123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212 |
- <?php
- declare(strict_types=1);
- namespace Test\Security\Bruteforce;
- use OC\Security\Bruteforce\Backend\DatabaseBackend;
- use OC\Security\Bruteforce\Throttler;
- use OCP\AppFramework\Utility\ITimeFactory;
- use OCP\IConfig;
- use OCP\IDBConnection;
- use Psr\Log\LoggerInterface;
- use Test\TestCase;
- class ThrottlerTest extends TestCase {
-
- private $throttler;
-
- private $dbConnection;
-
- private $timeFactory;
-
- private $logger;
-
- private $config;
- protected function setUp(): void {
- $this->dbConnection = $this->createMock(IDBConnection::class);
- $this->timeFactory = $this->createMock(ITimeFactory::class);
- $this->logger = $this->createMock(LoggerInterface::class);
- $this->config = $this->createMock(IConfig::class);
- $this->throttler = new Throttler(
- $this->timeFactory,
- $this->logger,
- $this->config,
- new DatabaseBackend($this->dbConnection)
- );
- parent::setUp();
- }
- public function dataIsIPWhitelisted() {
- return [
- [
- '10.10.10.10',
- [
- 'whitelist_0' => '10.10.10.0/24',
- ],
- true,
- ],
- [
- '10.10.10.10',
- [
- 'whitelist_0' => '192.168.0.0/16',
- ],
- false,
- ],
- [
- '10.10.10.10',
- [
- 'whitelist_0' => '192.168.0.0/16',
- 'whitelist_1' => '10.10.10.0/24',
- ],
- true,
- ],
- [
- '10.10.10.10',
- [
- 'whitelist_0' => '10.10.10.11/31',
- ],
- true,
- ],
- [
- '10.10.10.10',
- [
- 'whitelist_0' => '10.10.10.9/31',
- ],
- false,
- ],
- [
- '10.10.10.10',
- [
- 'whitelist_0' => '10.10.10.15/29',
- ],
- true,
- ],
- [
- 'dead:beef:cafe::1',
- [
- 'whitelist_0' => '192.168.0.0/16',
- 'whitelist_1' => '10.10.10.0/24',
- 'whitelist_2' => 'deaf:beef:cafe:1234::/64'
- ],
- false,
- ],
- [
- 'dead:beef:cafe::1',
- [
- 'whitelist_0' => '192.168.0.0/16',
- 'whitelist_1' => '10.10.10.0/24',
- 'whitelist_2' => 'deaf:beef::/64'
- ],
- false,
- ],
- [
- 'dead:beef:cafe::1',
- [
- 'whitelist_0' => '192.168.0.0/16',
- 'whitelist_1' => '10.10.10.0/24',
- 'whitelist_2' => 'deaf:cafe::/8'
- ],
- true,
- ],
- [
- 'dead:beef:cafe::1111',
- [
- 'whitelist_0' => 'dead:beef:cafe::1100/123',
- ],
- true,
- ],
- [
- 'invalid',
- [],
- false,
- ],
- ];
- }
-
- private function isIpWhiteListedHelper($ip,
- $whitelists,
- $isWhiteListed,
- $enabled) {
- $this->config->method('getAppKeys')
- ->with($this->equalTo('bruteForce'))
- ->willReturn(array_keys($whitelists));
- $this->config
- ->expects($this->once())
- ->method('getSystemValueBool')
- ->with('auth.bruteforce.protection.enabled', true)
- ->willReturn($enabled);
- $this->config->method('getAppValue')
- ->willReturnCallback(function ($app, $key, $default) use ($whitelists) {
- if ($app !== 'bruteForce') {
- return $default;
- }
- if (isset($whitelists[$key])) {
- return $whitelists[$key];
- }
- return $default;
- });
- $this->assertSame(
- ($enabled === false) ? true : $isWhiteListed,
- self::invokePrivate($this->throttler, 'isBypassListed', [$ip])
- );
- }
-
- public function testIsIpWhiteListedWithEnabledProtection($ip,
- $whitelists,
- $isWhiteListed): void {
- $this->isIpWhiteListedHelper(
- $ip,
- $whitelists,
- $isWhiteListed,
- true
- );
- }
-
- public function testIsIpWhiteListedWithDisabledProtection($ip,
- $whitelists,
- $isWhiteListed): void {
- $this->isIpWhiteListedHelper(
- $ip,
- $whitelists,
- $isWhiteListed,
- false
- );
- }
- }
|