Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 5 additions & 38 deletions src/tests/web/web_auth_utils_test.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,54 +3,21 @@
from parameterized import parameterized

from tests.test_utils import mock_request_handler
from web.web_auth_utils import remove_webpack_suffixes, is_allowed_during_login


class WebpackSuffixesTest(TestCase):
def test_remove_webpack_suffixes_when_css(self):
normalized = remove_webpack_suffixes('js/chunk-login-vendors.59040343.css')
self.assertEqual('js/chunk-login-vendors.css', normalized)

def test_remove_webpack_suffixes_when_js(self):
normalized = remove_webpack_suffixes('js/login.be16f278.js')
self.assertEqual('js/login.js', normalized)

def test_remove_webpack_suffixes_when_js_map(self):
normalized = remove_webpack_suffixes('js/login.be16f278.js.map')
self.assertEqual('js/login.js.map', normalized)

def test_remove_webpack_suffixes_when_favicon(self):
normalized = remove_webpack_suffixes('favicon.123.ico')
self.assertEqual('favicon.123.ico', normalized)

def test_remove_webpack_suffixes_when_no_suffixes(self):
normalized = remove_webpack_suffixes('css/chunk-login-vendors.css')
self.assertEqual('css/chunk-login-vendors.css', normalized)

def test_remove_webpack_suffixes_when_no_extension(self):
normalized = remove_webpack_suffixes('data/some_file')
self.assertEqual('data/some_file', normalized)
from web.web_auth_utils import is_allowed_during_login


class LoginResourcesTest(TestCase):
@parameterized.expand([
('/favicon.ico'),
('login.html'),
('/js/login.be16f278.js'),
('/js/login.be16f278.js.map'),
('/js/chunk-login-vendors.18e22e7f.js'),
('/js/chunk-login-vendors.18e22e7f.js.map'),
('/img/titleBackground_login.a6c36d4c.jpg'),
('/css/login.8e74be0f.css'),
('/fonts/roboto-latin-400.60fa3c06.woff'),
('/fonts/roboto-latin-400.479970ff.woff2'),
('/fonts/roboto-latin-500.020c97dc.woff2'),
('/fonts/roboto-latin-500.87284894.woff'),
# Vite-built hashed bundles served from /assets/ (used by the login page)
('/assets/login-jEjOHyEw.js'),
('/assets/css-Bn4Yn0er.css'),
('/assets/theme-C3Leg-oT.css'),
('/assets/MaterialIcons-Regular-Bnsxcfr1.woff')
('/assets/MaterialIcons-Regular-Bnsxcfr1.woff'),
# Custom theme assets (conf/theme/...)
('/theme/theme.css'),
('/theme/logo.png')
])
def test_is_allowed_during_login_when_allowed(self, resource):
request_handler = mock_request_handler(method='GET')
Expand Down
40 changes: 1 addition & 39 deletions src/web/web_auth_utils.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,6 @@

LOGGER = logging.getLogger('web_server')

webpack_prefixed_extensions = ['.css', '.js.map', '.js', '.jpg', '.woff', '.woff2', '.png']


def check_authorization_sync(func):
wrapper = check_authorization(func)
Expand Down Expand Up @@ -101,21 +99,6 @@ def is_allowed_during_login(request_path, login_url, request_handler):

if request_path == login_url:
return True
request_path = remove_webpack_suffixes(request_path)

login_resources = ['/js/login.js',
'/js/login.js.map',
'/js/chunk-login-vendors.js',
'/js/chunk-login-vendors.js.map',
'/favicon.ico',
'/css/login.css',
'/css/chunk-login-vendors.css',
'/fonts/roboto-latin-500.woff2',
'/fonts/roboto-latin-500.woff',
'/fonts/roboto-latin-400.woff2',
'/fonts/roboto-latin-400.woff',
'/img/titleBackground_login.jpg',
'/img/gitlab-icon-rgb.png']

# Vite emits the bundled JS/CSS/fonts/images (used by the login page too,
# often as hashed and shared chunks) under /assets/. These are static client
Expand All @@ -124,25 +107,4 @@ def is_allowed_during_login(request_path, login_url, request_handler):
if request_path.startswith('/assets/'):
return True

return (request_path in login_resources) or (request_path.startswith('/theme/'))


def remove_webpack_suffixes(request_path):
if request_path.endswith('.js.map'):
extension_start = len(request_path) - 7
else:
extension_start = request_path.rfind('.')

extension = request_path[extension_start:]

if extension not in webpack_prefixed_extensions:
return request_path

if extension_start < 0:
return request_path

prefix_start = request_path.rfind('.', 0, extension_start)
if prefix_start < 0:
return request_path

return request_path[:prefix_start] + extension
return request_path.startswith('/theme/')
Loading