Rewrite and test Github auth logic, separating standard and search quota (#1205)

The end of an era.
2019-01-10 21:30:23 -05:00
parent a27bef5aa5
commit c4efdc8e66
13 changed files with 288 additions and 301 deletions
--- a/services/github/auth/acceptor.js
+++ b/services/github/auth/acceptor.js
@@ -3,7 +3,6 @@
 const queryString = require('query-string')
 const request = require('request')
 const log = require('../../../lib/log')
-const githubAuth = require('../../../lib/github-auth')
 const serverSecrets = require('../../../lib/server-secrets')
 const secretIsValid = require('../../../lib/sys/secret-is-valid')

@@ -45,7 +44,7 @@ function sendTokenToAllServers(token) {
  )
 }

-function setRoutes(server) {
+function setRoutes({ server, onTokenAccepted }) {
  const baseUrl = process.env.BASE_URL || 'https://img.shields.io'

  server.route(/^\/github-auth$/, (data, match, end, ask) => {
@@ -125,12 +124,11 @@ function setRoutes(server) {
      return
    }

-    githubAuth.addGithubToken(data.token)
+    onTokenAccepted(data.token)
    end('Thanks!')
  })
 }

 module.exports = {
-  sendTokenToAllServers,
  setRoutes,
 }
--- a/services/github/auth/acceptor.spec.js
+++ b/services/github/auth/acceptor.spec.js
@@ -3,6 +3,7 @@
 const { expect } = require('chai')
 const Camp = require('camp')
 const got = require('got')
+const sinon = require('sinon')
 const portfinder = require('portfinder')
 const queryString = require('query-string')
 const nock = require('nock')
@@ -10,18 +11,21 @@ const serverSecrets = require('../../../lib/server-secrets')
 const acceptor = require('./acceptor')

 const fakeClientId = 'githubdabomb'
+const fakeShieldsSecret = 'letmeinplz'

 describe('Github token acceptor', function() {
-  // Frustratingly, potentially undefined properties can't reliably be stubbed
-  // with Sinon.
-  // https://github.com/sinonjs/sinon/pull/1557
  before(function() {
-    serverSecrets.gh_client_id = fakeClientId
-    serverSecrets.shields_ips = []
+    // Make sure properties exist.
+    // https://github.com/sinonjs/sinon/pull/1557
+    serverSecrets.gh_client_id = undefined
+    serverSecrets.shields_ips = undefined
+    serverSecrets.shields_secret = undefined
+    sinon.stub(serverSecrets, 'gh_client_id').value(fakeClientId)
+    sinon.stub(serverSecrets, 'shields_ips').value([])
+    sinon.stub(serverSecrets, 'shields_secret').value(fakeShieldsSecret)
  })
  after(function() {
-    delete serverSecrets.gh_client_id
-    delete serverSecrets.shields_ips
+    sinon.restore()
  })

  let port, baseUrl
@@ -42,8 +46,13 @@ describe('Github token acceptor', function() {
    }
  })

+  let onTokenAccepted
  beforeEach(function() {
-    acceptor.setRoutes(camp)
+    onTokenAccepted = sinon.stub()
+    acceptor.setRoutes({
+      server: camp,
+      onTokenAccepted,
+    })
  })

  it('should start the OAuth process', async function() {
@@ -108,4 +117,16 @@ describe('Github token acceptor', function() {
      })
    })
  })
+
+  it('should add a received token', async function() {
+    const fakeAccessToken = 'its-my-token'
+
+    const { body } = await got(`${baseUrl}/github-auth/add-token`, {
+      form: true,
+      body: { shieldsSecret: fakeShieldsSecret, token: fakeAccessToken },
+    })
+
+    expect(onTokenAccepted).to.have.been.calledWith(fakeAccessToken)
+    expect(body).to.equal('Thanks!')
+  })
 })
--- a/services/github/auth/admin.js
+++ b/services/github/auth/admin.js
@@ -1,9 +1,8 @@
 'use strict'

-const { serializeDebugInfo } = require('../../../lib/github-auth')
 const secretIsValid = require('../../../lib/sys/secret-is-valid')

-function setRoutes(server) {
+function setRoutes(apiProvider, server) {
  // Allow the admin to obtain the tokens for operational and debugging
  // purposes. This could be used to:
  //
@@ -23,7 +22,7 @@ function setRoutes(server) {
        end('Invalid secret.')
      }, 10000)
    }
-    end(serializeDebugInfo({ sanitize: false }))
+    end(apiProvider.serializeDebugInfo({ sanitize: false }))
  })
 }

--- a/services/github/auth/admin.spec.js
+++ b/services/github/auth/admin.spec.js
@@ -6,6 +6,7 @@ const Camp = require('camp')
 const fetch = require('node-fetch')
 const portfinder = require('portfinder')
 const serverSecrets = require('../../../lib/server-secrets')
+const GithubApiProvider = require('../github-api-provider')
 const { setRoutes } = require('./admin')

 function createAuthHeader({ username, password }) {
@@ -53,7 +54,8 @@ describe('GitHub admin route', function() {
  })

  before(function() {
-    setRoutes(camp)
+    const apiProvider = new GithubApiProvider({ withPooling: true })
+    setRoutes(apiProvider, camp)
  })

  context('the password is correct', function() {