From 076ee25bfb12c7ae817d5154025d3125ef0ba866 Mon Sep 17 00:00:00 2001
From: chris48s <chris48s@users.noreply.github.com>
Date: Sat, 2 Jul 2022 21:57:36 +0100
Subject: [PATCH] moar fixes for [gitlab] auth (#8162)

* fix auth in gitlab contributors badge

* fix gitlab auth for badges that use fetchPaginatedArrayData()

* add a test covering fetchPaginatedArrayData auth

Co-authored-by: repo-ranger[bot] <39074581+repo-ranger[bot]@users.noreply.github.com>
---
 services/gitlab/gitlab-base.js                | 14 +++---
 .../gitlab/gitlab-contributors.service.js     | 20 ++++----
 services/gitlab/gitlab-contributors.tester.js | 11 +++++
 services/gitlab/gitlab-release.spec.js        | 48 +++++++++++++++++++
 4 files changed, 78 insertions(+), 15 deletions(-)
 create mode 100644 services/gitlab/gitlab-release.spec.js

diff --git a/services/gitlab/gitlab-base.js b/services/gitlab/gitlab-base.js
index 2818e715c1fd1..ecf1775e7ded1 100644
--- a/services/gitlab/gitlab-base.js
+++ b/services/gitlab/gitlab-base.js
@@ -18,10 +18,12 @@ export default class GitLabBase extends BaseJsonService {
   }
 
   async fetchPage({ page, requestParams, schema }) {
-    const { res, buffer } = await this._request({
-      ...requestParams,
-      ...{ options: { searchParams: { page } } },
-    })
+    const { res, buffer } = await this._request(
+      this.authHelper.withBearerAuthHeader({
+        ...requestParams,
+        ...{ options: { searchParams: { page } } },
+      })
+    )
 
     const json = this._parseJson(buffer)
     const data = this.constructor._validate(json, schema)
@@ -35,7 +37,7 @@ export default class GitLabBase extends BaseJsonService {
     errorMessages,
     firstPageOnly = false,
   }) {
-    const requestParams = this.authHelper.withBasicAuth({
+    const requestParams = {
       url,
       options: {
         headers: { Accept: 'application/json' },
@@ -43,7 +45,7 @@ export default class GitLabBase extends BaseJsonService {
         ...options,
       },
       errorMessages,
-    })
+    }
 
     const {
       res: { headers },
diff --git a/services/gitlab/gitlab-contributors.service.js b/services/gitlab/gitlab-contributors.service.js
index 5f442148892ab..00ebb6ad9b065 100644
--- a/services/gitlab/gitlab-contributors.service.js
+++ b/services/gitlab/gitlab-contributors.service.js
@@ -58,15 +58,17 @@ export default class GitlabContributors extends GitLabBase {
 
   async handle({ project }, { gitlab_url: baseUrl = 'https://gitlab.com' }) {
     // https://docs.gitlab.com/ee/api/repositories.html#contributors
-    const { res } = await this._request({
-      url: `${baseUrl}/api/v4/projects/${encodeURIComponent(
-        project
-      )}/repository/contributors`,
-      options: { searchParams: { page: '1', per_page: '1' } },
-      errorMessages: {
-        404: 'project not found',
-      },
-    })
+    const { res } = await this._request(
+      this.authHelper.withBearerAuthHeader({
+        url: `${baseUrl}/api/v4/projects/${encodeURIComponent(
+          project
+        )}/repository/contributors`,
+        options: { searchParams: { page: '1', per_page: '1' } },
+        errorMessages: {
+          404: 'project not found',
+        },
+      })
+    )
     const data = this.constructor._validate(res.headers, schema)
     // The total number of contributors is in the `x-total` field in the headers.
     // https://docs.gitlab.com/ee/api/index.html#other-pagination-headers
diff --git a/services/gitlab/gitlab-contributors.tester.js b/services/gitlab/gitlab-contributors.tester.js
index d5b2bd366e5a5..ddd48d1fbd617 100644
--- a/services/gitlab/gitlab-contributors.tester.js
+++ b/services/gitlab/gitlab-contributors.tester.js
@@ -1,6 +1,9 @@
 import { createServiceTester } from '../tester.js'
 import { isMetric } from '../test-validators.js'
+import { noToken } from '../test-helpers.js'
+import _noGitLabToken from './gitlab-contributors.service.js'
 export const t = await createServiceTester()
+const noGitLabToken = noToken(_noGitLabToken)
 
 t.create('Contributors')
   .get('/guoxudong.io/shields-test/licenced-test.json')
@@ -29,3 +32,11 @@ t.create('Mocking the missing x-total header')
     label: 'contributors',
     message: 'invalid response data',
   })
+
+t.create('Contributors (private repo)')
+  .skipWhen(noGitLabToken)
+  .get('/shields-ops-group/test.json')
+  .expectBadge({
+    label: 'contributors',
+    message: isMetric,
+  })
diff --git a/services/gitlab/gitlab-release.spec.js b/services/gitlab/gitlab-release.spec.js
new file mode 100644
index 0000000000000..c3a41a9022e51
--- /dev/null
+++ b/services/gitlab/gitlab-release.spec.js
@@ -0,0 +1,48 @@
+import { expect } from 'chai'
+import nock from 'nock'
+import { cleanUpNockAfterEach, defaultContext } from '../test-helpers.js'
+import GitLabRelease from './gitlab-release.service.js'
+
+describe('GitLabRelease', function () {
+  describe('auth', function () {
+    cleanUpNockAfterEach()
+
+    const fakeToken = 'abc123'
+    const config = {
+      public: {
+        services: {
+          gitlab: {
+            authorizedOrigins: ['https://gitlab.com'],
+          },
+        },
+      },
+      private: {
+        gitlab_token: fakeToken,
+      },
+    }
+
+    it('sends the auth information as configured', async function () {
+      const scope = nock('https://gitlab.com/')
+        .get('/api/v4/projects/foo%2Fbar/releases?page=1')
+        // This ensures that the expected credentials are actually being sent with the HTTP request.
+        // Without this the request wouldn't match and the test would fail.
+        .matchHeader('Authorization', `Bearer ${fakeToken}`)
+        .reply(200, [{ name: '1.9', tag_name: '1.9' }])
+
+      expect(
+        await GitLabRelease.invoke(
+          defaultContext,
+          config,
+          { project: 'foo/bar' },
+          {}
+        )
+      ).to.deep.equal({
+        label: undefined,
+        message: 'v1.9',
+        color: 'blue',
+      })
+
+      scope.done()
+    })
+  })
+})