File

spec/util_ip_spec.lua @ 12953:ebe3b2f96cad

mod_tokenauth: Switch to new token format (invalidates existing tokens!) The new format has the following properties: - 5 bytes longer than the previous format - The token now has separate 'id' and 'secret' parts - the token itself is no longer stored in the DB, and the secret part is hashed - The only variable length field (JID) has been moved to the end - The 'secret-token:' prefix (RFC 8959) is now included Compatibility with the old token format was not maintained, and all previously issued tokens are invalid after this commit (they will be removed from the DB if used).
author Matthew Wild <mwild1@gmail.com>
date Tue, 21 Mar 2023 14:33:29 +0000 (21 months ago)
parent 12934:c6dffebab2f8
line wrap: on
line source

local ip = require "util.ip";

local new_ip = ip.new_ip;
local match = ip.match;
local parse_cidr = ip.parse_cidr;
local commonPrefixLength = ip.commonPrefixLength;

describe("util.ip", function()
	describe("#match()", function()
		it("should work", function()
			local _ = new_ip;
			local ip = _"10.20.30.40";
			assert.are.equal(match(ip, _"10.0.0.0", 8), true);
			assert.are.equal(match(ip, _"10.0.0.0", 16), false);
			assert.are.equal(match(ip, _"10.0.0.0", 24), false);
			assert.are.equal(match(ip, _"10.0.0.0", 32), false);

			assert.are.equal(match(ip, _"10.20.0.0", 8), true);
			assert.are.equal(match(ip, _"10.20.0.0", 16), true);
			assert.are.equal(match(ip, _"10.20.0.0", 24), false);
			assert.are.equal(match(ip, _"10.20.0.0", 32), false);

			assert.are.equal(match(ip, _"0.0.0.0", 32), false);
			assert.are.equal(match(ip, _"0.0.0.0", 0), true);
			assert.are.equal(match(ip, _"0.0.0.0"), false);

			assert.are.equal(match(ip, _"10.0.0.0", 255), false, "excessive number of bits");
			assert.are.equal(match(ip, _"10.0.0.0", -8), true, "negative number of bits");
			assert.are.equal(match(ip, _"10.0.0.0", -32), true, "negative number of bits");
			assert.are.equal(match(ip, _"10.0.0.0", 0), true, "zero bits");
			assert.are.equal(match(ip, _"10.0.0.0"), false, "no specified number of bits (differing ip)");
			assert.are.equal(match(ip, _"10.20.30.40"), true, "no specified number of bits (same ip)");

			assert.are.equal(match(_"127.0.0.1", _"127.0.0.1"), true, "simple ip");

			assert.are.equal(match(_"8.8.8.8", _"8.8.0.0", 16), true);
			assert.are.equal(match(_"8.8.4.4", _"8.8.0.0", 16), true);
		end);
	end);

	describe("#parse_cidr()", function()
		it("should work", function()
			assert.are.equal(new_ip"0.0.0.0", new_ip"0.0.0.0")

			local function assert_cidr(cidr, ip, bits)
				local parsed_ip, parsed_bits = parse_cidr(cidr);
				assert.are.equal(new_ip(ip), parsed_ip, cidr.." parsed ip is "..ip);
				assert.are.equal(bits, parsed_bits, cidr.." parsed bits is "..tostring(bits));
			end
			assert_cidr("0.0.0.0", "0.0.0.0", nil);
			assert_cidr("127.0.0.1", "127.0.0.1", nil);
			assert_cidr("127.0.0.1/0", "127.0.0.1", 0);
			assert_cidr("127.0.0.1/8", "127.0.0.1", 8);
			assert_cidr("127.0.0.1/32", "127.0.0.1", 32);
			assert_cidr("127.0.0.1/256", "127.0.0.1", 256);
			assert_cidr("::/48", "::", 48);
		end);
	end);

	describe("#new_ip()", function()
		it("should work", function()
			local v4, v6 = "IPv4", "IPv6";
			local function assert_proto(s, proto)
				local ip = new_ip(s);
				if proto then
					assert.are.equal(ip and ip.proto, proto, "protocol is correct for "..("%q"):format(s));
				else
					assert.are.equal(ip, nil, "address is invalid");
				end
			end
			assert_proto("127.0.0.1", v4);
			assert_proto("::1", v6);
			assert_proto("", nil);
			assert_proto("abc", nil);
			assert_proto("   ", nil);
		end);
	end);

	describe("#commonPrefixLength()", function()
		it("should work", function()
			local function assert_cpl6(a, b, len, v4)
				local ipa, ipb = new_ip(a), new_ip(b);
				if v4 then len = len+96; end
				assert.are.equal(commonPrefixLength(ipa, ipb), len, "common prefix length of "..a.." and "..b.." is "..len);
				assert.are.equal(commonPrefixLength(ipb, ipa), len, "common prefix length of "..b.." and "..a.." is "..len);
			end
			local function assert_cpl4(a, b, len)
				return assert_cpl6(a, b, len, "IPv4");
			end
			assert_cpl4("0.0.0.0", "0.0.0.0", 32);
			assert_cpl4("255.255.255.255", "0.0.0.0", 0);
			assert_cpl4("255.255.255.255", "255.255.0.0", 16);
			assert_cpl4("255.255.255.255", "255.255.255.255", 32);
			assert_cpl4("255.255.255.255", "255.255.255.255", 32);

			assert_cpl6("::1", "::1", 128);
			assert_cpl6("abcd::1", "abcd::1", 128);
			assert_cpl6("abcd::abcd", "abcd::", 112);
			assert_cpl6("abcd::abcd", "abcd::abcd:abcd", 96);
		end);
	end);

	describe("#truncate()", function ()
		it("should work for IPv4", function ()
			local ip1 = ip.new_ip("192.168.0.1");
			local ip2 = ip.truncate(ip1, 16);
			assert.truthy(ip.is_ip(ip2));
			assert.equal("192.168.0.0", ip2.normal);
			assert.equal("192.168.0.1", ip1.normal); -- original unmodified
		end);

		it("should work for IPv6", function ()
			local ip1 = ip.new_ip("2001:db8::ff00:42:8329");
			local ip2 = ip.truncate(ip1, 24);
			assert.truthy(ip.is_ip(ip2));
			assert.equal("2001:d00::", ip2.normal);
			assert.equal("2001:db8::ff00:42:8329", ip1.normal); -- original unmodified
		end);

		it("accepts a string", function ()
			assert.equal("127.0.0.0", ip.truncate("127.0.0.1", 8).normal);
		end);
	end);
end);