async def test_access_from_supervisor_ip(remote_addr, bans, status, opp, aiohttp_client, oppio_env): """Test accessing to server from supervisor IP.""" app = web.Application() app["opp"] = opp async def unauth_handler(request): """Return a mock web response.""" raise HTTPUnauthorized app.router.add_get("/", unauth_handler) setup_bans(opp, app, 1) mock_real_ip(app)(remote_addr) with patch("openpeerpower.components.http.ban.async_load_ip_bans_config", return_value=[]): client = await aiohttp_client(app) assert await async_setup_component(opp, "oppio", {"oppio": {}}) m_open = mock_open() with patch.dict(os.environ, {"SUPERVISOR": SUPERVISOR_IP}), patch( "openpeerpower.components.http.ban.open", m_open, create=True): resp = await client.get("/") assert resp.status == 401 assert len(app[KEY_BANNED_IPS]) == bans assert m_open.call_count == bans # second request should be forbidden if banned resp = await client.get("/") assert resp.status == status assert len(app[KEY_BANNED_IPS]) == bans
async def test_failed_login_attempts_counter(opp, aiohttp_client): """Testing if failed login attempts counter increased.""" app = web.Application() app["opp"] = opp async def auth_handler(request): """Return 200 status code.""" return None, 200 app.router.add_get( "/auth_true", request_handler_factory(Mock(requires_auth=True), auth_handler)) app.router.add_get( "/auth_false", request_handler_factory(Mock(requires_auth=True), auth_handler)) app.router.add_get( "/", request_handler_factory(Mock(requires_auth=False), auth_handler)) setup_bans(opp, app, 5) remote_ip = ip_address("200.201.202.204") mock_real_ip(app)("200.201.202.204") @middleware async def mock_auth(request, handler): """Mock auth middleware.""" if "auth_true" in request.path: request[KEY_AUTHENTICATED] = True else: request[KEY_AUTHENTICATED] = False return await handler(request) app.middlewares.append(mock_auth) client = await aiohttp_client(app) resp = await client.get("/auth_false") assert resp.status == 401 assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 1 resp = await client.get("/auth_false") assert resp.status == 401 assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 2 resp = await client.get("/") assert resp.status == 200 assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 2 # This used to check that with trusted networks we reset login attempts # We no longer support trusted networks. resp = await client.get("/auth_true") assert resp.status == 200 assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 2
async def test_access_from_banned_ip(opp, aiohttp_client): """Test accessing to server from banned IP. Both trusted and not.""" app = web.Application() setup_bans(opp, app, 5) set_real_ip = mock_real_ip(app) with patch( "openpeerpower.components.http.ban.async_load_ip_bans_config", return_value=mock_coro( [IpBan(banned_ip) for banned_ip in BANNED_IPS]), ): client = await aiohttp_client(app) for remote_addr in BANNED_IPS: set_real_ip(remote_addr) resp = await client.get("/") assert resp.status == 403
async def test_ip_bans_file_creation(opp, aiohttp_client): """Testing if banned IP file created.""" notification_calls = async_mock_service(opp, "persistent_notification", "create") app = web.Application() app["opp"] = opp async def unauth_handler(request): """Return a mock web response.""" raise HTTPUnauthorized app.router.add_get("/", unauth_handler) setup_bans(opp, app, 2) mock_real_ip(app)("200.201.202.204") with patch( "openpeerpower.components.http.ban.async_load_ip_bans_config", return_value=[IpBan(banned_ip) for banned_ip in BANNED_IPS], ): client = await aiohttp_client(app) m_open = mock_open() with patch("openpeerpower.components.http.ban.open", m_open, create=True): resp = await client.get("/") assert resp.status == 401 assert len(app[KEY_BANNED_IPS]) == len(BANNED_IPS) assert m_open.call_count == 0 resp = await client.get("/") assert resp.status == 401 assert len(app[KEY_BANNED_IPS]) == len(BANNED_IPS) + 1 m_open.assert_called_once_with(opp.config.path(IP_BANS_FILE), "a") resp = await client.get("/") assert resp.status == HTTP_FORBIDDEN assert m_open.call_count == 1 assert len(notification_calls) == 3 assert ( notification_calls[0].data["message"] == "Login attempt or request with invalid authentication from example.com (200.201.202.204). See the log for details." )
async def test_ip_bans_file_creation(opp, aiohttp_client): """Testing if banned IP file created.""" app = web.Application() app["opp"] = opp async def unauth_handler(request): """Return a mock web response.""" raise HTTPUnauthorized app.router.add_get("/", unauth_handler) setup_bans(opp, app, 2) mock_real_ip(app)("200.201.202.204") with patch( "openpeerpower.components.http.ban.async_load_ip_bans_config", return_value=mock_coro( [IpBan(banned_ip) for banned_ip in BANNED_IPS]), ): client = await aiohttp_client(app) m = mock_open() with patch("openpeerpower.components.http.ban.open", m, create=True): resp = await client.get("/") assert resp.status == 401 assert len(app[KEY_BANNED_IPS]) == len(BANNED_IPS) assert m.call_count == 0 resp = await client.get("/") assert resp.status == 401 assert len(app[KEY_BANNED_IPS]) == len(BANNED_IPS) + 1 m.assert_called_once_with(opp.config.path(IP_BANS_FILE), "a") resp = await client.get("/") assert resp.status == 403 assert m.call_count == 1