fix(drone): ADV-drone-01 — no-follow redirect pattern in SCM test

test_scm_configured.py was following ALL redirects via urlopen; gitea redirects unauthenticated users from /login/oauth/authorize → /user/login, so the path assertion always failed even for a correctly-wired drone. Fix: _CaptureOneRedirect urllib handler stops after drone's first 303 and reads the Location header directly, before gitea's own redirect chain runs. - Consume BUILDER-INBOX.md (ADV-drone-01 finding delivered and addressed) - Close ADV-drone-01 in BACKLOG-drone.md - Update test_gitea_dep.py terminology: "location_url" not "final_url" - All 10 unit tests pass Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-11 21:48:36 +00:00
parent d20bffd597
commit 7e7e84df34
4 changed files with 68 additions and 49 deletions
--- a/tests/unit/test_gitea_dep.py
+++ b/tests/unit/test_gitea_dep.py
@ -118,22 +118,22 @@ def test_enrich_deps_gitea_does_not_call_keycloak_path(monkeypatch):
 # ---------------------------------------------------------------------------


-@pytest.mark.parametrize("final_url,gitea_domain,client_id,expect_pass", [
-    # Correct redirect: final URL is gitea dep's authorize endpoint with matching client_id
+@pytest.mark.parametrize("location_url,gitea_domain,client_id,expect_pass", [
+    # Correct redirect: Location header points to gitea dep's authorize endpoint with matching client_id
    (
        "https://gite-aabbcc.ci.commoninternet.net/login/oauth/authorize?client_id=abc-123&redirect_uri=x",
        "gite-aabbcc.ci.commoninternet.net",
        "abc-123",
        True,
    ),
-    # Wrong domain: redirected to production gitea, not the dep
+    # Wrong domain: drone redirected to production gitea, not the dep
    (
        "https://git.autonomic.zone/login/oauth/authorize?client_id=abc-123",
        "gite-aabbcc.ci.commoninternet.net",
        "abc-123",
        False,
    ),
-    # Wrong path: not the OAuth authorize endpoint
+    # Wrong path: not the OAuth authorize endpoint (e.g. gitea's /user/login after full-redirect-follow)
    (
        "https://gite-aabbcc.ci.commoninternet.net/user/login?client_id=abc-123",
        "gite-aabbcc.ci.commoninternet.net",
@ -148,11 +148,15 @@ def test_enrich_deps_gitea_does_not_call_keycloak_path(monkeypatch):
        False,
    ),
 ])
-def test_scm_redirect_assertions(final_url, gitea_domain, client_id, expect_pass):
-    """Parametrized verification of the SCM-configured test assertion logic (no HTTP calls)."""
+def test_scm_redirect_assertions(location_url, gitea_domain, client_id, expect_pass):
+    """Parametrized verification of the SCM-configured test assertion logic (no HTTP calls).
+
+    Tests the URL assertions against the Location header from drone's first 303 redirect
+    (per ADV-drone-01 fix: _CaptureOneRedirect stops after drone's hop, not gitea's).
+    """
    import urllib.parse

-    parsed = urllib.parse.urlparse(final_url)
+    parsed = urllib.parse.urlparse(location_url)
    params = urllib.parse.parse_qs(parsed.query)

    checks = [
@ -163,6 +167,6 @@ def test_scm_redirect_assertions(final_url, gitea_domain, client_id, expect_pass
    ]
    all_pass = all(checks)
    assert all_pass == expect_pass, (
-        f"Expected {'pass' if expect_pass else 'fail'} for URL {final_url!r}; "
+        f"Expected {'pass' if expect_pass else 'fail'} for URL {location_url!r}; "
        f"checks: {checks}"
    )