From 6250ab91ecf31af7f4f4da3411d87848afc8ff65 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Old=C5=99ich=20Jedli=C4=8Dka?= Date: Thu, 28 Dec 2023 16:06:02 +0100 Subject: [PATCH] Fix usage of RFC 5737 address MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Address range 192.0.2.0/24 is reserved for documentation according to RFC 5737. The recommendation is to reject routing of this address range on routers, but as this is not mandatory, it might happen that the address is really routed. The tests on Docker on Windows fail because of this it, the fail reason is different to the expected one. Fix this by configuring Nginx to listen on 127.0.0.1:80 (and not 0.0.0.0:80) and connecting to 127.1.2.3 instead of 192.0.2.1. Signed-off-by: Oldřich Jedlička --- tests/spec/access_token_access_spec.lua | 4 ++-- tests/spec/bearer_token_verification_spec.lua | 4 ++-- tests/spec/introspection_spec.lua | 4 ++-- tests/spec/redirect_to_op_spec.lua | 4 ++-- tests/spec/test_support.lua | 2 +- tests/spec/token_request_spec.lua | 4 ++-- tests/spec/userinfo_spec.lua | 4 ++-- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/spec/access_token_access_spec.lua b/tests/spec/access_token_access_spec.lua index 87128e3..bd2347b 100644 --- a/tests/spec/access_token_access_spec.lua +++ b/tests/spec/access_token_access_spec.lua @@ -202,7 +202,7 @@ describe("when token endpoint is not reachable", function() access_token_opts = { timeout = 40000, discovery = { - token_endpoint = "http://192.0.2.1/" + token_endpoint = "http://127.1.2.3/" } }, token_response_expires_in = 0 @@ -219,7 +219,7 @@ describe("when token endpoint is not reachable", function() assert.are.equals(401, status) end) it("an error has been logged", function() - assert.error_log_contains("access_token error: accessing token endpoint.*%(http://192.0.2.1/%) failed") + assert.error_log_contains("access_token error: accessing token endpoint.*%(http://127.1.2.3/%) failed") end) end) diff --git a/tests/spec/bearer_token_verification_spec.lua b/tests/spec/bearer_token_verification_spec.lua index 7834aca..6d1c67d 100644 --- a/tests/spec/bearer_token_verification_spec.lua +++ b/tests/spec/bearer_token_verification_spec.lua @@ -464,7 +464,7 @@ describe("when jwks endpoint is not reachable", function() verify_opts = { timeout = 40000, discovery = { - jwks_uri = "http://192.0.2.1/" + jwks_uri = "http://127.1.2.3/" } }, }) @@ -478,7 +478,7 @@ describe("when jwks endpoint is not reachable", function() assert.are.equals(401, status) end) it("an error has been logged", function() - assert.error_log_contains("Invalid token: accessing jwks url.*%(http://192.0.2.1/%) failed") + assert.error_log_contains("Invalid token: accessing jwks url.*%(http://127.1.2.3/%) failed") end) end) diff --git a/tests/spec/introspection_spec.lua b/tests/spec/introspection_spec.lua index 3b5437b..a22a3b8 100644 --- a/tests/spec/introspection_spec.lua +++ b/tests/spec/introspection_spec.lua @@ -396,7 +396,7 @@ describe("when introspection endpoint is not reachable", function() test_support.start_server({ introspection_opts = { timeout = 40000, - introspection_endpoint = "http://192.0.2.1/" + introspection_endpoint = "http://127.1.2.3/" }, }) teardown(test_support.stop_server) @@ -409,7 +409,7 @@ describe("when introspection endpoint is not reachable", function() assert.are.equals(401, status) end) it("an error has been logged", function() - assert.error_log_contains("Introspection error:.*accessing introspection endpoint %(http://192.0.2.1/%) failed") + assert.error_log_contains("Introspection error:.*accessing introspection endpoint %(http://127.1.2.3/%) failed") end) end) diff --git a/tests/spec/redirect_to_op_spec.lua b/tests/spec/redirect_to_op_spec.lua index efadd72..0525782 100644 --- a/tests/spec/redirect_to_op_spec.lua +++ b/tests/spec/redirect_to_op_spec.lua @@ -136,7 +136,7 @@ describe("when discovery endpoint is not reachable", function() test_support.start_server({ oidc_opts = { timeout = 40000, - discovery = "http://192.0.2.1/" + discovery = "http://127.1.2.3/" }, }) teardown(test_support.stop_server) @@ -148,7 +148,7 @@ describe("when discovery endpoint is not reachable", function() assert.are.equals(401, status) end) it("an error has been logged", function() - assert.error_log_contains("authenticate failed: accessing discovery url.*%(http://192.0.2.1/%) failed") + assert.error_log_contains("authenticate failed: accessing discovery url.*%(http://127.1.2.3/%) failed") end) end) diff --git a/tests/spec/test_support.lua b/tests/spec/test_support.lua index fb1d229..3a85fcf 100644 --- a/tests/spec/test_support.lua +++ b/tests/spec/test_support.lua @@ -160,7 +160,7 @@ http { server { log_subrequest on; - listen 80; + listen 127.0.0.1:80; #listen 443 ssl; #ssl_certificate certificate-chain.crt; #ssl_certificate_key private.key; diff --git a/tests/spec/token_request_spec.lua b/tests/spec/token_request_spec.lua index a7dfd50..08b49fb 100644 --- a/tests/spec/token_request_spec.lua +++ b/tests/spec/token_request_spec.lua @@ -153,7 +153,7 @@ describe("if token endpoint is not reachable", function() oidc_opts = { timeout = 40000, discovery = { - token_endpoint = "http://192.0.2.1/" + token_endpoint = "http://127.1.2.3/" } }, }) @@ -163,7 +163,7 @@ describe("if token endpoint is not reachable", function() assert.are.equals(401, status) end) it("an error has been logged", function() - assert.error_log_contains("authenticate failed:.*accessing token endpoint %(http://192.0.2.1/%) failed") + assert.error_log_contains("authenticate failed:.*accessing token endpoint %(http://127.1.2.3/%) failed") end) end) diff --git a/tests/spec/userinfo_spec.lua b/tests/spec/userinfo_spec.lua index 800a84a..67cb6d2 100644 --- a/tests/spec/userinfo_spec.lua +++ b/tests/spec/userinfo_spec.lua @@ -75,7 +75,7 @@ describe("when userinfo endpoint is not reachable", function() oidc_opts = { timeout = 40000, discovery = { - userinfo_endpoint = "http://192.0.2.1/" + userinfo_endpoint = "http://127.1.2.3/" } }, }) @@ -85,7 +85,7 @@ describe("when userinfo endpoint is not reachable", function() assert.are.equals(302, status) end) it("an error has been logged", function() - assert.error_log_contains(".*error calling userinfo endpoint: accessing %(http://192.0.2.1/%) failed") + assert.error_log_contains(".*error calling userinfo endpoint: accessing %(http://127.1.2.3/%) failed") end) end)