Merge pull request #1109 from andypols/add-get-repo-by-url

test: improve repo DB tests and CheckRepoInAuthList tests

Author: jescalada

src/db/file/repo.ts

@@ -12,7 +12,8 @@ if (!fs.existsSync('./.data')) fs.mkdirSync('./.data');
 /* istanbul ignore if */
 if (!fs.existsSync('./.data/db')) fs.mkdirSync('./.data/db');
 
-const db = new Datastore({ filename: './.data/db/repos.db', autoload: true });
+// export for testing purposes
+export const db = new Datastore({ filename: './.data/db/repos.db', autoload: true });
 
 try {
   db.ensureIndex({ fieldName: 'url', unique: true });

src/proxy/processors/push-action/checkRepoInAuthorisedList.ts

@@ -5,21 +5,15 @@ import { getRepoByUrl } from '../../../db';
 const exec = async (req: any, action: Action): Promise<Action> => {
   const step = new Step('checkRepoInAuthorisedList');
 
-  // console.log(found);
   const found = (await getRepoByUrl(action.url)) !== null;
-
-  if (!found) {
-    console.log(`Repository url '${action.url}' not found`);
+  if (found) {
+    step.log(`repo ${action.url} is in the authorisedList`);
+  } else {
     step.error = true;
-    step.log(`repo ${action.url} is not in the authorisedList, ending`);
-    console.log('setting error');
-    step.setError(`Rejecting repo ${action.url} not in the authorisedList`);
-    action.addStep(step);
-    return action;
+    step.log(`repo ${action.url} is not in the authorised whitelist, ending`);
+    step.setError(`Rejecting repo ${action.url} not in the authorised whitelist`);
   }
 
-  console.log('found');
-  step.log(`repo ${action.url} is in the authorisedList`);
   action.addStep(step);
   return action;
 };

test/db/file/repo.test.js

@@ -0,0 +1,67 @@
+const { expect } = require('chai');
+const sinon = require('sinon');
+const repoModule = require('../../../src/db/file/repo');
+
+describe('File DB', () => {
+  let sandbox;
+
+  beforeEach(() => {
+    sandbox = sinon.createSandbox();
+  });
+
+  afterEach(() => {
+    sandbox.restore();
+  });
+
+  describe('getRepo', () => {
+    it('should get the repo using the name', async () => {
+      const repoData = {
+        name: 'sample',
+        users: { canPush: [] },
+        url: 'http://example.com/sample-repo.git',
+      };
+
+      sandbox.stub(repoModule.db, 'findOne').callsFake((query, cb) => cb(null, repoData));
+
+      const result = await repoModule.getRepo('Sample');
+      expect(result).to.deep.equal(repoData);
+    });
+  });
+
+  describe('getRepoByUrl', () => {
+    it('should get the repo using the url', async () => {
+      const repoData = {
+        name: 'sample',
+        users: { canPush: [] },
+        url: 'https://github.com/finos/git-proxy.git',
+      };
+
+      sandbox.stub(repoModule.db, 'findOne').callsFake((query, cb) => cb(null, repoData));
+
+      const result = await repoModule.getRepoByUrl('https://github.com/finos/git-proxy.git');
+      expect(result).to.deep.equal(repoData);
+    });
+    it('should return null if the repo is not found', async () => {
+      sandbox.stub(repoModule.db, 'findOne').callsFake((query, cb) => cb(null, null));
+
+      const result = await repoModule.getRepoByUrl('https://github.com/finos/missing-repo.git');
+      expect(result).to.be.null;
+      expect(
+        repoModule.db.findOne.calledWith(
+          sinon.match({ url: 'https://github.com/finos/missing-repo.git' }),
+        ),
+      ).to.be.true;
+    });
+
+    it('should reject if the database returns an error', async () => {
+      sandbox.stub(repoModule.db, 'findOne').callsFake((query, cb) => cb(new Error('DB error')));
+
+      try {
+        await repoModule.getRepoByUrl('https://github.com/finos/git-proxy.git');
+        expect.fail('Expected promise to be rejected');
+      } catch (err) {
+        expect(err.message).to.equal('DB error');
+      }
+    });
+  });
+});

test/db/mongo/repo.test.js

@@ -0,0 +1,55 @@
+const { expect } = require('chai');
+const sinon = require('sinon');
+const proxyqquire = require('proxyquire');
+
+const repoCollection = {
+  findOne: sinon.stub(),
+};
+
+const connectionStub = sinon.stub().returns(repoCollection);
+
+const { getRepo, getRepoByUrl } = proxyqquire('../../../src/db/mongo/repo', {
+  './helper': { connect: connectionStub },
+});
+
+describe('MongoDB', () => {
+  afterEach(function () {
+    sinon.restore();
+  });
+
+  describe('getRepo', () => {
+    it('should get the repo using the name', async () => {
+      const repoData = {
+        name: 'sample',
+        users: { canPush: [] },
+        url: 'http://example.com/sample-repo.git',
+      };
+      repoCollection.findOne.resolves(repoData);
+
+      const result = await getRepo('Sample');
+      expect(result).to.deep.equal(repoData);
+      expect(connectionStub.calledWith('repos')).to.be.true;
+      expect(repoCollection.findOne.calledWith({ name: { $eq: 'sample' } })).to.be.true;
+    });
+  });
+
+  describe('getRepoByUrl', () => {
+    it('should get the repo using the url', async () => {
+      const repoData = {
+        name: 'sample',
+        users: { canPush: [] },
+        url: 'https://github.com/finos/git-proxy.git',
+      };
+      repoCollection.findOne.resolves(repoData);
+
+      const result = await getRepoByUrl('https://github.com/finos/git-proxy.git');
+      expect(result).to.deep.equal(repoData);
+      expect(connectionStub.calledWith('repos')).to.be.true;
+      expect(
+        repoCollection.findOne.calledWith({
+          url: { $eq: 'https://github.com/finos/git-proxy.git' },
+        }),
+      ).to.be.true;
+    });
+  });
+});

test/processors/testCheckRepoInAuthList.test.js

@@ -0,0 +1,52 @@
+const chai = require('chai');
+const sinon = require('sinon');
+const fc = require('fast-check');
+const actions = require('../../src/proxy/actions/Action');
+const processor = require('../../src/proxy/processors/push-action/checkRepoInAuthorisedList');
+const expect = chai.expect;
+const db = require('../../src/db');
+
+describe('Check a Repo is in the authorised list', async () => {
+  afterEach(() => {
+    sinon.restore();
+  });
+
+  it('accepts the action if the repository is whitelisted in the db', async () => {
+    sinon.stub(db, 'getRepoByUrl').resolves({
+      name: 'repo-is-ok',
+      project: 'thisproject',
+      url: 'https://github.com/thisproject/repo-is-ok',
+    });
+
+    const action = new actions.Action('123', 'type', 'get', 1234, 'thisproject/repo-is-ok');
+    const result = await processor.exec(null, action);
+    expect(result.error).to.be.false;
+    expect(result.steps[0].logs[0]).to.eq(
+      'checkRepoInAuthorisedList - repo thisproject/repo-is-ok is in the authorisedList',
+    );
+  });
+
+  it('rejects the action if repository not in the db', async () => {
+    sinon.stub(db, 'getRepoByUrl').resolves(null);
+
+    const action = new actions.Action('123', 'type', 'get', 1234, 'thisproject/repo-is-not-ok');
+    const result = await processor.exec(null, action);
+    expect(result.error).to.be.true;
+    expect(result.steps[0].logs[0]).to.eq(
+      'checkRepoInAuthorisedList - repo thisproject/repo-is-not-ok is not in the authorised whitelist, ending',
+    );
+  });
+
+  describe('fuzzing', () => {
+    it('should not crash on random repo names', async () => {
+      await fc.assert(
+        fc.asyncProperty(fc.string(), async (repoName) => {
+          const action = new actions.Action('123', 'type', 'get', 1234, repoName);
+          const result = await processor.exec(null, action);
+          expect(result.error).to.be.true;
+        }),
+        { numRuns: 1000 },
+      );
+    });
+  });
+});