Skip to content

Commit

Permalink
Merge branch 'v2022.2.2'
Browse files Browse the repository at this point in the history
  • Loading branch information
@John-Chan
John-Chan committed Aug 5, 2024
2 parents f067612 + 3eeca20 commit 9b5900c
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 9 deletions.
20 changes: 12 additions & 8 deletions ...com/power4j/fist/cloud/gateway/authorization/filter/reactive/impl/UserIpAccessFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,18 +62,22 @@ private Mono<Void> applyRules(AuthContext ctx, ServerAuthFilterChain<AuthContext
}
}
}
// apply global rules
if (rules.containsKey(ANY_USER)) {
List<IPAddress> ipList = rules.get(ANY_USER);
for (IPAddress rule : ipList) {
if (rule.contains(accessIp)) {
if (log.isDebugEnabled()) {
log.debug("user [{}] allowed access from [{}] with global rule [{}]", username, accessIp, rule);
else {
// no user based rules, apply global rules
if (rules.containsKey(ANY_USER)) {
List<IPAddress> ipList = rules.get(ANY_USER);
for (IPAddress rule : ipList) {
if (rule.contains(accessIp)) {
if (log.isDebugEnabled()) {
log.debug("user [{}] allowed access from [{}] with global rule [{}]", username, accessIp,
rule);
}
return doNext(ctx, chain);
}
return doNext(ctx, chain);
}
}
}

return exitChain(ctx, AuthProblem.USER_IP_DENIED
.moreInfo(String.format("user [%s] not allowed access from [%s]", username, accessIp)));
}
Expand Down
16 changes: 16 additions & 0 deletions ...power4j/fist/cloud/gateway/authorization/filter/reactive/impl/UserIpAccessFilterTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@

import java.net.InetSocketAddress;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

Expand Down Expand Up @@ -109,4 +110,19 @@ void shouldDenyIfNotMatch() {
verify(authFilterChain, never()).filter(any());
}

@Test
void shouldNotApplyGlobalRuleWhenUserRuleExists() {
Map<String, List<IPAddress>> rules = new HashMap<>();
rules.put("admin", List.of(new IPAddressString("1.2.3.5").getAddress()));
rules.put("*", List.of(new IPAddressString("0.0.0.0/32").getAddress()));
UserIpAccessFilter filter = new UserIpAccessFilter(rules, 1);
when(authContext.getUserInfo()).thenReturn(null);
Mono<Void> result = filter.filter(authContext, authFilterChain);
StepVerifier.create(result).verifyComplete();
assertThat(authContext.getAuthState()).isNotNull();
assertThat(authContext.getAuthState().getProblem()).isNotNull();
assertThat(authContext.getAuthState().getProblem().getCode()).isEqualTo(AuthProblem.USER_IP_DENIED.getCode());
verify(authFilterChain, never()).filter(any());
}

}
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@

<properties>
<skipTests>false</skipTests>
<revision>2022.2.1</revision>
<revision>2022.2.2</revision>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<maven.compiler.target>11</maven.compiler.target>
Expand Down

0 comments on commit 9b5900c

Please sign in to comment.