Skip to content

Commit

Permalink
Refactor suma auth to not read/write certificate from filesystem
Browse files Browse the repository at this point in the history
  • Loading branch information
@nelsonkopliku
nelsonkopliku committed May 7, 2024
1 parent 783bdcc commit 69e7727
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 52 deletions.
21 changes: 2 additions & 19 deletions lib/trento/infrastructure/software_updates/auth/suma_auth.ex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,35 +78,18 @@ defmodule Trento.Infrastructure.SoftwareUpdates.Auth.SumaAuth do
defp setup_auth(%State{auth: nil} = state) do
with {:ok, %{url: url, username: username, password: password, ca_cert: ca_cert}} <-
SoftwareUpdates.get_settings(),
:ok <- write_ca_cert_file(ca_cert),
{:ok, auth_cookie} <- SumaApi.login(url, username, password, ca_cert != nil) do
{:ok, auth_cookie} <- SumaApi.login(url, username, password, ca_cert) do
{:ok,
%State{
state
| url: url,
username: username,
password: password,
ca_cert: ca_cert,
auth: auth_cookie,
use_ca_cert: ca_cert != nil
auth: auth_cookie
}}
end
end

defp setup_auth(%State{} = state), do: {:ok, state}

defp write_ca_cert_file(nil) do
case File.rm_rf(SumaApi.ca_cert_path()) do
{:ok, _} -> :ok
_ -> :error
end
end

defp write_ca_cert_file(ca_cert) do
SumaApi.ca_cert_path()
|> Path.dirname()
|> File.mkdir_p!()

File.write(SumaApi.ca_cert_path(), ca_cert)
end
end
33 changes: 0 additions & 33 deletions test/trento/infrastructure/software_updates/auth/suma_auth_test.exs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,6 @@ defmodule Trento.Infrastructure.SoftwareUpdates.Auth.SumaAuthTest do
username: nil,
password: nil,
ca_cert: nil,
use_ca_cert: false,
auth: nil
}

Expand All @@ -55,34 +54,6 @@ defmodule Trento.Infrastructure.SoftwareUpdates.Auth.SumaAuthTest do
setup_initial_settings()
end

test "should save existing CA certificate to local file", %{
settings: %Settings{ca_cert: ca_cert}
} do
assert {:ok, _} = start_supervised({SumaAuth, @test_integration_name})

expect(SumaApiMock, :login, fn _, _, _, true -> successful_login_response() end)

assert {:ok, %State{ca_cert: ^ca_cert}} = SumaAuth.authenticate(@test_integration_name)

cert_file_path = "/tmp/suma_ca_cert.crt"

assert File.exists?(cert_file_path)
^ca_cert = File.read!(cert_file_path)
end

test "should not save CA certificate file if no cert is provided" do
insert_software_updates_settings(ca_cert: nil, ca_uploaded_at: nil)

assert {:ok, _} = start_supervised({SumaAuth, @test_integration_name})

expect(SumaApiMock, :login, fn _, _, _, false -> successful_login_response() end)

assert {:ok, %State{ca_cert: nil}} =
SumaAuth.authenticate(@test_integration_name)

refute File.exists?("/tmp/suma_ca_cert.crt")
end

test "should redact sensitive data in SUMA state", %{
settings: %Settings{url: url, username: username, password: password}
} do
Expand All @@ -101,7 +72,6 @@ defmodule Trento.Infrastructure.SoftwareUpdates.Auth.SumaAuthTest do
username: username,
password: "<REDACTED>",
ca_cert: "<REDACTED>",
use_ca_cert: true,
auth: "<REDACTED>"
}

Expand Down Expand Up @@ -153,7 +123,6 @@ defmodule Trento.Infrastructure.SoftwareUpdates.Auth.SumaAuthTest do
username: nil,
password: nil,
ca_cert: nil,
use_ca_cert: false,
auth: nil
}

Expand Down Expand Up @@ -214,7 +183,6 @@ defmodule Trento.Infrastructure.SoftwareUpdates.Auth.SumaAuthTest do
username: username,
password: password,
ca_cert: ca_cert,
use_ca_cert: true,
auth: "pxt-session-cookie=4321"
}

Expand All @@ -235,7 +203,6 @@ defmodule Trento.Infrastructure.SoftwareUpdates.Auth.SumaAuthTest do
username: nil,
password: nil,
ca_cert: nil,
use_ca_cert: false,
auth: nil
}

Expand Down

0 comments on commit 69e7727

Please sign in to comment.