Merge branch 'use-alert-service-token-in-notify-service' into 'master'

Add proper token check for Notify Service Closes #14792 See merge request gitlab-org/gitlab!17759

Merge branch 'use-alert-service-token-in-notify-service' into 'master'
Add proper token check for Notify Service Closes #14792 See merge request gitlab-org/gitlab!17759
d109b8f5 · Jan Provaznik · 6edea27f · 16991649 · d109b8f5 · d109b8f5
Commit d109b8f5 authored Sep 27, 2019 by Jan Provaznik
3 changed files
--- a/ee/app/services/projects/alerting/notify_service.rb
+++ b/ee/app/services/projects/alerting/notify_service.rb
@@ -5,14 +5,9 @@ module Projects
    class NotifyService < BaseService
      include Gitlab::Utils::StrongMemoize

-      # Prevents users to use WIP feature on private GitLab instances
-      # by enabling 'generic_alert_endpoint' feature manually.
-      # TODO: https://gitlab.com/gitlab-org/gitlab/issues/14792
-      DEV_TOKEN = :development_token
-
      def execute(token)
+        return forbidden unless alerts_service_activated?
        return unauthorized unless valid_token?(token)
-        return forbidden unless create_issue?

        process_incident_issues

@@ -23,6 +18,8 @@ module Projects

      private

+      delegate :alerts_service, to: :project
+
      def generic_alert_endpoint_enabled?
        Feature.enabled?(:generic_alert_endpoint, project)
      end
@@ -31,8 +28,10 @@ module Projects
        project.feature_available?(:incident_management)
      end

-      def create_issue?
-        incident_management_available? && generic_alert_endpoint_enabled?
+      def alerts_service_activated?
+        incident_management_available? &&
+          generic_alert_endpoint_enabled? &&
+          alerts_service.try(:active?)
      end

      def process_incident_issues
@@ -45,7 +44,7 @@ module Projects
      end

      def valid_token?(token)
-        token == DEV_TOKEN
+        token == alerts_service.token
      end

      def bad_request

--- a/ee/spec/factories/services.rb
+++ b/ee/spec/factories/services.rb
@@ -6,4 +6,14 @@ FactoryBot.define do
    active true
    type 'GitlabSlackApplicationService'
  end
+
+  factory :alerts_service do
+    project
+    type 'AlertsService'
+    active true
+
+    trait :inactive do
+      active false
+    end
+  end
 end
--- a/ee/spec/services/projects/alerting/notify_service_spec.rb
+++ b/ee/spec/services/projects/alerting/notify_service_spec.rb
@@ -36,7 +36,7 @@ describe Projects::Alerting::NotifyService do
  end

  describe '#execute' do
-    let(:token) { :development_token }
+    let(:token) { 'invalid-token' }
    let(:starts_at) { Time.now.change(usec: 0) }
    let(:service) { described_class.new(project, nil, payload) }
    let(:payload_raw) do
@@ -59,26 +59,36 @@ describe Projects::Alerting::NotifyService do
          stub_feature_flags(generic_alert_endpoint: true)
        end

-        context 'with valid token' do
-          context 'with a valid payload' do
-            it_behaves_like 'processes incident issues', 1
-          end
+        context 'with activated Alerts Service' do
+          let!(:alerts_service) { create(:alerts_service, project: project) }
+
+          context 'with valid token' do
+            let(:token) { alerts_service.token }
+
+            context 'with a valid payload' do
+              it_behaves_like 'processes incident issues', 1
+            end
+
+            context 'with an invalid payload' do
+              before do
+                allow(Gitlab::Alerting::NotificationPayloadParser)
+                  .to receive(:call)
+                  .and_raise(Gitlab::Alerting::NotificationPayloadParser::BadPayloadError)
+              end

-          context 'with an invalid payload' do
-            before do
-              allow(Gitlab::Alerting::NotificationPayloadParser)
-                .to receive(:call)
-                .and_raise(Gitlab::Alerting::NotificationPayloadParser::BadPayloadError)
+              it_behaves_like 'does not process incident issues', http_status: 400
            end
+          end

-            it_behaves_like 'does not process incident issues', http_status: 400
+          context 'with invalid token' do
+            it_behaves_like 'does not process incident issues', http_status: 401
          end
        end

-        context 'with invalid token' do
-          let(:token) { 'invalid-token' }
+        context 'with deactivated Alerts Service' do
+          let!(:alerts_service) { create(:alerts_service, :inactive, project: project) }

-          it_behaves_like 'does not process incident issues', http_status: 401
+          it_behaves_like 'does not process incident issues', http_status: 403
        end
      end