Add tests for token auth.

2951a099 · Pawel Chojnacki · beb81e14 · 2951a099 · 2951a099 · 2951a099
Commit 2951a099 authored Jul 06, 2017 by Pawel Chojnacki
3 changed files
--- a/app/controllers/concerns/requires_whitelisted_monitoring_client.rb
+++ b/app/controllers/concerns/requires_whitelisted_monitoring_client.rb
 module RequiresWhitelistedMonitoringClient
  extend ActiveSupport::Concern
  included do
-    before_action :validate_ip_whitelisted_or_token_is_valid!
+    before_action :validate_ip_whitelisted_or_valid_token!
  end

  private

-  def validate_ip_whitelisted_or_token_is_valid!
-    render_404 unless client_ip_whitelisted? || token_valid?
+  def validate_ip_whitelisted_or_valid_token!
+    render_404 unless client_ip_whitelisted? || valid_token?
  end

  def client_ip_whitelisted?
@@ -18,7 +18,7 @@ module RequiresWhitelistedMonitoringClient
    @ip_whitelist ||= Settings.monitoring.ip_whitelist.map(&IPAddr.method(:new))
  end

-  def token_valid?
+  def valid_token?
    token = params[:token].presence || request.headers['TOKEN']
    token.present? &&
      ActiveSupport::SecurityUtils.variable_size_secure_compare(

--- a/spec/controllers/health_check_controller_spec.rb
+++ b/spec/controllers/health_check_controller_spec.rb
@@ -46,8 +46,6 @@ describe HealthCheckController do
    end

    context 'when services are up and accessed from whitelisted ips' do
-      let(:ip) { '127.0.0.1' }
-
      before do
        allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
      end

--- a/spec/controllers/health_controller_spec.rb
+++ b/spec/controllers/health_controller_spec.rb
@@ -4,6 +4,7 @@ describe HealthController do
  include StubENV

  let(:json_response) { JSON.parse(response.body) }
+  let(:token) { current_application_settings.health_check_access_token }
  let(:whitelisted_ip) { '127.0.0.1' }
  let(:not_whitelisted_ip) { '127.0.0.2' }

@@ -13,13 +14,11 @@ describe HealthController do
  end

  describe '#readiness' do
-    context 'accessed from whitelisted ip' do
-      before do
-        allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
-      end
+    shared_context 'endpoint responding with readiness data' do
+      subject { get :readiness }

-      it 'returns proper response' do
-        get :readiness
+      it 'responds with readiness checks data' do
+        subject

        expect(json_response['db_check']['status']).to eq('ok')
        expect(json_response['redis_check']['status']).to eq('ok')
@@ -28,27 +27,49 @@ describe HealthController do
      end
    end

+    context 'accessed from whitelisted ip' do
+      before do
+        allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
+      end
+
+      it_behaves_like 'endpoint responding with readiness data'
+    end
+
    context 'accessed from not whitelisted ip' do
      before do
        allow(Gitlab::RequestContext).to receive(:client_ip).and_return(not_whitelisted_ip)
      end

-      it 'returns proper response' do
+      it 'responds with resource not found' do
        get :readiness

        expect(response.status).to eq(404)
      end
+
+      context 'accessed with valid token' do
+        context 'token passed in request header' do
+          before do
+            request.headers['TOKEN'] = token
+          end
+
+          it_behaves_like 'endpoint responding with readiness data'
+        end
+      end
+
+      context 'token passed as URL param' do
+        it_behaves_like 'endpoint responding with readiness data' do
+          subject { get :readiness, token: token }
+        end
+      end
    end
  end

  describe '#liveness' do
-    context 'accessed from whitelisted ip' do
-      before do
-        allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
-      end
+    shared_context 'endpoint responding with liveness data' do
+      subject { get :liveness }

-      it 'returns proper response' do
-        get :liveness
+      it 'responds with liveness checks data' do
+        subject

        expect(json_response['db_check']['status']).to eq('ok')
        expect(json_response['redis_check']['status']).to eq('ok')
@@ -56,16 +77,40 @@ describe HealthController do
      end
    end

+    context 'accessed from whitelisted ip' do
+      before do
+        allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
+      end
+
+      it_behaves_like 'endpoint responding with liveness data'
+    end
+
    context 'accessed from not whitelisted ip' do
      before do
        allow(Gitlab::RequestContext).to receive(:client_ip).and_return(not_whitelisted_ip)
      end

-      it 'returns proper response' do
+      it 'responds with resource not found' do
        get :liveness

        expect(response.status).to eq(404)
      end
+
+      context 'accessed with valid token' do
+        context 'token passed in request header' do
+          before do
+            request.headers['TOKEN'] = token
+          end
+
+          it_behaves_like 'endpoint responding with liveness data'
+        end
+
+        context 'token passed as URL param' do
+          it_behaves_like 'endpoint responding with liveness data' do
+            subject { get :liveness, token: token }
+          end
+        end
+      end
    end
  end
 end