def test_bootstrap_ip_whitelist_assignment_modify(self): self.mock_now(datetime.datetime(2014, 01, 01)) ret = model.bootstrap_ip_whitelist_assignment( model.Identity(model.IDENTITY_USER, '*****@*****.**'), 'some ip whitelist', 'some comment') self.assertTrue(ret) ret = model.bootstrap_ip_whitelist_assignment( model.Identity(model.IDENTITY_USER, '*****@*****.**'), 'another ip whitelist', 'another comment') self.assertTrue(ret) self.assertEqual( { 'assignments': [ { 'comment': 'another comment', 'created_by': model.get_service_self_identity(), 'created_ts': datetime.datetime(2014, 1, 1), 'identity': model.Identity(model.IDENTITY_USER, '*****@*****.**'), 'ip_whitelist': 'another ip whitelist', }, ], 'auth_db_rev': 2, 'auth_db_prev_rev': 1, 'modified_by': model.get_service_self_identity(), 'modified_ts': datetime.datetime(2014, 1, 1), }, model.ip_whitelist_assignments_key().get().to_dict())
def test_ip_whitelist_not_used(self): """Per-account IP whitelist works.""" model.bootstrap_ip_whitelist('whitelist', ['192.168.1.100/32']) model.bootstrap_ip_whitelist_assignment( model.Identity(model.IDENTITY_USER, '*****@*****.**'), 'whitelist') self.assertEqual('user:[email protected]', self.call('127.0.0.1', '*****@*****.**'))
def test_ip_whitelist(self): """Per-account IP whitelist works.""" ident1 = model.Identity(model.IDENTITY_USER, '*****@*****.**') ident2 = model.Identity(model.IDENTITY_USER, '*****@*****.**') model.bootstrap_ip_whitelist('whitelist', ['192.168.1.100/32']) model.bootstrap_ip_whitelist_assignment(ident1, 'whitelist') mocked_ident = [None] class Handler(handler.AuthenticatingHandler): @classmethod def get_auth_methods(cls, conf): return [lambda _req: mocked_ident[0]] @api.public def get(self): self.response.write('OK') app = self.make_test_app('/request', Handler) def call(ident, ip): api.reset_local_state() mocked_ident[0] = ident response = app.get('/request', extra_environ={'REMOTE_ADDR': ip}, expect_errors=True) return response.status_int # IP is whitelisted. self.assertEqual(200, call(ident1, '192.168.1.100')) # IP is NOT whitelisted. self.assertEqual(403, call(ident1, '127.0.0.1')) # Whitelist is not used. self.assertEqual(200, call(ident2, '127.0.0.1'))
def test_ip_whitelist_not_whitelisted(self): """Per-account IP whitelist works.""" model.bootstrap_ip_whitelist('whitelist', ['192.168.1.100/32']) model.bootstrap_ip_whitelist_assignment( model.Identity(model.IDENTITY_USER, '*****@*****.**'), 'whitelist') with self.assertRaises(api.AuthorizationError): self.call('127.0.0.1', '*****@*****.**')
def test_ip_whitelist(self): """Per-account IP whitelist works.""" ident1 = model.Identity(model.IDENTITY_USER, '*****@*****.**') ident2 = model.Identity(model.IDENTITY_USER, '*****@*****.**') model.bootstrap_ip_whitelist('whitelist', ['192.168.1.100/32']) model.bootstrap_ip_whitelist_assignment(ident1, 'whitelist') class Handler(handler.AuthenticatingHandler): @api.public def get(self): self.response.write('OK') app = self.make_test_app('/request', Handler) def call(ident, ip): api.reset_local_state() handler.configure([lambda _request: ident]) response = app.get( '/request', extra_environ={'REMOTE_ADDR': ip}, expect_errors=True) return response.status_int # IP is whitelisted. self.assertEqual(200, call(ident1, '192.168.1.100')) # IP is NOT whitelisted. self.assertEqual(403, call(ident1, '127.0.0.1')) # Whitelist is not used. self.assertEqual(200, call(ident2, '127.0.0.1'))
def test_ip_whitelist_not_used(self): """Per-account IP whitelist works.""" model.bootstrap_ip_whitelist('whitelist', ['192.168.1.100/32']) model.bootstrap_ip_whitelist_assignment( model.Identity(model.IDENTITY_USER, '*****@*****.**'), 'whitelist') self.assertEqual( 'user:[email protected]', self.call('127.0.0.1', '*****@*****.**'))
def test_ip_whitelist_not_whitelisted(self): model.bootstrap_ip_whitelist('whitelist', ['192.168.1.100/32']) model.bootstrap_ip_whitelist_assignment( model.Identity(model.IDENTITY_USER, '*****@*****.**'), 'whitelist') state, ctx = self.call('ipv4:127.0.0.1', '*****@*****.**') self.assertIsNone(state) self.assertEqual(ctx.code, prpclib.StatusCode.PERMISSION_DENIED) self.assertEqual(ctx.details, 'IP 127.0.0.1 is not whitelisted')
def test_ip_whitelist_whitelisted(self): model.bootstrap_ip_whitelist('whitelist', ['192.168.1.100/32']) model.bootstrap_ip_whitelist_assignment( model.Identity(model.IDENTITY_USER, '*****@*****.**'), 'whitelist') state, _ = self.call('ipv4:192.168.1.100', '*****@*****.**') self.assertEqual(state, CapturedState( current_identity='user:[email protected]', is_superuser=False, peer_identity='user:[email protected]', peer_ip=ipaddr.ip_from_string('192.168.1.100'), delegation_token=None, ))