut().insert(
+        "authorization",
+        metadata::MetadataValue::from_str("Bearer test_token").unwrap(),
+    );
+
+    let res = api.delete_session(request).await;
+
+    assert_eq!(res.unwrap_err().code(), Code::Internal);
+}