1 files changed, 37 insertions, 11 deletions

diff --git a/tests/Jellyfin.Networking.Tests/NetworkParseTests.cs b/tests/Jellyfin.Networking.Tests/NetworkParseTests.cs
index 4144300da..38208476f 100644
--- a/tests/Jellyfin.Networking.Tests/NetworkParseTests.cs
+++ b/tests/Jellyfin.Networking.Tests/NetworkParseTests.cs
@@ -79,7 +79,10 @@ namespace Jellyfin.Networking.Tests
         [InlineData("[fe80::7add:12ff:febb:c67b%16]")]
         [InlineData("fd23:184f:2029:0:3139:7386:67d7:d517/56")]
         public static void TryParseValidIPStringsTrue(string address)
-            => Assert.True(NetworkUtils.TryParseToSubnet(address, out _));
+        {
+            Assert.True(NetworkUtils.TryParseToSubnet(address, out _));
+            Assert.True(NetworkUtils.TryParseToSubnet('!' + address, out _, true));
+        }
 
         /// <summary>
         /// Checks invalid IP address formats.
@@ -278,17 +281,40 @@ namespace Jellyfin.Networking.Tests
         }
 
         [Theory]
-        [InlineData("185.10.10.10,200.200.200.200", "79.2.3.4", true)]
-        [InlineData("185.10.10.10", "185.10.10.10", false)]
-        [InlineData("", "100.100.100.100", false)]
+        [InlineData("185.10.10.10,200.200.200.200", "79.2.3.4", RemoteAccessPolicyResult.RejectDueToNotAllowlistedRemoteIP)]
+        [InlineData("185.10.10.10", "185.10.10.10", RemoteAccessPolicyResult.Allow)]
+        [InlineData("", "100.100.100.100", RemoteAccessPolicyResult.Allow)]
+
+        public void HasRemoteAccess_GivenWhitelist_AllowsOnlyIPsInWhitelist(string addresses, string remoteIP, RemoteAccessPolicyResult expectedResult)
+        {
+            // Comma separated list of IP addresses or IP/netmask entries for networks that will be allowed to connect remotely.
+            // If left blank, all remote addresses will be allowed.
+            var conf = new NetworkConfiguration()
+            {
+                EnableIPv4 = true,
+                RemoteIPFilter = addresses.Split(','),
+                IsRemoteIPFilterBlacklist = false
+            };
+
+            var startupConf = new Mock<IConfiguration>();
+            using var nm = new NetworkManager(NetworkParseTests.GetMockConfig(conf), startupConf.Object, new NullLogger<NetworkManager>());
+
+            Assert.Equal(expectedResult, nm.ShouldAllowServerAccess(IPAddress.Parse(remoteIP)));
+        }
+
+        [Theory]
+        [InlineData("185.10.10.10,200.200.200.200", "79.2.3.4", RemoteAccessPolicyResult.RejectDueToRemoteAccessDisabled)]
+        [InlineData("185.10.10.10", "127.0.0.1", RemoteAccessPolicyResult.Allow)]
+        [InlineData("", "100.100.100.100", RemoteAccessPolicyResult.RejectDueToRemoteAccessDisabled)]
 
-        public void HasRemoteAccess_GivenWhitelist_AllowsOnlyIPsInWhitelist(string addresses, string remoteIP, bool denied)
+        public void HasRemoteAccess_GivenRemoteAccessDisabled_IgnoresAllowlist(string addresses, string remoteIP, RemoteAccessPolicyResult expectedResult)
         {
             // Comma separated list of IP addresses or IP/netmask entries for networks that will be allowed to connect remotely.
             // If left blank, all remote addresses will be allowed.
             var conf = new NetworkConfiguration()
             {
                 EnableIPv4 = true,
+                EnableRemoteAccess = false,
                 RemoteIPFilter = addresses.Split(','),
                 IsRemoteIPFilterBlacklist = false
             };
@@ -296,15 +322,15 @@ namespace Jellyfin.Networking.Tests
             var startupConf = new Mock<IConfiguration>();
             using var nm = new NetworkManager(NetworkParseTests.GetMockConfig(conf), startupConf.Object, new NullLogger<NetworkManager>());
 
-            Assert.NotEqual(nm.HasRemoteAccess(IPAddress.Parse(remoteIP)), denied);
+            Assert.Equal(expectedResult, nm.ShouldAllowServerAccess(IPAddress.Parse(remoteIP)));
         }
 
         [Theory]
-        [InlineData("185.10.10.10", "79.2.3.4", false)]
-        [InlineData("185.10.10.10", "185.10.10.10", true)]
-        [InlineData("", "100.100.100.100", false)]
+        [InlineData("185.10.10.10", "79.2.3.4", RemoteAccessPolicyResult.Allow)]
+        [InlineData("185.10.10.10", "185.10.10.10", RemoteAccessPolicyResult.RejectDueToIPBlocklist)]
+        [InlineData("", "100.100.100.100", RemoteAccessPolicyResult.Allow)]
 
-        public void HasRemoteAccess_GivenBlacklist_BlacklistTheIPs(string addresses, string remoteIP, bool denied)
+        public void HasRemoteAccess_GivenBlacklist_BlacklistTheIPs(string addresses, string remoteIP, RemoteAccessPolicyResult expectedResult)
         {
             // Comma separated list of IP addresses or IP/netmask entries for networks that will be allowed to connect remotely.
             // If left blank, all remote addresses will be allowed.
@@ -318,7 +344,7 @@ namespace Jellyfin.Networking.Tests
             var startupConf = new Mock<IConfiguration>();
             using var nm = new NetworkManager(NetworkParseTests.GetMockConfig(conf), startupConf.Object, new NullLogger<NetworkManager>());
 
-            Assert.NotEqual(nm.HasRemoteAccess(IPAddress.Parse(remoteIP)), denied);
+            Assert.Equal(expectedResult, nm.ShouldAllowServerAccess(IPAddress.Parse(remoteIP)));
         }
 
         [Theory]