github.com/google/osv-scalibr@v0.4.1/clients/datasource/maven_registry_auth_test.go (about) 1 // Copyright 2025 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package datasource 16 17 import ( 18 "encoding/base64" 19 "fmt" 20 "testing" 21 22 "github.com/google/osv-scalibr/clients/clienttest" 23 ) 24 25 func TestWithoutRegistriesMaintainsAuthData(t *testing.T) { 26 // Create mock server to test auth is maintained 27 srv := clienttest.NewMockHTTPServer(t) 28 29 // Create original client with multiple registries 30 client, _ := NewDefaultMavenRegistryAPIClient(t.Context(), srv.URL) 31 testRegistry1 := MavenRegistry{ 32 URL: "https://test1.maven.org/maven2/", 33 ID: "test1", 34 ReleasesEnabled: true, 35 } 36 testRegistry2 := MavenRegistry{ 37 URL: "https://test2.maven.org/maven2/", 38 ID: "test2", 39 SnapshotsEnabled: true, 40 } 41 if err := client.AddRegistry(t.Context(), testRegistry1); err != nil { 42 t.Fatalf("failed to add registry %s: %v", testRegistry1.URL, err) 43 } 44 if err := client.AddRegistry(t.Context(), testRegistry2); err != nil { 45 t.Fatalf("failed to add registry %s: %v", testRegistry2.URL, err) 46 } 47 48 // Directly modify registryAuths field in client 49 testUsername := "testuser" 50 testPassword := "testpass" 51 auth := map[string]*HTTPAuthentication{ 52 "default": { 53 SupportedMethods: []HTTPAuthMethod{AuthBasic}, 54 AlwaysAuth: true, 55 Username: testUsername, 56 Password: testPassword, 57 }, 58 } 59 client.registryAuths = auth 60 61 // Require test http client to always expect auth 62 credentials := fmt.Sprintf("%s:%s", testUsername, testPassword) 63 encodedCredentials := base64.StdEncoding.EncodeToString([]byte(credentials)) 64 srv.SetAuthorization(t, "Basic "+encodedCredentials) 65 66 // Set up response that requires authentication 67 srv.SetResponse(t, "org/example/x.y.z/maven-metadata.xml", []byte(` 68 <metadata> 69 <groupId>org.example</groupId> 70 <artifactId>x.y.z</artifactId> 71 <versioning> 72 <latest>2.0.0</latest> 73 <release>2.0.0</release> 74 <versions> 75 <version>2.0.0</version> 76 </versions> 77 </versioning> 78 </metadata> 79 `)) 80 81 // Create client without registries 82 clientWithoutReg := client.WithoutRegistries() 83 84 // Verify registries are empty 85 gotRegistries := clientWithoutReg.GetRegistries() 86 if len(gotRegistries) != 0 { 87 t.Errorf("WithoutRegistries() returned client with %d registries, want 0", len(gotRegistries)) 88 } 89 90 // Test that authenticated calls still work with default registry 91 GetVersions, err := clientWithoutReg.GetVersions(t.Context(), "org.example", "x.y.z") 92 if err != nil { 93 t.Fatalf("failed to get versions for Maven package %s:%s: %v", "org.example", "x.y.z", err) 94 } 95 96 if len(GetVersions) != 1 { 97 t.Errorf("WithoutRegistries() returned client with %d versions, want 1", len(GetVersions)) 98 } 99 }