selfprivacy-rest-api/tests/test_graphql/test_api_recovery.py

# pylint: disable=redefined-outer-name
# pylint: disable=unused-argument
# pylint: disable=missing-function-docstring

import pytest

from datetime import datetime, timezone

from tests.common import (
    generate_api_query,
    assert_recovery_recent,
    NearFuture,
    RECOVERY_KEY_VALIDATION_DATETIME,
)

# Graphql API's output should be timezone-naive
from tests.common import ten_minutes_into_future_naive_utc as ten_minutes_into_future
from tests.common import ten_minutes_into_future as ten_minutes_into_future_tz
from tests.common import ten_minutes_into_past_naive_utc as ten_minutes_into_past

from tests.test_graphql.common import (
    assert_empty,
    get_data,
    assert_ok,
    assert_errorcode,
    assert_token_valid,
    assert_original,
    graphql_get_devices,
    set_client_token,
)

API_RECOVERY_QUERY = """
recoveryKey {
    exists
    valid
    creationDate
    expirationDate
    usesLeft
}
"""


def request_recovery_status(client):
    return client.post(
        "/graphql",
        json={"query": generate_api_query([API_RECOVERY_QUERY])},
    )


def graphql_recovery_status(client):
    response = request_recovery_status(client)
    data = get_data(response)

    status = data["api"]["recoveryKey"]
    assert status is not None
    return status


def request_make_new_recovery_key(client, expires_at=None, uses=None):
    json = {"query": API_RECOVERY_KEY_GENERATE_MUTATION}
    limits = {}

    if expires_at is not None:
        limits["expirationDate"] = expires_at.isoformat()
    if uses is not None:
        limits["uses"] = uses

    if limits != {}:
        json["variables"] = {"limits": limits}

    response = client.post("/graphql", json=json)
    return response


def graphql_make_new_recovery_key(client, expires_at=None, uses=None):
    response = request_make_new_recovery_key(client, expires_at, uses)
    output = get_data(response)["api"]["getNewRecoveryApiKey"]
    assert_ok(output)

    key = output["key"]
    assert key is not None
    assert key.split(" ").__len__() == 18
    return key


def request_recovery_auth(client, key, device_name):
    return client.post(
        "/graphql",
        json={
            "query": API_RECOVERY_KEY_USE_MUTATION,
            "variables": {
                "input": {
                    "key": key,
                    "deviceName": device_name,
                },
            },
        },
    )


def graphql_use_recovery_key(client, key, device_name):
    response = request_recovery_auth(client, key, device_name)
    output = get_data(response)["api"]["useRecoveryApiKey"]
    assert_ok(output)

    token = output["token"]
    assert token is not None
    assert_token_valid(client, token)
    set_client_token(client, token)
    assert device_name in [device["name"] for device in graphql_get_devices(client)]
    return token


def test_graphql_recovery_key_status_unauthorized(client):
    response = request_recovery_status(client)
    assert_empty(response)


def test_graphql_recovery_key_status_when_none_exists(authorized_client):
    status = graphql_recovery_status(authorized_client)
    assert status["exists"] is False
    assert status["valid"] is False
    assert status["creationDate"] is None
    assert status["expirationDate"] is None
    assert status["usesLeft"] is None


API_RECOVERY_KEY_GENERATE_MUTATION = """
mutation TestGenerateRecoveryKey($limits: RecoveryKeyLimitsInput) {
    api {
        getNewRecoveryApiKey(limits: $limits) {
            success
            message
            code
            key
        }
    }
}
"""

API_RECOVERY_KEY_USE_MUTATION = """
mutation TestUseRecoveryKey($input: UseRecoveryKeyInput!) {
    api {
        useRecoveryApiKey(input: $input) {
            success
            message
            code
            token
        }
    }
}
"""


def test_graphql_generate_recovery_key(client, authorized_client):
    key = graphql_make_new_recovery_key(authorized_client)

    status = graphql_recovery_status(authorized_client)
    assert status["exists"] is True
    assert status["valid"] is True
    assert_recovery_recent(status["creationDate"])
    assert status["expirationDate"] is None
    assert status["usesLeft"] is None

    graphql_use_recovery_key(client, key, "new_test_token")
    # And again
    graphql_use_recovery_key(client, key, "new_test_token2")


@pytest.mark.parametrize(
    "expiration_date", [ten_minutes_into_future(), ten_minutes_into_future_tz()]
)
def test_graphql_generate_recovery_key_with_expiration_date(
    client, authorized_client, expiration_date: datetime
):
    key = graphql_make_new_recovery_key(authorized_client, expires_at=expiration_date)

    status = graphql_recovery_status(authorized_client)
    assert status["exists"] is True
    assert status["valid"] is True
    assert_recovery_recent(status["creationDate"])

    # timezone-aware comparison. Should pass regardless of server's tz
    assert datetime.fromisoformat(status["expirationDate"]) == expiration_date.replace(
        tzinfo=timezone.utc
    )

    assert status["usesLeft"] is None

    graphql_use_recovery_key(client, key, "new_test_token")
    # And again
    graphql_use_recovery_key(client, key, "new_test_token2")


def test_graphql_use_recovery_key_after_expiration(client, authorized_client, mocker):
    expiration_date = ten_minutes_into_future()
    key = graphql_make_new_recovery_key(authorized_client, expires_at=expiration_date)

    # Timewarp to after it expires
    mock = mocker.patch(RECOVERY_KEY_VALIDATION_DATETIME, NearFuture)

    response = request_recovery_auth(client, key, "new_test_token3")
    output = get_data(response)["api"]["useRecoveryApiKey"]
    assert_errorcode(output, 404)

    assert output["token"] is None
    assert_original(authorized_client)

    status = graphql_recovery_status(authorized_client)
    assert status["exists"] is True
    assert status["valid"] is False
    assert_recovery_recent(status["creationDate"])

    # timezone-aware comparison. Should pass regardless of server's tz
    assert datetime.fromisoformat(status["expirationDate"]) == expiration_date.replace(
        tzinfo=timezone.utc
    )
    assert status["usesLeft"] is None


def test_graphql_generate_recovery_key_with_expiration_in_the_past(authorized_client):
    expiration_date = ten_minutes_into_past()
    response = request_make_new_recovery_key(
        authorized_client, expires_at=expiration_date
    )

    output = get_data(response)["api"]["getNewRecoveryApiKey"]
    assert_errorcode(output, 400)

    assert output["key"] is None
    assert graphql_recovery_status(authorized_client)["exists"] is False


def test_graphql_generate_recovery_key_with_invalid_time_format(authorized_client):
    expiration_date = "invalid_time_format"
    expiration_date_str = expiration_date

    response = authorized_client.post(
        "/graphql",
        json={
            "query": API_RECOVERY_KEY_GENERATE_MUTATION,
            "variables": {
                "limits": {
                    "expirationDate": expiration_date_str,
                },
            },
        },
    )
    assert_empty(response)
    assert graphql_recovery_status(authorized_client)["exists"] is False


def test_graphql_generate_recovery_key_with_limited_uses(authorized_client, client):
    mnemonic_key = graphql_make_new_recovery_key(authorized_client, uses=2)

    status = graphql_recovery_status(authorized_client)
    assert status["exists"] is True
    assert status["valid"] is True
    assert status["creationDate"] is not None
    assert status["expirationDate"] is None
    assert status["usesLeft"] == 2

    graphql_use_recovery_key(client, mnemonic_key, "new_test_token1")

    status = graphql_recovery_status(authorized_client)
    assert status["exists"] is True
    assert status["valid"] is True
    assert status["creationDate"] is not None
    assert status["expirationDate"] is None
    assert status["usesLeft"] == 1

    graphql_use_recovery_key(client, mnemonic_key, "new_test_token2")

    status = graphql_recovery_status(authorized_client)
    assert status["exists"] is True
    assert status["valid"] is False
    assert status["creationDate"] is not None
    assert status["expirationDate"] is None
    assert status["usesLeft"] == 0

    response = request_recovery_auth(client, mnemonic_key, "new_test_token3")
    output = get_data(response)["api"]["useRecoveryApiKey"]
    assert_errorcode(output, 404)


def test_graphql_generate_recovery_key_with_negative_uses(authorized_client):
    response = request_make_new_recovery_key(authorized_client, uses=-1)

    output = get_data(response)["api"]["getNewRecoveryApiKey"]
    assert_errorcode(output, 400)
    assert output["key"] is None
    assert graphql_recovery_status(authorized_client)["exists"] is False


def test_graphql_generate_recovery_key_with_zero_uses(authorized_client):
    response = request_make_new_recovery_key(authorized_client, uses=0)

    output = get_data(response)["api"]["getNewRecoveryApiKey"]
    assert_errorcode(output, 400)
    assert output["key"] is None
    assert graphql_recovery_status(authorized_client)["exists"] is False
API keys graphql tests 2022-06-29 17:39:46 +00:00			`# pylint: disable=redefined-outer-name`
			`# pylint: disable=unused-argument`
			`# pylint: disable=missing-function-docstring`

feature(auth): tz_aware recovery 2023-11-10 17:10:01 +00:00			`import pytest`

			`from datetime import datetime, timezone`

test(tokens-repo): use assert recent 2023-01-06 10:59:59 +00:00			`from tests.common import (`
			`generate_api_query,`
			`assert_recovery_recent,`
test(tokens-repo): rework expiring recovery key tests 2023-01-06 13:09:54 +00:00			`NearFuture,`
			`RECOVERY_KEY_VALIDATION_DATETIME,`
test(tokens-repo): use assert recent 2023-01-06 10:59:59 +00:00			`)`
refactor(tokens-repo): switch token backend to redis And use timezone-aware comparisons for expiry checks 2023-01-11 17:02:01 +00:00
			`# Graphql API's output should be timezone-naive`
refactor: Adapt API to the NixOS configuration changes 2024-01-09 18:58:09 +00:00			`from tests.common import ten_minutes_into_future_naive_utc as ten_minutes_into_future`
			`from tests.common import ten_minutes_into_future as ten_minutes_into_future_tz`
			`from tests.common import ten_minutes_into_past_naive_utc as ten_minutes_into_past`
refactor(tokens-repo): switch token backend to redis And use timezone-aware comparisons for expiry checks 2023-01-11 17:02:01 +00:00
test(services): add unauthorized move test 2023-11-22 18:13:07 +00:00			`from tests.test_graphql.common import (`
test(tokens-repo): check for token existense in recovery tests 2023-01-06 11:57:51 +00:00			`assert_empty,`
test(services): add unauthorized move test 2023-11-22 18:13:07 +00:00			`get_data,`
test(tokens-repo): check for token existense in recovery tests 2023-01-06 11:57:51 +00:00			`assert_ok,`
test(tokens-repo): rework expiring recovery key tests 2023-01-06 13:09:54 +00:00			`assert_errorcode,`
test(tokens-repo): check for token existense in recovery tests 2023-01-06 11:57:51 +00:00			`assert_token_valid,`
test(tokens-repo): rework expiring recovery key tests 2023-01-06 13:09:54 +00:00			`assert_original,`
test(tokens-repo): check for token existense in recovery tests 2023-01-06 11:57:51 +00:00			`graphql_get_devices,`
			`set_client_token,`
			`)`
API keys graphql tests 2022-06-29 17:39:46 +00:00
			`API_RECOVERY_QUERY = """`
			`recoveryKey {`
			`exists`
			`valid`
			`creationDate`
			`expirationDate`
			`usesLeft`
			`}`
			`"""`

fix recovery tests 2022-07-07 13:53:19 +00:00
test(tokens-repo): break out getting status 2023-01-06 10:34:52 +00:00			`def request_recovery_status(client):`
			`return client.post(`
API keys graphql tests 2022-06-29 17:39:46 +00:00			`"/graphql",`
fix recovery tests 2022-07-07 13:53:19 +00:00			`json={"query": generate_api_query([API_RECOVERY_QUERY])},`
API keys graphql tests 2022-06-29 17:39:46 +00:00			`)`
test(tokens-repo): break out getting status 2023-01-06 10:34:52 +00:00

			`def graphql_recovery_status(client):`
			`response = request_recovery_status(client)`
test(services): add unauthorized move test 2023-11-22 18:13:07 +00:00			`data = get_data(response)`
test(tokens-repo): break out getting status 2023-01-06 10:34:52 +00:00
test(services): add unauthorized move test 2023-11-22 18:13:07 +00:00			`status = data["api"]["recoveryKey"]`
test(tokens-repo): break out getting status 2023-01-06 10:34:52 +00:00			`assert status is not None`
			`return status`


test(tokens-repo): rework expiring recovery key tests 2023-01-06 13:09:54 +00:00			`def request_make_new_recovery_key(client, expires_at=None, uses=None):`
			`json = {"query": API_RECOVERY_KEY_GENERATE_MUTATION}`
			`limits = {}`

			`if expires_at is not None:`
			`limits["expirationDate"] = expires_at.isoformat()`
			`if uses is not None:`
			`limits["uses"] = uses`

			`if limits != {}:`
			`json["variables"] = {"limits": limits}`

			`response = client.post("/graphql", json=json)`
			`return response`


			`def graphql_make_new_recovery_key(client, expires_at=None, uses=None):`
			`response = request_make_new_recovery_key(client, expires_at, uses)`
test(services): add unauthorized move test 2023-11-22 18:13:07 +00:00			`output = get_data(response)["api"]["getNewRecoveryApiKey"]`
			`assert_ok(output)`

			`key = output["key"]`
test(tokens-repo): break out getting recovery key 2023-01-06 10:48:59 +00:00			`assert key is not None`
			`assert key.split(" ").__len__() == 18`
			`return key`


test(tokens-repo): rework expiring recovery key tests 2023-01-06 13:09:54 +00:00			`def request_recovery_auth(client, key, device_name):`
			`return client.post(`
test(tokens-repo): break out using recovery key 2023-01-06 11:25:53 +00:00			`"/graphql",`
			`json={`
			`"query": API_RECOVERY_KEY_USE_MUTATION,`
			`"variables": {`
			`"input": {`
			`"key": key,`
			`"deviceName": device_name,`
			`},`
			`},`
			`},`
			`)`
test(tokens-repo): rework expiring recovery key tests 2023-01-06 13:09:54 +00:00

			`def graphql_use_recovery_key(client, key, device_name):`
			`response = request_recovery_auth(client, key, device_name)`
test(services): add unauthorized move test 2023-11-22 18:13:07 +00:00			`output = get_data(response)["api"]["useRecoveryApiKey"]`
			`assert_ok(output)`

			`token = output["token"]`
test(tokens-repo): break out using recovery key 2023-01-06 11:25:53 +00:00			`assert token is not None`
test(tokens-repo): check for token existense in recovery tests 2023-01-06 11:57:51 +00:00			`assert_token_valid(client, token)`
			`set_client_token(client, token)`
test(tokens-repo): rework limited uses test 2023-01-09 12:39:54 +00:00			`assert device_name in [device["name"] for device in graphql_get_devices(client)]`
test(tokens-repo): break out using recovery key 2023-01-06 11:25:53 +00:00			`return token`


refactor: Adapt API to the NixOS configuration changes 2024-01-09 18:58:09 +00:00			`def test_graphql_recovery_key_status_unauthorized(client):`
test(tokens-repo): break out getting status 2023-01-06 10:34:52 +00:00			`response = request_recovery_status(client)`
test(tokens-repo): use assert_empty consistently 2023-01-06 09:54:07 +00:00			`assert_empty(response)`
API keys graphql tests 2022-06-29 17:39:46 +00:00
fix recovery tests 2022-07-07 13:53:19 +00:00
refactor: Adapt API to the NixOS configuration changes 2024-01-09 18:58:09 +00:00			`def test_graphql_recovery_key_status_when_none_exists(authorized_client):`
test(tokens-repo): break out getting status 2023-01-06 10:34:52 +00:00			`status = graphql_recovery_status(authorized_client)`
			`assert status["exists"] is False`
			`assert status["valid"] is False`
			`assert status["creationDate"] is None`
			`assert status["expirationDate"] is None`
			`assert status["usesLeft"] is None`
API keys graphql tests 2022-06-29 17:39:46 +00:00
fix recovery tests 2022-07-07 13:53:19 +00:00
API keys graphql tests 2022-06-29 17:39:46 +00:00			`API_RECOVERY_KEY_GENERATE_MUTATION = """`
Change datetime formats, more tests 2022-07-08 15:28:08 +00:00			`mutation TestGenerateRecoveryKey($limits: RecoveryKeyLimitsInput) {`
refactor(api): Group mutations I've learned that there is no problem in grouping mutations like we do with queries. This is a big mistake from my side, now we have legacy not so conveniently placed endpoints. I've grouped all mutations, left the copies of old ones flattened in the root for backwards compatibility. We will migrate to mutation groups on client side, and backups now only use grouped mutations. Tests are updated. 2023-06-21 03:46:56 +00:00			`api {`
			`getNewRecoveryApiKey(limits: $limits) {`
			`success`
			`message`
			`code`
			`key`
			`}`
API keys graphql tests 2022-06-29 17:39:46 +00:00			`}`
			`}`
			`"""`

			`API_RECOVERY_KEY_USE_MUTATION = """`
			`mutation TestUseRecoveryKey($input: UseRecoveryKeyInput!) {`
refactor(api): Group mutations I've learned that there is no problem in grouping mutations like we do with queries. This is a big mistake from my side, now we have legacy not so conveniently placed endpoints. I've grouped all mutations, left the copies of old ones flattened in the root for backwards compatibility. We will migrate to mutation groups on client side, and backups now only use grouped mutations. Tests are updated. 2023-06-21 03:46:56 +00:00			`api {`
			`useRecoveryApiKey(input: $input) {`
			`success`
			`message`
			`code`
			`token`
			`}`
API keys graphql tests 2022-06-29 17:39:46 +00:00			`}`
			`}`
			`"""`
fix recovery tests 2022-07-07 13:53:19 +00:00

refactor: Adapt API to the NixOS configuration changes 2024-01-09 18:58:09 +00:00			`def test_graphql_generate_recovery_key(client, authorized_client):`
test(tokens-repo): rework expiring recovery key tests 2023-01-06 13:09:54 +00:00			`key = graphql_make_new_recovery_key(authorized_client)`
test(tokens-repo): break out getting recovery key 2023-01-06 10:48:59 +00:00
test(tokens-repo): use get recovery status in test of recovery use 2023-01-06 11:08:53 +00:00			`status = graphql_recovery_status(authorized_client)`
			`assert status["exists"] is True`
			`assert status["valid"] is True`
			`assert_recovery_recent(status["creationDate"])`
			`assert status["expirationDate"] is None`
			`assert status["usesLeft"] is None`
API keys graphql tests 2022-06-29 17:39:46 +00:00
test(tokens-repo): check for token existense in recovery tests 2023-01-06 11:57:51 +00:00			`graphql_use_recovery_key(client, key, "new_test_token")`
			`# And again`
			`graphql_use_recovery_key(client, key, "new_test_token2")`
API keys graphql tests 2022-06-29 17:39:46 +00:00
fix recovery tests 2022-07-07 13:53:19 +00:00
feature(auth): tz_aware recovery 2023-11-10 17:10:01 +00:00			`@pytest.mark.parametrize(`
refactor: Adapt API to the NixOS configuration changes 2024-01-09 18:58:09 +00:00			`"expiration_date", [ten_minutes_into_future(), ten_minutes_into_future_tz()]`
feature(auth): tz_aware recovery 2023-11-10 17:10:01 +00:00			`)`
fix recovery tests 2022-07-07 13:53:19 +00:00			`def test_graphql_generate_recovery_key_with_expiration_date(`
refactor: Adapt API to the NixOS configuration changes 2024-01-09 18:58:09 +00:00			`client, authorized_client, expiration_date: datetime`
fix recovery tests 2022-07-07 13:53:19 +00:00			`):`
test(tokens-repo): rework expiring recovery key tests 2023-01-06 13:09:54 +00:00			`key = graphql_make_new_recovery_key(authorized_client, expires_at=expiration_date)`
API keys graphql tests 2022-06-29 17:39:46 +00:00
test(tokens-repo): rework expiring recovery key tests 2023-01-06 13:09:54 +00:00			`status = graphql_recovery_status(authorized_client)`
			`assert status["exists"] is True`
			`assert status["valid"] is True`
			`assert_recovery_recent(status["creationDate"])`
feature(auth): tz_aware recovery 2023-11-10 17:10:01 +00:00
			`# timezone-aware comparison. Should pass regardless of server's tz`
fix(auth): fix timezone issues with recovery tokens 2023-11-13 16:15:12 +00:00			`assert datetime.fromisoformat(status["expirationDate"]) == expiration_date.replace(`
			`tzinfo=timezone.utc`
			`)`
feature(auth): tz_aware recovery 2023-11-10 17:10:01 +00:00
test(tokens-repo): rework expiring recovery key tests 2023-01-06 13:09:54 +00:00			`assert status["usesLeft"] is None`
API keys graphql tests 2022-06-29 17:39:46 +00:00
test(tokens-repo): rework expiring recovery key tests 2023-01-06 13:09:54 +00:00			`graphql_use_recovery_key(client, key, "new_test_token")`
			`# And again`
			`graphql_use_recovery_key(client, key, "new_test_token2")`
API keys graphql tests 2022-06-29 17:39:46 +00:00

refactor: Adapt API to the NixOS configuration changes 2024-01-09 18:58:09 +00:00			`def test_graphql_use_recovery_key_after_expiration(client, authorized_client, mocker):`
			`expiration_date = ten_minutes_into_future()`
test(tokens-repo): rework expiring recovery key tests 2023-01-06 13:09:54 +00:00			`key = graphql_make_new_recovery_key(authorized_client, expires_at=expiration_date)`
API keys graphql tests 2022-06-29 17:39:46 +00:00
test(tokens-repo): rework expiring recovery key tests 2023-01-06 13:09:54 +00:00			`# Timewarp to after it expires`
			`mock = mocker.patch(RECOVERY_KEY_VALIDATION_DATETIME, NearFuture)`
API keys graphql tests 2022-06-29 17:39:46 +00:00
test(tokens-repo): rework expiring recovery key tests 2023-01-06 13:09:54 +00:00			`response = request_recovery_auth(client, key, "new_test_token3")`
test(services): add unauthorized move test 2023-11-22 18:13:07 +00:00			`output = get_data(response)["api"]["useRecoveryApiKey"]`
			`assert_errorcode(output, 404)`

			`assert output["token"] is None`
test(tokens-repo): rework expiring recovery key tests 2023-01-06 13:09:54 +00:00			`assert_original(authorized_client)`
API keys graphql tests 2022-06-29 17:39:46 +00:00
test(tokens-repo): rework expiring recovery key tests 2023-01-06 13:09:54 +00:00			`status = graphql_recovery_status(authorized_client)`
			`assert status["exists"] is True`
			`assert status["valid"] is False`
			`assert_recovery_recent(status["creationDate"])`
feature(auth): tz_aware recovery 2023-11-10 17:10:01 +00:00
			`# timezone-aware comparison. Should pass regardless of server's tz`
fix(auth): fix timezone issues with recovery tokens 2023-11-13 16:15:12 +00:00			`assert datetime.fromisoformat(status["expirationDate"]) == expiration_date.replace(`
			`tzinfo=timezone.utc`
			`)`
test(tokens-repo): rework expiring recovery key tests 2023-01-06 13:09:54 +00:00			`assert status["usesLeft"] is None`
API keys graphql tests 2022-06-29 17:39:46 +00:00
fix recovery tests 2022-07-07 13:53:19 +00:00
refactor: Adapt API to the NixOS configuration changes 2024-01-09 18:58:09 +00:00			`def test_graphql_generate_recovery_key_with_expiration_in_the_past(authorized_client):`
			`expiration_date = ten_minutes_into_past()`
test(tokens-repo): rework recovery expiration in the past 2023-01-09 12:17:36 +00:00			`response = request_make_new_recovery_key(`
			`authorized_client, expires_at=expiration_date`
API keys graphql tests 2022-06-29 17:39:46 +00:00			`)`
test(tokens-repo): rework recovery expiration in the past 2023-01-09 12:17:36 +00:00
test(services): add unauthorized move test 2023-11-22 18:13:07 +00:00			`output = get_data(response)["api"]["getNewRecoveryApiKey"]`
			`assert_errorcode(output, 400)`

			`assert output["key"] is None`
test(tokens-repo): cleanup recovery tests 2023-01-09 12:54:10 +00:00			`assert graphql_recovery_status(authorized_client)["exists"] is False`
API keys graphql tests 2022-06-29 17:39:46 +00:00
fix recovery tests 2022-07-07 13:53:19 +00:00
refactor: Adapt API to the NixOS configuration changes 2024-01-09 18:58:09 +00:00			`def test_graphql_generate_recovery_key_with_invalid_time_format(authorized_client):`
API keys graphql tests 2022-06-29 17:39:46 +00:00			`expiration_date = "invalid_time_format"`
			`expiration_date_str = expiration_date`

			`response = authorized_client.post(`
			`"/graphql",`
			`json={`
			`"query": API_RECOVERY_KEY_GENERATE_MUTATION,`
			`"variables": {`
			`"limits": {`
			`"expirationDate": expiration_date_str,`
			`},`
			`},`
			`},`
			`)`
test(tokens-repo): use assert_empty consistently 2023-01-06 09:54:07 +00:00			`assert_empty(response)`
test(tokens-repo): cleanup recovery tests 2023-01-09 12:54:10 +00:00			`assert graphql_recovery_status(authorized_client)["exists"] is False`
API keys graphql tests 2022-06-29 17:39:46 +00:00
fix recovery tests 2022-07-07 13:53:19 +00:00
refactor: Adapt API to the NixOS configuration changes 2024-01-09 18:58:09 +00:00			`def test_graphql_generate_recovery_key_with_limited_uses(authorized_client, client):`
test(tokens-repo): rework limited uses test 2023-01-09 12:39:54 +00:00			`mnemonic_key = graphql_make_new_recovery_key(authorized_client, uses=2)`
API keys graphql tests 2022-06-29 17:39:46 +00:00
test(tokens-repo): rework limited uses test 2023-01-09 12:39:54 +00:00			`status = graphql_recovery_status(authorized_client)`
			`assert status["exists"] is True`
			`assert status["valid"] is True`
			`assert status["creationDate"] is not None`
			`assert status["expirationDate"] is None`
			`assert status["usesLeft"] == 2`
API keys graphql tests 2022-06-29 17:39:46 +00:00
test(tokens-repo): rework limited uses test 2023-01-09 12:39:54 +00:00			`graphql_use_recovery_key(client, mnemonic_key, "new_test_token1")`
API keys graphql tests 2022-06-29 17:39:46 +00:00
test(tokens-repo): rework limited uses test 2023-01-09 12:39:54 +00:00			`status = graphql_recovery_status(authorized_client)`
			`assert status["exists"] is True`
			`assert status["valid"] is True`
			`assert status["creationDate"] is not None`
			`assert status["expirationDate"] is None`
			`assert status["usesLeft"] == 1`
API keys graphql tests 2022-06-29 17:39:46 +00:00
test(tokens-repo): rework limited uses test 2023-01-09 12:39:54 +00:00			`graphql_use_recovery_key(client, mnemonic_key, "new_test_token2")`
API keys graphql tests 2022-06-29 17:39:46 +00:00
test(tokens-repo): rework limited uses test 2023-01-09 12:39:54 +00:00			`status = graphql_recovery_status(authorized_client)`
			`assert status["exists"] is True`
			`assert status["valid"] is False`
			`assert status["creationDate"] is not None`
			`assert status["expirationDate"] is None`
			`assert status["usesLeft"] == 0`

			`response = request_recovery_auth(client, mnemonic_key, "new_test_token3")`
test(services): add unauthorized move test 2023-11-22 18:13:07 +00:00			`output = get_data(response)["api"]["useRecoveryApiKey"]`
			`assert_errorcode(output, 404)`
fix recovery tests 2022-07-07 13:53:19 +00:00
API keys graphql tests 2022-06-29 17:39:46 +00:00
refactor: Adapt API to the NixOS configuration changes 2024-01-09 18:58:09 +00:00			`def test_graphql_generate_recovery_key_with_negative_uses(authorized_client):`
test(tokens-repo): complete the recovery test rework 2023-01-09 12:44:48 +00:00			`response = request_make_new_recovery_key(authorized_client, uses=-1)`

test(services): add unauthorized move test 2023-11-22 18:13:07 +00:00			`output = get_data(response)["api"]["getNewRecoveryApiKey"]`
			`assert_errorcode(output, 400)`
			`assert output["key"] is None`
			`assert graphql_recovery_status(authorized_client)["exists"] is False`
API keys graphql tests 2022-06-29 17:39:46 +00:00
fix recovery tests 2022-07-07 13:53:19 +00:00
refactor: Adapt API to the NixOS configuration changes 2024-01-09 18:58:09 +00:00			`def test_graphql_generate_recovery_key_with_zero_uses(authorized_client):`
test(tokens-repo): complete the recovery test rework 2023-01-09 12:44:48 +00:00			`response = request_make_new_recovery_key(authorized_client, uses=0)`

test(services): add unauthorized move test 2023-11-22 18:13:07 +00:00			`output = get_data(response)["api"]["getNewRecoveryApiKey"]`
			`assert_errorcode(output, 400)`
			`assert output["key"] is None`
test(tokens-repo): cleanup recovery tests 2023-01-09 12:54:10 +00:00			`assert graphql_recovery_status(authorized_client)["exists"] is False`