mirror of
https://github.com/internetee/registry.git
synced 2025-07-20 17:55:55 +02:00
parent
26eb47ae09
commit
6e597f39e8
9 changed files with 178 additions and 124 deletions
90
spec/requests/registrar/ip_restriction_spec.rb
Normal file
90
spec/requests/registrar/ip_restriction_spec.rb
Normal file
|
@ -0,0 +1,90 @@
|
|||
require 'rails_helper'
|
||||
|
||||
RSpec.describe 'Registrar area IP restriction', settings: false do
|
||||
describe 'authenticated area' do
|
||||
before do
|
||||
sign_in_to_registrar_area
|
||||
end
|
||||
|
||||
context 'when IP restriction is enabled' do
|
||||
before do
|
||||
Setting.registrar_ip_whitelist_enabled = true
|
||||
end
|
||||
|
||||
context 'when ip is allowed' do
|
||||
let!(:white_ip) { create(:white_ip,
|
||||
ipv4: '127.0.0.1',
|
||||
registrar: controller.current_user.registrar,
|
||||
interfaces: [WhiteIp::REGISTRAR]) }
|
||||
|
||||
specify do
|
||||
get registrar_root_url
|
||||
follow_redirect!
|
||||
expect(response).to be_success
|
||||
end
|
||||
end
|
||||
|
||||
context 'when ip is not allowed' do
|
||||
it 'signs the user out' do
|
||||
get registrar_root_url
|
||||
follow_redirect!
|
||||
expect(controller.current_user).to be_nil
|
||||
end
|
||||
|
||||
it 'redirects to login url' do
|
||||
get registrar_root_url
|
||||
expect(response).to redirect_to(registrar_login_url)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'when IP restriction is disabled' do
|
||||
before do
|
||||
Setting.registrar_ip_whitelist_enabled = false
|
||||
end
|
||||
|
||||
specify do
|
||||
get registrar_root_url
|
||||
follow_redirect!
|
||||
expect(response).to be_success
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'unauthenticated area' do
|
||||
context 'when IP restriction is enabled' do
|
||||
before do
|
||||
Setting.registrar_ip_whitelist_enabled = true
|
||||
end
|
||||
|
||||
context 'when ip is allowed' do
|
||||
let!(:white_ip) { create(:white_ip,
|
||||
ipv4: '127.0.0.1',
|
||||
interfaces: [WhiteIp::REGISTRAR]) }
|
||||
|
||||
specify do
|
||||
get registrar_login_path
|
||||
expect(response).to be_success
|
||||
end
|
||||
end
|
||||
|
||||
context 'when ip is not allowed' do
|
||||
specify do
|
||||
get registrar_login_path
|
||||
expect(response).to be_forbidden
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
context 'when IP restriction is disabled' do
|
||||
before do
|
||||
Setting.registrar_ip_whitelist_enabled = false
|
||||
end
|
||||
|
||||
specify do
|
||||
get registrar_login_path
|
||||
expect(response).to be_success
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -1,67 +0,0 @@
|
|||
require 'rails_helper'
|
||||
|
||||
RSpec.describe 'Registrar session management', db: false do
|
||||
describe 'GET /registrar/login' do
|
||||
context 'when ip is allowed' do
|
||||
let(:restricted_ip) { instance_double(Authorization::RestrictedIP,
|
||||
can_access_registrar_area_sign_in_page?: true) }
|
||||
|
||||
before do
|
||||
allow(Authorization::RestrictedIP).to receive(:new).and_return(restricted_ip)
|
||||
end
|
||||
|
||||
specify do
|
||||
get registrar_login_path
|
||||
expect(response).to be_success
|
||||
end
|
||||
end
|
||||
|
||||
context 'when ip is not allowed' do
|
||||
let(:restricted_ip) { instance_double(Authorization::RestrictedIP,
|
||||
can_access_registrar_area_sign_in_page?: false) }
|
||||
|
||||
before do
|
||||
allow(Authorization::RestrictedIP).to receive(:new).and_return(restricted_ip)
|
||||
end
|
||||
|
||||
specify do
|
||||
get registrar_login_path
|
||||
expect(response).to be_forbidden
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'POST /registrar/sessions' do
|
||||
context 'when ip is allowed' do
|
||||
let(:restricted_ip) { instance_double(Authorization::RestrictedIP,
|
||||
can_access_registrar_area_sign_in_page?: true) }
|
||||
|
||||
before do
|
||||
allow(Authorization::RestrictedIP).to receive(:new).and_return(restricted_ip)
|
||||
end
|
||||
|
||||
specify do
|
||||
make_request
|
||||
expect(response).to be_success
|
||||
end
|
||||
end
|
||||
|
||||
context 'when ip is not allowed' do
|
||||
let(:restricted_ip) { instance_double(Authorization::RestrictedIP,
|
||||
can_access_registrar_area_sign_in_page?: false) }
|
||||
|
||||
before do
|
||||
allow(Authorization::RestrictedIP).to receive(:new).and_return(restricted_ip)
|
||||
end
|
||||
|
||||
specify do
|
||||
make_request
|
||||
expect(response).to be_forbidden
|
||||
end
|
||||
end
|
||||
|
||||
def make_request
|
||||
post registrar_sessions_path, depp_user: { tag: 'test', password: 'test' }
|
||||
end
|
||||
end
|
||||
end
|
20
spec/requests/registrar/sign_in/password_spec.rb
Normal file
20
spec/requests/registrar/sign_in/password_spec.rb
Normal file
|
@ -0,0 +1,20 @@
|
|||
require 'rails_helper'
|
||||
|
||||
RSpec.describe 'Registrar area password sign-in', settings: false do
|
||||
let!(:user) { create(:api_user, active: true, login: 'test', password: 'testtest') }
|
||||
|
||||
before do
|
||||
Setting.registrar_ip_whitelist_enabled = false
|
||||
end
|
||||
|
||||
it 'signs the user in' do
|
||||
post registrar_sessions_path, depp_user: { tag: 'test', password: 'testtest' }
|
||||
follow_redirect!
|
||||
expect(controller.current_user).to eq(user)
|
||||
end
|
||||
|
||||
it 'redirects to root url' do
|
||||
post registrar_sessions_path, depp_user: { tag: 'test', password: 'testtest' }
|
||||
expect(response).to redirect_to(registrar_root_url)
|
||||
end
|
||||
end
|
|
@ -1,21 +1,19 @@
|
|||
require 'rails_helper'
|
||||
|
||||
RSpec.describe 'Registrar area sign-out', settings: false do
|
||||
describe 'sign-out' do
|
||||
before do
|
||||
Setting.registrar_ip_whitelist_enabled = false
|
||||
sign_in_to_registrar_area
|
||||
end
|
||||
before do
|
||||
Setting.registrar_ip_whitelist_enabled = false
|
||||
sign_in_to_registrar_area
|
||||
end
|
||||
|
||||
it 'signs the user out' do
|
||||
delete registrar_destroy_user_session_path
|
||||
follow_redirect!
|
||||
expect(controller.current_user).to be_nil
|
||||
end
|
||||
it 'signs the user out' do
|
||||
delete registrar_destroy_user_session_path
|
||||
follow_redirect!
|
||||
expect(controller.current_user).to be_nil
|
||||
end
|
||||
|
||||
it 'redirects to login url' do
|
||||
delete registrar_destroy_user_session_path
|
||||
expect(response).to redirect_to(registrar_login_url)
|
||||
end
|
||||
it 'redirects to login url' do
|
||||
delete registrar_destroy_user_session_path
|
||||
expect(response).to redirect_to(registrar_login_url)
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue