diff --git a/config.universaltest.json b/config.universaltest.json index 93cdeb7ca..e6be30c59 100644 --- a/config.universaltest.json +++ b/config.universaltest.json @@ -21,6 +21,11 @@ "validations":[{ "url": "https://snyk.io/no-such-url-ever" }] + }, + "jira-bearer-auth": { + "validations":[{ + "url": "https://snyk.io/no-such-url-ever" + }] } }, "CONNECTIONS": { @@ -41,6 +46,12 @@ "AZURE_REPOS_TOKEN": "${AZURE_REPOS_TOKEN}", "AZURE_REPOS_ORG":"${AZURE_REPOS_ORG}", "AZURE_REPOS_HOST":"${AZURE_REPOS_HOST}" + }, + "my jira pat": { + "type": "jira-bearer-auth", + "identifier": "${BROKER_TOKEN_4}", + "JIRA_PAT": "${JIRA_PAT}", + "JIRA_HOSTNAME":"${JIRA_HOSTNAME}" } } } \ No newline at end of file diff --git a/config.universaltestpool.json b/config.universaltestpool.json index 438b1eb85..a5e72698e 100644 --- a/config.universaltestpool.json +++ b/config.universaltestpool.json @@ -29,6 +29,19 @@ "identifier": "${BROKER_TOKEN_2}", "GITLAB_TOKEN": "${GITLAB_TOKEN}", "GITLAB":"gitlab.dev.snyk.io" + }, + "my azure connection": { + "type": "azure-repos", + "identifier": "${BROKER_TOKEN_3}", + "AZURE_REPOS_TOKEN": "${AZURE_REPOS_TOKEN}", + "AZURE_REPOS_ORG":"${AZURE_REPOS_ORG}", + "AZURE_REPOS_HOST":"${AZURE_REPOS_HOST}" + }, + "my jira pat": { + "type": "jira-bearer-auth", + "identifier": "${BROKER_TOKEN_4}", + "JIRA_PAT": "${JIRA_PAT}", + "JIRA_HOSTNAME":"${JIRA_HOSTNAME}" } } } \ No newline at end of file diff --git a/lib/common/filter/filtersAsync.ts b/lib/common/filter/filtersAsync.ts index 7590ac6f9..2958e9a9b 100644 --- a/lib/common/filter/filtersAsync.ts +++ b/lib/common/filter/filtersAsync.ts @@ -267,7 +267,7 @@ export const loadFilters: LOADEDFILTER = ( return { url: origin + url + querystring, - auth: entry.auth && authHeader(entry.auth), + auth: entry.auth && authHeader(entry.auth, localConfig), stream, }; }; diff --git a/lib/common/utils/auth-header.ts b/lib/common/utils/auth-header.ts index c5f42de8b..968de0192 100644 --- a/lib/common/utils/auth-header.ts +++ b/lib/common/utils/auth-header.ts @@ -11,8 +11,11 @@ export const getEncodedBasicAuth = (username, password, config) => { ).toString('base64'); }; -export default ({ scheme, token = '', username = '', password = '' }) => { - const config = getConfig(); +export default ( + { scheme, token = '', username = '', password = '' }, + connectionConfig?, +) => { + const config = connectionConfig ?? getConfig(); if (scheme === 'token') { return `Token ${replace(token, config)}`; } diff --git a/test/fixtures/client/filters.json b/test/fixtures/client/filters.json index d0d3db992..4aa87d0c8 100644 --- a/test/fixtures/client/filters.json +++ b/test/fixtures/client/filters.json @@ -11,6 +11,27 @@ } }, + { + "path": "/echo-auth-header-with-basic-auth/:data", + "method": "GET", + "origin": "http://localhost:9000", + "auth": { + "scheme": "basic", + "token": "${BROKER_CLIENT_VALIDATION_BASIC_AUTH}" + } + }, + + { + "path": "/echo-auth-header-with-bearer-auth/:data", + "method": "GET", + "origin": "http://localhost:9000", + "auth": { + "scheme": "bearer", + "token": "${JIRA_PAT}" + } + }, + + { "path": "/echo-param/:param", "method": "GET", diff --git a/test/fixtures/server/filters.json b/test/fixtures/server/filters.json index 33fba26d8..cb8c4ff88 100644 --- a/test/fixtures/server/filters.json +++ b/test/fixtures/server/filters.json @@ -5,7 +5,15 @@ "method": "GET", "origin": "http://localhost:9000" }, - + { + "path": "/echo-param-with-auth/:param", + "method": "GET", + "origin": "http://localhost:9000", + "auth": { + "scheme": "basic", + "token": "${BROKER_CLIENT_VALIDATION_BASIC_AUTH}" + } + }, { "path": "/echo-body/:param?", "method": "POST", diff --git a/test/functional/client-universal-server.test.ts b/test/functional/client-universal-server.test.ts index 5c89a93dd..c8b98ef6a 100644 --- a/test/functional/client-universal-server.test.ts +++ b/test/functional/client-universal-server.test.ts @@ -34,6 +34,9 @@ describe('proxy requests originating from behind the broker client', () => { process.env.BROKER_TOKEN_1 = 'brokertoken1'; process.env.BROKER_TOKEN_2 = 'brokertoken2'; process.env.BROKER_TOKEN_3 = 'brokertoken3'; + process.env.BROKER_TOKEN_4 = 'brokertoken4'; + process.env.JIRA_PAT = 'jirapat'; + process.env.JIRA_HOSTNAME = 'hostname'; process.env.GITHUB_TOKEN = 'ghtoken'; process.env.GITLAB_TOKEN = 'gltoken'; process.env.AZURE_REPOS_TOKEN = '123'; diff --git a/test/functional/healthcheck-universal.test.ts b/test/functional/healthcheck-universal.test.ts index e21dffe49..5f09f661b 100644 --- a/test/functional/healthcheck-universal.test.ts +++ b/test/functional/healthcheck-universal.test.ts @@ -43,6 +43,9 @@ describe('proxy requests originating from behind the broker client', () => { process.env.BROKER_TOKEN_1 = 'brokertoken1'; process.env.BROKER_TOKEN_2 = 'brokertoken2'; process.env.BROKER_TOKEN_3 = 'brokertoken3'; + process.env.BROKER_TOKEN_4 = 'brokertoken4'; + process.env.JIRA_PAT = 'jirapat'; + process.env.JIRA_HOSTNAME = 'hostname'; process.env.GITHUB_TOKEN = 'ghtoken'; process.env.GITLAB_TOKEN = 'gltoken'; process.env.AZURE_REPOS_TOKEN = '123'; @@ -55,7 +58,7 @@ describe('proxy requests originating from behind the broker client', () => { ); expect(response.status).toEqual(200); - expect(response.data).toHaveLength(3); + expect(response.data).toHaveLength(4); expect(response.data[0]).toEqual( expect.objectContaining({ brokerServerUrl: `http://localhost:${bs.port}/`, @@ -86,11 +89,24 @@ describe('proxy requests originating from behind the broker client', () => { websocketConnectionOpen: true, }), ); + expect(response.data[3]).toEqual( + expect.objectContaining({ + brokerServerUrl: `http://localhost:${bs.port}/`, + friendlyName: 'my jira pat', + identifier: 'brok-...-ken4', + ok: true, + version: 'local', + websocketConnectionOpen: true, + }), + ); delete process.env.UNIVERSAL_BROKER_ENABLED; delete process.env.SERVICE_ENV; delete process.env.BROKER_TOKEN_1; delete process.env.BROKER_TOKEN_2; delete process.env.BROKER_TOKEN_3; + delete process.env.BROKER_TOKEN_4; + delete process.env.JIRA_PAT; + delete process.env.JIRA_HOSTNAME; delete process.env.GITHUB_TOKEN; delete process.env.GITLAB_TOKEN; delete process.env.AZURE_REPOS_TOKEN; diff --git a/test/functional/server-client-universal-pooled-credentials.test.ts b/test/functional/server-client-universal-pooled-credentials.test.ts index 2618ab521..0c75f34e8 100644 --- a/test/functional/server-client-universal-pooled-credentials.test.ts +++ b/test/functional/server-client-universal-pooled-credentials.test.ts @@ -41,6 +41,9 @@ describe('proxy requests originating from behind the broker server with pooled c process.env.BROKER_TOKEN_1 = 'brokertoken1'; process.env.BROKER_TOKEN_2 = 'brokertoken2'; process.env.BROKER_TOKEN_3 = 'brokertoken3'; + process.env.BROKER_TOKEN_4 = 'brokertoken4'; + process.env.JIRA_PAT = 'jirapat'; + process.env.JIRA_HOSTNAME = 'hostname'; process.env.GITHUB_TOKEN_POOL = 'ghtoken1,ghtoken2'; process.env.GITLAB_TOKEN = 'gltoken'; process.env.AZURE_REPOS_TOKEN = '123'; @@ -49,6 +52,8 @@ describe('proxy requests originating from behind the broker server with pooled c process.env.SNYK_BROKER_CLIENT_CONFIGURATION__common__default__BROKER_SERVER_URL = `http://localhost:${bs.port}`; process.env.SNYK_FILTER_RULES_PATHS__github = clientAccept; process.env.SNYK_FILTER_RULES_PATHS__gitlab = clientAccept; + process.env['SNYK_FILTER_RULES_PATHS__azure-repos'] = clientAccept; + process.env['SNYK_FILTER_RULES_PATHS__jira-bearer-auth'] = clientAccept; bc = await createUniversalBrokerClient(); ({ brokerTokens, metadataArray } = await waitForUniversalBrokerClientsConnection(bs, 2)); diff --git a/test/functional/server-client-universal.test.ts b/test/functional/server-client-universal.test.ts index bfead78cb..5aad7651f 100644 --- a/test/functional/server-client-universal.test.ts +++ b/test/functional/server-client-universal.test.ts @@ -37,14 +37,20 @@ describe('proxy requests originating from behind the broker server', () => { process.env.BROKER_TOKEN_1 = 'brokertoken1'; process.env.BROKER_TOKEN_2 = 'brokertoken2'; process.env.BROKER_TOKEN_3 = 'brokertoken3'; + process.env.BROKER_TOKEN_4 = 'brokertoken4'; process.env.GITHUB_TOKEN = 'ghtoken'; process.env.GITLAB_TOKEN = 'gltoken'; process.env.AZURE_REPOS_TOKEN = '123'; process.env.AZURE_REPOS_HOST = 'hostname'; process.env.AZURE_REPOS_ORG = 'org'; + process.env.JIRA_PAT = 'jirapat'; + process.env.JIRA_HOSTNAME = 'hostname'; process.env.SNYK_BROKER_CLIENT_CONFIGURATION__common__default__BROKER_SERVER_URL = `http://localhost:${bs.port}`; process.env.SNYK_FILTER_RULES_PATHS__github = clientAccept; process.env.SNYK_FILTER_RULES_PATHS__gitlab = clientAccept; + process.env['SNYK_FILTER_RULES_PATHS__azure-repos'] = clientAccept; + process.env['SNYK_FILTER_RULES_PATHS__jira-bearer-auth'] = clientAccept; + bc = await createUniversalBrokerClient(); await waitForUniversalBrokerClientsConnection(bs, 2); }); @@ -71,10 +77,30 @@ describe('proxy requests originating from behind the broker server', () => { `http://localhost:${bs.port}/broker/${process.env.BROKER_TOKEN_2}/echo-param/xyz`, ); + const response3 = await axiosClient.get( + `http://localhost:${bs.port}/broker/${process.env.BROKER_TOKEN_3}/echo-auth-header-with-basic-auth/xyz`, + ); + + const response4 = await axiosClient.get( + `http://localhost:${bs.port}/broker/${process.env.BROKER_TOKEN_4}/echo-auth-header-with-bearer-auth/xyz`, + ); + + // const response5 = await axiosClient.get( + // `http://localhost:${bs.port}/broker/${process.env.BROKER_TOKEN_3}/echo-auth-header-with-token-auth/xyz`, + // ); + expect(response.status).toEqual(200); expect(response.data).toEqual('xyz'); expect(response2.status).toEqual(200); expect(response2.data).toEqual('xyz'); + expect(response3.status).toEqual(200); + expect(response3.data).toEqual( + `Basic ${Buffer.from('PAT:' + process.env.AZURE_REPOS_TOKEN).toString( + 'base64', + )}`, + ); + expect(response4.status).toEqual(200); + expect(response4.data).toEqual(`Bearer ${process.env.JIRA_PAT}`); }); it('successfully warn logs requests without x-snyk-broker-type header', async () => { diff --git a/test/functional/server-client.test.ts b/test/functional/server-client.test.ts index d0f5cc31a..f65999658 100644 --- a/test/functional/server-client.test.ts +++ b/test/functional/server-client.test.ts @@ -28,6 +28,8 @@ describe('proxy requests originating from behind the broker server', () => { beforeAll(async () => { const PORT = 9999; process.env.BROKER_SERVER_URL = `http://localhost:${PORT}`; + process.env.JIRAUSER = 'user'; + process.env.PASS = 'pass'; tws = await createTestWebServer(); diff --git a/test/functional/systemcheck-universal.test.ts b/test/functional/systemcheck-universal.test.ts index 8b01cca06..b22895f23 100644 --- a/test/functional/systemcheck-universal.test.ts +++ b/test/functional/systemcheck-universal.test.ts @@ -38,6 +38,7 @@ describe('broker client systemcheck endpoint', () => { delete process.env.BROKER_TOKEN_1; delete process.env.BROKER_TOKEN_2; delete process.env.BROKER_TOKEN_3; + delete process.env.BROKER_TOKEN_4; delete process.env.GITHUB_TOKEN; delete process.env.GITLAB_TOKEN; delete process.env.BROKER_HEALTHCHECK_PATH; @@ -55,6 +56,9 @@ describe('broker client systemcheck endpoint', () => { process.env.BROKER_TOKEN_1 = 'brokertoken1'; process.env.BROKER_TOKEN_2 = 'brokertoken2'; process.env.BROKER_TOKEN_3 = 'brokertoken3'; + process.env.BROKER_TOKEN_4 = 'brokertoken4'; + process.env.JIRA_PAT = 'jirapat'; + process.env.JIRA_HOSTNAME = 'hostname'; process.env.GITHUB_TOKEN = 'ghtoken'; process.env.GITLAB_TOKEN = 'gltoken'; process.env.BROKER_HEALTHCHECK_PATH = '/custom-systemcheck'; @@ -378,6 +382,9 @@ describe('broker client systemcheck endpoint', () => { process.env.BROKER_TOKEN_1 = 'brokertoken1'; process.env.BROKER_TOKEN_2 = 'brokertoken2'; process.env.BROKER_TOKEN_3 = 'brokertoken3'; + process.env.BROKER_TOKEN_4 = 'brokertoken4'; + process.env.JIRA_PAT = 'jirapat'; + process.env.JIRA_HOSTNAME = 'hostname'; process.env.GITHUB_TOKEN = 'ghtoken'; process.env.GITLAB_TOKEN = 'gltoken'; process.env.AZURE_REPOS_TOKEN = '123'; @@ -438,6 +445,19 @@ describe('broker client systemcheck endpoint', () => { message: 'Validation failed, please review connection details for my azure connection', }, + { + connectionName: 'my jira pat', + results: [ + { + data: '/no-such-url-ever/', + statusCode: 308, + url: 'https://snyk.io/no-such-url-ever', + }, + ], + validated: false, + message: + 'Validation failed, please review connection details for my jira pat', + }, ]); }); @@ -448,6 +468,9 @@ describe('broker client systemcheck endpoint', () => { process.env.BROKER_TOKEN_1 = 'brokertoken1'; process.env.BROKER_TOKEN_2 = 'brokertoken2'; process.env.BROKER_TOKEN_3 = 'brokertoken3'; + process.env.BROKER_TOKEN_4 = 'brokertoken4'; + process.env.JIRA_PAT = 'jirapat'; + process.env.JIRA_HOSTNAME = 'notexists.notexists'; process.env.GITHUB_TOKEN = 'ghtoken'; process.env.GITLAB_TOKEN = 'gltoken'; diff --git a/test/setup/test-web-server.ts b/test/setup/test-web-server.ts index 8f2557edb..3beafceb2 100644 --- a/test/setup/test-web-server.ts +++ b/test/setup/test-web-server.ts @@ -166,6 +166,19 @@ const applyEchoRoutes = (app: Express) => { resp.send(req.params.param); }, ); + echoRouter.get( + '/echo-auth-header-with-basic-auth/:param', + (req: express.Request, resp: express.Response) => { + resp.send(req.headers.authorization); + }, + ); + + echoRouter.get( + '/echo-auth-header-with-bearer-auth/:param', + (req: express.Request, resp: express.Response) => { + resp.send(req.headers.authorization); + }, + ); echoRouter.get( '/echo-origin/:param', diff --git a/test/unit/config.test.ts b/test/unit/config.test.ts index 47328e308..a1257d28b 100644 --- a/test/unit/config.test.ts +++ b/test/unit/config.test.ts @@ -72,6 +72,9 @@ describe('config', () => { process.env.BROKER_TOKEN_1 = 'dummyBrokerIdentifier'; process.env.BROKER_TOKEN_2 = 'dummyBrokerIdentifier2'; process.env.BROKER_TOKEN_3 = 'dummyBrokerIdentifier3'; + process.env.BROKER_TOKEN_4 = 'brokertoken4'; + process.env.JIRA_PAT = 'jirapat'; + process.env.JIRA_HOSTNAME = 'hostname'; loadBrokerConfig(); const configData = getConfigForIdentifier( 'dummyBrokerIdentifier3', @@ -105,6 +108,9 @@ describe('config', () => { process.env.BROKER_TOKEN_1 = 'dummyBrokerIdentifier'; process.env.BROKER_TOKEN_2 = 'dummyBrokerIdentifier2'; process.env.BROKER_TOKEN_3 = 'dummyBrokerIdentifier3'; + process.env.BROKER_TOKEN_4 = 'brokertoken4'; + process.env.JIRA_PAT = 'jirapat'; + process.env.JIRA_HOSTNAME = 'hostname'; loadBrokerConfig(); const configData = getConfigForIdentifier( 'dummyBrokerIdentifier',