-
Notifications
You must be signed in to change notification settings - Fork 19
Expand file tree
/
Copy pathpython_index_test.go
More file actions
114 lines (98 loc) · 4.41 KB
/
python_index_test.go
File metadata and controls
114 lines (98 loc) · 4.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
package handlers
import (
"fmt"
"net/http/httptest"
"testing"
"github.com/dependabot/proxy/internal/config"
)
func TestPythonIndexHandler(t *testing.T) {
dependabotToken := "123" //nolint:gosec // test credential
dependabotSecToken := "dependabot:sec123" //nolint:gosec // test credential
simpleSecToken := "simple:sec245"
deltaForceUser := "some-user"
deltaForcePassword := "456"
credentials := config.Credentials{
config.Credential{
"type": "python_index",
"index-url": "https://corp.dependabot.com/pyreg/",
"token": dependabotToken,
},
config.Credential{
"type": "python_index",
"index-url": "https://pypy.com/dependabot/+simple/",
"token": dependabotSecToken,
},
config.Credential{
"type": "python_index",
"index-url": "https://pypy.com/simple/simple/",
"token": simpleSecToken,
},
config.Credential{
"type": "python_index",
"index-url": "https://corp.deltaforce.com:443/",
"token": fmt.Sprintf("%s:%s", deltaForceUser, deltaForcePassword),
},
config.Credential{
"type": "python_index",
"host": "pkgs.dev.azure.com",
"username": deltaForceUser,
"password": deltaForcePassword,
},
config.Credential{
"type": "python_index",
"url": "https://example.com:443/",
"token": fmt.Sprintf("%s:%s", deltaForceUser, deltaForcePassword),
},
}
handler := NewPythonIndexHandler(credentials)
req := httptest.NewRequest("GET", "https://corp.dependabot.com/pyreg", nil)
req = handleRequestAndClose(handler, req, nil)
assertHasBasicAuth(t, req, dependabotToken, "", "dependabot registry request")
req = httptest.NewRequest("GET", "https://corp.deltaforce.com/somepkg", nil)
req = handleRequestAndClose(handler, req, nil)
assertHasBasicAuth(t, req, deltaForceUser, deltaForcePassword, "deltaforce registry request")
req = httptest.NewRequest("GET", "https://example.com/somepkg", nil)
req = handleRequestAndClose(handler, req, nil)
assertHasBasicAuth(t, req, deltaForceUser, deltaForcePassword, "deltaforce registry request")
// Path mismatch
req = httptest.NewRequest("GET", "https://corp.dependabot.com/foo", nil)
req = handleRequestAndClose(handler, req, nil)
assertUnauthenticated(t, req, "dependabot registry request")
req = httptest.NewRequest("GET", "https://pypy.com/other/pgk/a", nil)
req = handleRequestAndClose(handler, req, nil)
assertUnauthenticated(t, req, "other registry request")
// Path mismatch on /+simple
req = httptest.NewRequest("GET", "https://pypy.com/dependabot/pgk/a", nil)
req = handleRequestAndClose(handler, req, nil)
assertHasBasicAuth(t, req, "dependabot", "sec123", "dependabot pypy registry request")
// Path mismatch on /simple
req = httptest.NewRequest("GET", "https://pypy.com/simple/pgk/a", nil)
req = handleRequestAndClose(handler, req, nil)
assertHasBasicAuth(t, req, "simple", "sec245", "simple pypy registry request")
// Missing repo subdomain
req = httptest.NewRequest("GET", "https://dependabot.com/pyreg", nil)
req = handleRequestAndClose(handler, req, nil)
assertUnauthenticated(t, req, "different subdomain")
// HTTP, not HTTPS
req = httptest.NewRequest("GET", "http://corp.dependabot.com/pyreg", nil)
req = handleRequestAndClose(handler, req, nil)
assertUnauthenticated(t, req, "http, not https")
// Not a GET request
req = httptest.NewRequest("POST", "https://corp.dependabot.com/pyreg", nil)
req = handleRequestAndClose(handler, req, nil)
assertUnauthenticated(t, req, "post request")
// Azure DevOps
req = httptest.NewRequest("GET", "https://pkgs.dev.azure.com/somepkg", nil)
req = handleRequestAndClose(handler, req, nil)
assertHasBasicAuth(t, req, deltaForceUser, deltaForcePassword, "azure devops registry request")
// Azure DevOps case insensitive
req = httptest.NewRequest("GET", "https://PKGS.dev.azure.com/somepkg", nil)
req = handleRequestAndClose(handler, req, nil)
assertHasBasicAuth(t, req, deltaForceUser, deltaForcePassword, "azure devops case insensitive registry request")
// Package download on completely different path on same host
// Simulates: config pypi.cyco.fun/pypi, but request to pypi.cyco.fun/packages/...
// Using corp.deltaforce.com which has / as the index path
req = httptest.NewRequest("GET", "https://corp.deltaforce.com/packages/somepkg/1.0/wheel.whl", nil)
req = handleRequestAndClose(handler, req, nil)
assertHasBasicAuth(t, req, deltaForceUser, deltaForcePassword, "cert registry with package download on different path")
}