(#3566) Add Pester tests for Credential Provider

Add Pester tests to ensure we don't inadvertently bleed configured credentials into scenarios where they should not be used.
chocolatey · Nov 26, 2024 · 3d599b1 · 3d599b1
1 parent bafa7eb
commit 3d599b1
Show file tree

Hide file tree

Showing 4 changed files with 87 additions and 7 deletions.
diff --git a/tests/helpers/common/Chocolatey/Disable-ChocolateySource.ps1 b/tests/helpers/common/Chocolatey/Disable-ChocolateySource.ps1
@@ -8,10 +8,8 @@ function Disable-ChocolateySource {
         [Parameter()]
         [switch]$All
     )
-    # Significantly weird behaviour with piping this source list by property name.
-    $CurrentSources = (Invoke-Choco source list -r).Lines | ConvertFrom-ChocolateyOutput -Command SourceList | Where-Object {
-        $_.Name -like $Name
-    }
+
+    $CurrentSources = Get-ChocolateySource -Name $Name
     foreach ($Source in $CurrentSources) {
         $null = Invoke-Choco source disable --name $Source.Name
     }

diff --git a/tests/helpers/common/Chocolatey/Enable-ChocolateySource.ps1 b/tests/helpers/common/Chocolatey/Enable-ChocolateySource.ps1
@@ -9,9 +9,7 @@ function Enable-ChocolateySource {
         [switch]$All
     )
     # Significantly weird behaviour with piping this source list by property name.
-    $CurrentSources = (Invoke-Choco source list -r).Lines | ConvertFrom-ChocolateyOutput -Command SourceList | Where-Object {
-        $_.Name -like $Name
-    }
+    $CurrentSources = Get-ChocolateySource -Name $Name
     foreach ($Source in $CurrentSources) {
         $null = Invoke-Choco source enable --name $Source.Name
     }

diff --git a/tests/helpers/common/Chocolatey/Get-ChocolateySource.ps1 b/tests/helpers/common/Chocolatey/Get-ChocolateySource.ps1
@@ -0,0 +1,11 @@
+function Get-ChocolateySource {
+    [CmdletBinding()]
+    param(
+        [Parameter()]
+        [string]$Name = "*"
+    )
+    # Significantly weird behaviour with piping this source list by property name.
+    (Invoke-Choco source list -r).Lines | ConvertFrom-ChocolateyOutput -Command SourceList | Where-Object {
+        $_.Name -like $Name
+    }
+}
diff --git a/tests/pester-tests/features/CredentialProvider.Tests.ps1 b/tests/pester-tests/features/CredentialProvider.Tests.ps1
@@ -0,0 +1,73 @@
+# These tests are to ensure that credentials from one configured and enabled source are not
+# picked up and used when a URL is matching based on the hostname. These tests use an authenticated
+# source without explicitly providing a username/password. It is expected that Chocolatey will prompt for
+# the username and password.
+Describe 'Ensuring credentials do not bleed from configured sources' -Tag CredentialProvider -ForEach @(
+    # Info and outdated are returning 0 in all test cases we've thrown at them.
+    # Suspect the only way either of these commands actually return non-zero is in a scenario where
+    # something goes catastrophically wrong outside of the actual command calls.
+    @{
+        Command = 'info'
+        ExitCode = 0
+    }
+    @{
+        Command = 'outdated'
+        ExitCode = 0
+    }
+    @{
+        Command = 'install'
+        ExitCode = 1
+    }
+    @{
+        Command = 'search'
+        ExitCode = 0
+    }
+    @{
+        Command = 'upgrade'
+        ExitCode = 1
+    }
+    @{
+        Command = 'download'
+        ExitCode = 1
+    }
+) {
+    BeforeDiscovery {
+        $HasLicensedExtension = Test-PackageIsEqualOrHigher -PackageName 'chocolatey.extension' -Version '5.0.0'
+    }
+
+    BeforeAll {
+        Initialize-ChocolateyTestInstall
+        Disable-ChocolateySource -All
+        Enable-ChocolateySource -Name 'hermes'
+        $SetupSource = Get-ChocolateySource -Name 'hermes-setup'
+        Remove-Item download -force -recurse
+    }
+
+    # Skip the download command if chocolatey.extension is not installed.
+    Context 'Command (<Command>)' -Skip:($Command -eq 'download' -and -not $HasLicensedExtension) {
+        BeforeAll {
+            # Picked a package that is on `hermes-setup` but not on `hermes`.
+            $PackageUnderTest = 'chocolatey-compatibility.extension'
+            Restore-ChocolateyInstallSnapshot
+            # Chocolatey will prompt for credentials, we need to force something in there, and this will do that.
+            $Output = 'n' | Invoke-Choco $Command $PackageUnderTest --confirm --source="'$($SetupSource.Url)'"
+        }
+
+        AfterAll {
+            Remove-ChocolateyInstallSnapshot
+        }
+
+        It 'Exits Correctly (<ExitCode>)' {
+            $Output.ExitCode | Should -Be $ExitCode -Because $Output.String
+        }
+
+        It 'Outputs error message' {
+            if ($Command -eq 'search') {
+                $Output.Lines | Should -Contain "[NuGet] Not able to contact source '$($SetupSource.Url)'. Error was The remote server returned an error: (401) Unauthorized." -Because $Output.String
+            } else {
+                $Output.Lines | Should -Contain "Error retrieving packages from source '$($SetupSource.Url)':" -Because $Output.String
+                $Output.Lines | Should -Contain "The remote server returned an error: (401) Unauthorized." -Because $Output.String
+            }
+        }
+    }
+}