Software /
code /
prosody
File
spec/util_ip_spec.lua @ 12953:ebe3b2f96cad
mod_tokenauth: Switch to new token format (invalidates existing tokens!)
The new format has the following properties:
- 5 bytes longer than the previous format
- The token now has separate 'id' and 'secret' parts - the token itself is no
longer stored in the DB, and the secret part is hashed
- The only variable length field (JID) has been moved to the end
- The 'secret-token:' prefix (RFC 8959) is now included
Compatibility with the old token format was not maintained, and all previously
issued tokens are invalid after this commit (they will be removed from the DB
if used).
author | Matthew Wild <mwild1@gmail.com> |
---|---|
date | Tue, 21 Mar 2023 14:33:29 +0000 (21 months ago) |
parent | 12934:c6dffebab2f8 |
line wrap: on
line source
local ip = require "util.ip"; local new_ip = ip.new_ip; local match = ip.match; local parse_cidr = ip.parse_cidr; local commonPrefixLength = ip.commonPrefixLength; describe("util.ip", function() describe("#match()", function() it("should work", function() local _ = new_ip; local ip = _"10.20.30.40"; assert.are.equal(match(ip, _"10.0.0.0", 8), true); assert.are.equal(match(ip, _"10.0.0.0", 16), false); assert.are.equal(match(ip, _"10.0.0.0", 24), false); assert.are.equal(match(ip, _"10.0.0.0", 32), false); assert.are.equal(match(ip, _"10.20.0.0", 8), true); assert.are.equal(match(ip, _"10.20.0.0", 16), true); assert.are.equal(match(ip, _"10.20.0.0", 24), false); assert.are.equal(match(ip, _"10.20.0.0", 32), false); assert.are.equal(match(ip, _"0.0.0.0", 32), false); assert.are.equal(match(ip, _"0.0.0.0", 0), true); assert.are.equal(match(ip, _"0.0.0.0"), false); assert.are.equal(match(ip, _"10.0.0.0", 255), false, "excessive number of bits"); assert.are.equal(match(ip, _"10.0.0.0", -8), true, "negative number of bits"); assert.are.equal(match(ip, _"10.0.0.0", -32), true, "negative number of bits"); assert.are.equal(match(ip, _"10.0.0.0", 0), true, "zero bits"); assert.are.equal(match(ip, _"10.0.0.0"), false, "no specified number of bits (differing ip)"); assert.are.equal(match(ip, _"10.20.30.40"), true, "no specified number of bits (same ip)"); assert.are.equal(match(_"127.0.0.1", _"127.0.0.1"), true, "simple ip"); assert.are.equal(match(_"8.8.8.8", _"8.8.0.0", 16), true); assert.are.equal(match(_"8.8.4.4", _"8.8.0.0", 16), true); end); end); describe("#parse_cidr()", function() it("should work", function() assert.are.equal(new_ip"0.0.0.0", new_ip"0.0.0.0") local function assert_cidr(cidr, ip, bits) local parsed_ip, parsed_bits = parse_cidr(cidr); assert.are.equal(new_ip(ip), parsed_ip, cidr.." parsed ip is "..ip); assert.are.equal(bits, parsed_bits, cidr.." parsed bits is "..tostring(bits)); end assert_cidr("0.0.0.0", "0.0.0.0", nil); assert_cidr("127.0.0.1", "127.0.0.1", nil); assert_cidr("127.0.0.1/0", "127.0.0.1", 0); assert_cidr("127.0.0.1/8", "127.0.0.1", 8); assert_cidr("127.0.0.1/32", "127.0.0.1", 32); assert_cidr("127.0.0.1/256", "127.0.0.1", 256); assert_cidr("::/48", "::", 48); end); end); describe("#new_ip()", function() it("should work", function() local v4, v6 = "IPv4", "IPv6"; local function assert_proto(s, proto) local ip = new_ip(s); if proto then assert.are.equal(ip and ip.proto, proto, "protocol is correct for "..("%q"):format(s)); else assert.are.equal(ip, nil, "address is invalid"); end end assert_proto("127.0.0.1", v4); assert_proto("::1", v6); assert_proto("", nil); assert_proto("abc", nil); assert_proto(" ", nil); end); end); describe("#commonPrefixLength()", function() it("should work", function() local function assert_cpl6(a, b, len, v4) local ipa, ipb = new_ip(a), new_ip(b); if v4 then len = len+96; end assert.are.equal(commonPrefixLength(ipa, ipb), len, "common prefix length of "..a.." and "..b.." is "..len); assert.are.equal(commonPrefixLength(ipb, ipa), len, "common prefix length of "..b.." and "..a.." is "..len); end local function assert_cpl4(a, b, len) return assert_cpl6(a, b, len, "IPv4"); end assert_cpl4("0.0.0.0", "0.0.0.0", 32); assert_cpl4("255.255.255.255", "0.0.0.0", 0); assert_cpl4("255.255.255.255", "255.255.0.0", 16); assert_cpl4("255.255.255.255", "255.255.255.255", 32); assert_cpl4("255.255.255.255", "255.255.255.255", 32); assert_cpl6("::1", "::1", 128); assert_cpl6("abcd::1", "abcd::1", 128); assert_cpl6("abcd::abcd", "abcd::", 112); assert_cpl6("abcd::abcd", "abcd::abcd:abcd", 96); end); end); describe("#truncate()", function () it("should work for IPv4", function () local ip1 = ip.new_ip("192.168.0.1"); local ip2 = ip.truncate(ip1, 16); assert.truthy(ip.is_ip(ip2)); assert.equal("192.168.0.0", ip2.normal); assert.equal("192.168.0.1", ip1.normal); -- original unmodified end); it("should work for IPv6", function () local ip1 = ip.new_ip("2001:db8::ff00:42:8329"); local ip2 = ip.truncate(ip1, 24); assert.truthy(ip.is_ip(ip2)); assert.equal("2001:d00::", ip2.normal); assert.equal("2001:db8::ff00:42:8329", ip1.normal); -- original unmodified end); it("accepts a string", function () assert.equal("127.0.0.0", ip.truncate("127.0.0.1", 8).normal); end); end); end);