github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-22 07:01:20 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FEATURE: allow restricting API keys to a particular range

Browse Source
This commit is contained in:
Sam
2014-11-20 15:21:49 +11:00
parent 4aec3c8c4c
commit a9cda0f947
2 changed files with 27 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
spec/components/auth/default_current_user_provider_spec.rb
View File

@ -31,6 +31,27 @@ describe Auth::DefaultCurrentUserProvider do
}.to raise_error(Discourse::InvalidAccess)
end
it "raises for a user with a mismatching ip" do
user = Fabricate(:user)
ApiKey.create!(key: "hello", user_id: user.id, created_by_id: -1, allowed_ips: ['10.0.0.0/24'])
expect{
provider("/?api_key=hello&api_username=#{user.username.downcase}", "REMOTE_ADDR" => "10.1.0.1").current_user
}.to raise_error(Discourse::InvalidAccess)
end
it "allows a user with a matching ip" do
user = Fabricate(:user)
ApiKey.create!(key: "hello", user_id: user.id, created_by_id: -1, allowed_ips: ['10.0.0.0/24'])
found_user = provider("/?api_key=hello&api_username=#{user.username.downcase}",
"REMOTE_ADDR" => "10.0.0.22").current_user
found_user.id.should == user.id
end
it "finds a user for a correct system api key" do
user = Fabricate(:user)
ApiKey.create!(key: "hello", created_by_id: -1)