diff options
-rw-r--r-- | app.go | 4 | ||||
-rw-r--r-- | shared/pages/group.acme/with.acme.challenge/public.zip | bin | 0 -> 1402 bytes | |||
-rw-r--r-- | test/acceptance/acme_test.go | 106 | ||||
-rw-r--r-- | test/acceptance/helpers_test.go | 5 | ||||
-rw-r--r-- | test/acceptance/testdata/api_responses.go | 4 |
5 files changed, 77 insertions, 42 deletions
@@ -514,6 +514,9 @@ func runApp(config *cfg.Config) { a.Handlers = handlers.New(a.Auth, a.Artifact) + // TODO: This if was introduced when `gitlab-server` wasn't a required parameter + // once we completely remove support for legacy architecture and make it required + // we can just remove this if statement https://gitlab.com/gitlab-org/gitlab-pages/-/issues/581 if config.GitLab.Server != "" { a.AcmeMiddleware = &acme.Middleware{GitlabURL: config.GitLab.Server} } @@ -545,6 +548,7 @@ func (a *theApp) setAuth(config *cfg.Config) { } var err error + // TODO: use config.GitLab.InternalServer https://gitlab.com/gitlab-org/gitlab-pages/-/issues/581 a.Auth, err = auth.New(config.General.Domain, config.Authentication.Secret, config.Authentication.ClientID, config.Authentication.ClientSecret, config.Authentication.RedirectURI, config.GitLab.Server, config.Authentication.Scope) if err != nil { diff --git a/shared/pages/group.acme/with.acme.challenge/public.zip b/shared/pages/group.acme/with.acme.challenge/public.zip Binary files differnew file mode 100644 index 00000000..1eadb231 --- /dev/null +++ b/shared/pages/group.acme/with.acme.challenge/public.zip diff --git a/test/acceptance/acme_test.go b/test/acceptance/acme_test.go index eb8f2160..c7a33796 100644 --- a/test/acceptance/acme_test.go +++ b/test/acceptance/acme_test.go @@ -9,65 +9,95 @@ import ( "github.com/stretchr/testify/require" ) +const ( + existingAcmeTokenPath = "/.well-known/acme-challenge/existingtoken" + notExistingAcmeTokenPath = "/.well-known/acme-challenge/notexistingtoken" +) + func TestAcmeChallengesWhenItIsNotConfigured(t *testing.T) { skipUnlessEnabled(t) - teardown := RunPagesProcess(t, *pagesBinary, supportedListeners(), "", "") - defer teardown() - - t.Run("When domain folder contains requested acme challenge it responds with it", func(t *testing.T) { - rsp, err := GetRedirectPage(t, httpListener, "withacmechallenge.domain.com", - existingAcmeTokenPath) + RunPagesProcessWithStubGitLabServer(t, + withListeners([]ListenSpec{httpListener}), + ) - defer rsp.Body.Close() - require.NoError(t, err) - require.Equal(t, http.StatusOK, rsp.StatusCode) - body, _ := ioutil.ReadAll(rsp.Body) - require.Equal(t, "this is token\n", string(body)) - }) + tests := map[string]struct { + token string + expectedStatus int + expectedContent string + }{ + "When domain folder contains requested acme challenge it responds with it": { + token: existingAcmeTokenPath, + expectedStatus: http.StatusOK, + expectedContent: "this is token\n", + }, + "When domain folder does not contain requested acme challenge it returns 404": { + token: notExistingAcmeTokenPath, + expectedStatus: http.StatusNotFound, + expectedContent: "The page you're looking for could not be found.", + }, + } - t.Run("When domain folder doesn't contains requested acme challenge it returns 404", - func(t *testing.T) { + for name, test := range tests { + t.Run(name, func(t *testing.T) { rsp, err := GetRedirectPage(t, httpListener, "withacmechallenge.domain.com", - notExistingAcmeTokenPath) + test.token) defer rsp.Body.Close() require.NoError(t, err) - require.Equal(t, http.StatusNotFound, rsp.StatusCode) - }, - ) + require.Equal(t, test.expectedStatus, rsp.StatusCode) + body, err := ioutil.ReadAll(rsp.Body) + require.NoError(t, err) + + require.Contains(t, string(body), test.expectedContent) + }) + } } func TestAcmeChallengesWhenItIsConfigured(t *testing.T) { skipUnlessEnabled(t) - teardown := RunPagesProcess(t, *pagesBinary, supportedListeners(), "", "-gitlab-server=https://gitlab-acme.com") - defer teardown() - - t.Run("When domain folder contains requested acme challenge it responds with it", func(t *testing.T) { - rsp, err := GetRedirectPage(t, httpListener, "withacmechallenge.domain.com", - existingAcmeTokenPath) + RunPagesProcessWithStubGitLabServer(t, + withListeners([]ListenSpec{httpListener}), + withExtraArgument("gitlab-server", "https://gitlab-acme.com"), + ) - defer rsp.Body.Close() - require.NoError(t, err) - require.Equal(t, http.StatusOK, rsp.StatusCode) - body, _ := ioutil.ReadAll(rsp.Body) - require.Equal(t, "this is token\n", string(body)) - }) + tests := map[string]struct { + token string + expectedStatus int + expectedContent string + expectedLocation string + }{ + "When domain folder contains requested acme challenge it responds with it": { + token: existingAcmeTokenPath, + expectedStatus: http.StatusOK, + expectedContent: "this is token\n", + }, + "When domain folder doesn't contains requested acme challenge it redirects to GitLab": { + token: notExistingAcmeTokenPath, + expectedStatus: http.StatusTemporaryRedirect, + expectedContent: "", + expectedLocation: "https://gitlab-acme.com/-/acme-challenge?domain=withacmechallenge.domain.com&token=notexistingtoken", + }, + } - t.Run("When domain folder doesn't contains requested acme challenge it redirects to GitLab", - func(t *testing.T) { + for name, test := range tests { + t.Run(name, func(t *testing.T) { rsp, err := GetRedirectPage(t, httpListener, "withacmechallenge.domain.com", - notExistingAcmeTokenPath) + test.token) defer rsp.Body.Close() require.NoError(t, err) - require.Equal(t, http.StatusTemporaryRedirect, rsp.StatusCode) + require.Equal(t, test.expectedStatus, rsp.StatusCode) + body, err := ioutil.ReadAll(rsp.Body) + require.NoError(t, err) + + require.Contains(t, string(body), test.expectedContent) - url, err := url.Parse(rsp.Header.Get("Location")) + redirectURL, err := url.Parse(rsp.Header.Get("Location")) require.NoError(t, err) - require.Equal(t, url.String(), "https://gitlab-acme.com/-/acme-challenge?domain=withacmechallenge.domain.com&token=notexistingtoken") - }, - ) + require.Equal(t, redirectURL.String(), test.expectedLocation) + }) + } } diff --git a/test/acceptance/helpers_test.go b/test/acceptance/helpers_test.go index e9ae6a96..2b95cf4b 100644 --- a/test/acceptance/helpers_test.go +++ b/test/acceptance/helpers_test.go @@ -91,9 +91,6 @@ var ( return conn, err } - - existingAcmeTokenPath = "/.well-known/acme-challenge/existingtoken" - notExistingAcmeTokenPath = "/.well-known/acme-challenge/notexistingtoken" ) type tWriter struct { @@ -253,7 +250,7 @@ func RunPagesProcessWithStubGitLabServer(t *testing.T, opts ...processOption) *L source := NewGitlabDomainsSourceStub(t, processCfg.gitlabStubOpts) gitLabAPISecretKey := CreateGitLabAPISecretKeyFixtureFile(t) - processCfg.extraArgs = append(processCfg.extraArgs, "-pages-root", wd, "-gitlab-server", source.URL, "-api-secret-key", gitLabAPISecretKey, "-domain-config-source", "gitlab") + processCfg.extraArgs = append(processCfg.extraArgs, "-pages-root", wd, "-internal-gitlab-server", source.URL, "-api-secret-key", gitLabAPISecretKey, "-domain-config-source", "gitlab") logBuf, cleanup := runPagesProcess(t, processCfg.wait, processCfg.pagesBinary, processCfg.listeners, "", processCfg.envs, processCfg.extraArgs...) diff --git a/test/acceptance/testdata/api_responses.go b/test/acceptance/testdata/api_responses.go index 8d423716..07349466 100644 --- a/test/acceptance/testdata/api_responses.go +++ b/test/acceptance/testdata/api_responses.go @@ -42,6 +42,10 @@ var DomainResponses = map[string]responseFn{ projectID: 1000, pathOnDisk: "group.404/domain.404", }), + "withacmechallenge.domain.com": customDomain(projectConfig{ + projectID: 1234, + pathOnDisk: "group.acme/with.acme.challenge", + }), // NOTE: before adding more domains here, generate the zip archive by running (per project) // make zip PROJECT_SUBDIR=group/serving // make zip PROJECT_SUBDIR=group/project2 |