Write tests for use-cases

Created on 13 December 2023, about 1 year ago
Updated 15 May 2024, 7 months ago

Problem/Motivation

It became clear that the module doesn't always work properly, and it is hard to be sure everything will work when trying to create patches and fixes. See 🐛 Security: Bypassing the IP authentication is easy? Active .

Proposed resolution

We should identify all the ways the module should be used and create test cases.

Remaining tasks

Create a list of use-cases here, and write tests for them.

Maybe there is a way to run the REST module's test cases and verify that they still work with this module enabled?

Test cases

  • Site can be accessed by authenticated users with module enabled
  • Anonymous user can access site and log in with module enabled
  • Core resource
  • Custom resource
  • Make sure resources only apply to the correct routes
  • GET
  • PATCH
  • DELETE
  • POST
  • Whitelist empty: DENY
  • Whitelist dummy/invalid IP: DENY
  • Whitelist true IP, possibly with other IPs: ALLOW
  • Blacklist empty: ALLOW
  • Blacklist dummy/invalid IP: ALLOW
  • Blacklist true IP, possibly with other IPs: DENY
  • Different formats, like JSON, XML, etc.
  • Leaving out the format should not bypass IP address authentication
  • Batch operations still work
  • IPv6? Not sure how you would test that...
  • ...
📌 Task
Status

Active

Version

2.0

Component

Code

Created by

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @solideogloria
  • First commit to issue fork.
  • 🇦🇷Argentina tguerineau

    Hi @solideogloria,

    I wanted to share my progress on creating tests for the IP Consumer Auth module. I've been working on developing a comprehensive testing approach to cover various scenarios and ensure robust module functionality. More scenarios still need to be added.

    However, due to time constraints and other work commitments, I'm unable to continue this work for the time being. I'm pushing my current test code, which includes an initial implementation of functional tests for the module. The tests are designed to validate the behavior of IP whitelisting and blacklisting, and how they affect access to endpoints for different user roles.

    Please note that I have not been able to fully verify these tests due to environmental issues with my Lando setup, which prevented successful execution of PHPUnit tests. The tests are therefore unconfirmed in their current state but should serve as a starting point for further development and refinement.

    I hope this contribution will be useful and I look forward to seeing how the tests evolve. I regret that I'm unable to continue at this time, but I am keen to assist further when possible.

  • This is a really great start! I'll see if I can figure out how to run the tests and make some improvements.

  • I found ddev-drupal-contrib, which was linked at GitLab CI | Using GitLab to Contribute to Drupal . I've been looking for this. It should improve my workflow for contributing to modules, and it provides commands for running unit tests.

  • I made a whole bunch of improvements and changes. I fixed the PHPCS issues, used some inspiration from the key_auth module's tests, etc.

    The tests don't work yet. I can't get the client IP address to match in the authenticate function yet. Despite the IP being initially set to 127.0.0.1, when the request calls the authenticate() function, it shows my computer's IP address... Maybe I need to create a controller with a function and make a request just to get the actual IP for the tests? Or should I insert a mockup somewhere so that we can control what IP address gets compared?

    I also don't understand how to properly do mock ups or use Prophecy .

  • I haven't been using this module because of the issues it has. I think Restrict route by IP looks like a better option.

    I will note that I do understand how phpspec/prophecy works now, so if someone else wants to continue working on the tests, I could help explain what needs to be done.

Production build 0.71.5 2024