feature(api): add forbidden_network? to api_token

2023-12-21 13:59:21 +01:00 · 2023-12-21 13:59:21 +01:00 · 6e5678d1c2
commit 6e5678d1c2
parent 352924ed52
2 changed files with 38 additions and 0 deletions
--- a/app/models/api_token.rb
+++ b/app/models/api_token.rb
@ -65,6 +65,12 @@ class APIToken < ApplicationRecord
    end
  end

+  def forbidden_network?(ip)
+    return false if authorized_networks.blank?
+
+    authorized_networks.none? { |range| range.include?(ip) }
+  end
+
  class << self
    def generate(administrateur)
      plain_token = generate_unique_secure_token
--- a/spec/models/api_token_spec.rb
+++ b/spec/models/api_token_spec.rb
@ -177,4 +177,36 @@ describe APIToken, type: :model do
      it { is_expected.to eq([IPAddr.new(ip)]) }
    end
  end
+
+  describe '#forbidden_network?' do
+    let(:api_token_and_packed_token) { APIToken.generate(administrateur) }
+    let(:api_token) { api_token_and_packed_token.first }
+    let(:authorized_networks) { [] }
+
+    before { api_token.update!(authorized_networks: authorized_networks) }
+
+    subject { api_token.forbidden_network?(ip) }
+
+    context 'when no authorized networks are defined' do
+      let(:ip) { '192.168.1.1' }
+
+      it { is_expected.to be_falsey }
+    end
+
+    context 'when a single authorized network is defined' do
+      let(:authorized_networks) { [IPAddr.new('192.168.1.0/24')] }
+
+      context 'and the request comes from it' do
+        let(:ip) { '192.168.1.1' }
+
+        it { is_expected.to be_falsey }
+      end
+
+      context 'and the request does not come from it' do
+        let(:ip) { '192.168.2.1' }
+
+        it { is_expected.to be_truthy }
+      end
+    end
+  end
 end