From 3d599b1b82b483933747c63195a1479ff30f56f0 Mon Sep 17 00:00:00 2001 From: Cory Knox Date: Thu, 21 Nov 2024 17:27:33 -0800 Subject: [PATCH] (#3566) Add Pester tests for Credential Provider Add Pester tests to ensure we don't inadvertently bleed configured credentials into scenarios where they should not be used. --- .../Chocolatey/Disable-ChocolateySource.ps1 | 6 +- .../Chocolatey/Enable-ChocolateySource.ps1 | 4 +- .../Chocolatey/Get-ChocolateySource.ps1 | 11 +++ .../features/CredentialProvider.Tests.ps1 | 73 +++++++++++++++++++ 4 files changed, 87 insertions(+), 7 deletions(-) create mode 100644 tests/helpers/common/Chocolatey/Get-ChocolateySource.ps1 create mode 100644 tests/pester-tests/features/CredentialProvider.Tests.ps1 diff --git a/tests/helpers/common/Chocolatey/Disable-ChocolateySource.ps1 b/tests/helpers/common/Chocolatey/Disable-ChocolateySource.ps1 index 523839f5c9..58cb264f53 100644 --- a/tests/helpers/common/Chocolatey/Disable-ChocolateySource.ps1 +++ b/tests/helpers/common/Chocolatey/Disable-ChocolateySource.ps1 @@ -8,10 +8,8 @@ function Disable-ChocolateySource { [Parameter()] [switch]$All ) - # Significantly weird behaviour with piping this source list by property name. - $CurrentSources = (Invoke-Choco source list -r).Lines | ConvertFrom-ChocolateyOutput -Command SourceList | Where-Object { - $_.Name -like $Name - } + + $CurrentSources = Get-ChocolateySource -Name $Name foreach ($Source in $CurrentSources) { $null = Invoke-Choco source disable --name $Source.Name } diff --git a/tests/helpers/common/Chocolatey/Enable-ChocolateySource.ps1 b/tests/helpers/common/Chocolatey/Enable-ChocolateySource.ps1 index 6a44cd184e..6f6a2f1abd 100644 --- a/tests/helpers/common/Chocolatey/Enable-ChocolateySource.ps1 +++ b/tests/helpers/common/Chocolatey/Enable-ChocolateySource.ps1 @@ -9,9 +9,7 @@ function Enable-ChocolateySource { [switch]$All ) # Significantly weird behaviour with piping this source list by property name. - $CurrentSources = (Invoke-Choco source list -r).Lines | ConvertFrom-ChocolateyOutput -Command SourceList | Where-Object { - $_.Name -like $Name - } + $CurrentSources = Get-ChocolateySource -Name $Name foreach ($Source in $CurrentSources) { $null = Invoke-Choco source enable --name $Source.Name } diff --git a/tests/helpers/common/Chocolatey/Get-ChocolateySource.ps1 b/tests/helpers/common/Chocolatey/Get-ChocolateySource.ps1 new file mode 100644 index 0000000000..7b097500a9 --- /dev/null +++ b/tests/helpers/common/Chocolatey/Get-ChocolateySource.ps1 @@ -0,0 +1,11 @@ +function Get-ChocolateySource { + [CmdletBinding()] + param( + [Parameter()] + [string]$Name = "*" + ) + # Significantly weird behaviour with piping this source list by property name. + (Invoke-Choco source list -r).Lines | ConvertFrom-ChocolateyOutput -Command SourceList | Where-Object { + $_.Name -like $Name + } +} diff --git a/tests/pester-tests/features/CredentialProvider.Tests.ps1 b/tests/pester-tests/features/CredentialProvider.Tests.ps1 new file mode 100644 index 0000000000..2457e38c7f --- /dev/null +++ b/tests/pester-tests/features/CredentialProvider.Tests.ps1 @@ -0,0 +1,73 @@ +# These tests are to ensure that credentials from one configured and enabled source are not +# picked up and used when a URL is matching based on the hostname. These tests use an authenticated +# source without explicitly providing a username/password. It is expected that Chocolatey will prompt for +# the username and password. +Describe 'Ensuring credentials do not bleed from configured sources' -Tag CredentialProvider -ForEach @( + # Info and outdated are returning 0 in all test cases we've thrown at them. + # Suspect the only way either of these commands actually return non-zero is in a scenario where + # something goes catastrophically wrong outside of the actual command calls. + @{ + Command = 'info' + ExitCode = 0 + } + @{ + Command = 'outdated' + ExitCode = 0 + } + @{ + Command = 'install' + ExitCode = 1 + } + @{ + Command = 'search' + ExitCode = 0 + } + @{ + Command = 'upgrade' + ExitCode = 1 + } + @{ + Command = 'download' + ExitCode = 1 + } +) { + BeforeDiscovery { + $HasLicensedExtension = Test-PackageIsEqualOrHigher -PackageName 'chocolatey.extension' -Version '5.0.0' + } + + BeforeAll { + Initialize-ChocolateyTestInstall + Disable-ChocolateySource -All + Enable-ChocolateySource -Name 'hermes' + $SetupSource = Get-ChocolateySource -Name 'hermes-setup' + Remove-Item download -force -recurse + } + + # Skip the download command if chocolatey.extension is not installed. + Context 'Command ()' -Skip:($Command -eq 'download' -and -not $HasLicensedExtension) { + BeforeAll { + # Picked a package that is on `hermes-setup` but not on `hermes`. + $PackageUnderTest = 'chocolatey-compatibility.extension' + Restore-ChocolateyInstallSnapshot + # Chocolatey will prompt for credentials, we need to force something in there, and this will do that. + $Output = 'n' | Invoke-Choco $Command $PackageUnderTest --confirm --source="'$($SetupSource.Url)'" + } + + AfterAll { + Remove-ChocolateyInstallSnapshot + } + + It 'Exits Correctly ()' { + $Output.ExitCode | Should -Be $ExitCode -Because $Output.String + } + + It 'Outputs error message' { + if ($Command -eq 'search') { + $Output.Lines | Should -Contain "[NuGet] Not able to contact source '$($SetupSource.Url)'. Error was The remote server returned an error: (401) Unauthorized." -Because $Output.String + } else { + $Output.Lines | Should -Contain "Error retrieving packages from source '$($SetupSource.Url)':" -Because $Output.String + $Output.Lines | Should -Contain "The remote server returned an error: (401) Unauthorized." -Because $Output.String + } + } + } +}