-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: pre-request script variable hostname certificate resolution [INS-4733] #8249
base: develop
Are you sure you want to change the base?
fix: pre-request script variable hostname certificate resolution [INS-4733] #8249
Conversation
e5a8312
to
67e40d0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added some comments and feel free to let me know your thoughts, also thanks for looking into this complicated issue.
@@ -167,16 +168,31 @@ export async function initInsomniaObject( | |||
localVars: localVariables, | |||
}); | |||
|
|||
const existClientCert = rawObj.clientCertificates != null && rawObj.clientCertificates.length > 0; | |||
const certificate = existClientCert && rawObj.clientCertificates[0] ? | |||
const reqUrl = toUrlObject(rawObj.request.url); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This makes sense to me to move this part from below, pls notice that the url parsing is not reliable for all cases as there could be templates in it (there's one card for it). such as representing both host and path with tag {{_.srvr}}{{ _.path }}
, then this url will not be rendered as expected.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. I tried to avoid running the url through a full render but it looks like we might need to do that to cover this case
{ | ||
disabled: rawObj.clientCertificates[0].disabled, | ||
disabled: existingClientCert.disabled, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You might notice that there seems no perfect way to transform it between 2 sides, I'm thinking if we could just leave the certificate undefined at the beginning, if user specified the cert in the script, we prepend to the cert list, or return the original certs, pls let me know what you think.
const host = reqUrl.getHost().replace(/{{\s*\_\./g, '{{'); | ||
const renderedHost = variables.replaceIn(host); | ||
|
||
const renderedBaseUrl = toUrlObject(`${reqUrl.protocol}//${renderedHost}`); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There could be one edge case here when user doesn't specify the protocol then reqUrl.protocol
will be empty.
await page.getByRole('button', { name: 'Send', exact: true }).click(); | ||
await expect(statusTag).toContainText('401 Unauthorized'); | ||
await expect(responseBody).toContainText('Client certificate required'); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
This fixes two distinct, but closely related issues:
When using a variable reference in the request URL for the hostname and a pre-request script with non-empty contents, client certs would be filtered using the un-rendered template text before sending the request and yield an error (part 1 of the new smoke test).
When gathering context to send a request that has a pre-request script with non-empty contents, the first cert in the list was always selected, disregarding the disabled flag and the hostname on the cert (part 2 of the new smoke test).