Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: pre-request script variable hostname certificate resolution [INS-4733] #8249

Open
wants to merge 5 commits into
base: develop
Choose a base branch
from

Conversation

ryan-willis
Copy link
Contributor

This fixes two distinct, but closely related issues:

When using a variable reference in the request URL for the hostname and a pre-request script with non-empty contents, client certs would be filtered using the un-rendered template text before sending the request and yield an error (part 1 of the new smoke test).

When gathering context to send a request that has a pre-request script with non-empty contents, the first cert in the list was always selected, disregarding the disabled flag and the hostname on the cert (part 2 of the new smoke test).

@ryan-willis ryan-willis force-pushed the fix/client-certificate-usage-in-requests branch from e5a8312 to 67e40d0 Compare December 12, 2024 21:19
marckong
marckong previously approved these changes Dec 12, 2024
Copy link
Contributor

@marckong marckong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

Copy link
Contributor

@ihexxa ihexxa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some comments and feel free to let me know your thoughts, also thanks for looking into this complicated issue.

@@ -167,16 +168,31 @@ export async function initInsomniaObject(
localVars: localVariables,
});

const existClientCert = rawObj.clientCertificates != null && rawObj.clientCertificates.length > 0;
const certificate = existClientCert && rawObj.clientCertificates[0] ?
const reqUrl = toUrlObject(rawObj.request.url);
Copy link
Contributor

@ihexxa ihexxa Dec 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sense to me to move this part from below, pls notice that the url parsing is not reliable for all cases as there could be templates in it (there's one card for it). such as representing both host and path with tag {{_.srvr}}{{ _.path }}, then this url will not be rendered as expected.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. I tried to avoid running the url through a full render but it looks like we might need to do that to cover this case

{
disabled: rawObj.clientCertificates[0].disabled,
disabled: existingClientCert.disabled,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You might notice that there seems no perfect way to transform it between 2 sides, I'm thinking if we could just leave the certificate undefined at the beginning, if user specified the cert in the script, we prepend to the cert list, or return the original certs, pls let me know what you think.

const host = reqUrl.getHost().replace(/{{\s*\_\./g, '{{');
const renderedHost = variables.replaceIn(host);

const renderedBaseUrl = toUrlObject(`${reqUrl.protocol}//${renderedHost}`);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There could be one edge case here when user doesn't specify the protocol then reqUrl.protocol will be empty.

await page.getByRole('button', { name: 'Send', exact: true }).click();
await expect(statusTag).toContainText('401 Unauthorized');
await expect(responseBody).toContainText('Client certificate required');

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants