From 2951a09967db1ec18050c2b94fe8d809d7ee966f Mon Sep 17 00:00:00 2001 From: Pawel Chojnacki Date: Thu, 6 Jul 2017 13:36:16 +0200 Subject: Add tests for token auth. --- .../requires_whitelisted_monitoring_client.rb | 8 +-- spec/controllers/health_check_controller_spec.rb | 2 - spec/controllers/health_controller_spec.rb | 73 +++++++++++++++++----- 3 files changed, 63 insertions(+), 20 deletions(-) diff --git a/app/controllers/concerns/requires_whitelisted_monitoring_client.rb b/app/controllers/concerns/requires_whitelisted_monitoring_client.rb index e77fe4026cc..ad2f4bbc486 100644 --- a/app/controllers/concerns/requires_whitelisted_monitoring_client.rb +++ b/app/controllers/concerns/requires_whitelisted_monitoring_client.rb @@ -1,13 +1,13 @@ module RequiresWhitelistedMonitoringClient extend ActiveSupport::Concern included do - before_action :validate_ip_whitelisted_or_token_is_valid! + before_action :validate_ip_whitelisted_or_valid_token! end private - def validate_ip_whitelisted_or_token_is_valid! - render_404 unless client_ip_whitelisted? || token_valid? + def validate_ip_whitelisted_or_valid_token! + render_404 unless client_ip_whitelisted? || valid_token? end def client_ip_whitelisted? @@ -18,7 +18,7 @@ module RequiresWhitelistedMonitoringClient @ip_whitelist ||= Settings.monitoring.ip_whitelist.map(&IPAddr.method(:new)) end - def token_valid? + def valid_token? token = params[:token].presence || request.headers['TOKEN'] token.present? && ActiveSupport::SecurityUtils.variable_size_secure_compare( diff --git a/spec/controllers/health_check_controller_spec.rb b/spec/controllers/health_check_controller_spec.rb index e7abe1ba78d..72a5602f23e 100644 --- a/spec/controllers/health_check_controller_spec.rb +++ b/spec/controllers/health_check_controller_spec.rb @@ -46,8 +46,6 @@ describe HealthCheckController do end context 'when services are up and accessed from whitelisted ips' do - let(:ip) { '127.0.0.1' } - before do allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip) end diff --git a/spec/controllers/health_controller_spec.rb b/spec/controllers/health_controller_spec.rb index 4b22155a431..ce79f068fa1 100644 --- a/spec/controllers/health_controller_spec.rb +++ b/spec/controllers/health_controller_spec.rb @@ -4,6 +4,7 @@ describe HealthController do include StubENV let(:json_response) { JSON.parse(response.body) } + let(:token) { current_application_settings.health_check_access_token } let(:whitelisted_ip) { '127.0.0.1' } let(:not_whitelisted_ip) { '127.0.0.2' } @@ -13,13 +14,11 @@ describe HealthController do end describe '#readiness' do - context 'accessed from whitelisted ip' do - before do - allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip) - end + shared_context 'endpoint responding with readiness data' do + subject { get :readiness } - it 'returns proper response' do - get :readiness + it 'responds with readiness checks data' do + subject expect(json_response['db_check']['status']).to eq('ok') expect(json_response['redis_check']['status']).to eq('ok') @@ -28,27 +27,49 @@ describe HealthController do end end + context 'accessed from whitelisted ip' do + before do + allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip) + end + + it_behaves_like 'endpoint responding with readiness data' + end + context 'accessed from not whitelisted ip' do before do allow(Gitlab::RequestContext).to receive(:client_ip).and_return(not_whitelisted_ip) end - it 'returns proper response' do + it 'responds with resource not found' do get :readiness expect(response.status).to eq(404) end + + context 'accessed with valid token' do + context 'token passed in request header' do + before do + request.headers['TOKEN'] = token + end + + it_behaves_like 'endpoint responding with readiness data' + end + end + + context 'token passed as URL param' do + it_behaves_like 'endpoint responding with readiness data' do + subject { get :readiness, token: token } + end + end end end describe '#liveness' do - context 'accessed from whitelisted ip' do - before do - allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip) - end + shared_context 'endpoint responding with liveness data' do + subject { get :liveness } - it 'returns proper response' do - get :liveness + it 'responds with liveness checks data' do + subject expect(json_response['db_check']['status']).to eq('ok') expect(json_response['redis_check']['status']).to eq('ok') @@ -56,16 +77,40 @@ describe HealthController do end end + context 'accessed from whitelisted ip' do + before do + allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip) + end + + it_behaves_like 'endpoint responding with liveness data' + end + context 'accessed from not whitelisted ip' do before do allow(Gitlab::RequestContext).to receive(:client_ip).and_return(not_whitelisted_ip) end - it 'returns proper response' do + it 'responds with resource not found' do get :liveness expect(response.status).to eq(404) end + + context 'accessed with valid token' do + context 'token passed in request header' do + before do + request.headers['TOKEN'] = token + end + + it_behaves_like 'endpoint responding with liveness data' + end + + context 'token passed as URL param' do + it_behaves_like 'endpoint responding with liveness data' do + subject { get :liveness, token: token } + end + end + end end end end -- cgit v1.2.1