Extend IP validation test with message verification (#1736)

2025-07-26 04:28:34 +02:00 · 2022-08-10 13:27:55 -04:00 · 2022-08-10 13:27:55 -04:00 · 45d90e7c68
commit 45d90e7c68
parent 028005906a
2 changed files with 14 additions and 5 deletions
--- a/core/src/main/java/google/registry/flows/TlsCredentials.java
+++ b/core/src/main/java/google/registry/flows/TlsCredentials.java
@ -220,7 +220,8 @@ public class TlsCredentials implements TransportCredentials {
      super(
          clientInetAddr.isPresent()
              ? String.format(
-                  "Registrar IP address %s is not in stored allow list", clientInetAddr.get())
+                  "Registrar IP address %s is not in stored allow list",
+                  clientInetAddr.get().getHostAddress())
              : "Registrar IP address is not in stored allow list");
    }
  }
--- a/core/src/test/java/google/registry/flows/TlsCredentialsTest.java
+++ b/core/src/test/java/google/registry/flows/TlsCredentialsTest.java
@ -14,6 +14,7 @@

 package google.registry.flows;

+import static com.google.common.truth.Truth.assertThat;
 import static com.google.common.truth.Truth8.assertThat;
 import static google.registry.testing.CertificateSamples.SAMPLE_CERT;
 import static google.registry.testing.DatabaseHelper.loadRegistrar;
@ -81,16 +82,23 @@ final class TlsCredentialsTest {
  @Test
  void test_missingIpAddress_doesntAllowAccess() {
    TlsCredentials tls =
-        new TlsCredentials(false, Optional.of("certHash"), Optional.empty(), certificateChecker);
+        new TlsCredentials(
+            false, Optional.of("certHash"), Optional.of("127.0.0.1"), certificateChecker);
    persistResource(
        loadRegistrar("TheRegistrar")
            .asBuilder()
            .setClientCertificate(SAMPLE_CERT, clock.nowUtc())
            .setIpAddressAllowList(ImmutableSet.of(CidrAddressBlock.create("3.5.8.13")))
            .build());
-    assertThrows(
-        BadRegistrarIpAddressException.class,
-        () -> tls.validate(Registrar.loadByRegistrarId("TheRegistrar").get(), "password"));
+
+    BadRegistrarIpAddressException thrown =
+        assertThrows(
+            BadRegistrarIpAddressException.class,
+            () -> tls.validate(Registrar.loadByRegistrarId("TheRegistrar").get(), "password"));
+
+    assertThat(thrown)
+        .hasMessageThat()
+        .isEqualTo("Registrar IP address 127.0.0.1 is not in stored allow list");
  }

  @Test