Updated base_test

This commit is contained in:
Sergei Tsoganov 2023-07-10 14:40:18 +03:00
parent 52405e1796
commit fe6015491c
7 changed files with 59 additions and 15 deletions

View file

@ -89,6 +89,7 @@ group :test do
gem 'capybara' gem 'capybara'
gem 'database_cleaner' gem 'database_cleaner'
gem 'minitest', '~> 5.17' gem 'minitest', '~> 5.17'
gem 'minitest-stub_any_instance'
gem 'simplecov', '0.17.1', require: false # CC last supported v0.17 gem 'simplecov', '0.17.1', require: false # CC last supported v0.17
gem 'spy' gem 'spy'
gem 'webdrivers' gem 'webdrivers'

View file

@ -311,6 +311,7 @@ GEM
mini_mime (1.1.2) mini_mime (1.1.2)
mini_portile2 (2.8.2) mini_portile2 (2.8.2)
minitest (5.18.1) minitest (5.18.1)
minitest-stub_any_instance (1.0.3)
monetize (1.9.4) monetize (1.9.4)
money (~> 6.12) money (~> 6.12)
money (6.13.8) money (6.13.8)
@ -571,6 +572,7 @@ DEPENDENCIES
mime-types-data mime-types-data
mimemagic (= 0.4.3) mimemagic (= 0.4.3)
minitest (~> 5.17) minitest (~> 5.17)
minitest-stub_any_instance
money-rails money-rails
newrelic-infinite_tracing newrelic-infinite_tracing
newrelic_rpm newrelic_rpm
@ -606,4 +608,4 @@ DEPENDENCIES
wkhtmltopdf-binary (~> 0.12.6.1) wkhtmltopdf-binary (~> 0.12.6.1)
BUNDLED WITH BUNDLED WITH
2.4.13 2.4.14

View file

@ -122,12 +122,16 @@ module Repp
end end
def check_ip_restriction def check_ip_restriction
return if webclient_request? return if webclient_request? && registrar_ip_white?
return if @current_user.registrar.api_ip_white?(request.ip) return if !webclient_request? && @current_user.registrar.api_ip_white?(request.ip)
@response = { code: 2202, render_unauthorized_response
message: I18n.t('registrar.authorization.ip_not_allowed', ip: request.ip) } end
render(json: @response, status: :unauthorized)
def registrar_ip_white?
return true unless request.headers['X-Client-IP']
@current_user.registrar.registrar_ip_white?(request.headers['X-Client-IP'])
end end
def render_unauthorized_response def render_unauthorized_response
@ -138,7 +142,11 @@ module Repp
def webclient_request? def webclient_request?
return false if Rails.env.test? || Rails.env.development? return false if Rails.env.test? || Rails.env.development?
ENV['webclient_ips'].split(',').map(&:strip).include?(request.ip) webclient_ips.include?(request.ip)
end
def webclient_ips
ENV['webclient_ips'].to_s.split(',').map(&:strip)
end end
def validate_webclient_ca def validate_webclient_ca

View file

@ -200,6 +200,12 @@ class Registrar < ApplicationRecord # rubocop:disable Metrics/ClassLength
white_ips.api.include_ip?(ip) white_ips.api.include_ip?(ip)
end end
def registrar_ip_white?(ip)
return true unless Setting.registrar_ip_whitelist_enabled
white_ips.registrar_area.include_ip?(ip)
end
def accredited? def accredited?
api_users.any? do |a| api_users.any? do |a|
return true unless a.accreditation_date.nil? return true unless a.accreditation_date.nil?

View file

@ -51,13 +51,39 @@ class ReppV1BaseTest < ActionDispatch::IntegrationTest
whiteip.update(ipv4: '1.1.1.1') whiteip.update(ipv4: '1.1.1.1')
get repp_v1_contacts_path, headers: @auth_headers get repp_v1_contacts_path, headers: @auth_headers
assert_unauthorized_ip
Setting.api_ip_whitelist_enabled = false
Setting.registrar_ip_whitelist_enabled = false
end
def test_takes_ip_whitelist_into_account_if_webclient_request
Setting.api_ip_whitelist_enabled = true
Setting.registrar_ip_whitelist_enabled = true
whiteip = white_ips(:one)
whiteip.update(interfaces: ['api'])
Repp::V1::BaseController.stub_any_instance(:webclient_request?, true) do
Repp::V1::BaseController.stub_any_instance(:validate_webclient_ca, true) do
get repp_v1_contacts_path, headers: @auth_headers.merge!({ 'X-Client-IP' => whiteip.ipv4 })
end
end
assert_unauthorized_ip
Setting.api_ip_whitelist_enabled = false
Setting.registrar_ip_whitelist_enabled = false
end
private
def assert_unauthorized_ip
response_json = JSON.parse(response.body, symbolize_names: true) response_json = JSON.parse(response.body, symbolize_names: true)
assert_response :unauthorized assert_response :unauthorized
assert_equal 2202, response_json[:code] assert_equal 2202, response_json[:code]
assert response_json[:message].include? 'Access denied from IP' assert response_json[:message].include? 'Access denied from IP'
Setting.api_ip_whitelist_enabled = false
Setting.registrar_ip_whitelist_enabled = false
end end
end end

View file

@ -8,7 +8,7 @@ class ReppV1RegistrarAuthCheckInfoTest < ActionDispatch::IntegrationTest
@auth_headers = { 'Authorization' => token } @auth_headers = { 'Authorization' => token }
adapter = ENV["shunter_default_adapter"].constantize.new adapter = ENV['shunter_default_adapter'].constantize.new
adapter&.clear! adapter&.clear!
end end
@ -40,8 +40,8 @@ class ReppV1RegistrarAuthCheckInfoTest < ActionDispatch::IntegrationTest
end end
def test_returns_error_response_if_throttled def test_returns_error_response_if_throttled
ENV["shunter_default_threshold"] = '1' ENV['shunter_default_threshold'] = '1'
ENV["shunter_enabled"] = 'true' ENV['shunter_enabled'] = 'true'
get '/repp/v1/registrar/auth', headers: @auth_headers get '/repp/v1/registrar/auth', headers: @auth_headers
get '/repp/v1/registrar/auth', headers: @auth_headers get '/repp/v1/registrar/auth', headers: @auth_headers
@ -50,7 +50,7 @@ class ReppV1RegistrarAuthCheckInfoTest < ActionDispatch::IntegrationTest
assert_response :bad_request assert_response :bad_request
assert_equal json[:code], 2502 assert_equal json[:code], 2502
assert response.body.include?(Shunter.default_error_message) assert response.body.include?(Shunter.default_error_message)
ENV["shunter_default_threshold"] = '10000' ENV['shunter_default_threshold'] = '10000'
ENV["shunter_enabled"] = 'false' ENV['shunter_enabled'] = 'false'
end end
end end

View file

@ -19,6 +19,7 @@ require 'webmock/minitest'
require 'support/assertions/epp_assertions' require 'support/assertions/epp_assertions'
require 'sidekiq/testing' require 'sidekiq/testing'
require 'spy/integration' require 'spy/integration'
require 'minitest/stub_any_instance'
Sidekiq::Testing.fake! Sidekiq::Testing.fake!