From f51cb45a4f46162bba9194f720d10bbdc352c130 Mon Sep 17 00:00:00 2001 From: Alexander Larsson Date: Thu, 10 Oct 2019 18:16:08 +0200 Subject: [PATCH] tests: Add initial tests for token-needing installs --- tests/Makefile-test-matrix.am.inc | 2 + tests/Makefile.am.inc | 1 + tests/test-auth.sh | 97 +++++++++++++++++++++++++++++++ tests/test-wrapper.sh | 4 ++ 4 files changed, 104 insertions(+) create mode 100755 tests/test-auth.sh diff --git a/tests/Makefile-test-matrix.am.inc b/tests/Makefile-test-matrix.am.inc index 2e7bc8f9..59bcb29a 100644 --- a/tests/Makefile-test-matrix.am.inc +++ b/tests/Makefile-test-matrix.am.inc @@ -20,6 +20,7 @@ TEST_MATRIX= \ tests/test-oci-registry@user,labels.wrap \ tests/test-oci-registry@system,annotations.wrap \ tests/test-oci-registry@system,labels.wrap \ + tests/test-auth@nocollections.wrap \ $(NULL) TEST_MATRIX_DIST= \ tests/test-basic.sh \ @@ -41,4 +42,5 @@ TEST_MATRIX_EXTRA_DIST= \ tests/test-repo.sh \ tests/test-bundle.sh \ tests/test-oci-registry.sh \ + tests/test-auth.sh \ $(NULL) diff --git a/tests/Makefile.am.inc b/tests/Makefile.am.inc index d825b568..44bb5f22 100644 --- a/tests/Makefile.am.inc +++ b/tests/Makefile.am.inc @@ -174,6 +174,7 @@ TEST_MATRIX_SOURCE = \ tests/test-update-remote-configuration.sh \ tests/test-override.sh \ tests/test-update-portal.sh \ + tests/test-auth.sh{nocollections} \ $(NULL) update-test-matrix: diff --git a/tests/test-auth.sh b/tests/test-auth.sh new file mode 100755 index 00000000..4eca9a71 --- /dev/null +++ b/tests/test-auth.sh @@ -0,0 +1,97 @@ +#!/bin/bash +# +# Copyright (C) 2019 Alexander Larsson +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +set -euo pipefail + +. $(dirname $0)/libtest.sh + + +echo "1..2" + +setup_repo + +commit_to_obj () { + echo objects/$(echo $1 | cut -b 1-2)/$(echo $1 | cut -b 3-).commit +} + +mark_need_token () { + REF=$1 + TOKEN=${2:-secret} + REPO=${3:-test} + + COMMIT=$(cat repos/$REPO/refs/heads/$REF) + echo -n $TOKEN > repos/$REPO/$(commit_to_obj $COMMIT).need_token +} + +# Mark as need token, even though the app doesn't have token-type set +# We should not be able to install this because we will not present +# the token unnecessarily +mark_need_token app/org.test.Hello/$ARCH/master the-secret + +if ${FLATPAK} ${U} install -y test-repo org.test.Hello master 2> install-error-log; then + assert_not_reached "Should not be able to install with no secret" +fi +assert_file_has_content install-error-log "401" + +# Propertly mark it with token-type +EXPORT_ARGS="--token-type=2" make_updated_app +mark_need_token app/org.test.Hello/$ARCH/master the-secret + +# Install with wrong token +if FLATPAK_TEST_TOKEN=not-the-secret ${FLATPAK} ${U} install -y test-repo org.test.Hello master 2> install-error-log; then + assert_not_reached "Should not be able to install with wrong secret" +fi +assert_file_has_content install-error-log "401" + +# Install with right token +FLATPAK_TEST_TOKEN=the-secret ${FLATPAK} ${U} install -y test-repo org.test.Hello master + +EXPORT_ARGS="--token-type=2" make_updated_app test "" master UPDATE2 +mark_need_token app/org.test.Hello/$ARCH/master the-secret + +# Update with wrong token +if FLATPAK_TEST_TOKEN=not-the-secret ${FLATPAK} ${U} update -y org.test.Hello 2> install-error-log; then + assert_not_reached "Should not be able to install with wrong secret" +fi +assert_file_has_content install-error-log "401" + +# Update with right token +FLATPAK_TEST_TOKEN=the-secret ${FLATPAK} ${U} update -y org.test.Hello + +echo "ok installed build-exported token-type app" + +# Drop token-type on main version +make_updated_app test "" master UPDATE3 +# And ensure its installable with no token +${FLATPAK} ${U} update -y org.test.Hello + +# Use build-commit-from to add it to a new version +$FLATPAK build-commit-from ${FL_GPGARGS} --token-type=2 --disable-fsync --src-ref=app/org.test.Hello/$ARCH/master repos/test app/org.test.Hello/$ARCH/copy +mark_need_token app/org.test.Hello/$ARCH/copy the-secret + +# Install with wrong token +if FLATPAK_TEST_TOKEN=not-the-secret ${FLATPAK} ${U} install -y test-repo org.test.Hello//copy 2> install-error-log; then + assert_not_reached "Should not be able to install with wrong secret" +fi +assert_file_has_content install-error-log "401" + +# Install with right token +FLATPAK_TEST_TOKEN=the-secret ${FLATPAK} ${U} install -y test-repo org.test.Hello//copy + +echo "ok installed build-commit-from token-type app" diff --git a/tests/test-wrapper.sh b/tests/test-wrapper.sh index 04770465..a7cc6e10 100755 --- a/tests/test-wrapper.sh +++ b/tests/test-wrapper.sh @@ -18,6 +18,10 @@ for feature in $(echo $1 | sed "s/^.*@\(.*\).wrap/\1/" | tr "," "\n"); do nodeltas) export USE_DELTAS=no ;; + nocollections) + export USE_COLLECTIONS_IN_SERVER=no + export USE_COLLECTIONS_IN_CLIENT=no + ;; collections) export USE_COLLECTIONS_IN_SERVER=yes export USE_COLLECTIONS_IN_CLIENT=yes