Enables bypassing of the authentication on integration

config/application.rb

@@ -17,6 +17,9 @@
 Bundler.require(*Rails.groups)
 
 module LinkCheckerApi
+  mattr_accessor :hosts_with_basic_authorization
+  self.hosts_with_basic_authorization = {}
+
   class Application < Rails::Application
     # Settings in config/environments/* take precedence over those specified here.
     # Application configuration should go into files in config/initializers

config/initializers/hosts_with_basic_authorization.rb

@@ -0,0 +1,3 @@
+if Rails.application.secrets.govuk_basic_auth_credentials
+  LinkCheckerApi.hosts_with_basic_authorization[Plek.new.website_uri.host.to_s] = Rails.application.secrets.govuk_basic_auth_credentials
+end

config/secrets.yml

@@ -14,16 +14,18 @@ development:
   secret_key_base: 36746f0eb3c57b16be0278bdf9a9418ec225ecd5f9a3183697a3dc0dfd3aa1d05d285b3ed42b77c92ae6deee7af6a2b9bc87f119eca9c74810dcc43ddd5eb02b
   google_api_key: <%= ENV["GOOGLE_API_KEY"] %>
   rate_limit_token: pfB6uNKYC8sB9PVgBLdwFToN
+  govuk_basic_auth_credentials: "test:test"
 
 test:
   secret_key_base: b81a573d7703bfdf5c80f2a201c9e9d7ec5aad3326e252534568e1a82a7fc79a09f0d8ebd5e7e0fb5fc584f6a23440f2be5c986ec723df389ef7527e3e7ffc12
   google_api_key: test
   rate_limit_token: pfB6uNKYC8sB9PVgBLdwFToN
-
+  govuk_basic_auth_credentials: "test:test"
 
 # Do not keep production secrets in the repository,
 # instead read values from the environment.
 production:
   secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
   google_api_key: <%= ENV["GOOGLE_API_KEY"] %>
   rate_limit_token: <%= ENV["RATE_LIMIT_TOKEN"] %>
+  govuk_basic_auth_credentials: <%= ENV["GOVUK_BASIC_AUTH_CREDENTIALS"] %>

lib/link_checker/uri_checker/http_checker.rb

@@ -288,16 +288,30 @@ def gov_uk_upload_uri?
       uri.path.starts_with? "/government/uploads"
     end
 
-    def additional_connection_headers
-      return nil unless gov_uk_uri?
+    def rate_limit_header
+      return {} unless gov_uk_uri?
+      { "Rate-Limit-Token": Rails.application.secrets.rate_limit_token }
+    end
 
-      { 'Rate-Limit-Token': Rails.application.secrets.rate_limit_token }
+    def basic_authorization_header
+      return {} unless LinkCheckerApi.hosts_with_basic_authorization.include?(uri.host)
+      { "Authorization": "Basic #{base64_encode_authorization(uri.host)}" }
+    end
+
+    def additional_connection_headers
+      Hash.new
+        .merge(rate_limit_header)
+        .merge(basic_authorization_header)
     end
 
     def use_google_safebrowsing?
       return false if gov_uk_uri? && !gov_uk_upload_uri?
 
       Rails.env.production? || Rails.application.secrets.google_api_key
     end
+
+    def base64_encode_authorization(host)
+      Base64.encode64(LinkCheckerApi.hosts_with_basic_authorization[host])
+    end
   end
 end

spec/lib/link_checker_spec.rb

@@ -323,5 +323,25 @@
         expect(request).to have_been_requested
       end
     end
+
+    context "when calling a url that requires authentication" do
+      let(:host) { "www.needsauthentication.co.uk" }
+      let(:uri) { "http://#{host}/a/page" }
+      let!(:request) do
+        stub_request(:get, uri).
+          with(headers: { "Authorization": "Basic #{Base64.encode64(Rails.application.secrets.govuk_basic_auth_credentials)}".strip }).
+          to_return(status: 200)
+      end
+
+      before do
+        LinkCheckerApi.hosts_with_basic_authorization[host.to_s] = Rails.application.secrets.govuk_basic_auth_credentials
+      end
+
+      it "should add basic auth" do
+        subject
+
+        expect(request).to have_been_requested
+      end
+    end
   end
 end