forked from pact-foundation/pact-broker-docker
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: allow read only credentials to be set via environment variables
- Loading branch information
Showing
10 changed files
with
262 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
pact_broker/pact_broker.sqlite | ||
pact_broker.sqlite | ||
pact_broker/log | ||
pact_broker/tmp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
export PACT_BROKER_BASIC_AUTH_USERNAME=foo | ||
export PACT_BROKER_BASIC_AUTH_PASSWORD=bar | ||
export PACT_BROKER_BASIC_AUTH_READ_ONLY_USERNAME=fooro | ||
export PACT_BROKER_BASIC_AUTH_READ_ONLY_PASSWORD=barro | ||
export PACT_BROKER_DATABASE_ADAPTER=sqlite | ||
export PACT_BROKER_DATABASE_NAME=tmp/pact_broker.sqlite3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,194 @@ | ||
require_relative "../pact_broker/basic_auth" | ||
require "rack/test" | ||
|
||
RSpec.describe "basic auth" do | ||
|
||
include Rack::Test::Methods | ||
|
||
let(:protected_app) { ->(env) { [200, {}, []]} } | ||
|
||
let(:app) { BasicAuth.new(protected_app, 'write_username', 'write_password', 'read_username', 'read_password', allow_public_access_to_heartbeat) } | ||
let(:allow_public_access_to_heartbeat) { true } | ||
|
||
|
||
context "when requesting the heartbeat" do | ||
let(:path) { "/diagnostic/status/heartbeat" } | ||
|
||
context "when allow_public_access_to_heartbeat is true" do | ||
context "when no credentials are used" do | ||
it "allows GET" do | ||
get path | ||
expect(last_response.status).to eq 200 | ||
end | ||
end | ||
end | ||
|
||
context "when allow_public_access_to_heartbeat is false" do | ||
let(:allow_public_access_to_heartbeat) { false } | ||
|
||
context "when no credentials are used" do | ||
it "does not allow GET" do | ||
get path | ||
expect(last_response.status).to eq 401 | ||
end | ||
end | ||
|
||
context "when the correct credentials are used" do | ||
it "allows GET" do | ||
basic_authorize 'read_username', 'read_password' | ||
get path | ||
expect(last_response.status).to eq 200 | ||
end | ||
end | ||
end | ||
end | ||
|
||
context "when requesting a badge" do | ||
context "when no credentials are used" do | ||
it "allows GET" do | ||
get "pacts/provider/foo/consumer/bar/badge" | ||
expect(last_response.status).to eq 200 | ||
end | ||
end | ||
end | ||
|
||
context "with the correct username and password for the write user" do | ||
it "allows GET" do | ||
basic_authorize 'write_username', 'write_password' | ||
get "/" | ||
expect(last_response.status).to eq 200 | ||
end | ||
|
||
it "allows POST" do | ||
basic_authorize 'write_username', 'write_password' | ||
post "/" | ||
expect(last_response.status).to eq 200 | ||
end | ||
|
||
it "allows HEAD" do | ||
basic_authorize 'write_username', 'write_password' | ||
head "/" | ||
expect(last_response.status).to eq 200 | ||
end | ||
|
||
it "allows OPTIONS" do | ||
basic_authorize 'write_username', 'write_password' | ||
options "/" | ||
expect(last_response.status).to eq 200 | ||
end | ||
|
||
it "allows PUT" do | ||
basic_authorize 'write_username', 'write_password' | ||
delete "/" | ||
expect(last_response.status).to eq 200 | ||
end | ||
|
||
it "allows PATCH" do | ||
basic_authorize 'write_username', 'write_password' | ||
patch "/" | ||
expect(last_response.status).to eq 200 | ||
end | ||
|
||
it "allows DELETE" do | ||
basic_authorize 'write_username', 'write_password' | ||
delete "/" | ||
expect(last_response.status).to eq 200 | ||
end | ||
end | ||
|
||
context "with the incorrect username and password for the write user" do | ||
it "does not allow POST" do | ||
basic_authorize 'foo', 'password' | ||
post "/" | ||
expect(last_response.status).to eq 401 | ||
end | ||
end | ||
|
||
context "with the correct username and password for the read user" do | ||
it "allows GET" do | ||
basic_authorize 'read_username', 'read_password' | ||
get "/" | ||
expect(last_response.status).to eq 200 | ||
end | ||
|
||
it "allows OPTIONS" do | ||
basic_authorize 'read_username', 'read_password' | ||
options "/" | ||
expect(last_response.status).to eq 200 | ||
end | ||
|
||
it "allows HEAD" do | ||
basic_authorize 'read_username', 'read_password' | ||
head "/" | ||
expect(last_response.status).to eq 200 | ||
end | ||
|
||
it "does not allow POST" do | ||
basic_authorize 'read_username', 'read_password' | ||
post "/" | ||
expect(last_response.status).to eq 401 | ||
end | ||
|
||
it "does not allow PUT" do | ||
basic_authorize 'read_username', 'read_password' | ||
put "/" | ||
expect(last_response.status).to eq 401 | ||
end | ||
|
||
it "does not allow PATCH" do | ||
basic_authorize 'read_username', 'read_password' | ||
patch "/" | ||
expect(last_response.status).to eq 401 | ||
end | ||
|
||
it "does not allow DELETE" do | ||
basic_authorize 'read_username', 'read_password' | ||
delete "/" | ||
expect(last_response.status).to eq 401 | ||
end | ||
end | ||
|
||
context "with the incorrect username and password for the write user" do | ||
it "does not allow GET" do | ||
basic_authorize 'write_username', 'wrongpassword' | ||
get "/" | ||
expect(last_response.status).to eq 401 | ||
end | ||
end | ||
|
||
context "with the incorrect username and password for the read user" do | ||
it "does not allow GET" do | ||
basic_authorize 'read_username', 'wrongpassword' | ||
get "/" | ||
expect(last_response.status).to eq 401 | ||
end | ||
end | ||
|
||
context "with a request to the badge URL" do | ||
context "with no credentials" do | ||
it "allows GET" do | ||
get "/pacts/provider/foo/consumer/bar/badge" | ||
expect(last_response.status).to eq 200 | ||
end | ||
end | ||
end | ||
|
||
context "when there is no read only user configured" do | ||
let(:app) { BasicAuth.new(protected_app, 'write_username', 'write_password', nil, nil, allow_public_access_to_heartbeat) } | ||
|
||
context "with no credentials" do | ||
it "does not allow GET" do | ||
get "/" | ||
expect(last_response.status).to eq 401 | ||
end | ||
end | ||
|
||
context "with credentials" do | ||
it "does not allow GET" do | ||
basic_authorize "foo", "bar" | ||
get "/" | ||
expect(last_response.status).to eq 401 | ||
end | ||
end | ||
end | ||
end |