''' Test various registration scenarios ''' from subprocess import CompletedProcess PFCTL_STDOUT_LINES = b''' block drop quick proto tcp from to any port = submission block drop quick proto tcp from to any port = smtps block drop quick proto tcp from to any port = smtp block drop quick proto tcp from to any port = ssh block drop quick proto tcp from to any '''.strip() + b'\n' PFCTL_STDOUT_LINES_SCRATCH = b'table persist counters\n' \ b'block quick proto tcp from ' \ b' to any port ' \ b'{pop3,pop3s,imap,imaps,submission,465,sieve}\n' def test_register_unauth(client): ''' Test a registration without being authorized ''' json_payload = {"port": "any port {pop3,pop3s,imap,imaps,submission,465,sieve}", "name": "dovecot", "protocol": "tcp"} response = client.put("/register", json=json_payload) assert response.json['error'] == 'Access Denied' def test_unregister_valid(client, mocker, valid_credentials): ''' Test unregistration ''' def noop(): pass run_res = CompletedProcess(args=['true'], returncode=0) run_res.stdout = PFCTL_STDOUT_LINES run_res.check_returncode = noop mocker.patch('jail2ban.pfctl.run', return_value=run_res) json_payload = {"port": "any port {pop3,pop3s,imap,imaps,submission,465,sieve}", "name": "dovecot", "protocol": "tcp"} response = client.delete("/register", json=json_payload, headers={"Authorization": "Basic " + valid_credentials}) assert response.json['action'] == 'stop' def test_register_valid(client, mocker, valid_credentials): ''' Test a registration of a rule ''' def noop(): pass run_res = CompletedProcess(args=['true'], returncode=0) run_res.stdout = PFCTL_STDOUT_LINES run_res.check_returncode = noop pfctl_run = mocker.patch('jail2ban.pfctl.run', return_value=run_res) json_payload = {"port": "any port {pop3,pop3s,imap,imaps,submission,465,sieve}", "name": "dovecot", "protocol": "tcp"} response = client.put("/register", json=json_payload, headers={"Authorization": "Basic " + valid_credentials}) pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input'] for existing_line in PFCTL_STDOUT_LINES.splitlines(): assert existing_line in pfctl_run_input_arg.splitlines() assert response.json['action'] == 'start' def test_register_valid_from_scratch(client, mocker, valid_credentials): ''' Test from scratch point of view ''' def noop(): pass run_res = CompletedProcess(args=['true'], returncode=0) run_res.stdout = b'' run_res.check_returncode = noop pfctl_run = mocker.patch('jail2ban.pfctl.run', return_value=run_res) json_payload = {"port": "any port {pop3,pop3s,imap,imaps,submission,465,sieve}", "name": "dovecot", "protocol": "tcp"} response = client.put("/register", json=json_payload, headers={"Authorization": "Basic " + valid_credentials}) pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input'] assert pfctl_run_input_arg == PFCTL_STDOUT_LINES_SCRATCH assert response.json['action'] == 'start' def test_register_invalid(client, mocker, valid_credentials): ''' Test a bogus pf command ''' def noop(): pass run_res = CompletedProcess(args=['true'], returncode=0) run_res.stdout = PFCTL_STDOUT_LINES run_res.check_returncode = noop mocker.patch('jail2ban.pfctl.run', return_value=run_res) json_payload = {"port": "not a pf statement", "name": "dovecot", "protocol": "tcp"} response = client.put("/register", json=json_payload, headers={"Authorization": "Basic " + valid_credentials}) assert response.json['error'] == '"not a pf statement" is tainted'