jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

tokens: add ip restriction

Browse Source
This commit is contained in:
Girish Ramakrishnan
2025-03-07 11:53:03 +01:00
parent 2b0fd17fbf
commit 5342dae5b3
21 changed files with 177 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/test/api-test.js
+2 -1
View File
@@ -82,7 +82,8 @@ describe('API', function () {
identifier: owner.id,
clientId: 'clientid-2',
expires: Date.now() + 2000, // expires in 3 seconds
lastUsedTime: null
lastUsedTime: null,
allowedIpRanges: '127.0.0.1'
};
const result = await tokens.add(token2);
src/routes/test/common.js
+2 -2
View File
@@ -149,7 +149,7 @@ async function setup() {
expect(response.status).to.equal(201);
admin.id = response.body.id;
// HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
const token1 = await tokens.add({ identifier: admin.id, clientId: tokens.ID_WEBADMIN, expires: Date.now() + (60 * 60 * 1000), name: 'fromtest' });
const token1 = await tokens.add({ identifier: admin.id, clientId: tokens.ID_WEBADMIN, expires: Date.now() + (60 * 60 * 1000), name: 'fromtest', allowedIpRanges: '' });
admin.token = token1.accessToken;
// create user
@@ -159,7 +159,7 @@ async function setup() {
expect(response.status).to.equal(201);
user.id = response.body.id;
// HACK to get a token for second user (passwords are generated and the user should have gotten a password setup link...)
const token2 = await tokens.add({ identifier: user.id, clientId: tokens.ID_WEBADMIN, expires: Date.now() + (60 * 60 * 1000), name: 'fromtest' });
const token2 = await tokens.add({ identifier: user.id, clientId: tokens.ID_WEBADMIN, expires: Date.now() + (60 * 60 * 1000), name: 'fromtest', allowedIpRanges: '' });
user.token = token2.accessToken;
// create app object
src/routes/test/profile-test.js
+1 -1
View File
@@ -60,7 +60,7 @@ describe('Profile API', function () {
});
it('fails with expired token', async function () {
const token = await tokens.add({ identifier: '0', clientId: 'clientid-0', expires: Date.now() - 2000 });
const token = await tokens.add({ identifier: '0', clientId: 'clientid-0', expires: Date.now() - 2000, allowedIpRanges: '' });
expect(token.accessToken).to.be.a('string');
const response = await superagent.get(`${serverUrl}/api/v1/profile`)
src/routes/test/tokens-test.js
+29
View File
@@ -79,6 +79,35 @@ describe('Tokens API', function () {
});
});
describe('allowedIpRanges', function () {
let allowedRangeToken;
it('cannot create token with bad range', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/tokens`)
.query({ access_token: owner.token })
.send({ name: 'mytoken1', allowedIpRanges: 'What' })
.ok(() => true);
expect(response.status).to.equal(400);
});
it('can create token with valid range', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/tokens`)
.query({ access_token: owner.token })
.send({ name: 'mytoken1', allowedIpRanges: '#this is localhost\n10.0.0.0/8' });
expect(response.status).to.equal(201);
allowedRangeToken = response.body;
});
it('cannot use access restricted token', async function () {
const response = await superagent.get(`${serverUrl}/api/v1/tokens`)
.query({ access_token: allowedRangeToken.accessToken })
.ok(() => true);
expect(response.status).to.equal(401);
});
});
describe('readonly token', function () {
it('cannot create token with read only token', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/tokens`)