mirror of
https://github.com/internetee/registry.git
synced 2025-07-28 13:36:15 +02:00
Updated base_test
This commit is contained in:
parent
52405e1796
commit
fe6015491c
7 changed files with 59 additions and 15 deletions
1
Gemfile
1
Gemfile
|
@ -89,6 +89,7 @@ group :test do
|
||||||
gem 'capybara'
|
gem 'capybara'
|
||||||
gem 'database_cleaner'
|
gem 'database_cleaner'
|
||||||
gem 'minitest', '~> 5.17'
|
gem 'minitest', '~> 5.17'
|
||||||
|
gem 'minitest-stub_any_instance'
|
||||||
gem 'simplecov', '0.17.1', require: false # CC last supported v0.17
|
gem 'simplecov', '0.17.1', require: false # CC last supported v0.17
|
||||||
gem 'spy'
|
gem 'spy'
|
||||||
gem 'webdrivers'
|
gem 'webdrivers'
|
||||||
|
|
|
@ -311,6 +311,7 @@ GEM
|
||||||
mini_mime (1.1.2)
|
mini_mime (1.1.2)
|
||||||
mini_portile2 (2.8.2)
|
mini_portile2 (2.8.2)
|
||||||
minitest (5.18.1)
|
minitest (5.18.1)
|
||||||
|
minitest-stub_any_instance (1.0.3)
|
||||||
monetize (1.9.4)
|
monetize (1.9.4)
|
||||||
money (~> 6.12)
|
money (~> 6.12)
|
||||||
money (6.13.8)
|
money (6.13.8)
|
||||||
|
@ -571,6 +572,7 @@ DEPENDENCIES
|
||||||
mime-types-data
|
mime-types-data
|
||||||
mimemagic (= 0.4.3)
|
mimemagic (= 0.4.3)
|
||||||
minitest (~> 5.17)
|
minitest (~> 5.17)
|
||||||
|
minitest-stub_any_instance
|
||||||
money-rails
|
money-rails
|
||||||
newrelic-infinite_tracing
|
newrelic-infinite_tracing
|
||||||
newrelic_rpm
|
newrelic_rpm
|
||||||
|
@ -606,4 +608,4 @@ DEPENDENCIES
|
||||||
wkhtmltopdf-binary (~> 0.12.6.1)
|
wkhtmltopdf-binary (~> 0.12.6.1)
|
||||||
|
|
||||||
BUNDLED WITH
|
BUNDLED WITH
|
||||||
2.4.13
|
2.4.14
|
||||||
|
|
|
@ -122,12 +122,16 @@ module Repp
|
||||||
end
|
end
|
||||||
|
|
||||||
def check_ip_restriction
|
def check_ip_restriction
|
||||||
return if webclient_request?
|
return if webclient_request? && registrar_ip_white?
|
||||||
return if @current_user.registrar.api_ip_white?(request.ip)
|
return if !webclient_request? && @current_user.registrar.api_ip_white?(request.ip)
|
||||||
|
|
||||||
@response = { code: 2202,
|
render_unauthorized_response
|
||||||
message: I18n.t('registrar.authorization.ip_not_allowed', ip: request.ip) }
|
end
|
||||||
render(json: @response, status: :unauthorized)
|
|
||||||
|
def registrar_ip_white?
|
||||||
|
return true unless request.headers['X-Client-IP']
|
||||||
|
|
||||||
|
@current_user.registrar.registrar_ip_white?(request.headers['X-Client-IP'])
|
||||||
end
|
end
|
||||||
|
|
||||||
def render_unauthorized_response
|
def render_unauthorized_response
|
||||||
|
@ -138,7 +142,11 @@ module Repp
|
||||||
def webclient_request?
|
def webclient_request?
|
||||||
return false if Rails.env.test? || Rails.env.development?
|
return false if Rails.env.test? || Rails.env.development?
|
||||||
|
|
||||||
ENV['webclient_ips'].split(',').map(&:strip).include?(request.ip)
|
webclient_ips.include?(request.ip)
|
||||||
|
end
|
||||||
|
|
||||||
|
def webclient_ips
|
||||||
|
ENV['webclient_ips'].to_s.split(',').map(&:strip)
|
||||||
end
|
end
|
||||||
|
|
||||||
def validate_webclient_ca
|
def validate_webclient_ca
|
||||||
|
|
|
@ -200,6 +200,12 @@ class Registrar < ApplicationRecord # rubocop:disable Metrics/ClassLength
|
||||||
white_ips.api.include_ip?(ip)
|
white_ips.api.include_ip?(ip)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def registrar_ip_white?(ip)
|
||||||
|
return true unless Setting.registrar_ip_whitelist_enabled
|
||||||
|
|
||||||
|
white_ips.registrar_area.include_ip?(ip)
|
||||||
|
end
|
||||||
|
|
||||||
def accredited?
|
def accredited?
|
||||||
api_users.any? do |a|
|
api_users.any? do |a|
|
||||||
return true unless a.accreditation_date.nil?
|
return true unless a.accreditation_date.nil?
|
||||||
|
|
|
@ -51,13 +51,39 @@ class ReppV1BaseTest < ActionDispatch::IntegrationTest
|
||||||
whiteip.update(ipv4: '1.1.1.1')
|
whiteip.update(ipv4: '1.1.1.1')
|
||||||
|
|
||||||
get repp_v1_contacts_path, headers: @auth_headers
|
get repp_v1_contacts_path, headers: @auth_headers
|
||||||
|
|
||||||
|
assert_unauthorized_ip
|
||||||
|
|
||||||
|
Setting.api_ip_whitelist_enabled = false
|
||||||
|
Setting.registrar_ip_whitelist_enabled = false
|
||||||
|
end
|
||||||
|
|
||||||
|
def test_takes_ip_whitelist_into_account_if_webclient_request
|
||||||
|
Setting.api_ip_whitelist_enabled = true
|
||||||
|
Setting.registrar_ip_whitelist_enabled = true
|
||||||
|
|
||||||
|
whiteip = white_ips(:one)
|
||||||
|
whiteip.update(interfaces: ['api'])
|
||||||
|
|
||||||
|
Repp::V1::BaseController.stub_any_instance(:webclient_request?, true) do
|
||||||
|
Repp::V1::BaseController.stub_any_instance(:validate_webclient_ca, true) do
|
||||||
|
get repp_v1_contacts_path, headers: @auth_headers.merge!({ 'X-Client-IP' => whiteip.ipv4 })
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
assert_unauthorized_ip
|
||||||
|
|
||||||
|
Setting.api_ip_whitelist_enabled = false
|
||||||
|
Setting.registrar_ip_whitelist_enabled = false
|
||||||
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
|
def assert_unauthorized_ip
|
||||||
response_json = JSON.parse(response.body, symbolize_names: true)
|
response_json = JSON.parse(response.body, symbolize_names: true)
|
||||||
|
|
||||||
assert_response :unauthorized
|
assert_response :unauthorized
|
||||||
assert_equal 2202, response_json[:code]
|
assert_equal 2202, response_json[:code]
|
||||||
assert response_json[:message].include? 'Access denied from IP'
|
assert response_json[:message].include? 'Access denied from IP'
|
||||||
|
|
||||||
Setting.api_ip_whitelist_enabled = false
|
|
||||||
Setting.registrar_ip_whitelist_enabled = false
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -8,7 +8,7 @@ class ReppV1RegistrarAuthCheckInfoTest < ActionDispatch::IntegrationTest
|
||||||
|
|
||||||
@auth_headers = { 'Authorization' => token }
|
@auth_headers = { 'Authorization' => token }
|
||||||
|
|
||||||
adapter = ENV["shunter_default_adapter"].constantize.new
|
adapter = ENV['shunter_default_adapter'].constantize.new
|
||||||
adapter&.clear!
|
adapter&.clear!
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -40,8 +40,8 @@ class ReppV1RegistrarAuthCheckInfoTest < ActionDispatch::IntegrationTest
|
||||||
end
|
end
|
||||||
|
|
||||||
def test_returns_error_response_if_throttled
|
def test_returns_error_response_if_throttled
|
||||||
ENV["shunter_default_threshold"] = '1'
|
ENV['shunter_default_threshold'] = '1'
|
||||||
ENV["shunter_enabled"] = 'true'
|
ENV['shunter_enabled'] = 'true'
|
||||||
|
|
||||||
get '/repp/v1/registrar/auth', headers: @auth_headers
|
get '/repp/v1/registrar/auth', headers: @auth_headers
|
||||||
get '/repp/v1/registrar/auth', headers: @auth_headers
|
get '/repp/v1/registrar/auth', headers: @auth_headers
|
||||||
|
@ -50,7 +50,7 @@ class ReppV1RegistrarAuthCheckInfoTest < ActionDispatch::IntegrationTest
|
||||||
assert_response :bad_request
|
assert_response :bad_request
|
||||||
assert_equal json[:code], 2502
|
assert_equal json[:code], 2502
|
||||||
assert response.body.include?(Shunter.default_error_message)
|
assert response.body.include?(Shunter.default_error_message)
|
||||||
ENV["shunter_default_threshold"] = '10000'
|
ENV['shunter_default_threshold'] = '10000'
|
||||||
ENV["shunter_enabled"] = 'false'
|
ENV['shunter_enabled'] = 'false'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -19,6 +19,7 @@ require 'webmock/minitest'
|
||||||
require 'support/assertions/epp_assertions'
|
require 'support/assertions/epp_assertions'
|
||||||
require 'sidekiq/testing'
|
require 'sidekiq/testing'
|
||||||
require 'spy/integration'
|
require 'spy/integration'
|
||||||
|
require 'minitest/stub_any_instance'
|
||||||
|
|
||||||
Sidekiq::Testing.fake!
|
Sidekiq::Testing.fake!
|
||||||
|
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue