async def test_access_from_supervisor_ip(remote_addr, bans, status, opp,
aiohttp_client, oppio_env):
"""Test accessing to server from supervisor IP."""
app = web.Application()
app["opp"] = opp
async def unauth_handler(request):
"""Return a mock web response."""
raise HTTPUnauthorized
app.router.add_get("/", unauth_handler)
setup_bans(opp, app, 1)
mock_real_ip(app)(remote_addr)
with patch("openpeerpower.components.http.ban.async_load_ip_bans_config",
return_value=[]):
client = await aiohttp_client(app)
assert await async_setup_component(opp, "oppio", {"oppio": {}})
m_open = mock_open()
with patch.dict(os.environ, {"SUPERVISOR": SUPERVISOR_IP}), patch(
"openpeerpower.components.http.ban.open", m_open, create=True):
resp = await client.get("/")
assert resp.status == 401
assert len(app[KEY_BANNED_IPS]) == bans
assert m_open.call_count == bans
# second request should be forbidden if banned
resp = await client.get("/")
assert resp.status == status
assert len(app[KEY_BANNED_IPS]) == bans
async def test_failed_login_attempts_counter(opp, aiohttp_client):
"""Testing if failed login attempts counter increased."""
app = web.Application()
app["opp"] = opp
async def auth_handler(request):
"""Return 200 status code."""
return None, 200
app.router.add_get(
"/auth_true",
request_handler_factory(Mock(requires_auth=True), auth_handler))
app.router.add_get(
"/auth_false",
request_handler_factory(Mock(requires_auth=True), auth_handler))
app.router.add_get(
"/", request_handler_factory(Mock(requires_auth=False), auth_handler))
setup_bans(opp, app, 5)
remote_ip = ip_address("200.201.202.204")
mock_real_ip(app)("200.201.202.204")
@middleware
async def mock_auth(request, handler):
"""Mock auth middleware."""
if "auth_true" in request.path:
request[KEY_AUTHENTICATED] = True
else:
request[KEY_AUTHENTICATED] = False
return await handler(request)
app.middlewares.append(mock_auth)
client = await aiohttp_client(app)
resp = await client.get("/auth_false")
assert resp.status == 401
assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 1
resp = await client.get("/auth_false")
assert resp.status == 401
assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 2
resp = await client.get("/")
assert resp.status == 200
assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 2
# This used to check that with trusted networks we reset login attempts
# We no longer support trusted networks.
resp = await client.get("/auth_true")
assert resp.status == 200
assert app[KEY_FAILED_LOGIN_ATTEMPTS][remote_ip] == 2
async def test_access_from_banned_ip(opp, aiohttp_client):
"""Test accessing to server from banned IP. Both trusted and not."""
app = web.Application()
setup_bans(opp, app, 5)
set_real_ip = mock_real_ip(app)
with patch(
"openpeerpower.components.http.ban.async_load_ip_bans_config",
return_value=mock_coro(
[IpBan(banned_ip) for banned_ip in BANNED_IPS]),
):
client = await aiohttp_client(app)
for remote_addr in BANNED_IPS:
set_real_ip(remote_addr)
resp = await client.get("/")
assert resp.status == 403
async def test_ip_bans_file_creation(opp, aiohttp_client):
"""Testing if banned IP file created."""
notification_calls = async_mock_service(opp, "persistent_notification",
"create")
app = web.Application()
app["opp"] = opp
async def unauth_handler(request):
"""Return a mock web response."""
raise HTTPUnauthorized
app.router.add_get("/", unauth_handler)
setup_bans(opp, app, 2)
mock_real_ip(app)("200.201.202.204")
with patch(
"openpeerpower.components.http.ban.async_load_ip_bans_config",
return_value=[IpBan(banned_ip) for banned_ip in BANNED_IPS],
):
client = await aiohttp_client(app)
m_open = mock_open()
with patch("openpeerpower.components.http.ban.open", m_open, create=True):
resp = await client.get("/")
assert resp.status == 401
assert len(app[KEY_BANNED_IPS]) == len(BANNED_IPS)
assert m_open.call_count == 0
resp = await client.get("/")
assert resp.status == 401
assert len(app[KEY_BANNED_IPS]) == len(BANNED_IPS) + 1
m_open.assert_called_once_with(opp.config.path(IP_BANS_FILE), "a")
resp = await client.get("/")
assert resp.status == HTTP_FORBIDDEN
assert m_open.call_count == 1
assert len(notification_calls) == 3
assert (
notification_calls[0].data["message"] ==
"Login attempt or request with invalid authentication from example.com (200.201.202.204). See the log for details."
)
async def test_ip_bans_file_creation(opp, aiohttp_client):
"""Testing if banned IP file created."""
app = web.Application()
app["opp"] = opp
async def unauth_handler(request):
"""Return a mock web response."""
raise HTTPUnauthorized
app.router.add_get("/", unauth_handler)
setup_bans(opp, app, 2)
mock_real_ip(app)("200.201.202.204")
with patch(
"openpeerpower.components.http.ban.async_load_ip_bans_config",
return_value=mock_coro(
[IpBan(banned_ip) for banned_ip in BANNED_IPS]),
):
client = await aiohttp_client(app)
m = mock_open()
with patch("openpeerpower.components.http.ban.open", m, create=True):
resp = await client.get("/")
assert resp.status == 401
assert len(app[KEY_BANNED_IPS]) == len(BANNED_IPS)
assert m.call_count == 0
resp = await client.get("/")
assert resp.status == 401
assert len(app[KEY_BANNED_IPS]) == len(BANNED_IPS) + 1
m.assert_called_once_with(opp.config.path(IP_BANS_FILE), "a")
resp = await client.get("/")
assert resp.status == 403
assert m.call_count == 1