Fix usage of RFC 5737 address

Address range 192.0.2.0/24 is reserved for documentation according to RFC
5737. The recommendation is to reject routing of this address range on
routers, but as this is not mandatory, it might happen that the address
is really routed. The tests on Docker on Windows fail because of this it,
the fail reason is different to the expected one.

Fix this by configuring Nginx to listen on 127.0.0.1:80 (and not
0.0.0.0:80) and connecting to 127.1.2.3 instead of 192.0.2.1.

Signed-off-by: Oldřich Jedlička <[email protected]>

Author: oldium

tests/spec/access_token_access_spec.lua

@@ -202,7 +202,7 @@ describe("when token endpoint is not reachable", function()
     access_token_opts = {
       timeout = 40000,
       discovery = {
-        token_endpoint = "http://192.0.2.1/"
+        token_endpoint = "http://127.1.2.3/"
       }
     },
     token_response_expires_in = 0
@@ -219,7 +219,7 @@ describe("when token endpoint is not reachable", function()
     assert.are.equals(401, status)
   end)
   it("an error has been logged", function()
-    assert.error_log_contains("access_token error: accessing token endpoint.*%(http://192.0.2.1/%) failed")
+    assert.error_log_contains("access_token error: accessing token endpoint.*%(http://127.1.2.3/%) failed")
   end)
 end)
 

tests/spec/bearer_token_verification_spec.lua

@@ -464,7 +464,7 @@ describe("when jwks endpoint is not reachable", function()
     verify_opts = {
       timeout = 40000,
       discovery = {
-        jwks_uri = "http://192.0.2.1/"
+        jwks_uri = "http://127.1.2.3/"
       }
     },
   })
@@ -478,7 +478,7 @@ describe("when jwks endpoint is not reachable", function()
     assert.are.equals(401, status)
   end)
   it("an error has been logged", function()
-    assert.error_log_contains("Invalid token: accessing jwks url.*%(http://192.0.2.1/%) failed")
+    assert.error_log_contains("Invalid token: accessing jwks url.*%(http://127.1.2.3/%) failed")
   end)
 end)
 

tests/spec/introspection_spec.lua

@@ -396,7 +396,7 @@ describe("when introspection endpoint is not reachable", function()
   test_support.start_server({
     introspection_opts = {
       timeout = 40000,
-      introspection_endpoint = "http://192.0.2.1/"
+      introspection_endpoint = "http://127.1.2.3/"
     },
   })
   teardown(test_support.stop_server)
@@ -409,7 +409,7 @@ describe("when introspection endpoint is not reachable", function()
     assert.are.equals(401, status)
   end)
   it("an error has been logged", function()
-    assert.error_log_contains("Introspection error:.*accessing introspection endpoint %(http://192.0.2.1/%) failed")
+    assert.error_log_contains("Introspection error:.*accessing introspection endpoint %(http://127.1.2.3/%) failed")
   end)
 end)
 

tests/spec/redirect_to_op_spec.lua

@@ -136,7 +136,7 @@ describe("when discovery endpoint is not reachable", function()
   test_support.start_server({
     oidc_opts = {
       timeout = 40000,
-      discovery = "http://192.0.2.1/"
+      discovery = "http://127.1.2.3/"
     },
   })
   teardown(test_support.stop_server)
@@ -148,7 +148,7 @@ describe("when discovery endpoint is not reachable", function()
     assert.are.equals(401, status)
   end)
   it("an error has been logged", function()
-    assert.error_log_contains("authenticate failed: accessing discovery url.*%(http://192.0.2.1/%) failed")
+    assert.error_log_contains("authenticate failed: accessing discovery url.*%(http://127.1.2.3/%) failed")
   end)
 end)
 

tests/spec/test_support.lua

@@ -160,7 +160,7 @@ http {
     server {
         log_subrequest on;
 
-        listen      80;
+        listen      127.0.0.1:80;
         #listen     443 ssl;
         #ssl_certificate     certificate-chain.crt;
         #ssl_certificate_key private.key;

tests/spec/token_request_spec.lua

@@ -153,7 +153,7 @@ describe("if token endpoint is not reachable", function()
     oidc_opts = {
       timeout = 40000,
       discovery = {
-        token_endpoint = "http://192.0.2.1/"
+        token_endpoint = "http://127.1.2.3/"
       }
     },
   })
@@ -163,7 +163,7 @@ describe("if token endpoint is not reachable", function()
     assert.are.equals(401, status)
   end)
   it("an error has been logged", function()
-    assert.error_log_contains("authenticate failed:.*accessing token endpoint %(http://192.0.2.1/%) failed")
+    assert.error_log_contains("authenticate failed:.*accessing token endpoint %(http://127.1.2.3/%) failed")
   end)
 end)
 

tests/spec/userinfo_spec.lua

@@ -75,7 +75,7 @@ describe("when userinfo endpoint is not reachable", function()
     oidc_opts = {
       timeout = 40000,
       discovery = {
-        userinfo_endpoint = "http://192.0.2.1/"
+        userinfo_endpoint = "http://127.1.2.3/"
       }
     },
   })
@@ -85,7 +85,7 @@ describe("when userinfo endpoint is not reachable", function()
     assert.are.equals(302, status)
   end)
   it("an error has been logged", function()
-    assert.error_log_contains(".*error calling userinfo endpoint: accessing %(http://192.0.2.1/%) failed")
+    assert.error_log_contains(".*error calling userinfo endpoint: accessing %(http://127.1.2.3/%) failed")
   end)
 end)