test(aio): fix e2e tests

aio/aio-builds-setup/dockerbuild/scripts-js/lib/upload-server/index-test.ts

@@ -0,0 +1,10 @@
+// Imports
+import {GithubPullRequests} from '../common/github-pull-requests';
+import {BuildVerifier} from './build-verifier';
+
+// Run
+// TODO(gkalpak): Add e2e tests to cover these interactions as well.
+GithubPullRequests.prototype.addComment = () => Promise.resolve();
+BuildVerifier.prototype.verify = () => Promise.resolve();
+// tslint:disable-next-line: no-var-requires
+require('./index');

aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/nginx.e2e.ts

@@ -166,7 +166,7 @@ h.runForAllSupportedSchemes((scheme, port) => describe(`nginx (on ${scheme.toUpp
 
     it('should pass requests through to the upload server', done => {
       h.runCmd(`curl -iLX POST ${scheme}://${host}/create-build/${pr}/${sha9}`).
-        then(h.verifyResponse(400, /Missing or empty 'X-FILE' header/)).
+        then(h.verifyResponse(401, /Missing or empty 'AUTHORIZATION' header/)).
         then(done);
     });
 
@@ -196,11 +196,11 @@ h.runForAllSupportedSchemes((scheme, port) => describe(`nginx (on ${scheme.toUpp
 
     it('should accept SHAs with leading zeros (but not ignore them)', done => {
       const cmdPrefix = `curl -iLX POST  ${scheme}://${host}/create-build/${pr}`;
-      const bodyRegex = /Missing or empty 'X-FILE' header/;
+      const bodyRegex = /Missing or empty 'AUTHORIZATION' header/;
 
       Promise.all([
         h.runCmd(`${cmdPrefix}/0${sha9}`).then(h.verifyResponse(404)),
-        h.runCmd(`${cmdPrefix}/${sha0}`).then(h.verifyResponse(400, bodyRegex)),
+        h.runCmd(`${cmdPrefix}/${sha0}`).then(h.verifyResponse(401, bodyRegex)),
       ]).then(done);
     });
 

aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/server-integration.e2e.ts

@@ -13,8 +13,10 @@ h.runForAllSupportedSchemes((scheme, port) => describe(`integration (on ${scheme
 
   const getFile = (pr: string, sha: string, file: string) =>
     h.runCmd(`curl -iL ${scheme}://pr${pr}-${sha}.${host}/${file}`);
-  const uploadBuild = (pr: string, sha: string, archive: string) =>
-    h.runCmd(`curl -iLX POST --data-binary "@${archive}" ${scheme}://${host}/create-build/${pr}/${sha}`);
+  const uploadBuild = (pr: string, sha: string, archive: string) => {
+    const curlPost = 'curl -iLX POST --header "Authorization: Token FOO"';
+    return h.runCmd(`${curlPost} --data-binary "@${archive}" ${scheme}://${host}/create-build/${pr}/${sha}`);
+  };
 
   beforeEach(() => jasmine.DEFAULT_TIMEOUT_INTERVAL = 10000);
   afterEach(() => {

aio/aio-builds-setup/dockerbuild/scripts-js/lib/verify-setup/upload-server.e2e.ts

@@ -17,7 +17,9 @@ describe('upload-server (on HTTP)', () => {
 
 
   describe(`${host}/create-build/<pr>/<sha>`, () => {
-    const curl = `curl -iL --header "X-FILE: ${h.buildsDir}/snapshot.tar.gz"`;
+    const authorizationHeader = `--header "Authorization: Token FOO"`;
+    const xFileHeader = `--header "X-File: ${h.buildsDir}/snapshot.tar.gz"`;
+    const curl = `curl -iL ${authorizationHeader} ${xFileHeader}`;
 
 
     it('should disallow non-GET requests', done => {
@@ -33,14 +35,28 @@ describe('upload-server (on HTTP)', () => {
     });
 
 
+    it('should reject requests without an \'AUTHORIZATION\' header', done => {
+      const headers1 = '';
+      const headers2 = '--header "AUTHORIXATION: "';
+      const url = `http://${host}/create-build/${pr}/${sha9}`;
+      const bodyRegex = /^Missing or empty 'AUTHORIZATION' header/;
+
+      Promise.all([
+        h.runCmd(`curl -iL ${headers1} ${url}`).then(h.verifyResponse(401, bodyRegex)),
+        h.runCmd(`curl -iL  ${headers2} ${url}`).then(h.verifyResponse(401, bodyRegex)),
+      ]).then(done);
+    });
+
+
     it('should reject requests without an \'X-FILE\' header', done => {
-      const headers = '--header "X-FILE: "';
+      const headers1 = authorizationHeader;
+      const headers2 = `${authorizationHeader} --header "X-FILE: "`;
       const url = `http://${host}/create-build/${pr}/${sha9}`;
       const bodyRegex = /^Missing or empty 'X-FILE' header/;
 
       Promise.all([
-        h.runCmd(`curl -iL ${url}`).then(h.verifyResponse(400, bodyRegex)),
-        h.runCmd(`curl -iL ${headers} ${url}`).then(h.verifyResponse(400, bodyRegex)),
+        h.runCmd(`curl -iL ${headers1} ${url}`).then(h.verifyResponse(400, bodyRegex)),
+        h.runCmd(`curl -iL ${headers2} ${url}`).then(h.verifyResponse(400, bodyRegex)),
       ]).then(done);
     });
 

aio/aio-builds-setup/dockerbuild/scripts-sh/upload-server-test.sh

@@ -11,8 +11,8 @@ export AIO_REPO_SLUG=$TEST_AIO_REPO_SLUG
 export AIO_UPLOAD_HOSTNAME=$TEST_AIO_UPLOAD_HOSTNAME
 export AIO_UPLOAD_PORT=$TEST_AIO_UPLOAD_PORT
 
-export AIO_GITHUB_TOKEN=$(head -c -1 /aio-secrets/TEST_GITHUB_TOKEN 2>/dev/null)
-export AIO_PREVIEW_DEPLOYMENT_TOKEN=$(head -c -1 /aio-secrets/TEST_PREVIEW_DEPLOYMENT_TOKEN 2>/dev/null)
+export AIO_GITHUB_TOKEN=$(head -c -1 /aio-secrets/TEST_GITHUB_TOKEN 2>/dev/null || echo "TEST_GITHUB_TOKEN")
+export AIO_PREVIEW_DEPLOYMENT_TOKEN=$(head -c -1 /aio-secrets/TEST_PREVIEW_DEPLOYMENT_TOKEN 2>/dev/null || echo "TEST_PREVIEW_DEPLOYMENT_TOKEN")
 
 # Start the upload-server instance
 # TODO(gkalpak): Ideally, the upload server should be run as a non-privileged user.
@@ -21,7 +21,7 @@ appName=aio-upload-server-test
 if [[ "$1" == "stop" ]]; then
   pm2 delete $appName
 else
-  pm2 start $AIO_SCRIPTS_JS_DIR/dist/lib/upload-server \
+  pm2 start $AIO_SCRIPTS_JS_DIR/dist/lib/upload-server/index-test.js \
     --log /var/log/aio/upload-server-test.log \
     --name $appName \
     --no-autorestart \