prosody
fdb2e0568cf8
spec/util_ip_spec.lua

Find changesets by keywords by author, files, the commit message, revision number or hash, or revset expression.

Software / code / prosody

File

spec/util_ip_spec.lua @ 13587:fdb2e0568cf8

mod_authz_internal: Make 'prosody:guest' default role for all unknown JIDs This fixes an issue where e.g. remote users or even other users on the server were unable to list MUC rooms. We want to define a permission to list MUC rooms, but we want it to be available to everyone by default (the traditional behaviour). prosody:guest is the lowest role we have. I ran a quick check and it isn't really used for anything right now that would be concerning. It was originally designed for anonymous logins. I think it's safe to treat remote JIDs as equivalent, since we have no trust relationship with anonymous users either.
author Matthew Wild <mwild1@gmail.com>
date Tue, 07 Jan 2025 14:41:32 +0000
parent 13428:dc1ad5f3f597
line wrap: on
line source


local ip = require "util.ip";

local new_ip = ip.new_ip;
local match = ip.match;
local parse_cidr = ip.parse_cidr;
local commonPrefixLength = ip.commonPrefixLength;

describe("util.ip", function()
	describe("#match()", function()
		it("should work", function()
			local _ = new_ip;
			local ip = _"10.20.30.40";
			assert.are.equal(match(ip, _"10.0.0.0", 8), true);
			assert.are.equal(match(ip, _"10.0.0.0", 16), false);
			assert.are.equal(match(ip, _"10.0.0.0", 24), false);
			assert.are.equal(match(ip, _"10.0.0.0", 32), false);

			assert.are.equal(match(ip, _"10.20.0.0", 8), true);
			assert.are.equal(match(ip, _"10.20.0.0", 16), true);
			assert.are.equal(match(ip, _"10.20.0.0", 24), false);
			assert.are.equal(match(ip, _"10.20.0.0", 32), false);

			assert.are.equal(match(ip, _"0.0.0.0", 32), false);
			assert.are.equal(match(ip, _"0.0.0.0", 0), true);
			assert.are.equal(match(ip, _"0.0.0.0"), false);

			assert.are.equal(match(ip, _"10.0.0.0", 255), false, "excessive number of bits");
			assert.are.equal(match(ip, _"10.0.0.0", -8), true, "negative number of bits");
			assert.are.equal(match(ip, _"10.0.0.0", -32), true, "negative number of bits");
			assert.are.equal(match(ip, _"10.0.0.0", 0), true, "zero bits");
			assert.are.equal(match(ip, _"10.0.0.0"), false, "no specified number of bits (differing ip)");
			assert.are.equal(match(ip, _"10.20.30.40"), true, "no specified number of bits (same ip)");

			assert.are.equal(match(_"127.0.0.1", _"127.0.0.1"), true, "simple ip");

			assert.are.equal(match(_"8.8.8.8", _"8.8.0.0", 16), true);
			assert.are.equal(match(_"8.8.4.4", _"8.8.0.0", 16), true);

			assert.are.equal(match(_"fe80::1", _"fec0::", 10), false);
		end);
	end);

	describe("#parse_cidr()", function()
		it("should work", function()
			assert.are.equal(new_ip"0.0.0.0", new_ip"0.0.0.0")

			local function assert_cidr(cidr, ip, bits)
				local parsed_ip, parsed_bits = parse_cidr(cidr);
				assert.are.equal(new_ip(ip), parsed_ip, cidr.." parsed ip is "..ip);
				assert.are.equal(bits, parsed_bits, cidr.." parsed bits is "..tostring(bits));
			end
			assert_cidr("0.0.0.0", "0.0.0.0", nil);
			assert_cidr("127.0.0.1", "127.0.0.1", nil);
			assert_cidr("127.0.0.1/0", "127.0.0.1", 0);
			assert_cidr("127.0.0.1/8", "127.0.0.1", 8);
			assert_cidr("127.0.0.1/32", "127.0.0.1", 32);
			assert_cidr("127.0.0.1/256", "127.0.0.1", 256);
			assert_cidr("::/48", "::", 48);
		end);
	end);

	describe("#new_ip()", function()
		it("should work", function()
			local v4, v6 = "IPv4", "IPv6";
			local function assert_proto(s, proto)
				local ip = new_ip(s);
				if proto then
					assert.are.equal(ip and ip.proto, proto, "protocol is correct for "..("%q"):format(s));
				else
					assert.are.equal(ip, nil, "address is invalid");
				end
			end
			assert_proto("127.0.0.1", v4);
			assert_proto("::1", v6);
			assert_proto("", nil);
			assert_proto("abc", nil);
			assert_proto("   ", nil);
		end);
	end);

	describe("#commonPrefixLength()", function()
		it("should work", function()
			local function assert_cpl6(a, b, len, v4)
				local ipa, ipb = new_ip(a), new_ip(b);
				if v4 then len = len+96; end
				assert.are.equal(commonPrefixLength(ipa, ipb), len, "common prefix length of "..a.." and "..b.." is "..len);
				assert.are.equal(commonPrefixLength(ipb, ipa), len, "common prefix length of "..b.." and "..a.." is "..len);
			end
			local function assert_cpl4(a, b, len)
				return assert_cpl6(a, b, len, "IPv4");
			end
			assert_cpl4("0.0.0.0", "0.0.0.0", 32);
			assert_cpl4("255.255.255.255", "0.0.0.0", 0);
			assert_cpl4("255.255.255.255", "255.255.0.0", 16);
			assert_cpl4("255.255.255.255", "255.255.255.255", 32);
			assert_cpl4("255.255.255.255", "255.255.255.255", 32);

			assert_cpl6("::1", "::1", 128);
			assert_cpl6("abcd::1", "abcd::1", 128);
			assert_cpl6("abcd::abcd", "abcd::", 112);
			assert_cpl6("abcd::abcd", "abcd::abcd:abcd", 96);

			assert_cpl6("fe80::1", "fec0::", 9);
		end);
	end);

	describe("#truncate()", function ()
		it("should work for IPv4", function ()
			local ip1 = ip.new_ip("192.168.0.1");
			local ip2 = ip.truncate(ip1, 16);
			assert.truthy(ip.is_ip(ip2));
			assert.equal("192.168.0.0", ip2.normal);
			assert.equal("192.168.0.1", ip1.normal); -- original unmodified
		end);

		it("should work for IPv6", function ()
			local ip1 = ip.new_ip("2001:db8::ff00:42:8329");
			local ip2 = ip.truncate(ip1, 24);
			assert.truthy(ip.is_ip(ip2));
			assert.equal("2001:d00::", ip2.normal);
			assert.equal("2001:db8::ff00:42:8329", ip1.normal); -- original unmodified
		end);

		it("accepts a string", function ()
			assert.equal("127.0.0.0", ip.truncate("127.0.0.1", 8).normal);
		end);
	end);
end);