CoCalc -- data.test.ts

GitHub Repository: sagemathinc/cocalc
Path: blob/master/src/packages/backend/data.test.ts
¹⁴⁴⁷ views
1
import { readFileSync } from "fs";
2

3
import {
4
  PsqlSSLEnvConfig,
5
  SSLConfig,
6
  sslConfigFromCoCalcEnv,
7
  sslConfigToPsqlEnv,
8
} from "./data";
9

10
enum TestString {
11
  SSL="tRuE",
12
  SSL_CA_FILE="test_ca_path",
13
  SSL_CLIENT_CERT_FILE="test_client_cert",
14
  SSL_CLIENT_KEY_FILE="test_client_key",
15
  SSL_CLIENT_KEY_PASSPHRASE="test_client_key_passphrase",
16
}
17

18
const mockFileContents = {
19
  [TestString.SSL_CA_FILE]: "ca-file-stuff",
20
  [TestString.SSL_CLIENT_CERT_FILE]: "client-cert-file-stuff",
21
  [TestString.SSL_CLIENT_KEY_FILE]: "client-key-file-stuff",
22
}
23

24
jest.mock("fs");
25
const mockReadFileSync = jest.mocked(readFileSync);
26

27
describe("#sslConfigFromCoCalcEnv", () => {
28
  beforeEach(() => {
29
    mockReadFileSync.mockImplementation((fileName) => mockFileContents[fileName as TestString]);
30
  });
31

32
  afterEach(() => {
33
    mockReadFileSync.mockClear();
34
  });
35

36
  it("returns false when provided empty configuration", async () => {
37
    // Arrange
38
    //
39
    const expected = false;
40

41
    // Act
42
    //
43
    const pgssl = sslConfigFromCoCalcEnv();
44

45
    // Assert
46
    //
47
    expect(pgssl).toEqual<SSLConfig>(expected);
48
  });
49

50
  it("returns true when SMC_DB_SSL field is not true (case insensitive)", async () => {
51
    // Arrange
52
    //
53
    const expected = true;
54

55
    // Act
56
    //
57
    const pgssl = sslConfigFromCoCalcEnv({
58
      SMC_DB_SSL: TestString.SSL,
59
    });
60

61
    // Assert
62
    //
63
    expect(pgssl).toEqual<SSLConfig>(expected);
64
  });
65

66
  it("returns false when SMC_DB_SSL field is not 'true' and no other configuration is provided", () => {
67
    // Arrange
68
    //
69
    const expected = false;
70

71
    // Act
72
    //
73
    const pgssl = sslConfigFromCoCalcEnv({
74
      SMC_DB_SSL: `!${TestString.SSL}`,
75
    });
76

77
    // Assert
78
    //
79
    expect(pgssl).toEqual<SSLConfig>(expected);
80
  });
81

82

83
  it("sets SSL config fields when provided", async () => {
84
    // Arrange
85
    //
86
    const expected = {
87
      caFile: TestString.SSL_CA_FILE,
88
      ca: mockFileContents[TestString.SSL_CA_FILE],
89
      clientCertFile: TestString.SSL_CLIENT_CERT_FILE,
90
      cert: mockFileContents[TestString.SSL_CLIENT_CERT_FILE],
91
      clientKeyFile: TestString.SSL_CLIENT_KEY_FILE,
92
      key: mockFileContents[TestString.SSL_CLIENT_KEY_FILE],
93
      passphrase: TestString.SSL_CLIENT_KEY_PASSPHRASE,
94
    };
95

96
    // Act
97
    //
98
    const pgssl = sslConfigFromCoCalcEnv({
99
      SMC_DB_SSL_CA_FILE: TestString.SSL_CA_FILE,
100
      SMC_DB_SSL_CLIENT_CERT_FILE: TestString.SSL_CLIENT_CERT_FILE,
101
      SMC_DB_SSL_CLIENT_KEY_FILE: TestString.SSL_CLIENT_KEY_FILE,
102
      SMC_DB_SSL_CLIENT_KEY_PASSPHRASE: TestString.SSL_CLIENT_KEY_PASSPHRASE,
103
    })
104

105
    // Assert
106
    //
107
    expect(pgssl).toEqual<SSLConfig>(expected);
108
  });
109

110
  it("ignores 'enabled' config field when other params are provided", async () => {
111
    // Arrange
112
    //
113
    const expected = {
114
      caFile: TestString.SSL_CA_FILE,
115
      ca: mockFileContents[TestString.SSL_CA_FILE],
116
    };
117

118
    // Act
119
    //
120
    const pgssl = sslConfigFromCoCalcEnv({
121
      SMC_DB_SSL: `!${TestString.SSL}`,
122
      SMC_DB_SSL_CA_FILE: TestString.SSL_CA_FILE,
123
    });
124

125
    // Assert
126
    //
127
    expect(pgssl).toEqual<SSLConfig>(expected);
128
  });
129

130
  it("reads SSL config fields from process.env by default", async () => {
131
    // Arrange
132
    //
133
    const expected = {
134
      caFile: TestString.SSL_CA_FILE,
135
      ca: mockFileContents[TestString.SSL_CA_FILE],
136
      clientCertFile: TestString.SSL_CLIENT_CERT_FILE,
137
      cert: mockFileContents[TestString.SSL_CLIENT_CERT_FILE],
138
      clientKeyFile: TestString.SSL_CLIENT_KEY_FILE,
139
      key: mockFileContents[TestString.SSL_CLIENT_KEY_FILE],
140
      passphrase: TestString.SSL_CLIENT_KEY_PASSPHRASE,
141
    };
142

143
    process.env = {
144
      SMC_DB_SSL_CA_FILE: TestString.SSL_CA_FILE,
145
      SMC_DB_SSL_CLIENT_CERT_FILE: TestString.SSL_CLIENT_CERT_FILE,
146
      SMC_DB_SSL_CLIENT_KEY_FILE: TestString.SSL_CLIENT_KEY_FILE,
147
      SMC_DB_SSL_CLIENT_KEY_PASSPHRASE: TestString.SSL_CLIENT_KEY_PASSPHRASE,
148
    }
149

150
    // Act
151
    //
152
    const pgssl = sslConfigFromCoCalcEnv();
153

154
    // Assert
155
    //
156
    expect(pgssl).toEqual<SSLConfig>(expected);
157
  });
158

159
  it("throws error when CA cert file cannot be read", async () => {
160
    // Arrange
161
    //
162
    const readError = new Error("dude where's my ca file");
163
    mockReadFileSync.mockImplementation(() => {
164
      throw readError;
165
    });
166

167
    // Act/Assert
168
    //
169
    expect(() => sslConfigFromCoCalcEnv({
170
      SMC_DB_SSL_CA_FILE: TestString.SSL_CA_FILE,
171
    })).toThrow(readError);
172
  });
173

174
  it("throws error when client cert file cannot be read", async () => {
175
    // Arrange
176
    //
177
    const readError = new Error("dude where's my cert file");
178
    mockReadFileSync.mockImplementation(() => {
179
      throw readError;
180
    });
181

182
    // Act/Assert
183
    //
184
    expect(() => sslConfigFromCoCalcEnv({
185
      SMC_DB_SSL_CLIENT_CERT_FILE: TestString.SSL_CLIENT_CERT_FILE,
186
    })).toThrow(readError);
187
  });
188

189
  it("throws error when client key file cannot be read", async () => {
190
    // Arrange
191
    //
192
    const readError = new Error("dude where's my key file");
193
    mockReadFileSync.mockImplementation(() => {
194
      throw readError;
195
    });
196

197
    // Act/Assert
198
    //
199
    expect(() => sslConfigFromCoCalcEnv({
200
      SMC_DB_SSL_CLIENT_KEY_FILE: TestString.SSL_CLIENT_KEY_FILE,
201
    })).toThrow(readError);
202
  });
203
});
204

205
describe("#sslConfigToPsqlEnv", () => {
206
  it("returns empty object when provided config is undefined", async () => {
207
    // Arrange
208
    //
209
    const expected: PsqlSSLEnvConfig = {};
210

211
    // Act
212
    //
213
    const env = sslConfigToPsqlEnv(undefined);
214

215
    // Assert
216
    //
217
    expect(env).toEqual<PsqlSSLEnvConfig>(expected);
218
  });
219

220
  it("returns empty object when provided config is false", async () => {
221
    // Arrange
222
    //
223
    const expected: PsqlSSLEnvConfig = {};
224

225
    // Act
226
    //
227
    const env = sslConfigToPsqlEnv(false);
228

229
    // Assert
230
    //
231
    expect(env).toEqual<PsqlSSLEnvConfig>(expected);
232
  });
233

234
  it("configures SSL mode to require when provided config is true", async () => {
235
    // Arrange
236
    //
237
    const expected: PsqlSSLEnvConfig = {
238
      PGSSLMODE: "require",
239
    };
240

241
    // Act
242
    //
243
    const env = sslConfigToPsqlEnv(true);
244

245
    // Assert
246
    //
247
    expect(env).toEqual<PsqlSSLEnvConfig>(expected);
248
  });
249

250
  it("validates against the system cert store when provided empty configuration", async () => {
251
    // Arrange
252
    //
253
    const expected: PsqlSSLEnvConfig = {
254
      PGSSLMODE: "verify-full",
255
      PGSSLROOTCERT: "system",
256
    };
257

258
    // Act
259
    //
260
    const env = sslConfigToPsqlEnv({});
261

262
    // Assert
263
    //
264
    expect(env).toEqual<PsqlSSLEnvConfig>(expected);
265
  });
266

267
  it("validates against a custom certificate authority when provided", async () => {
268
    // Arrange
269
    //
270
    const expected: PsqlSSLEnvConfig = {
271
      PGSSLMODE: "verify-full",
272
      PGSSLROOTCERT: TestString.SSL_CA_FILE,
273
    };
274

275
    // Act
276
    //
277
    const env = sslConfigToPsqlEnv({
278
      caFile: TestString.SSL_CA_FILE,
279
    });
280

281
    // Assert
282
    //
283
    expect(env).toEqual<PsqlSSLEnvConfig>(expected);
284
  });
285

286
  it("uses a client cert when provided", async () => {
287
    // Arrange
288
    //
289
    const expected: PsqlSSLEnvConfig = {
290
      PGSSLMODE: "verify-full",
291
      PGSSLROOTCERT: "system",
292
      PGSSLCERT: TestString.SSL_CLIENT_CERT_FILE,
293
    };
294

295
    // Act
296
    //
297
    const env = sslConfigToPsqlEnv({
298
      clientCertFile: TestString.SSL_CLIENT_CERT_FILE,
299
    });
300

301
    // Assert
302
    //
303
    expect(env).toEqual<PsqlSSLEnvConfig>(expected);
304
  });
305

306
  it("uses a client key when provided", async () => {
307
    // Arrange
308
    //
309
    const expected: PsqlSSLEnvConfig = {
310
      PGSSLMODE: "verify-full",
311
      PGSSLROOTCERT: "system",
312
      PGSSLKEY: TestString.SSL_CLIENT_KEY_FILE,
313
    };
314

315
    // Act
316
    //
317
    const env = sslConfigToPsqlEnv({
318
      clientKeyFile: TestString.SSL_CLIENT_KEY_FILE,
319
    });
320

321
    // Assert
322
    //
323
    expect(env).toEqual<PsqlSSLEnvConfig>(expected);
324
  });
325
});
326

327
Product

Resources

Company
