diff options
| -rw-r--r-- | .gitlab-ci.yml | 5 | ||||
| -rw-r--r-- | Dangerfile | 7 | ||||
| -rw-r--r-- | Gemfile | 7 | ||||
| -rw-r--r-- | internal/artifact/artifact.go | 6 | ||||
| -rw-r--r-- | internal/artifact/artifact_test.go | 21 | ||||
| -rw-r--r-- | internal/auth/auth.go | 10 | ||||
| -rw-r--r-- | internal/auth/auth_test.go | 20 |
7 files changed, 76 insertions, 0 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e446cf2e..91ec065e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -17,6 +17,11 @@ workflow: include: - local: .gitlab/ci/prepare.yml - local: .gitlab/ci/test.yml + - project: 'gitlab-org/quality/pipeline-common' + file: + - '/ci/danger-review.yml' + rules: + - if: '$CI_SERVER_HOST == "gitlab.com"' default: image: golang:1.18 diff --git a/Dangerfile b/Dangerfile new file mode 100644 index 00000000..0cf5c959 --- /dev/null +++ b/Dangerfile @@ -0,0 +1,7 @@ +require "gitlab-dangerfiles" + +Gitlab::Dangerfiles.for_project(self) do |dangerfiles| + dangerfiles.import_plugins + # TODO: find a way to re-enalbe changelog https://gitlab.com/gitlab-org/gitlab-pages/-/issues/736 + dangerfiles.import_dangerfiles(except: %w[changelog]) +end diff --git a/Gemfile b/Gemfile new file mode 100644 index 00000000..dc7155fb --- /dev/null +++ b/Gemfile @@ -0,0 +1,7 @@ +# frozen_string_literal: true + +source 'https://rubygems.org' + +group :development, :test, :danger do + gem 'gitlab-dangerfiles', '~> 3.0', require: false +end diff --git a/internal/artifact/artifact.go b/internal/artifact/artifact.go index 0a4f0ab4..dab1fb91 100644 --- a/internal/artifact/artifact.go +++ b/internal/artifact/artifact.go @@ -1,6 +1,7 @@ package artifact import ( + "context" "errors" "fmt" "io" @@ -89,6 +90,11 @@ func (a *Artifact) makeRequest(w http.ResponseWriter, r *http.Request, reqURL *u } resp, err := a.client.Do(req) if err != nil { + if errors.Is(err, context.Canceled) { + httperrors.Serve404(w) + return + } + logging.LogRequest(r).WithError(err).Error(artifactRequestErrMsg) errortracking.CaptureErrWithReqAndStackTrace(err, r) httperrors.Serve502(w) diff --git a/internal/artifact/artifact_test.go b/internal/artifact/artifact_test.go index ab25d16f..b8c2771b 100644 --- a/internal/artifact/artifact_test.go +++ b/internal/artifact/artifact_test.go @@ -1,6 +1,7 @@ package artifact_test import ( + "context" "fmt" "net/http" "net/http/httptest" @@ -275,3 +276,23 @@ func TestBuildURL(t *testing.T) { }) } } + +func TestContextCanceled(t *testing.T) { + content := "<!DOCTYPE html><html><head><title>Title of the document</title></head><body></body></html>" + contentType := "text/html; charset=utf-8" + testServer := makeArtifactServerStub(t, content, contentType) + t.Cleanup(testServer.Close) + + result := httptest.NewRecorder() + reqURL, err := url.Parse("/-/subgroup/project/-/jobs/1/artifacts/200.html") + require.NoError(t, err) + r := &http.Request{URL: reqURL} + ctx, cancel := context.WithCancel(context.Background()) + r = r.WithContext(ctx) + // cancel context explicitly + cancel() + art := artifact.New(testServer.URL, 1, "gitlab-example.io") + + require.True(t, art.TryMakeRequest("group.gitlab-example.io", result, r, "", func(resp *http.Response) bool { return false })) + require.Equal(t, http.StatusNotFound, result.Code) +} diff --git a/internal/auth/auth.go b/internal/auth/auth.go index 21398e56..05542d21 100644 --- a/internal/auth/auth.go +++ b/internal/auth/auth.go @@ -151,6 +151,11 @@ func (a *Auth) checkAuthenticationResponse(session *hostSession, w http.Response // Fetch access token with authorization code token, err := a.fetchAccessToken(r.Context(), decryptedCode) if err != nil { + if errors.Is(err, context.Canceled) { + httperrors.Serve404(w) + return + } + // Fetching token not OK logRequest(r).WithError(err).WithField( "redirect_uri", redirectURI, @@ -476,6 +481,11 @@ func (a *Auth) checkAuthentication(w http.ResponseWriter, r *http.Request, domai req.Header.Add("Authorization", "Bearer "+session.Values["access_token"].(string)) resp, err := a.apiClient.Do(req) if err != nil { + if errors.Is(err, context.Canceled) { + httperrors.Serve404(w) + return true + } + logRequest(r).WithError(err).Error("Failed to retrieve info with token") errortracking.CaptureErrWithReqAndStackTrace(err, r) // call serve404 handler when auth fails diff --git a/internal/auth/auth_test.go b/internal/auth/auth_test.go index 586c3839..4236d695 100644 --- a/internal/auth/auth_test.go +++ b/internal/auth/auth_test.go @@ -270,6 +270,26 @@ func TestCheckAuthenticationWhenAccess(t *testing.T) { require.Equal(t, http.StatusOK, result.Code) } +func TestCheckAuthenticationWhenContextCanceled(t *testing.T) { + apiServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusOK) })) + t.Cleanup(apiServer.Close) + + auth := createTestAuth(t, apiServer.URL, "") + + result := httptest.NewRecorder() + r, err := http.NewRequest("Get", "https://example.com/", nil) + require.NoError(t, err) + ctx, cancel := context.WithCancel(r.Context()) + r = r.WithContext(ctx) + setSessionValues(t, r, auth, map[interface{}]interface{}{"access_token": "abc"}) + + // cancel context explicitly and expect not found + cancel() + contentServed := auth.CheckAuthentication(result, r, &domainMock{projectID: 1000}) + require.True(t, contentServed) + require.Equal(t, http.StatusNotFound, result.Code) +} + func TestCheckAuthenticationWhenNoAccess(t *testing.T) { apiServer := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { switch r.URL.Path { |