Skip to content

Commit

Permalink
Fix usage of RFC 5737 address
Browse files Browse the repository at this point in the history
Address range 192.0.2.0/24 is reserved for documentation according to RFC
5737. The recommendation is to reject routing of this address range on
routers, but as this is not mandatory, it might happen that the address
is really routed. The tests on Docker on Windows fail because of this it,
the fail reason is different to the expected one.

Fix this by configuring Nginx to listen on 127.0.0.1:80 (and not
0.0.0.0:80) and connecting to 127.1.2.3 instead of 192.0.2.1.

Signed-off-by: Oldřich Jedlička <[email protected]>
  • Loading branch information
oldium committed Dec 28, 2023
1 parent 5d6670f commit 6250ab9
Show file tree
Hide file tree
Showing 7 changed files with 13 additions and 13 deletions.
4 changes: 2 additions & 2 deletions tests/spec/access_token_access_spec.lua
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,7 @@ describe("when token endpoint is not reachable", function()
access_token_opts = {
timeout = 40000,
discovery = {
token_endpoint = "http://192.0.2.1/"
token_endpoint = "http://127.1.2.3/"
}
},
token_response_expires_in = 0
Expand All @@ -219,7 +219,7 @@ describe("when token endpoint is not reachable", function()
assert.are.equals(401, status)
end)
it("an error has been logged", function()
assert.error_log_contains("access_token error: accessing token endpoint.*%(http://192.0.2.1/%) failed")
assert.error_log_contains("access_token error: accessing token endpoint.*%(http://127.1.2.3/%) failed")
end)
end)

Expand Down
4 changes: 2 additions & 2 deletions tests/spec/bearer_token_verification_spec.lua
Original file line number Diff line number Diff line change
Expand Up @@ -464,7 +464,7 @@ describe("when jwks endpoint is not reachable", function()
verify_opts = {
timeout = 40000,
discovery = {
jwks_uri = "http://192.0.2.1/"
jwks_uri = "http://127.1.2.3/"
}
},
})
Expand All @@ -478,7 +478,7 @@ describe("when jwks endpoint is not reachable", function()
assert.are.equals(401, status)
end)
it("an error has been logged", function()
assert.error_log_contains("Invalid token: accessing jwks url.*%(http://192.0.2.1/%) failed")
assert.error_log_contains("Invalid token: accessing jwks url.*%(http://127.1.2.3/%) failed")
end)
end)

Expand Down
4 changes: 2 additions & 2 deletions tests/spec/introspection_spec.lua
Original file line number Diff line number Diff line change
Expand Up @@ -396,7 +396,7 @@ describe("when introspection endpoint is not reachable", function()
test_support.start_server({
introspection_opts = {
timeout = 40000,
introspection_endpoint = "http://192.0.2.1/"
introspection_endpoint = "http://127.1.2.3/"
},
})
teardown(test_support.stop_server)
Expand All @@ -409,7 +409,7 @@ describe("when introspection endpoint is not reachable", function()
assert.are.equals(401, status)
end)
it("an error has been logged", function()
assert.error_log_contains("Introspection error:.*accessing introspection endpoint %(http://192.0.2.1/%) failed")
assert.error_log_contains("Introspection error:.*accessing introspection endpoint %(http://127.1.2.3/%) failed")
end)
end)

Expand Down
4 changes: 2 additions & 2 deletions tests/spec/redirect_to_op_spec.lua
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ describe("when discovery endpoint is not reachable", function()
test_support.start_server({
oidc_opts = {
timeout = 40000,
discovery = "http://192.0.2.1/"
discovery = "http://127.1.2.3/"
},
})
teardown(test_support.stop_server)
Expand All @@ -148,7 +148,7 @@ describe("when discovery endpoint is not reachable", function()
assert.are.equals(401, status)
end)
it("an error has been logged", function()
assert.error_log_contains("authenticate failed: accessing discovery url.*%(http://192.0.2.1/%) failed")
assert.error_log_contains("authenticate failed: accessing discovery url.*%(http://127.1.2.3/%) failed")
end)
end)

Expand Down
2 changes: 1 addition & 1 deletion tests/spec/test_support.lua
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ http {
server {
log_subrequest on;
listen 80;
listen 127.0.0.1:80;
#listen 443 ssl;
#ssl_certificate certificate-chain.crt;
#ssl_certificate_key private.key;
Expand Down
4 changes: 2 additions & 2 deletions tests/spec/token_request_spec.lua
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ describe("if token endpoint is not reachable", function()
oidc_opts = {
timeout = 40000,
discovery = {
token_endpoint = "http://192.0.2.1/"
token_endpoint = "http://127.1.2.3/"
}
},
})
Expand All @@ -163,7 +163,7 @@ describe("if token endpoint is not reachable", function()
assert.are.equals(401, status)
end)
it("an error has been logged", function()
assert.error_log_contains("authenticate failed:.*accessing token endpoint %(http://192.0.2.1/%) failed")
assert.error_log_contains("authenticate failed:.*accessing token endpoint %(http://127.1.2.3/%) failed")
end)
end)

Expand Down
4 changes: 2 additions & 2 deletions tests/spec/userinfo_spec.lua
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ describe("when userinfo endpoint is not reachable", function()
oidc_opts = {
timeout = 40000,
discovery = {
userinfo_endpoint = "http://192.0.2.1/"
userinfo_endpoint = "http://127.1.2.3/"
}
},
})
Expand All @@ -85,7 +85,7 @@ describe("when userinfo endpoint is not reachable", function()
assert.are.equals(302, status)
end)
it("an error has been logged", function()
assert.error_log_contains(".*error calling userinfo endpoint: accessing %(http://192.0.2.1/%) failed")
assert.error_log_contains(".*error calling userinfo endpoint: accessing %(http://127.1.2.3/%) failed")
end)
end)

Expand Down

0 comments on commit 6250ab9

Please sign in to comment.