2020-02-18 22:15:09 +00:00
|
|
|
package authorization
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"net"
|
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
2021-01-16 10:05:41 +00:00
|
|
|
|
|
|
|
|
"github.com/authelia/authelia/internal/configuration/schema"
|
2020-02-18 22:15:09 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestIPMatcher(t *testing.T) {
|
|
|
|
|
// Default policy is 'allow all ips' if no IP is defined
|
2021-01-16 10:05:41 +00:00
|
|
|
assert.True(t, isIPMatching(net.ParseIP("127.0.0.1"), []string{}, schema.DefaultACLNetwork))
|
2020-02-18 22:15:09 +00:00
|
|
|
|
2021-01-16 10:05:41 +00:00
|
|
|
assert.True(t, isIPMatching(net.ParseIP("127.0.0.1"), []string{"127.0.0.1"}, schema.DefaultACLNetwork))
|
|
|
|
|
assert.False(t, isIPMatching(net.ParseIP("127.1"), []string{"127.0.0.1"}, schema.DefaultACLNetwork))
|
|
|
|
|
assert.False(t, isIPMatching(net.ParseIP("not-an-ip"), []string{"127.0.0.1"}, schema.DefaultACLNetwork))
|
2020-02-18 22:15:09 +00:00
|
|
|
|
2021-01-16 10:05:41 +00:00
|
|
|
assert.False(t, isIPMatching(net.ParseIP("127.0.0.1"), []string{"10.0.0.1"}, schema.DefaultACLNetwork))
|
|
|
|
|
assert.False(t, isIPMatching(net.ParseIP("127.0.0.1"), []string{"10.0.0.0/8"}, schema.DefaultACLNetwork))
|
2020-02-18 22:15:09 +00:00
|
|
|
|
2021-01-16 10:05:41 +00:00
|
|
|
assert.True(t, isIPMatching(net.ParseIP("10.230.5.1"), []string{"10.0.0.0/8"}, schema.DefaultACLNetwork))
|
|
|
|
|
assert.True(t, isIPMatching(net.ParseIP("10.230.5.1"), []string{"192.168.0.0/24", "10.0.0.0/8"}, schema.DefaultACLNetwork))
|
2021-01-04 10:55:23 +00:00
|
|
|
|
|
|
|
|
// Test network groups
|
2021-01-16 10:05:41 +00:00
|
|
|
assert.True(t, isIPMatching(net.ParseIP("127.0.0.1"), []string{}, schema.DefaultACLNetwork))
|
2021-01-04 10:55:23 +00:00
|
|
|
|
2021-01-16 10:05:41 +00:00
|
|
|
assert.True(t, isIPMatching(net.ParseIP("127.0.0.1"), []string{"localhost"}, schema.DefaultACLNetwork))
|
|
|
|
|
assert.False(t, isIPMatching(net.ParseIP("127.1"), []string{"localhost"}, schema.DefaultACLNetwork))
|
|
|
|
|
assert.False(t, isIPMatching(net.ParseIP("not-an-ip"), []string{"localhost"}, schema.DefaultACLNetwork))
|
2021-01-04 10:55:23 +00:00
|
|
|
|
2021-01-16 10:05:41 +00:00
|
|
|
assert.False(t, isIPMatching(net.ParseIP("127.0.0.1"), []string{"internal"}, schema.DefaultACLNetwork))
|
|
|
|
|
assert.False(t, isIPMatching(net.ParseIP("127.0.0.1"), []string{"internal"}, schema.DefaultACLNetwork))
|
2021-01-04 10:55:23 +00:00
|
|
|
|
2021-01-16 10:05:41 +00:00
|
|
|
assert.True(t, isIPMatching(net.ParseIP("10.230.5.1"), []string{"internal"}, schema.DefaultACLNetwork))
|
|
|
|
|
assert.True(t, isIPMatching(net.ParseIP("10.230.5.1"), []string{"192.168.0.0/24", "internal"}, schema.DefaultACLNetwork))
|
2020-02-18 22:15:09 +00:00
|
|
|
}
|
