FilesExpand file tree

 main

/

code_intel_test.go

Copy path

Blame

More file actions

Blame

More file actions

Latest commit

 

History

History

History

189 lines (166 loc) · 4.91 KB

 main

/

code_intel_test.go

Copy path

Top

File metadata and controls

• Code
• Blame

189 lines (166 loc) · 4.91 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

package authtest

import (

"bytes"

"io"

"net/http"

"strings"

"testing"

"time"

"github.com/sourcegraph/sourcegraph/internal/extsvc"

"github.com/sourcegraph/sourcegraph/internal/gqltestutil"

"github.com/sourcegraph/sourcegraph/schema"

)

func TestCodeIntelEndpoints(t *testing.T) {

// Create a test user (authtest-user-code-intel) which is not a site admin, the

// user should receive access denied for LSIF endpoints of repositories the user

// does not have access to.

const testUsername = "authtest-user-code-intel"

userClient, err := gqltestutil.SignUp(*baseURL, testUsername+"@sourcegraph.com", testUsername, "mysecurepassword")

if err != nil {

t.Fatal(err)

}

defer func() {

err := client.DeleteUser(userClient.AuthenticatedUserID(), true)

if err != nil {

t.Fatal(err)

}

}()

// Set up external service

esID, err := client.AddExternalService(

gqltestutil.AddExternalServiceInput{

Kind: extsvc.KindGitHub,

DisplayName: "authtest-github-code-intel-repository",

Config: mustMarshalJSONString(

&schema.GitHubConnection{

Authorization: &schema.GitHubAuthorization{},

Repos: []string{

"sgtest/go-diff",

"sgtest/private", // Private

},

RepositoryPathPattern: "github.com/{nameWithOwner}",

Token: *githubToken,

Url: "https://ghe.sgdev.org/",

},

),

},

)

if err != nil {

t.Fatal(err)

}

defer func() {

err := client.DeleteExternalService(esID, false)

if err != nil {

t.Fatal(err)

}

}()

const privateRepo = "github.com/sgtest/private"

err = client.WaitForReposToBeCloned(

"github.com/sgtest/go-diff",

privateRepo,

)

if err != nil {

t.Fatal(err)

}

t.Run("SCIP upload", func(t *testing.T) {

// Update site configuration to enable "lsifEnforceAuth".

siteConfig, lastID, err := client.SiteConfiguration()

if err != nil {

t.Fatal(err)

}

oldSiteConfig := new(schema.SiteConfiguration)

*oldSiteConfig = *siteConfig

defer func() {

_, lastID, err := client.SiteConfiguration()

if err != nil {

t.Fatal(err)

}

err = client.UpdateSiteConfiguration(oldSiteConfig, lastID)

if err != nil {

t.Fatal(err)

}

}()

siteConfig.LsifEnforceAuth = true

err = client.UpdateSiteConfiguration(siteConfig, lastID)

if err != nil {

t.Fatal(err)

}

// Retry because the configuration update endpoint is eventually consistent

var lastBody string

err = gqltestutil.Retry(15*time.Second, func() error {

resp, err := userClient.Post(*baseURL+"/.api/scip/upload?commit=6ffc6072f5ed13d8e8782490705d9689cd2c546a&repository=github.com/sgtest/private", nil)

if err != nil {

t.Fatal(err)

}

defer func() { _ = resp.Body.Close() }()

body, err := io.ReadAll(resp.Body)

if err != nil {

t.Fatal(err)

}

if bytes.Contains(body, []byte("must provide github_token")) {

return nil

}

lastBody = string(body)

return gqltestutil.ErrContinueRetry

})

if err != nil {

t.Fatal(err, "lastBody:", lastBody)

}

})

t.Run("executor endpoints (access token not configured)", func(t *testing.T) {

// Update site configuration to remove any executor access token.

cleanup := setExecutorAccessToken(t, "")

defer cleanup()

resp, err := userClient.Get(*baseURL + "/.executors/test/auth")

if err != nil {

t.Fatal(err)

}

defer func() { _ = resp.Body.Close() }()

if resp.StatusCode != http.StatusInternalServerError {

t.Fatalf(`Want status code 500 error but got %d`, resp.StatusCode)

}

response, err := io.ReadAll(resp.Body)

if err != nil {

t.Fatal(err)

}

expectedText := "Executors are not configured on this instance"

if !strings.Contains(string(response), expectedText) {

t.Fatalf(`Expected different failure. want=%q got=%q`, expectedText, string(response))

}

})

t.Run("executor endpoints (access token configured but not supplied)", func(t *testing.T) {

// Update site configuration to set the executor access token.

cleanup := setExecutorAccessToken(t, "hunter2hunter2hunter2")

defer cleanup()

// sleep 5s to wait for site configuration to be restored from gqltest

time.Sleep(5 * time.Second)

resp, err := userClient.Get(*baseURL + "/.executors/test/auth")

if err != nil {

t.Fatal(err)

}

defer func() { _ = resp.Body.Close() }()

if resp.StatusCode != http.StatusUnauthorized {

t.Fatalf(`Want status code 401 error but got %d`, resp.StatusCode)

}

})

}

func setExecutorAccessToken(t *testing.T, token string) func() {

siteConfig, lastID, err := client.SiteConfiguration()

if err != nil {

t.Fatal(err)

}

oldSiteConfig := new(schema.SiteConfiguration)

*oldSiteConfig = *siteConfig

siteConfig.ExecutorsAccessToken = token

if err := client.UpdateSiteConfiguration(siteConfig, lastID); err != nil {

t.Fatal(err)

}

return func() {

_, lastID, err := client.SiteConfiguration()

if err != nil {

t.Fatal(err)

}

if err := client.UpdateSiteConfiguration(oldSiteConfig, lastID); err != nil {

t.Fatal(err)

}

}

}