Skip to content

refactor(IP Address): Update all IP Addresses in tests to use RFC-5735 TEST-NET-* addresses. #15470

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 26 commits into
base: main
Choose a base branch
from
Open

refactor(IP Address): Update all IP Addresses in tests to use RFC-5735 TEST-NET-* addresses. #15470

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
dc5b052
refactor(IP Address): Update all IP Addresses in tests/unit/account t…
Mr-Sunglasses Feb 25, 2024
c6e49e6
refactor(IP Address): Update test/conftest.py to use RFC-5735 TEST-NET-*
Mr-Sunglasses Feb 25, 2024
31d1613
refactor(IP Address): Update test/unit/email/* to use RFC-5735 TEST-N…
Mr-Sunglasses Feb 25, 2024
98c3aa5
refactor(IP Address): Update test/unit/events/* to use RFC-5735 TEST-…
Mr-Sunglasses Feb 25, 2024
0b461a1
refactor(IP Address): Update test/unit/manage/* to use RFC-5735 TEST-…
Mr-Sunglasses Feb 25, 2024
a317951
refactor(IP Address): Update test/unit/manage/* to use RFC-5735 TEST-…
Mr-Sunglasses Feb 25, 2024
3025736
refactor(IP Address): Update test/unit/utils/* to use RFC-5735 TEST-N…
Mr-Sunglasses Feb 25, 2024
8f62827
refactor(IP Address): Update test/unit/legacy/* to use RFC-5735 TEST-…
Mr-Sunglasses Feb 25, 2024
847bce4
refactor(IP Address): Update test/unit/admin/* to use RFC-5735 TEST-N…
Mr-Sunglasses Feb 25, 2024
27defd1
refactor(IP Address): Update test/unit/ip_addresses/* to use RFC-5735…
Mr-Sunglasses Feb 25, 2024
58491b1
revert: Update test/unit/test_json/* to use RFC-5735 TEST-NET-*
Mr-Sunglasses Feb 25, 2024
3419cc9
fix: broken tests
Mr-Sunglasses Feb 25, 2024
dd441e3
reformat: run black to reformat the code
Mr-Sunglasses Feb 25, 2024
4732e33
fix: replace to version instead of IP
Mr-Sunglasses Feb 25, 2024
d8cd0d8
fix: use remote_addr instead of value in test/unit/accounts/*
Mr-Sunglasses Feb 28, 2024
e9d0787
fix: use remote_addr instead of value in test/unit/accounts/*
Mr-Sunglasses Feb 28, 2024
e43e589
fix: use remote_addr instead of value in test/unit/manage/*
Mr-Sunglasses Feb 28, 2024
e38bcee
chore: run formatter
Mr-Sunglasses Feb 28, 2024
96e3f09
test: add session and function scope to remote_addr remote_addr_hashe…
Mr-Sunglasses Feb 28, 2024
fb078d9
tests: fixed tests to work with session scope
Mr-Sunglasses Feb 28, 2024
3d60938
Merge branch 'main' into fix/13186
Mr-Sunglasses Feb 28, 2024
6ffd7c9
Fix: Remove unused functions
Mr-Sunglasses Feb 28, 2024
2211079
Merge branch 'main' into fix/13186
Mr-Sunglasses Feb 28, 2024
e4ce481
Merge branch 'main' into fix/13186
Mr-Sunglasses Mar 1, 2024
b79c494
Merge branch 'main' into fix/13186
Mr-Sunglasses Apr 12, 2024
b0ecff4
Merge branch 'main' into fix/13186
Mr-Sunglasses Jun 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 11 additions & 15 deletions tests/conftest.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.

import hashlib
import os
import os.path
import re
Expand Down Expand Up @@ -109,26 +110,21 @@ def metrics():
)


@pytest.fixture
@pytest.fixture(scope="session")
def remote_addr():
return "1.2.3.4"
return "192.0.2.1"


@pytest.fixture
def remote_addr_hashed():
"""
Static output of `hashlib.sha256(remote_addr.encode("utf8")).hexdigest()`
Created statically to prevent needing to calculate it every run.
"""
return "6694f83c9f476da31f5df6bcc520034e7e57d421d247b9d34f49edbfc84a764c"
@pytest.fixture(scope="function")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't all of these be scoped to session, so they effectively become set once per test suite run?

Suggested change
@pytest.fixture(scope="function")
@pytest.fixture(scope="session")

def remote_addr_hashed(remote_addr):
if remote_addr is None:
return None
Comment on lines +120 to +121
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

question: How could remote_addr be None? Do we ever override the input to this fixture function, or should this condition be removed?

return hashlib.sha256(remote_addr.encode("utf8")).hexdigest()


@pytest.fixture
def remote_addr_salted():
"""
Output of `hashlib.sha256((remote_addr + "pepa").encode("utf8")).hexdigest()`
"""
return "a69a49383d81404e4b1df297c7baa28e1cd6c4ee1495ed5d0ab165a63a147763"
@pytest.fixture(scope="session")
def remote_addr_salted(remote_addr):
return hashlib.sha256((remote_addr + "pepa").encode("utf8")).hexdigest()


@pytest.fixture
Expand Down
56 changes: 30 additions & 26 deletions tests/unit/accounts/test_forms.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,9 @@


class TestLoginForm:
def test_validate(self):
def test_validate(self, remote_addr):
request = pretend.stub(
remote_addr="1.2.3.4",
remote_addr=remote_addr,
banned=pretend.stub(
by_ip=lambda ip_address: False,
),
Expand Down Expand Up @@ -100,9 +100,9 @@ def test_validate_username_with_user(self, input_username, expected_username):

assert user_service.find_userid.calls == [pretend.call(expected_username)]

def test_validate_password_no_user(self):
def test_validate_password_no_user(self, remote_addr):
request = pretend.stub(
remote_addr="1.2.3.4",
remote_addr=remote_addr,
banned=pretend.stub(
by_ip=lambda ip_address: False,
),
Expand All @@ -126,9 +126,11 @@ def test_validate_password_no_user(self):
pretend.call("my_username"),
]

def test_validate_password_disabled_for_compromised_pw(self, db_session):
def test_validate_password_disabled_for_compromised_pw(
self, db_session, remote_addr
):
request = pretend.stub(
remote_addr="1.2.3.4", banned=pretend.stub(by_ip=lambda ip_address: False)
remote_addr=remote_addr, banned=pretend.stub(by_ip=lambda ip_address: False)
)
user_service = pretend.stub(
find_userid=pretend.call_recorder(lambda userid: 1),
Expand Down Expand Up @@ -157,9 +159,9 @@ def test_validate_password_disabled_for_compromised_pw(self, db_session):
]
assert user_service.is_disabled.calls == [pretend.call(1)]

def test_validate_password_ok(self):
def test_validate_password_ok(self, remote_addr):
request = pretend.stub(
remote_addr="1.2.3.4",
remote_addr=remote_addr,
banned=pretend.stub(
by_ip=lambda ip_address: False,
),
Expand Down Expand Up @@ -197,9 +199,9 @@ def test_validate_password_ok(self):
pretend.call("pw", tags=["method:auth", "auth_method:login_form"])
]

def test_validate_password_notok(self, db_session):
def test_validate_password_notok(self, db_session, remote_addr):
request = pretend.stub(
remote_addr="1.2.3.4",
remote_addr=remote_addr,
banned=pretend.stub(
by_ip=lambda ip_address: False,
),
Expand Down Expand Up @@ -240,9 +242,9 @@ def test_validate_password_notok(self, db_session):
)
]

def test_validate_password_too_many_failed(self):
def test_validate_password_too_many_failed(self, remote_addr):
request = pretend.stub(
remote_addr="1.2.3.4",
remote_addr=remote_addr,
banned=pretend.stub(
by_ip=lambda ip_address: False,
),
Expand Down Expand Up @@ -274,13 +276,13 @@ def test_validate_password_too_many_failed(self):
assert user_service.is_disabled.calls == []
assert user_service.check_password.calls == [pretend.call(1, "pw", tags=None)]

def test_password_breached(self, monkeypatch):
def test_password_breached(self, monkeypatch, remote_addr):
send_email = pretend.call_recorder(lambda *a, **kw: None)
monkeypatch.setattr(forms, "send_password_compromised_email_hibp", send_email)

user = pretend.stub(id=1)
request = pretend.stub(
remote_addr="1.2.3.4",
remote_addr=remote_addr,
banned=pretend.stub(
by_ip=lambda ip_address: False,
),
Expand Down Expand Up @@ -315,9 +317,9 @@ def test_password_breached(self, monkeypatch):
]
assert send_email.calls == [pretend.call(request, user)]

def test_validate_password_ok_ip_banned(self):
def test_validate_password_ok_ip_banned(self, remote_addr):
request = pretend.stub(
remote_addr="1.2.3.4",
remote_addr=remote_addr,
banned=pretend.stub(
by_ip=lambda ip_address: True,
),
Expand Down Expand Up @@ -349,9 +351,9 @@ def test_validate_password_ok_ip_banned(self):
assert user_service.check_password.calls == []
assert breach_service.check_password.calls == []

def test_validate_password_notok_ip_banned(self, db_session):
def test_validate_password_notok_ip_banned(self, db_session, remote_addr):
request = pretend.stub(
remote_addr="1.2.3.4",
remote_addr=remote_addr,
banned=pretend.stub(
by_ip=lambda ip_address: True,
),
Expand Down Expand Up @@ -914,10 +916,10 @@ class TestTOTPAuthenticationForm:
"123 456",
],
)
def test_validate(self, totp_value):
def test_validate(self, totp_value, remote_addr):
user = pretend.stub(record_event=pretend.call_recorder(lambda *a, **kw: None))
get_user = pretend.call_recorder(lambda userid: user)
request = pretend.stub(remote_addr="1.2.3.4")
request = pretend.stub(remote_addr=remote_addr)

form = forms.TOTPAuthenticationForm(
formdata=MultiDict({"totp_value": totp_value}),
Expand All @@ -937,10 +939,12 @@ def test_validate(self, totp_value):
("1 2 3 4 5 6 7", "TOTP code must be 6 digits."),
],
)
def test_totp_secret_not_valid(self, pyramid_config, totp_value, expected_error):
def test_totp_secret_not_valid(
self, pyramid_config, totp_value, expected_error, remote_addr
):
user = pretend.stub(record_event=pretend.call_recorder(lambda *a, **kw: None))
get_user = pretend.call_recorder(lambda userid: user)
request = pretend.stub(remote_addr="1.2.3.4")
request = pretend.stub(remote_addr=remote_addr)

form = forms.TOTPAuthenticationForm(
formdata=MultiDict({"totp_value": totp_value}),
Expand All @@ -961,11 +965,11 @@ def test_totp_secret_not_valid(self, pyramid_config, totp_value, expected_error)
],
)
def test_totp_secret_raises(
self, pyramid_config, exception, expected_error, reason
self, pyramid_config, exception, expected_error, reason, remote_addr
):
user = pretend.stub(record_event=pretend.call_recorder(lambda *a, **kw: None))
get_user = pretend.call_recorder(lambda userid: user)
request = pretend.stub(remote_addr="1.2.3.4")
request = pretend.stub(remote_addr=remote_addr)

user_service = pretend.stub(
check_totp_value=pretend.raiser(exception),
Expand Down Expand Up @@ -1099,8 +1103,8 @@ def test_validate(self):


class TestRecoveryCodeForm:
def test_validate(self, monkeypatch):
request = pretend.stub(remote_addr="1.2.3.4")
def test_validate(self, monkeypatch, remote_addr):
request = pretend.stub(remote_addr=remote_addr)
user = pretend.stub(id=pretend.stub(), username="foobar")
user_service = pretend.stub(
check_recovery_code=pretend.call_recorder(lambda *a, **kw: True),
Expand Down
36 changes: 18 additions & 18 deletions tests/unit/accounts/test_security_policy.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,12 +99,12 @@ def test_identity_credentials_fail(self, monkeypatch):
pretend.stub(
matched_route=None,
banned=pretend.stub(by_ip=lambda ip_address: False),
remote_addr="1.2.3.4",
remote_addr="192.0.2.1",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These should also probably be replaced by remote_addr

),
pretend.stub(
matched_route=pretend.stub(name="an.invalid.route"),
banned=pretend.stub(by_ip=lambda ip_address: False),
remote_addr="1.2.3.4",
remote_addr="192.0.2.1",
),
],
)
Expand Down Expand Up @@ -186,7 +186,7 @@ def test_forget_and_remember(self, monkeypatch):
pretend.call(request, userid, foo=None)
]

def test_identity_missing_route(self, monkeypatch):
def test_identity_missing_route(self, monkeypatch, remote_addr):
session_helper_obj = pretend.stub()
session_helper_cls = pretend.call_recorder(lambda: session_helper_obj)
monkeypatch.setattr(
Expand All @@ -203,7 +203,7 @@ def test_identity_missing_route(self, monkeypatch):
add_response_callback=pretend.call_recorder(lambda cb: None),
matched_route=None,
banned=pretend.stub(by_ip=lambda ip_address: False),
remote_addr="1.2.3.4",
remote_addr=remote_addr,
)

assert policy.identity(request) is None
Expand All @@ -220,7 +220,7 @@ def test_identity_missing_route(self, monkeypatch):
"api.echo",
],
)
def test_identity_invalid_route(self, route_name, monkeypatch):
def test_identity_invalid_route(self, route_name, monkeypatch, remote_addr):
session_helper_obj = pretend.stub()
session_helper_cls = pretend.call_recorder(lambda: session_helper_obj)
monkeypatch.setattr(
Expand All @@ -237,7 +237,7 @@ def test_identity_invalid_route(self, route_name, monkeypatch):
add_response_callback=pretend.call_recorder(lambda cb: None),
matched_route=pretend.stub(name=route_name),
banned=pretend.stub(by_ip=lambda ip_address: False),
remote_addr="1.2.3.4",
remote_addr=remote_addr,
)

assert policy.identity(request) is None
Expand All @@ -247,7 +247,7 @@ def test_identity_invalid_route(self, route_name, monkeypatch):
assert add_vary_cb.calls == [pretend.call("Cookie")]
assert request.add_response_callback.calls == [pretend.call(vary_cb)]

def test_identity_no_userid(self, monkeypatch):
def test_identity_no_userid(self, monkeypatch, remote_addr):
session_helper_obj = pretend.stub(
authenticated_userid=pretend.call_recorder(lambda r: None)
)
Expand All @@ -266,7 +266,7 @@ def test_identity_no_userid(self, monkeypatch):
add_response_callback=pretend.call_recorder(lambda cb: None),
matched_route=pretend.stub(name="a.permitted.route"),
banned=pretend.stub(by_ip=lambda ip_address: False),
remote_addr="1.2.3.4",
remote_addr=remote_addr,
)

assert policy.identity(request) is None
Expand All @@ -277,7 +277,7 @@ def test_identity_no_userid(self, monkeypatch):
assert add_vary_cb.calls == [pretend.call("Cookie")]
assert request.add_response_callback.calls == [pretend.call(vary_cb)]

def test_identity_no_user(self, monkeypatch):
def test_identity_no_user(self, monkeypatch, remote_addr):
userid = pretend.stub()
session_helper_obj = pretend.stub(
authenticated_userid=pretend.call_recorder(lambda r: userid)
Expand All @@ -299,7 +299,7 @@ def test_identity_no_user(self, monkeypatch):
matched_route=pretend.stub(name="a.permitted.route"),
find_service=pretend.call_recorder(lambda i, **kw: user_service),
banned=pretend.stub(by_ip=lambda ip_address: False),
remote_addr="1.2.3.4",
remote_addr=remote_addr,
)

assert policy.identity(request) is None
Expand All @@ -312,7 +312,7 @@ def test_identity_no_user(self, monkeypatch):
assert add_vary_cb.calls == [pretend.call("Cookie")]
assert request.add_response_callback.calls == [pretend.call(vary_cb)]

def test_identity_password_outdated(self, monkeypatch):
def test_identity_password_outdated(self, monkeypatch, remote_addr):
userid = pretend.stub()
session_helper_obj = pretend.stub(
authenticated_userid=pretend.call_recorder(lambda r: userid)
Expand Down Expand Up @@ -345,7 +345,7 @@ def test_identity_password_outdated(self, monkeypatch):
flash=pretend.call_recorder(lambda *a, **kw: None),
),
banned=pretend.stub(by_ip=lambda ip_address: False),
remote_addr="1.2.3.4",
remote_addr=remote_addr,
)

assert policy.identity(request) is None
Expand All @@ -364,7 +364,7 @@ def test_identity_password_outdated(self, monkeypatch):
assert add_vary_cb.calls == [pretend.call("Cookie")]
assert request.add_response_callback.calls == [pretend.call(vary_cb)]

def test_identity_is_disabled(self, monkeypatch):
def test_identity_is_disabled(self, monkeypatch, remote_addr):
userid = pretend.stub()
session_helper_obj = pretend.stub(
authenticated_userid=pretend.call_recorder(lambda r: userid)
Expand Down Expand Up @@ -397,7 +397,7 @@ def test_identity_is_disabled(self, monkeypatch):
flash=pretend.call_recorder(lambda *a, **kw: None),
),
banned=pretend.stub(by_ip=lambda ip_address: False),
remote_addr="1.2.3.4",
remote_addr=remote_addr,
)

assert policy.identity(request) is None
Expand All @@ -417,7 +417,7 @@ def test_identity_is_disabled(self, monkeypatch):
assert add_vary_cb.calls == [pretend.call("Cookie")]
assert request.add_response_callback.calls == [pretend.call(vary_cb)]

def test_identity(self, monkeypatch):
def test_identity(self, monkeypatch, remote_addr):
userid = pretend.stub()
session_helper_obj = pretend.stub(
authenticated_userid=pretend.call_recorder(lambda r: userid)
Expand Down Expand Up @@ -448,7 +448,7 @@ def test_identity(self, monkeypatch):
password_outdated=pretend.call_recorder(lambda ts: False)
),
banned=pretend.stub(by_ip=lambda ip_address: False),
remote_addr="1.2.3.4",
remote_addr=remote_addr,
)

assert policy.identity(request) is user
Expand All @@ -463,7 +463,7 @@ def test_identity(self, monkeypatch):
assert add_vary_cb.calls == [pretend.call("Cookie")]
assert request.add_response_callback.calls == [pretend.call(vary_cb)]

def test_identity_ip_banned(self, monkeypatch):
def test_identity_ip_banned(self, monkeypatch, remote_addr):
userid = pretend.stub()
session_helper_obj = pretend.stub(
authenticated_userid=pretend.call_recorder(lambda r: userid)
Expand Down Expand Up @@ -493,7 +493,7 @@ def test_identity_ip_banned(self, monkeypatch):
password_outdated=pretend.call_recorder(lambda ts: False)
),
banned=pretend.stub(by_ip=lambda ip_address: True),
remote_addr="1.2.3.4",
remote_addr=remote_addr,
)

assert policy.identity(request) is None
Expand Down
Loading