From 4550d4366c57fef4ffa8bc31f9e4a9fd105a0745 Mon Sep 17 00:00:00 2001 From: Ilakoze Jumanne Date: Thu, 4 Nov 2021 15:37:46 +0300 Subject: [PATCH 1/2] Fixed IP whitelist authorization --- src/middleware/authorisation.js | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/middleware/authorisation.js b/src/middleware/authorisation.js index 01bb67a74..6a9fca2c2 100644 --- a/src/middleware/authorisation.js +++ b/src/middleware/authorisation.js @@ -43,7 +43,7 @@ function authoriseIP(channel, ctx) { if ((channel.whitelist != null ? channel.whitelist.length : undefined) > 0) { return Array.from(channel.whitelist).includes(ctx.ip) } else { - return true // whitelist auth not required + return false } } @@ -52,8 +52,9 @@ export async function authorise(ctx, done) { if ( channel != null && - authoriseIP(channel, ctx) && - (channel.authType === 'public' || authoriseClient(channel, ctx)) + (channel.authType === 'public' || + authoriseClient(channel, ctx) || + authoriseIP(channel, ctx)) ) { // authorisation succeeded ctx.authorisedChannel = channel From a4356c355a9bb203aee911187408ba31c80d3af1 Mon Sep 17 00:00:00 2001 From: Ilakoze Jumanne Date: Fri, 5 Nov 2021 12:44:45 +0300 Subject: [PATCH 2/2] Fixed failing tests --- test/integration/httpTests.js | 4 ++-- test/unit/authorisationTest.js | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/test/integration/httpTests.js b/test/integration/httpTests.js index 78c8958e4..a676b3a77 100644 --- a/test/integration/httpTests.js +++ b/test/integration/httpTests.js @@ -296,13 +296,13 @@ describe('HTTP tests', () => { .expect(201) }) - it('should deny access on POST - Private Channel with whitelisted IP but incorrect client role', async () => { + it('should allow access on POST - Private Channel with whitelisted IP but incorrect client role', async () => { await promisify(server.start)({httpPort: SERVER_PORTS.httpPort}) await request(constants.HTTP_BASE_URL) .post('/un-auth') .send(testDoc) .auth('testApp', 'password') - .expect(401) + .expect(201) }) it('should return 201 CREATED on POST - Private Channel with whitelisted IP and correct client role', async () => { diff --git a/test/unit/authorisationTest.js b/test/unit/authorisationTest.js index a343774d1..8eb700786 100644 --- a/test/unit/authorisationTest.js +++ b/test/unit/authorisationTest.js @@ -235,12 +235,12 @@ describe('Authorisation middleware', () => { return actual.should.be.false() }) - it('should return true if there are no whitelist entires', () => { + it('should return false if there are no whitelist entires', () => { const ctx = {ip: '192.168.0.11'} const channel = {whitelist: null} const authoriseIP = authorisation.__get__('authoriseIP') const actual = authoriseIP(channel, ctx) - return actual.should.be.true() + return actual.should.be.false() }) }) })