Add tests for token auth.

3 files changed, 63 insertions, 20 deletions

diff --git a/app/controllers/concerns/requires_whitelisted_monitoring_client.rb b/app/controllers/concerns/requires_whitelisted_monitoring_client.rb
index e77fe4026cc..ad2f4bbc486 100644
--- a/app/controllers/concerns/requires_whitelisted_monitoring_client.rb
+++ b/app/controllers/concerns/requires_whitelisted_monitoring_client.rb
@@ -1,13 +1,13 @@
 module RequiresWhitelistedMonitoringClient
   extend ActiveSupport::Concern
   included do
-    before_action :validate_ip_whitelisted_or_token_is_valid!
+    before_action :validate_ip_whitelisted_or_valid_token!
   end
 
   private
 
-  def validate_ip_whitelisted_or_token_is_valid!
-    render_404 unless client_ip_whitelisted? || token_valid?
+  def validate_ip_whitelisted_or_valid_token!
+    render_404 unless client_ip_whitelisted? || valid_token?
   end
 
   def client_ip_whitelisted?
@@ -18,7 +18,7 @@ module RequiresWhitelistedMonitoringClient
     @ip_whitelist ||= Settings.monitoring.ip_whitelist.map(&IPAddr.method(:new))
   end
 
-  def token_valid?
+  def valid_token?
     token = params[:token].presence || request.headers['TOKEN']
     token.present? &&
       ActiveSupport::SecurityUtils.variable_size_secure_compare(
diff --git a/spec/controllers/health_check_controller_spec.rb b/spec/controllers/health_check_controller_spec.rb
index e7abe1ba78d..72a5602f23e 100644
--- a/spec/controllers/health_check_controller_spec.rb
+++ b/spec/controllers/health_check_controller_spec.rb
@@ -46,8 +46,6 @@ describe HealthCheckController do
     end
 
     context 'when services are up and accessed from whitelisted ips' do
-      let(:ip) { '127.0.0.1' }
-
       before do
         allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
       end
diff --git a/spec/controllers/health_controller_spec.rb b/spec/controllers/health_controller_spec.rb
index 4b22155a431..ce79f068fa1 100644
--- a/spec/controllers/health_controller_spec.rb
+++ b/spec/controllers/health_controller_spec.rb
@@ -4,6 +4,7 @@ describe HealthController do
   include StubENV
 
   let(:json_response) { JSON.parse(response.body) }
+  let(:token) { current_application_settings.health_check_access_token }
   let(:whitelisted_ip) { '127.0.0.1' }
   let(:not_whitelisted_ip) { '127.0.0.2' }
 
@@ -13,13 +14,11 @@ describe HealthController do
   end
 
   describe '#readiness' do
-    context 'accessed from whitelisted ip' do
-      before do
-        allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
-      end
+    shared_context 'endpoint responding with readiness data' do
+      subject { get :readiness }
 
-      it 'returns proper response' do
-        get :readiness
+      it 'responds with readiness checks data' do
+        subject
 
         expect(json_response['db_check']['status']).to eq('ok')
         expect(json_response['redis_check']['status']).to eq('ok')
@@ -28,27 +27,49 @@ describe HealthController do
       end
     end
 
+    context 'accessed from whitelisted ip' do
+      before do
+        allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
+      end
+
+      it_behaves_like 'endpoint responding with readiness data'
+    end
+
     context 'accessed from not whitelisted ip' do
       before do
         allow(Gitlab::RequestContext).to receive(:client_ip).and_return(not_whitelisted_ip)
       end
 
-      it 'returns proper response' do
+      it 'responds with resource not found' do
         get :readiness
 
         expect(response.status).to eq(404)
       end
+
+      context 'accessed with valid token' do
+        context 'token passed in request header' do
+          before do
+            request.headers['TOKEN'] = token
+          end
+
+          it_behaves_like 'endpoint responding with readiness data'
+        end
+      end
+
+      context 'token passed as URL param' do
+        it_behaves_like 'endpoint responding with readiness data' do
+          subject { get :readiness, token: token }
+        end
+      end
     end
   end
 
   describe '#liveness' do
-    context 'accessed from whitelisted ip' do
-      before do
-        allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
-      end
+    shared_context 'endpoint responding with liveness data' do
+      subject { get :liveness }
 
-      it 'returns proper response' do
-        get :liveness
+      it 'responds with liveness checks data' do
+        subject
 
         expect(json_response['db_check']['status']).to eq('ok')
         expect(json_response['redis_check']['status']).to eq('ok')
@@ -56,16 +77,40 @@ describe HealthController do
       end
     end
 
+    context 'accessed from whitelisted ip' do
+      before do
+        allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
+      end
+
+      it_behaves_like 'endpoint responding with liveness data'
+    end
+
     context 'accessed from not whitelisted ip' do
       before do
         allow(Gitlab::RequestContext).to receive(:client_ip).and_return(not_whitelisted_ip)
       end
 
-      it 'returns proper response' do
+      it 'responds with resource not found' do
         get :liveness
 
         expect(response.status).to eq(404)
       end
+
+      context 'accessed with valid token' do
+        context 'token passed in request header' do
+          before do
+            request.headers['TOKEN'] = token
+          end
+
+          it_behaves_like 'endpoint responding with liveness data'
+        end
+
+        context 'token passed as URL param' do
+          it_behaves_like 'endpoint responding with liveness data' do
+            subject { get :liveness, token: token }
+          end
+        end
+      end
     end
   end
 end