[pat] Implement GetPersonalAccessToken

Author: Laurie T. Malau

components/gitpod-db/go/personal_access_token.go

@@ -12,6 +12,7 @@ import (
 	"strings"
 	"time"
 
+	connect "github.com/bufbuild/connect-go"
 	"github.com/google/uuid"
 	"gorm.io/gorm"
 )
@@ -36,14 +37,17 @@ func (d *PersonalAccessToken) TableName() string {
 	return "d_b_personal_access_token"
 }
 
-func GetToken(ctx context.Context, conn *gorm.DB, id uuid.UUID) (PersonalAccessToken, error) {
+func GetPersonalAccessTokenForUser(ctx context.Context, conn *gorm.DB, tokenID uuid.UUID, userID uuid.UUID) (PersonalAccessToken, error) {
 	var token PersonalAccessToken
 
 	db := conn.WithContext(ctx)
 
-	db = db.Where("id = ?", id).First(&token)
+	db = db.Where("id = ?", tokenID).Where("userId = ?", userID).Where("deleted = ?", 0).First(&token)
 	if db.Error != nil {
-		return PersonalAccessToken{}, fmt.Errorf("Failed to retrieve token: %w", db.Error)
+		if errors.Is(db.Error, gorm.ErrRecordNotFound) {
+			return PersonalAccessToken{}, connect.NewError(connect.CodeNotFound, db.Error)
+		}
+		return PersonalAccessToken{}, fmt.Errorf("Failed to retrieve token: %v", db.Error)
 	}
 
 	return token, nil
@@ -94,6 +98,7 @@ func ListPersonalAccessTokensForUser(ctx context.Context, conn *gorm.DB, userID
 		WithContext(ctx).
 		Table((&PersonalAccessToken{}).TableName()).
 		Where("userId = ?", userID).
+		Where("deleted = ?", 0).
 		Order("createdAt").
 		Scopes(Paginate(pagination)).
 		Find(&results)

components/gitpod-db/go/personal_access_token_test.go

@@ -19,24 +19,38 @@ import (
 func TestPersonalAccessToken_Get(t *testing.T) {
 	conn := dbtest.ConnectForTests(t)
 
-	token := db.PersonalAccessToken{
-		ID:             uuid.New(),
-		UserID:         uuid.New(),
-		Hash:           "some-secure-hash",
-		Name:           "some-name",
-		Description:    "some-description",
-		Scopes:         []string{"read", "write"},
-		ExpirationTime: time.Now().Add(5),
-		CreatedAt:      time.Now(),
-		LastModified:   time.Now(),
-	}
+	firstUserId := uuid.New()
+	secondUserId := uuid.New()
 
-	tx := conn.Create(token)
-	require.NoError(t, tx.Error)
+	token := dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{UserID: firstUserId})
+	token2 := dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{UserID: secondUserId})
+
+	tokenEntries := []db.PersonalAccessToken{token, token2}
+
+	dbtest.CreatePersonalAccessTokenRecords(t, conn, tokenEntries...)
+
+	t.Run("not matching user", func(t *testing.T) {
+		_, err := db.GetPersonalAccessTokenForUser(context.Background(), conn, token.ID, token2.UserID)
+		require.Error(t, err, db.ErrorNotFound)
+	})
+
+	t.Run("not matching token", func(t *testing.T) {
+		_, err := db.GetPersonalAccessTokenForUser(context.Background(), conn, token2.ID, token.UserID)
+		require.Error(t, err, db.ErrorNotFound)
+	})
+
+	t.Run("both token and user don't exist in the DB", func(t *testing.T) {
+		_, err := db.GetPersonalAccessTokenForUser(context.Background(), conn, uuid.New(), uuid.New())
+		require.Error(t, err, db.ErrorNotFound)
+	})
+
+	t.Run("valid", func(t *testing.T) {
+		returned, err := db.GetPersonalAccessTokenForUser(context.Background(), conn, token.ID, token.UserID)
+		require.NoError(t, err)
+		require.Equal(t, token.ID, returned.ID)
+		require.Equal(t, token.UserID, returned.UserID)
+	})
 
-	result, err := db.GetToken(context.Background(), conn, token.ID)
-	require.NoError(t, err)
-	require.Equal(t, token.ID, result.ID)
 }
 
 func TestPersonalAccessToken_Create(t *testing.T) {

components/public-api-server/pkg/apiv1/tokens.go

@@ -10,7 +10,7 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/bufbuild/connect-go"
+	connect "github.com/bufbuild/connect-go"
 	"github.com/gitpod-io/gitpod/common-go/experiments"
 	"github.com/gitpod-io/gitpod/common-go/log"
 	db "github.com/gitpod-io/gitpod/components/gitpod-db/go"
@@ -67,13 +67,24 @@ func (s *TokensService) GetPersonalAccessToken(ctx context.Context, req *connect
 		return nil, err
 	}
 
-	_, err = s.getUser(ctx, conn)
+	user, err := s.getUser(ctx, conn)
 	if err != nil {
 		return nil, err
 	}
 
 	log.Infof("Handling GetPersonalAccessToken request for Token ID '%s'", tokenID.String())
-	return nil, connect.NewError(connect.CodeUnimplemented, errors.New("gitpod.experimental.v1.TokensService.GetPersonalAccessToken is not implemented"))
+
+	userId, err := uuid.Parse(user.ID)
+	if err != nil {
+		return nil, connect.NewError(connect.CodeInternal, fmt.Errorf("Failed to parse user ID as UUID"))
+	}
+
+	token, err := db.GetPersonalAccessTokenForUser(ctx, s.dbConn, tokenID, userId)
+	if err != nil {
+		return nil, err
+	}
+
+	return connect.NewResponse(&v1.GetPersonalAccessTokenResponse{Token: personalAccessTokenToAPI(token, "")}), nil
 }
 
 func (s *TokensService) ListPersonalAccessTokens(ctx context.Context, req *connect.Request[v1.ListPersonalAccessTokensRequest]) (*connect.Response[v1.ListPersonalAccessTokensResponse], error) {

components/public-api-server/pkg/apiv1/tokens_test.go

@@ -65,18 +65,31 @@ func TestTokensService_CreatePersonalAccessTokenWithoutFeatureFlag(t *testing.T)
 
 func TestTokensService_GetPersonalAccessToken(t *testing.T) {
 	user := newUser(&protocol.User{})
+	user2 := newUser(&protocol.User{})
 
-	t.Run("permission denied when feature flag is disabled", func(t *testing.T) {
-		serverMock, _, client := setupTokensService(t, withTokenFeatureDisabled)
+	t.Run("get correct token", func(t *testing.T) {
+		serverMock, dbConn, client := setupTokensService(t, withTokenFeatureEnabled)
+
+		tokens := dbtest.CreatePersonalAccessTokenRecords(t, dbConn,
+			dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{
+				UserID: uuid.MustParse(user.ID),
+			}),
+			dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{
+				UserID: uuid.MustParse(user2.ID),
+			}),
+		)
 
 		serverMock.EXPECT().GetLoggedInUser(gomock.Any()).Return(user, nil)
 
-		_, err := client.GetPersonalAccessToken(context.Background(), connect.NewRequest(&v1.GetPersonalAccessTokenRequest{
-			Id: uuid.New().String(),
+		response, err := client.GetPersonalAccessToken(context.Background(), connect.NewRequest(&v1.GetPersonalAccessTokenRequest{
+			Id: tokens[0].ID.String(),
 		}))
 
-		require.Error(t, err, "This feature is currently in beta. If you would like to be part of the beta, please contact us.")
-		require.Equal(t, connect.CodePermissionDenied, connect.CodeOf(err))
+		require.NoError(t, err)
+
+		requireEqualProto(t, &v1.GetPersonalAccessTokenResponse{
+			Token: personalAccessTokenToAPI(tokens[0], ""),
+		}, response.Msg)
 	})
 
 	t.Run("invalid argument when Token ID is empty", func(t *testing.T) {
@@ -97,16 +110,35 @@ func TestTokensService_GetPersonalAccessToken(t *testing.T) {
 		require.Equal(t, connect.CodeInvalidArgument, connect.CodeOf(err))
 	})
 
-	t.Run("unimplemented when feature flag enabled", func(t *testing.T) {
-		serverMock, _, client := setupTokensService(t, withTokenFeatureEnabled)
+	t.Run("responds with not found when token is not found", func(t *testing.T) {
+		serverMock, dbConn, client := setupTokensService(t, withTokenFeatureEnabled)
+
+		dbtest.CreatePersonalAccessTokenRecords(t, dbConn,
+			dbtest.NewPersonalAccessToken(t, db.PersonalAccessToken{
+				UserID: uuid.MustParse(user.ID),
+			}),
+		)
 
 		serverMock.EXPECT().GetLoggedInUser(gomock.Any()).Return(user, nil)
 
 		_, err := client.GetPersonalAccessToken(context.Background(), connect.NewRequest(&v1.GetPersonalAccessTokenRequest{
 			Id: uuid.New().String(),
 		}))
 
-		require.Equal(t, connect.CodeUnimplemented, connect.CodeOf(err))
+		require.Equal(t, connect.CodeNotFound, connect.CodeOf(err))
+	})
+
+	t.Run("permission denied when feature flag disabled", func(t *testing.T) {
+		serverMock, _, client := setupTokensService(t, withTokenFeatureDisabled)
+
+		serverMock.EXPECT().GetLoggedInUser(gomock.Any()).Return(user, nil)
+
+		_, err := client.GetPersonalAccessToken(context.Background(), connect.NewRequest(&v1.GetPersonalAccessTokenRequest{
+			Id: uuid.New().String(),
+		}))
+
+		require.Error(t, err, "This feature is currently in beta. If you would like to be part of the beta, please contact us.")
+		require.Equal(t, connect.CodePermissionDenied, connect.CodeOf(err))
 	})
 }