Add support and tests for access tokens (#49)

.dockerignore

@@ -1,3 +1,4 @@
 .env.test.local
 vendor/
 var/
+bin/.phpunit

.github/workflows/test-staging.yml

@@ -11,9 +11,10 @@ jobs:
     - name: Build test container
       run: docker build --target=test -t debricked/debricked-cli-test .
     - name: Run tests
-      run: docker run -e DEBRICKED_API_URI="$URI" -e DEBRICKED_USERNAME="$USER" -e DEBRICKED_PASSWORD="$PASS" -e EXCLUDED_DIRECTORIES="$EXCLUDED_DIRECTORIES" debricked/debricked-cli-test
+      run: docker run -e DEBRICKED_API_URI="$URI" -e DEBRICKED_USERNAME="$USER" -e DEBRICKED_PASSWORD="$PASS" -e DEBRICKED_TOKEN="$TOKEN" -e EXCLUDED_DIRECTORIES="$EXCLUDED_DIRECTORIES" debricked/debricked-cli-test
       env:
         USER: ${{ secrets.DEBRICKED_STAGING_USERNAME }}
         PASS: ${{ secrets.DEBRICKED_STAGING_PASSWORD }}
+        TOKEN: ${{ secrets.DEBRICKED_STAGING_TOKEN }}
         URI: ${{ secrets.DEBRICKED_STAGING_URI }}
         EXCLUDED_DIRECTORIES: "vendor,tests"

.github/workflows/test.yml

@@ -11,8 +11,9 @@ jobs:
     - name: Build test container
       run: docker build --target=test -t debricked/debricked-cli-test .
     - name: Run tests
-      run: docker run -e DEBRICKED_USERNAME="$USER" -e DEBRICKED_PASSWORD="$PASS" -e EXCLUDED_DIRECTORIES="$EXCLUDED_DIRECTORIES" debricked/debricked-cli-test
+      run: docker run -e DEBRICKED_USERNAME="$USER" -e DEBRICKED_PASSWORD="$PASS" -e DEBRICKED_TOKEN="$TOKEN" -e EXCLUDED_DIRECTORIES="$EXCLUDED_DIRECTORIES" debricked/debricked-cli-test
       env:
         USER: ${{ secrets.DEBRICKED_USERNAME }}
         PASS: ${{ secrets.DEBRICKED_PASSWORD }}
+        TOKEN: ${{ secrets.DEBRICKED_TOKEN }}
         EXCLUDED_DIRECTORIES: "vendor,tests"

composer.json

@@ -27,7 +27,7 @@
         "ext-iconv": "*",
         "ext-json": "*",
         "ext-zip": "*",
-        "debricked/shared": "^1.0",
+        "debricked/shared": "^1.1.0",
         "symfony/console": "^4.3.0|^5.0.0",
         "symfony/dotenv": "^4.3.0|^5.0.0",
         "symfony/finder": "^4.3.0|^5.0.0",
@@ -42,10 +42,7 @@
         "preferred-install": {
             "*": "dist"
         },
-        "sort-packages": true,
-        "platform": {
-            "php": "7.2.5"
-        }
+        "sort-packages": true
     },
     "autoload": {
         "psr-4": {

src/Command/CheckScanCommand.php

@@ -56,13 +56,13 @@ protected function configure(): void
             ->addArgument(
                 FindAndUploadFilesCommand::ARGUMENT_USERNAME,
                 InputArgument::REQUIRED,
-                'Your Debricked username',
+                'Your Debricked username. Set to an empty string if you use an access token.',
                 null
             )
             ->addArgument(
                 FindAndUploadFilesCommand::ARGUMENT_PASSWORD,
                 InputArgument::REQUIRED,
-                'Your Debricked password',
+                'Your Debricked password or access token',
                 null
             )
             ->addArgument(

src/Command/FindAndUploadFilesCommand.php

@@ -80,13 +80,13 @@ protected function configure(): void
             ->addArgument(
                 self::ARGUMENT_USERNAME,
                 InputArgument::REQUIRED,
-                'Your Debricked username',
+                'Your Debricked username. Set to an empty string if you use an access token.',
                 null
             )
             ->addArgument(
                 self::ARGUMENT_PASSWORD,
                 InputArgument::REQUIRED,
-                'Your Debricked password',
+                'Your Debricked password or access token',
                 null
             )
             ->addArgument(

src/Command/LicenseReportCommand.php

@@ -59,13 +59,13 @@ protected function configure(): void
             ->addArgument(
                 FindAndUploadFilesCommand::ARGUMENT_USERNAME,
                 InputArgument::REQUIRED,
-                'Your Debricked username',
+                'Your Debricked username. Set to an empty string if you use an access token.',
                 null
             )
             ->addArgument(
                 FindAndUploadFilesCommand::ARGUMENT_PASSWORD,
                 InputArgument::REQUIRED,
-                'Your Debricked password',
+                'Your Debricked password or access token',
                 null
             )
             ->addArgument(

tests/Command/FindAndUploadFilesCommandTest.php

@@ -505,6 +505,49 @@ public function testUploadAllFilesWeirdMeansError()
         $this->assertEquals(1, $this->commandTester->getStatusCode(), $output);
     }
 
+    public function testUploadUsingAccessToken()
+    {
+        $this->setUpMocks(true);
+
+        $this->commandTester->execute([
+            'command' => $this->command->getName(),
+            FindAndUploadFilesCommand::ARGUMENT_USERNAME => '',
+            FindAndUploadFilesCommand::ARGUMENT_PASSWORD => 'secret_access_token',
+            'repository-name' => 'test-upload-with-access-token',
+            'commit-name' => 'test-commit',
+            'repository-url' => 'repository-url',
+            'integration-name' => 'gitlab',
+            '--excluded-directories' => 'vendor,var',
+            '--branch-name' => 'test-branch',
+        ]);
+
+        $output = $this->commandTester->getDisplay();
+        $this->assertEquals(0, $this->commandTester->getStatusCode(), $output);
+        $this->assertStringContainsString('Successfully found and uploaded', $output);
+        $this->assertStringNotContainsString('Recursive search is disabled', $output);
+    }
+
+    public function testUploadUsingAccessTokenReal()
+    {
+        $this->setUpReal();
+
+        $this->commandTester->execute([
+            'command' => $this->command->getName(),
+            FindAndUploadFilesCommand::ARGUMENT_USERNAME => '',
+            FindAndUploadFilesCommand::ARGUMENT_PASSWORD => $_ENV['DEBRICKED_TOKEN'],
+            'repository-name' => 'test-upload-with-access-token-real',
+            'commit-name' => 'test-commit',
+            'repository-url' => 'repository-url',
+            'integration-name' => 'gitlab',
+            '--excluded-directories' => 'vendor,var',
+            '--branch-name' => 'test-branch',
+        ]);
+
+        $output = $this->commandTester->getDisplay();
+        $this->assertEquals(0, $this->commandTester->getStatusCode(), $output);
+        $this->assertStringContainsString('Successfully found and uploaded', $output);
+        $this->assertStringNotContainsString('Recursive search is disabled', $output);
+    }
 
     /** Helper function for tests that check our upload all files flag.
      * @param bool $uploadAll If we expect all files to be uploaded
@@ -556,11 +599,27 @@ public function setUpReal(): void
         $this->commandTester = new CommandTester($this->command);
     }
 
-    private function setUpMocks(): void
+    private function setUpMocks(bool $expectAccessToken = false): void
     {
         $ciUploadId = null;
-        $responseMockGenerator = function ($method, $url, $options) use ($ciUploadId) {
-            if (\strpos($url, '/api/1.0/open/uploads/dependencies/files') !== false) {
+        $hasAuthed = false;
+        $responseMockGenerator = function ($method, $url, $options) use (&$ciUploadId, &$hasAuthed, $expectAccessToken) {
+            if (!$expectAccessToken && \strpos($url, '/api/login_check') !== false) {
+                $hasAuthed = true;
+                return new MockResponse(\json_encode([
+                    'token' => 'eyImAToken',
+                ]));
+            } else if ($expectAccessToken && \strpos($url, '/api/login_refresh') !== false) {
+                $hasAuthed = true;
+                $this->assertArrayHasKey('body', $options);
+                $body = \json_decode($options['body'], true);
+                $this->assertEquals('secret_access_token', $body['refresh_token']);
+                return new MockResponse(\json_encode([
+                    'token' => 'eyImATokenFromAccessToken',
+                ]));
+            } else if (!$hasAuthed) {
+                return new MockResponse('', ['http_code'=> 401]);
+            } else if (\strpos($url, '/api/1.0/open/uploads/dependencies/files') !== false) {
                 if ($ciUploadId === null) $ciUploadId = \rand(100, 1_000_000);
                 return new MockResponse(\json_encode([
                     'ciUploadId' => $ciUploadId,
@@ -571,7 +630,8 @@ private function setUpMocks(): void
             } else if (\strpos($url, '/api/1.0/open/supported/dependency/files') !== false) {
                 return new MockResponse(<<<'EOD'
 {"dependencyFileNames":["apk\\.list","apt\\.list","((?!WORKSPACE|BUILD)).*(?:\\.bazel)","((?!WORKSPACE|BUILD)).*(?:\\.bzl)",".*_install\\.json","WORKSPACE\\.bazel","WORKSPACE\\.bzl","WORKSPACE","Podfile\\.lock","composer\\.lock","mix\\.lock","flatpak\\.list","Gemfile\\.lock","go\\.mod","Gopkg\\.lock","go\\.sum","build\\.gradle","build\\.gradle\\.kts","pom\\.xml","bower\\.json","package-lock\\.json","npm-shrinkwrap\\.json","package\\.json","yarn\\.lock",".*(?:\\.csproj)","packages\\.config","packages\\.lock\\.json","pacman\\.list","paket\\.lock","requirements.*(?:\\.txt)","Pipfile\\.lock","Pipfile","rpm\\.list","Cargo\\.lock","snap\\.list","\\.debricked-wfp-fingerprints\\.txt"],"dependencyFileNamesRequiresAllFiles":["WORKSPACE\\.bazel","WORKSPACE\\.bzl","WORKSPACE","build\\.gradle","build\\.gradle\\.kts","pom\\.xml"],"adjacentDependencyFileNames":{"build.gradle":".debricked-gradle-dependencies.txt","build.gradle.kts":".debricked-gradle-dependencies.txt","pom.xml":".debricked-maven-dependencies.tgf"}}
-EOD);
+EOD
+                );
             } else {
                 return new MockResponse('', ['http_code' => 404]);
             }