diff --git a/src/lib/db/api-token-store.ts b/src/lib/db/api-token-store.ts index 69cfd457d7..d23ccebe5a 100644 --- a/src/lib/db/api-token-store.ts +++ b/src/lib/db/api-token-store.ts @@ -40,7 +40,7 @@ const tokenRowReducer = (acc, tokenRow) => { acc[tokenRow.secret] = { secret: token.secret, tokenName: token.token_name, - type: token.type, + type: token.type.toLowerCase(), project: ALL, projects: [ALL], environment: token.environment ? token.environment : ALL, diff --git a/src/lib/routes/admin-api/project/api-token.ts b/src/lib/routes/admin-api/project/api-token.ts index 2c8e007ec4..9ab2908981 100644 --- a/src/lib/routes/admin-api/project/api-token.ts +++ b/src/lib/routes/admin-api/project/api-token.ts @@ -31,6 +31,7 @@ import Controller from '../../controller'; import { Logger } from '../../../logger'; import { Response } from 'express'; import { timingSafeEqual } from 'crypto'; +import { createApiToken } from '../../../schema/api-token-schema'; interface ProjectTokenParam { token: string; @@ -143,7 +144,7 @@ export class ProjectApiTokenController extends Controller { req: IAuthRequest, res: Response, ): Promise { - const createToken = req.body; + const createToken = await createApiToken.validateAsync(req.body); const { projectId } = req.params; if (!createToken.project) { createToken.project = projectId; diff --git a/src/test/e2e/api/admin/project/api-token.e2e.test.ts b/src/test/e2e/api/admin/project/api-token.e2e.test.ts new file mode 100644 index 0000000000..e85a31ba72 --- /dev/null +++ b/src/test/e2e/api/admin/project/api-token.e2e.test.ts @@ -0,0 +1,48 @@ +import dbInit from '../../../helpers/database-init'; +import { setupAppWithCustomConfig } from '../../../helpers/test-helper'; +import getLogger from '../../../../fixtures/no-logger'; +import { ApiTokenStore } from '../../../../../lib/db/api-token-store'; + +let app; +let db; + +let apiTokenStore: ApiTokenStore; + +beforeAll(async () => { + db = await dbInit('projects_api_serial', getLogger); + app = await setupAppWithCustomConfig(db.stores, { + experimental: { + flags: { + strictSchemaValidation: true, + }, + }, + }); + apiTokenStore = db.stores.apiTokenStore; +}); + +afterAll(async () => { + await app.destroy(); + await db.destroy(); +}); + +test('Should always return token type in lowercase', async () => { + await apiTokenStore.insert({ + environment: '*', + alias: 'some-alias', + secret: 'some-secret', + type: 'FRONTEND' as any, + projects: ['default'], + tokenName: 'some-name', + }); + + const storedToken = await apiTokenStore.get('some-secret'); + expect(storedToken.type).toBe('frontend'); + + const { body } = await app.request + .get('/api/admin/projects/default/api-tokens') + .expect(200) + .expect('Content-Type', /json/); + + expect(body.tokens).toHaveLength(1); + expect(body.tokens[0].type).toBe('frontend'); +});