diff --git a/internal/authtoken/service_list_ext_test.go b/internal/authtoken/service_list_ext_test.go index 710b5fddc5..dfa081fc11 100644 --- a/internal/authtoken/service_list_ext_test.go +++ b/internal/authtoken/service_list_ext_test.go @@ -188,6 +188,16 @@ func TestService_List(t *testing.T) { _, err = authtoken.ListPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, nil) require.ErrorContains(t, err, "missing scope ids") }) + t.Run("wrong token resource type", func(t *testing.T) { + t.Parallel() + filterFunc := func(_ context.Context, at *authtoken.AuthToken) (bool, error) { + return true, nil + } + tok, err := listtoken.NewPagination(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), "some-id", fiveDaysAgo) + require.NoError(t, err) + _, err = authtoken.ListPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, []string{org.GetPublicId()}) + require.ErrorContains(t, err, "token did not have an auth token resource type") + }) }) t.Run("ListRefresh validation", func(t *testing.T) { t.Parallel() @@ -266,6 +276,16 @@ func TestService_List(t *testing.T) { _, err = authtoken.ListRefresh(ctx, []byte("some hash"), 1, filterFunc, tok, repo, nil) require.ErrorContains(t, err, "missing scope ids") }) + t.Run("wrong token resource type", func(t *testing.T) { + t.Parallel() + filterFunc := func(_ context.Context, at *authtoken.AuthToken) (bool, error) { + return true, nil + } + tok, err := listtoken.NewStartRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo) + require.NoError(t, err) + _, err = authtoken.ListRefresh(ctx, []byte("some hash"), 1, filterFunc, tok, repo, []string{org.GetPublicId()}) + require.ErrorContains(t, err, "token did not have an auth token resource type") + }) }) t.Run("ListRefreshPage validation", func(t *testing.T) { t.Parallel() @@ -344,6 +364,16 @@ func TestService_List(t *testing.T) { _, err = authtoken.ListRefreshPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, nil) require.ErrorContains(t, err, "missing scope ids") }) + t.Run("wrong token resource type", func(t *testing.T) { + t.Parallel() + filterFunc := func(_ context.Context, at *authtoken.AuthToken) (bool, error) { + return true, nil + } + tok, err := listtoken.NewRefresh(ctx, fiveDaysAgo, resource.Target, []byte("some hash"), fiveDaysAgo, fiveDaysAgo, fiveDaysAgo, "some other id", fiveDaysAgo) + require.NoError(t, err) + _, err = authtoken.ListRefreshPage(ctx, []byte("some hash"), 1, filterFunc, tok, repo, []string{org.GetPublicId()}) + require.ErrorContains(t, err, "token did not have an auth token resource type") + }) }) t.Run("simple pagination", func(t *testing.T) { diff --git a/internal/authtoken/service_list_page.go b/internal/authtoken/service_list_page.go index 1c63d52415..f6b67f3371 100644 --- a/internal/authtoken/service_list_page.go +++ b/internal/authtoken/service_list_page.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/boundary/internal/errors" "github.com/hashicorp/boundary/internal/listtoken" "github.com/hashicorp/boundary/internal/pagination" + "github.com/hashicorp/boundary/internal/types/resource" ) // ListPage lists up to page size auth tokens, filtering out entries that @@ -42,6 +43,8 @@ func ListPage( return nil, errors.New(ctx, errors.InvalidParameter, op, "missing repo") case withScopeIds == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing scope ids") + case tok.ResourceType != resource.AuthToken: + return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have an auth token resource type") } if _, ok := tok.Subtype.(*listtoken.PaginationToken); !ok { return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have a pagination token component") diff --git a/internal/authtoken/service_list_refresh.go b/internal/authtoken/service_list_refresh.go index d70c4327d3..fbe706dcd6 100644 --- a/internal/authtoken/service_list_refresh.go +++ b/internal/authtoken/service_list_refresh.go @@ -11,6 +11,7 @@ import ( "github.com/hashicorp/boundary/internal/errors" "github.com/hashicorp/boundary/internal/listtoken" "github.com/hashicorp/boundary/internal/pagination" + "github.com/hashicorp/boundary/internal/types/resource" ) // ListRefresh lists up to page size auth tokens, filtering out entries that @@ -46,6 +47,8 @@ func ListRefresh( return nil, errors.New(ctx, errors.InvalidParameter, op, "missing repo") case withScopeIds == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing scope ids") + case tok.ResourceType != resource.AuthToken: + return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have an auth token resource type") } rt, ok := tok.Subtype.(*listtoken.StartRefreshToken) if !ok { diff --git a/internal/authtoken/service_list_refresh_page.go b/internal/authtoken/service_list_refresh_page.go index 177dca1bd3..e9df64719a 100644 --- a/internal/authtoken/service_list_refresh_page.go +++ b/internal/authtoken/service_list_refresh_page.go @@ -11,6 +11,7 @@ import ( "github.com/hashicorp/boundary/internal/errors" "github.com/hashicorp/boundary/internal/listtoken" "github.com/hashicorp/boundary/internal/pagination" + "github.com/hashicorp/boundary/internal/types/resource" ) // ListRefreshPage lists up to page size auth tokens, filtering out entries that @@ -46,6 +47,8 @@ func ListRefreshPage( return nil, errors.New(ctx, errors.InvalidParameter, op, "missing repo") case withScopeIds == nil: return nil, errors.New(ctx, errors.InvalidParameter, op, "missing scope ids") + case tok.ResourceType != resource.AuthToken: + return nil, errors.New(ctx, errors.InvalidParameter, op, "token did not have an auth token resource type") } rt, ok := tok.Subtype.(*listtoken.RefreshToken) if !ok {