Fix #130 - Validate IP format in session

   . Add a new IPAddressField type.
   . Update IP type from CharField to IPAddressField.
   . Add a new Session factory test to know if a session can be instanciated.
   . Add 2 session tests (IP valid  & IP not valid test).

Author: philippe VESSIERE

ban/auth/models.py

@@ -102,7 +102,7 @@ class Session(db.Model):
     """
     user = db.ForeignKeyField(User, null=True)
     client = db.ForeignKeyField(Client, null=True)
-    ip = db.CharField(null=True)  # TODO IPField
+    ip = db.IPAddressField(null=True)
     email = db.CharField(null=True)  # TODO EmailField
 
     @property

ban/db/fields.py

@@ -1,6 +1,7 @@
 import json
 import re
 
+import ipaddress
 import peewee
 
 from playhouse import postgres_ext, fields
@@ -11,7 +12,8 @@
 __all__ = ['PointField', 'ForeignKeyField', 'CharField', 'IntegerField',
            'HStoreField', 'UUIDField', 'ArrayField', 'DateTimeField',
            'BooleanField', 'BinaryJSONField', 'PostCodeField', 'FantoirField',
-           'ManyToManyField', 'PasswordField', 'DateRangeField', 'TextField']
+           'IPAddressField', 'ManyToManyField', 'PasswordField',
+           'DateRangeField', 'TextField']
 
 
 lonlat_pattern = re.compile('^[\[\(]{1}(?P<lon>-?\d{,3}(:?\.\d*)?), ?(?P<lat>-?\d{,3}(\.\d*)?)[\]\)]{1}$')  # noqa
@@ -199,6 +201,21 @@ def coerce(self, value):
         return value
 
 
+class IPAddressField(CharField):
+
+    max_length = 100
+
+    def coerce(self, value=None):
+        if value:
+            value = str(value)
+            try:
+                ipaddress.ip_address(value)
+            except ipaddress.AddressValueError:
+                raise ValueError('Invalid IP Address "{}"'.format(value))
+
+        return value
+
+
 class ResourceListQueryResultWrapper(peewee.ModelQueryResultWrapper):
 
     def process_row(self, row):

ban/tests/auth/test_models.py

@@ -1,7 +1,5 @@
-import pytest
-
 from ban.auth import models
-from ban.tests.factories import UserFactory, ClientFactory
+from ban.tests.factories import UserFactory
 
 
 def test_user_password_is_hashed():
@@ -12,30 +10,3 @@ def test_user_password_is_hashed():
     user = models.User.get(models.User.id == user.id)
     assert user.password != password
     assert user.check_password(password)
-
-
-def test_session_can_be_created_with_a_user():
-    user = UserFactory()
-    session = models.Session.create(user=user)
-    assert session.user == user
-    assert session.as_relation == {
-        'id': session.pk,
-        'user': user.username,
-        'client': None
-    }
-
-
-def test_session_can_be_created_with_a_client():
-    client = ClientFactory()
-    session = models.Session.create(client=client)
-    assert session.client == client
-    assert session.as_relation == {
-        'id': session.pk,
-        'user': None,
-        'client': client.name
-    }
-
-
-def test_session_should_have_either_a_client_or_a_user():
-    with pytest.raises(ValueError):
-        models.Session.create()

ban/tests/auth/test_session.py

@@ -0,0 +1,55 @@
+import pytest
+
+from ban.auth import models
+from ban.tests.factories import UserFactory, ClientFactory
+
+
+def test_session_can_be_created_with_a_user():
+    user = UserFactory()
+    session = models.Session.create(user=user)
+    assert session.user == user
+    assert session.as_relation == {
+        'id': session.pk,
+        'user': user.username,
+        'client': None
+    }
+
+
+def test_session_can_be_created_with_a_client():
+    client = ClientFactory()
+    session = models.Session.create(client=client)
+    assert session.client == client
+    assert session.as_relation == {
+        'id': session.pk,
+        'user': None,
+        'client': client.name
+    }
+
+
+def test_session_should_have_either_a_client_or_a_user():
+    with pytest.raises(ValueError):
+        models.Session.create()
+
+
+def test_session_can_be_created_with_a_client_and_an_valid_IPAddress():
+    client = ClientFactory()
+    session = models.Session.create(client=client, ip='192.168.0.1')
+    assert session.ip == '192.168.0.1'
+
+
+def test_session_can_not_be_created_with_a_client_and_an_unvalid_IPAddress():
+    client = ClientFactory()
+    with pytest.raises(ValueError):
+        models.Session.create(client=client, ip='999.999.999.999')
+
+
+def test_session_can_be_created_with_a_user_and_an_valid_IPAddress():
+    user = UserFactory()
+    session = models.Session.create(user=user, ip='192.168.0.1')
+    assert session.ip == '192.168.0.1'
+
+
+def test_session_can_not_be_created_with_a_user_and_an_unvalid_IPAddress():
+    user = UserFactory()
+    with pytest.raises(ValueError):
+        models.Session.create(user=user, ip='999.999.999.999')

ban/tests/test_factories.py

@@ -42,3 +42,8 @@ def test_housenumber_can_be_instanciated():
 def test_position_can_be_instanciated():
     position = factories.PositionFactory()
     assert position.center
+
+
+def test_session_can_be_instanciated():
+    session = factories.SessionFactory()
+    assert session.ip == '127.0.0.1'