REPP: Extend V1 base test

2025-06-05 20:27:30 +02:00 · 2020-10-20 17:00:25 +03:00 · 2020-10-20 17:00:25 +03:00 · 516b2180ca
commit 516b2180ca
parent ddc26b81b1
2 changed files with 43 additions and 10 deletions
--- a/app/controllers/repp/v1/base_controller.rb
+++ b/app/controllers/repp/v1/base_controller.rb
@ -69,10 +69,6 @@ module Repp
        )
      end

-      def ip_whitelisted?
-        return false unless current_user.registrar.api_ip_white?(request.ip)
-      end
-
      def basic_token
        pattern = /^Basic /
        header  = request.headers['Authorization']
@ -95,16 +91,16 @@ module Repp
      end

      def check_ip_restriction
-        ip_restriction = Authorization::RestrictedIP.new(request.ip)
-        allowed = ip_restriction.can_access_registrar_area?(@current_user.registrar)
+        allowed = @current_user.registrar.api_ip_white?(request.ip)

        return if allowed

        render(
-          status: :unauthorized,
-          json: { errors: [
-            { base: [I18n.t('registrar.authorization.ip_not_allowed', ip: request.ip)] },
-          ] }
+          json: {
+            code: 2202,
+            message: I18n.t('registrar.authorization.ip_not_allowed', ip: request.ip),
+          },
+          status: :unauthorized
        )
      end

--- a/test/integration/repp/v1/base_test.rb
+++ b/test/integration/repp/v1/base_test.rb
@ -15,6 +15,15 @@ class ReppV1BaseTest < ActionDispatch::IntegrationTest

    assert_response :unauthorized
    assert_equal 'Invalid authorization information', response_json[:message]
+
+    invalid_token = Base64.encode64("nonexistant:user")
+    headers = { 'Authorization' => "Basic #{invalid_token}" }
+
+    get repp_v1_contacts_path, headers: headers
+    response_json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :unauthorized
+    assert_equal 'Invalid authorization information', response_json[:message]
  end

  def test_authenticates_valid_user
@ -23,4 +32,32 @@ class ReppV1BaseTest < ActionDispatch::IntegrationTest

    assert_response :ok
  end
+
+  def test_processes_invalid_base64_token_format_properly
+    token = '??as8d9sf kjsdjh klsdfjjf'
+    headers = { 'Authorization' => "Basic #{token}"}
+    get repp_v1_contacts_path, headers: headers
+    response_json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :unauthorized
+    assert_equal 'Invalid authorization information', response_json[:message]
+  end
+
+  def test_takes_ip_whitelist_into_account
+    Setting.api_ip_whitelist_enabled = true
+    Setting.registrar_ip_whitelist_enabled = true
+
+    whiteip = white_ips(:one)
+    whiteip.update(ipv4: '1.1.1.1')
+
+    get repp_v1_contacts_path, headers: @auth_headers
+    response_json = JSON.parse(response.body, symbolize_names: true)
+
+    assert_response :unauthorized
+    assert_equal 2202, response_json[:code]
+    assert response_json[:message].include? 'Access denied from IP'
+
+    Setting.api_ip_whitelist_enabled = false
+    Setting.registrar_ip_whitelist_enabled = false
+  end
 end