diff options
6 files changed, 73 insertions, 28 deletions
diff --git a/tests/Jellyfin.Api.Tests/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandlerTests.cs index 991ea3262..a62fd8d5a 100644 --- a/tests/Jellyfin.Api.Tests/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandlerTests.cs +++ b/tests/Jellyfin.Api.Tests/Auth/DefaultAuthorizationPolicy/DefaultAuthorizationHandlerTests.cs @@ -39,11 +39,10 @@ namespace Jellyfin.Api.Tests.Auth.DefaultAuthorizationPolicy public async Task ShouldSucceedOnUser(string userRole) { TestHelpers.SetupConfigurationManager(_configurationManagerMock, true); - var (_, claims) = TestHelpers.SetupUser( + var claims = TestHelpers.SetupUser( _userManagerMock, _httpContextAccessor, - userRole, - TestHelpers.InternalIp); + userRole); var context = new AuthorizationHandlerContext(_requirements, claims, null); diff --git a/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandlerTests.cs index 2b4941908..ee42216e4 100644 --- a/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandlerTests.cs +++ b/tests/Jellyfin.Api.Tests/Auth/FirstTimeSetupOrElevatedPolicy/FirstTimeSetupOrElevatedHandlerTests.cs @@ -39,11 +39,10 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupOrElevatedPolicy public async Task ShouldSucceedIfStartupWizardIncomplete(string userRole) { TestHelpers.SetupConfigurationManager(_configurationManagerMock, false); - var (_, claims) = TestHelpers.SetupUser( + var claims = TestHelpers.SetupUser( _userManagerMock, _httpContextAccessor, - userRole, - TestHelpers.InternalIp); + userRole); var context = new AuthorizationHandlerContext(_requirements, claims, null); @@ -58,11 +57,10 @@ namespace Jellyfin.Api.Tests.Auth.FirstTimeSetupOrElevatedPolicy public async Task ShouldRequireAdministratorIfStartupWizardComplete(string userRole, bool shouldSucceed) { TestHelpers.SetupConfigurationManager(_configurationManagerMock, true); - var (_, claims) = TestHelpers.SetupUser( + var claims = TestHelpers.SetupUser( _userManagerMock, _httpContextAccessor, - userRole, - TestHelpers.InternalIp); + userRole); var context = new AuthorizationHandlerContext(_requirements, claims, null); diff --git a/tests/Jellyfin.Api.Tests/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandlerTests.cs index 25acfb581..b65d45aa0 100644 --- a/tests/Jellyfin.Api.Tests/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandlerTests.cs +++ b/tests/Jellyfin.Api.Tests/Auth/IgnoreSchedulePolicy/IgnoreScheduleHandlerTests.cs @@ -24,6 +24,9 @@ namespace Jellyfin.Api.Tests.Auth.IgnoreSchedulePolicy private readonly Mock<IUserManager> _userManagerMock; private readonly Mock<IHttpContextAccessor> _httpContextAccessor; + /// <summary> + /// Globally disallow access. + /// </summary> private readonly AccessSchedule[] _accessSchedules = { new AccessSchedule(DynamicDayOfWeek.Everyday, 0, 0, Guid.Empty) }; public IgnoreScheduleHandlerTests() @@ -44,11 +47,10 @@ namespace Jellyfin.Api.Tests.Auth.IgnoreSchedulePolicy public async Task ShouldAllowScheduleCorrectly(string role, bool shouldSucceed) { TestHelpers.SetupConfigurationManager(_configurationManagerMock, true); - var (_, claims) = TestHelpers.SetupUser( + var claims = TestHelpers.SetupUser( _userManagerMock, _httpContextAccessor, role, - TestHelpers.InternalIp, _accessSchedules); var context = new AuthorizationHandlerContext(_requirements, claims, null); diff --git a/tests/Jellyfin.Api.Tests/Auth/LocalAccessPolicy/LocalAccessHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/LocalAccessPolicy/LocalAccessHandlerTests.cs new file mode 100644 index 000000000..09ffa8468 --- /dev/null +++ b/tests/Jellyfin.Api.Tests/Auth/LocalAccessPolicy/LocalAccessHandlerTests.cs @@ -0,0 +1,58 @@ +using System.Collections.Generic; +using System.Threading.Tasks; +using AutoFixture; +using AutoFixture.AutoMoq; +using Jellyfin.Api.Auth.LocalAccessPolicy; +using Jellyfin.Api.Constants; +using MediaBrowser.Common.Configuration; +using MediaBrowser.Common.Net; +using MediaBrowser.Controller.Library; +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Http; +using Moq; +using Xunit; + +namespace Jellyfin.Api.Tests.Auth.LocalAccessPolicy +{ + public class LocalAccessHandlerTests + { + private readonly Mock<IConfigurationManager> _configurationManagerMock; + private readonly List<IAuthorizationRequirement> _requirements; + private readonly LocalAccessHandler _sut; + private readonly Mock<IUserManager> _userManagerMock; + private readonly Mock<IHttpContextAccessor> _httpContextAccessor; + private readonly Mock<INetworkManager> _networkManagerMock; + + public LocalAccessHandlerTests() + { + var fixture = new Fixture().Customize(new AutoMoqCustomization()); + _configurationManagerMock = fixture.Freeze<Mock<IConfigurationManager>>(); + _requirements = new List<IAuthorizationRequirement> { new LocalAccessRequirement() }; + _userManagerMock = fixture.Freeze<Mock<IUserManager>>(); + _httpContextAccessor = fixture.Freeze<Mock<IHttpContextAccessor>>(); + _networkManagerMock = fixture.Freeze<Mock<INetworkManager>>(); + + _sut = fixture.Create<LocalAccessHandler>(); + } + + [Theory] + [InlineData(true, true)] + [InlineData(false, false)] + public async Task LocalAccessOnly(bool isInLocalNetwork, bool shouldSucceed) + { + _networkManagerMock + .Setup(n => n.IsInLocalNetwork(It.IsAny<string>())) + .Returns(isInLocalNetwork); + + TestHelpers.SetupConfigurationManager(_configurationManagerMock, true); + var claims = TestHelpers.SetupUser( + _userManagerMock, + _httpContextAccessor, + UserRoles.User); + + var context = new AuthorizationHandlerContext(_requirements, claims, null); + await _sut.HandleAsync(context); + Assert.Equal(shouldSucceed, context.HasSucceeded); + } + } +} diff --git a/tests/Jellyfin.Api.Tests/Auth/RequiresElevationPolicy/RequiresElevationHandlerTests.cs b/tests/Jellyfin.Api.Tests/Auth/RequiresElevationPolicy/RequiresElevationHandlerTests.cs index f4617d0a4..ffe88fcde 100644 --- a/tests/Jellyfin.Api.Tests/Auth/RequiresElevationPolicy/RequiresElevationHandlerTests.cs +++ b/tests/Jellyfin.Api.Tests/Auth/RequiresElevationPolicy/RequiresElevationHandlerTests.cs @@ -39,11 +39,10 @@ namespace Jellyfin.Api.Tests.Auth.RequiresElevationPolicy public async Task ShouldHandleRolesCorrectly(string role, bool shouldSucceed) { TestHelpers.SetupConfigurationManager(_configurationManagerMock, true); - var (_, claims) = TestHelpers.SetupUser( + var claims = TestHelpers.SetupUser( _userManagerMock, _httpContextAccessor, - role, - TestHelpers.InternalIp); + role); var context = new AuthorizationHandlerContext(_requirements, claims, null); diff --git a/tests/Jellyfin.Api.Tests/TestHelpers.cs b/tests/Jellyfin.Api.Tests/TestHelpers.cs index 4617486fd..a4dd4e409 100644 --- a/tests/Jellyfin.Api.Tests/TestHelpers.cs +++ b/tests/Jellyfin.Api.Tests/TestHelpers.cs @@ -18,21 +18,10 @@ namespace Jellyfin.Api.Tests { public static class TestHelpers { - /// <summary> - /// 127.0.0.1. - /// </summary> - public const long InternalIp = 16777343; - - /// <summary> - /// 1.1.1.1. - /// </summary> - public const long ExternalIp = 16843009; - - public static (User, ClaimsPrincipal) SetupUser( + public static ClaimsPrincipal SetupUser( Mock<IUserManager> userManagerMock, Mock<IHttpContextAccessor> httpContextAccessorMock, string role, - long ip, IEnumerable<AccessSchedule>? accessSchedules = null) { var user = new User( @@ -72,9 +61,9 @@ namespace Jellyfin.Api.Tests httpContextAccessorMock .Setup(h => h.HttpContext.Connection.RemoteIpAddress) - .Returns(new IPAddress(ip)); + .Returns(new IPAddress(0)); - return (user, new ClaimsPrincipal(identity)); + return new ClaimsPrincipal(identity); } public static void SetupConfigurationManager(in Mock<IConfigurationManager> configurationManagerMock, bool startupWizardCompleted) |