Merge pull request #727 from snyk/fix/universal-auth-header

fix: auth header var interpol in universal brkr
snyk · Mar 1, 2024 · 7664861 · 7664861
2 parents 3cf4d21 + 3148ce8
commit 7664861
Show file tree

Hide file tree

Showing 14 changed files with 155 additions and 5 deletions.
diff --git a/config.universaltest.json b/config.universaltest.json
@@ -21,6 +21,11 @@
         "validations":[{
           "url": "https://snyk.io/no-such-url-ever"
         }]
+      },
+      "jira-bearer-auth": {
+        "validations":[{
+          "url": "https://snyk.io/no-such-url-ever"
+        }]
       }
     },
     "CONNECTIONS": {
@@ -41,6 +46,12 @@
         "AZURE_REPOS_TOKEN": "${AZURE_REPOS_TOKEN}",
         "AZURE_REPOS_ORG":"${AZURE_REPOS_ORG}",
         "AZURE_REPOS_HOST":"${AZURE_REPOS_HOST}"
+      },
+      "my jira pat": {
+        "type": "jira-bearer-auth",
+        "identifier": "${BROKER_TOKEN_4}",
+        "JIRA_PAT": "${JIRA_PAT}",
+        "JIRA_HOSTNAME":"${JIRA_HOSTNAME}"
       }
     }
   }
diff --git a/config.universaltestpool.json b/config.universaltestpool.json
@@ -29,6 +29,19 @@
         "identifier": "${BROKER_TOKEN_2}",
         "GITLAB_TOKEN": "${GITLAB_TOKEN}",
         "GITLAB":"gitlab.dev.snyk.io"
+      },
+      "my azure connection": {
+        "type": "azure-repos",
+        "identifier": "${BROKER_TOKEN_3}",
+        "AZURE_REPOS_TOKEN": "${AZURE_REPOS_TOKEN}",
+        "AZURE_REPOS_ORG":"${AZURE_REPOS_ORG}",
+        "AZURE_REPOS_HOST":"${AZURE_REPOS_HOST}"
+      },
+      "my jira pat": {
+        "type": "jira-bearer-auth",
+        "identifier": "${BROKER_TOKEN_4}",
+        "JIRA_PAT": "${JIRA_PAT}",
+        "JIRA_HOSTNAME":"${JIRA_HOSTNAME}"
       }
     }
   }
diff --git a/lib/common/filter/filtersAsync.ts b/lib/common/filter/filtersAsync.ts
@@ -267,7 +267,7 @@ export const loadFilters: LOADEDFILTER = (
 
       return {
         url: origin + url + querystring,
-        auth: entry.auth && authHeader(entry.auth),
+        auth: entry.auth && authHeader(entry.auth, localConfig),
         stream,
       };
     };

diff --git a/lib/common/utils/auth-header.ts b/lib/common/utils/auth-header.ts
@@ -11,8 +11,11 @@ export const getEncodedBasicAuth = (username, password, config) => {
   ).toString('base64');
 };
 
-export default ({ scheme, token = '', username = '', password = '' }) => {
-  const config = getConfig();
+export default (
+  { scheme, token = '', username = '', password = '' },
+  connectionConfig?,
+) => {
+  const config = connectionConfig ?? getConfig();
   if (scheme === 'token') {
     return `Token ${replace(token, config)}`;
   }

diff --git a/test/fixtures/client/filters.json b/test/fixtures/client/filters.json
@@ -11,6 +11,27 @@
       }
     },
 
+    {
+      "path": "/echo-auth-header-with-basic-auth/:data",
+      "method": "GET",
+      "origin": "http://localhost:9000",
+      "auth": {
+        "scheme": "basic",
+        "token": "${BROKER_CLIENT_VALIDATION_BASIC_AUTH}"
+      }
+    },
+
+    {
+      "path": "/echo-auth-header-with-bearer-auth/:data",
+      "method": "GET",
+      "origin": "http://localhost:9000",
+      "auth": {
+        "scheme": "bearer",
+        "token": "${JIRA_PAT}"
+      }
+    },
+
+
     {
       "path": "/echo-param/:param",
       "method": "GET",

diff --git a/test/fixtures/server/filters.json b/test/fixtures/server/filters.json
@@ -5,7 +5,15 @@
       "method": "GET",
       "origin": "http://localhost:9000"
     },
-
+    {
+      "path": "/echo-param-with-auth/:param",
+      "method": "GET",
+      "origin": "http://localhost:9000",
+      "auth": {
+        "scheme": "basic",
+        "token": "${BROKER_CLIENT_VALIDATION_BASIC_AUTH}"
+      }
+    },
     {
       "path": "/echo-body/:param?",
       "method": "POST",

diff --git a/test/functional/client-universal-server.test.ts b/test/functional/client-universal-server.test.ts
@@ -34,6 +34,9 @@ describe('proxy requests originating from behind the broker client', () => {
     process.env.BROKER_TOKEN_1 = 'brokertoken1';
     process.env.BROKER_TOKEN_2 = 'brokertoken2';
     process.env.BROKER_TOKEN_3 = 'brokertoken3';
+    process.env.BROKER_TOKEN_4 = 'brokertoken4';
+    process.env.JIRA_PAT = 'jirapat';
+    process.env.JIRA_HOSTNAME = 'hostname';
     process.env.GITHUB_TOKEN = 'ghtoken';
     process.env.GITLAB_TOKEN = 'gltoken';
     process.env.AZURE_REPOS_TOKEN = '123';

diff --git a/test/functional/healthcheck-universal.test.ts b/test/functional/healthcheck-universal.test.ts
@@ -43,6 +43,9 @@ describe('proxy requests originating from behind the broker client', () => {
     process.env.BROKER_TOKEN_1 = 'brokertoken1';
     process.env.BROKER_TOKEN_2 = 'brokertoken2';
     process.env.BROKER_TOKEN_3 = 'brokertoken3';
+    process.env.BROKER_TOKEN_4 = 'brokertoken4';
+    process.env.JIRA_PAT = 'jirapat';
+    process.env.JIRA_HOSTNAME = 'hostname';
     process.env.GITHUB_TOKEN = 'ghtoken';
     process.env.GITLAB_TOKEN = 'gltoken';
     process.env.AZURE_REPOS_TOKEN = '123';
@@ -55,7 +58,7 @@ describe('proxy requests originating from behind the broker client', () => {
     );
 
     expect(response.status).toEqual(200);
-    expect(response.data).toHaveLength(3);
+    expect(response.data).toHaveLength(4);
     expect(response.data[0]).toEqual(
       expect.objectContaining({
         brokerServerUrl: `http://localhost:${bs.port}/`,
@@ -86,11 +89,24 @@ describe('proxy requests originating from behind the broker client', () => {
         websocketConnectionOpen: true,
       }),
     );
+    expect(response.data[3]).toEqual(
+      expect.objectContaining({
+        brokerServerUrl: `http://localhost:${bs.port}/`,
+        friendlyName: 'my jira pat',
+        identifier: 'brok-...-ken4',
+        ok: true,
+        version: 'local',
+        websocketConnectionOpen: true,
+      }),
+    );
     delete process.env.UNIVERSAL_BROKER_ENABLED;
     delete process.env.SERVICE_ENV;
     delete process.env.BROKER_TOKEN_1;
     delete process.env.BROKER_TOKEN_2;
     delete process.env.BROKER_TOKEN_3;
+    delete process.env.BROKER_TOKEN_4;
+    delete process.env.JIRA_PAT;
+    delete process.env.JIRA_HOSTNAME;
     delete process.env.GITHUB_TOKEN;
     delete process.env.GITLAB_TOKEN;
     delete process.env.AZURE_REPOS_TOKEN;

diff --git a/test/functional/server-client-universal-pooled-credentials.test.ts b/test/functional/server-client-universal-pooled-credentials.test.ts
@@ -41,6 +41,9 @@ describe('proxy requests originating from behind the broker server with pooled c
     process.env.BROKER_TOKEN_1 = 'brokertoken1';
     process.env.BROKER_TOKEN_2 = 'brokertoken2';
     process.env.BROKER_TOKEN_3 = 'brokertoken3';
+    process.env.BROKER_TOKEN_4 = 'brokertoken4';
+    process.env.JIRA_PAT = 'jirapat';
+    process.env.JIRA_HOSTNAME = 'hostname';
     process.env.GITHUB_TOKEN_POOL = 'ghtoken1,ghtoken2';
     process.env.GITLAB_TOKEN = 'gltoken';
     process.env.AZURE_REPOS_TOKEN = '123';
@@ -49,6 +52,8 @@ describe('proxy requests originating from behind the broker server with pooled c
     process.env.SNYK_BROKER_CLIENT_CONFIGURATION__common__default__BROKER_SERVER_URL = `http://localhost:${bs.port}`;
     process.env.SNYK_FILTER_RULES_PATHS__github = clientAccept;
     process.env.SNYK_FILTER_RULES_PATHS__gitlab = clientAccept;
+    process.env['SNYK_FILTER_RULES_PATHS__azure-repos'] = clientAccept;
+    process.env['SNYK_FILTER_RULES_PATHS__jira-bearer-auth'] = clientAccept;
     bc = await createUniversalBrokerClient();
     ({ brokerTokens, metadataArray } =
       await waitForUniversalBrokerClientsConnection(bs, 2));

diff --git a/test/functional/server-client-universal.test.ts b/test/functional/server-client-universal.test.ts
@@ -37,14 +37,20 @@ describe('proxy requests originating from behind the broker server', () => {
     process.env.BROKER_TOKEN_1 = 'brokertoken1';
     process.env.BROKER_TOKEN_2 = 'brokertoken2';
     process.env.BROKER_TOKEN_3 = 'brokertoken3';
+    process.env.BROKER_TOKEN_4 = 'brokertoken4';
     process.env.GITHUB_TOKEN = 'ghtoken';
     process.env.GITLAB_TOKEN = 'gltoken';
     process.env.AZURE_REPOS_TOKEN = '123';
     process.env.AZURE_REPOS_HOST = 'hostname';
     process.env.AZURE_REPOS_ORG = 'org';
+    process.env.JIRA_PAT = 'jirapat';
+    process.env.JIRA_HOSTNAME = 'hostname';
     process.env.SNYK_BROKER_CLIENT_CONFIGURATION__common__default__BROKER_SERVER_URL = `http://localhost:${bs.port}`;
     process.env.SNYK_FILTER_RULES_PATHS__github = clientAccept;
     process.env.SNYK_FILTER_RULES_PATHS__gitlab = clientAccept;
+    process.env['SNYK_FILTER_RULES_PATHS__azure-repos'] = clientAccept;
+    process.env['SNYK_FILTER_RULES_PATHS__jira-bearer-auth'] = clientAccept;
+
     bc = await createUniversalBrokerClient();
     await waitForUniversalBrokerClientsConnection(bs, 2);
   });
@@ -71,10 +77,30 @@ describe('proxy requests originating from behind the broker server', () => {
       `http://localhost:${bs.port}/broker/${process.env.BROKER_TOKEN_2}/echo-param/xyz`,
     );
 
+    const response3 = await axiosClient.get(
+      `http://localhost:${bs.port}/broker/${process.env.BROKER_TOKEN_3}/echo-auth-header-with-basic-auth/xyz`,
+    );
+
+    const response4 = await axiosClient.get(
+      `http://localhost:${bs.port}/broker/${process.env.BROKER_TOKEN_4}/echo-auth-header-with-bearer-auth/xyz`,
+    );
+
+    // const response5 = await axiosClient.get(
+    //   `http://localhost:${bs.port}/broker/${process.env.BROKER_TOKEN_3}/echo-auth-header-with-token-auth/xyz`,
+    // );
+
     expect(response.status).toEqual(200);
     expect(response.data).toEqual('xyz');
     expect(response2.status).toEqual(200);
     expect(response2.data).toEqual('xyz');
+    expect(response3.status).toEqual(200);
+    expect(response3.data).toEqual(
+      `Basic ${Buffer.from('PAT:' + process.env.AZURE_REPOS_TOKEN).toString(
+        'base64',
+      )}`,
+    );
+    expect(response4.status).toEqual(200);
+    expect(response4.data).toEqual(`Bearer ${process.env.JIRA_PAT}`);
   });
 
   it('successfully warn logs requests without x-snyk-broker-type header', async () => {

diff --git a/test/functional/server-client.test.ts b/test/functional/server-client.test.ts
@@ -28,6 +28,8 @@ describe('proxy requests originating from behind the broker server', () => {
   beforeAll(async () => {
     const PORT = 9999;
     process.env.BROKER_SERVER_URL = `http://localhost:${PORT}`;
+    process.env.JIRAUSER = 'user';
+    process.env.PASS = 'pass';
 
     tws = await createTestWebServer();
 

diff --git a/test/functional/systemcheck-universal.test.ts b/test/functional/systemcheck-universal.test.ts
@@ -38,6 +38,7 @@ describe('broker client systemcheck endpoint', () => {
     delete process.env.BROKER_TOKEN_1;
     delete process.env.BROKER_TOKEN_2;
     delete process.env.BROKER_TOKEN_3;
+    delete process.env.BROKER_TOKEN_4;
     delete process.env.GITHUB_TOKEN;
     delete process.env.GITLAB_TOKEN;
     delete process.env.BROKER_HEALTHCHECK_PATH;
@@ -55,6 +56,9 @@ describe('broker client systemcheck endpoint', () => {
     process.env.BROKER_TOKEN_1 = 'brokertoken1';
     process.env.BROKER_TOKEN_2 = 'brokertoken2';
     process.env.BROKER_TOKEN_3 = 'brokertoken3';
+    process.env.BROKER_TOKEN_4 = 'brokertoken4';
+    process.env.JIRA_PAT = 'jirapat';
+    process.env.JIRA_HOSTNAME = 'hostname';
     process.env.GITHUB_TOKEN = 'ghtoken';
     process.env.GITLAB_TOKEN = 'gltoken';
     process.env.BROKER_HEALTHCHECK_PATH = '/custom-systemcheck';
@@ -378,6 +382,9 @@ describe('broker client systemcheck endpoint', () => {
     process.env.BROKER_TOKEN_1 = 'brokertoken1';
     process.env.BROKER_TOKEN_2 = 'brokertoken2';
     process.env.BROKER_TOKEN_3 = 'brokertoken3';
+    process.env.BROKER_TOKEN_4 = 'brokertoken4';
+    process.env.JIRA_PAT = 'jirapat';
+    process.env.JIRA_HOSTNAME = 'hostname';
     process.env.GITHUB_TOKEN = 'ghtoken';
     process.env.GITLAB_TOKEN = 'gltoken';
     process.env.AZURE_REPOS_TOKEN = '123';
@@ -438,6 +445,19 @@ describe('broker client systemcheck endpoint', () => {
         message:
           'Validation failed, please review connection details for my azure connection',
       },
+      {
+        connectionName: 'my jira pat',
+        results: [
+          {
+            data: '/no-such-url-ever/',
+            statusCode: 308,
+            url: 'https://snyk.io/no-such-url-ever',
+          },
+        ],
+        validated: false,
+        message:
+          'Validation failed, please review connection details for my jira pat',
+      },
     ]);
   });
 
@@ -448,6 +468,9 @@ describe('broker client systemcheck endpoint', () => {
     process.env.BROKER_TOKEN_1 = 'brokertoken1';
     process.env.BROKER_TOKEN_2 = 'brokertoken2';
     process.env.BROKER_TOKEN_3 = 'brokertoken3';
+    process.env.BROKER_TOKEN_4 = 'brokertoken4';
+    process.env.JIRA_PAT = 'jirapat';
+    process.env.JIRA_HOSTNAME = 'notexists.notexists';
     process.env.GITHUB_TOKEN = 'ghtoken';
     process.env.GITLAB_TOKEN = 'gltoken';
 

diff --git a/test/setup/test-web-server.ts b/test/setup/test-web-server.ts
@@ -166,6 +166,19 @@ const applyEchoRoutes = (app: Express) => {
       resp.send(req.params.param);
     },
   );
+  echoRouter.get(
+    '/echo-auth-header-with-basic-auth/:param',
+    (req: express.Request, resp: express.Response) => {
+      resp.send(req.headers.authorization);
+    },
+  );
+
+  echoRouter.get(
+    '/echo-auth-header-with-bearer-auth/:param',
+    (req: express.Request, resp: express.Response) => {
+      resp.send(req.headers.authorization);
+    },
+  );
 
   echoRouter.get(
     '/echo-origin/:param',

diff --git a/test/unit/config.test.ts b/test/unit/config.test.ts
@@ -72,6 +72,9 @@ describe('config', () => {
     process.env.BROKER_TOKEN_1 = 'dummyBrokerIdentifier';
     process.env.BROKER_TOKEN_2 = 'dummyBrokerIdentifier2';
     process.env.BROKER_TOKEN_3 = 'dummyBrokerIdentifier3';
+    process.env.BROKER_TOKEN_4 = 'brokertoken4';
+    process.env.JIRA_PAT = 'jirapat';
+    process.env.JIRA_HOSTNAME = 'hostname';
     loadBrokerConfig();
     const configData = getConfigForIdentifier(
       'dummyBrokerIdentifier3',
@@ -105,6 +108,9 @@ describe('config', () => {
     process.env.BROKER_TOKEN_1 = 'dummyBrokerIdentifier';
     process.env.BROKER_TOKEN_2 = 'dummyBrokerIdentifier2';
     process.env.BROKER_TOKEN_3 = 'dummyBrokerIdentifier3';
+    process.env.BROKER_TOKEN_4 = 'brokertoken4';
+    process.env.JIRA_PAT = 'jirapat';
+    process.env.JIRA_HOSTNAME = 'hostname';
     loadBrokerConfig();
     const configData = getConfigForIdentifier(
       'dummyBrokerIdentifier',