Feature/01 test all the things

tests/test_register.py

@@ -1,5 +1,4 @@
-import base64
-from types import SimpleNamespace
+from subprocess import CompletedProcess
 
 pfctl_stdout_lines = b'''
 block drop quick proto tcp from <f2b-sendmail-auth> to any port = submission
@@ -7,31 +6,108 @@ block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtps
 block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtp
 block drop quick proto tcp from <f2b-sshd> to any port = ssh
 block drop quick proto tcp from <f2b-recidive> to any
-'''
+'''.strip() + b'\n'
+
+pfctl_stdout_lines_scratch = b'table <f2b-dovecot> persist counters\n' \
+                             b'block quick proto tcp from <f2b-dovecot>' \
+                             b' to any port ' \
+                             b'{pop3,pop3s,imap,imaps,submission,465,sieve}\n'
 
 
-def test_request_unauth(client):
-    json_payload = {"port": "any port {pop3,pop3s,imap,imaps,submission,465,sieve}", "name": "dovecot", "protocol": "tcp"}
+def test_register_unauth(client):
+    json_payload = {"port":
+                    "any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
+                    "name": "dovecot", "protocol": "tcp"}
     response = client.put("/register", json=json_payload)
 
     assert response.json['error'] == 'Access Denied'
 
 
-def test_request_example(client, mocker):
+def test_unregister_valid(client, mocker, valid_credentials):
     def noop():
         pass
-    run_res = SimpleNamespace()
+    run_res = CompletedProcess(args=['true'], returncode=0)
     run_res.stdout = pfctl_stdout_lines
     run_res.check_returncode = noop
 
     mocker.patch('jail2ban.pfctl.run', return_value=run_res)
 
+    json_payload = {"port":
+                    "any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
+                    "name": "dovecot", "protocol": "tcp"}
+
+    response = client.delete("/register",
+                             json=json_payload,
+                             headers={"Authorization":
+                                      "Basic " + valid_credentials})
+
+    assert response.json['action'] == 'stop'
+
+
+def test_register_valid(client, mocker, valid_credentials):
+    def noop():
+        pass
+    run_res = CompletedProcess(args=['true'], returncode=0)
+    run_res.stdout = pfctl_stdout_lines
+    run_res.check_returncode = noop
+
+    pfctl_run = mocker.patch('jail2ban.pfctl.run', return_value=run_res)
+
+    json_payload = {"port":
+                    "any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
+                    "name": "dovecot", "protocol": "tcp"}
 
-    valid_credentials = base64.b64encode(b"test.example.com:testpassword").decode("utf-8")
-    json_payload = {"port": "any port {pop3,pop3s,imap,imaps,submission,465,sieve}", "name": "dovecot", "protocol": "tcp"}
     response = client.put("/register",
                           json=json_payload,
-                          headers={"Authorization": "Basic " + valid_credentials})
+                          headers={"Authorization":
+                                   "Basic " + valid_credentials})
+
+    pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input']
+    for existing_line in pfctl_stdout_lines.splitlines():
+        assert existing_line in pfctl_run_input_arg.splitlines()
+
+    assert response.json['action'] == 'start'
 
 
-    assert response.json['remote_user'] == 'test.example.com'
+def test_register_valid_from_scratch(client, mocker, valid_credentials):
+    def noop():
+        pass
+    run_res = CompletedProcess(args=['true'], returncode=0)
+    run_res.stdout = b''
+    run_res.check_returncode = noop
+
+    pfctl_run = mocker.patch('jail2ban.pfctl.run', return_value=run_res)
+
+    json_payload = {"port":
+                    "any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
+                    "name": "dovecot", "protocol": "tcp"}
+
+    response = client.put("/register",
+                          json=json_payload,
+                          headers={"Authorization":
+                                   "Basic " + valid_credentials})
+
+    pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input']
+    assert pfctl_run_input_arg == pfctl_stdout_lines_scratch
+    assert response.json['action'] == 'start'
+
+
+def test_register_invalid(client, mocker, valid_credentials):
+    def noop():
+        pass
+    run_res = CompletedProcess(args=['true'], returncode=0)
+    run_res.stdout = pfctl_stdout_lines
+    run_res.check_returncode = noop
+
+    mocker.patch('jail2ban.pfctl.run', return_value=run_res)
+
+    json_payload = {"port":
+                    "not a pf statement",
+                    "name": "dovecot", "protocol": "tcp"}
+
+    response = client.put("/register",
+                          json=json_payload,
+                          headers={"Authorization":
+                                   "Basic " + valid_credentials})
+
+    assert response.json['error'] == '"not a pf statement" is tainted'