Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/matomo-org/matomo.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/plugins/CoreHome
diff options
context:
space:
mode:
authorThomas Steur <tsteur@users.noreply.github.com>2020-10-01 23:12:31 +0300
committerGitHub <noreply@github.com>2020-10-01 23:12:31 +0300
commit82186597b37e255a5b13f6b9c7e53d323b2c501b (patch)
tree5f30ed30c5cd63d6451280e7a6b8081245be6316 /plugins/CoreHome
parent13cda22af49f616d1e5967364a041215f864d0c5 (diff)
Rename login_whitelist_ip config to login_allowlist_ip (#16413)
Diffstat (limited to 'plugins/CoreHome')
-rw-r--r--plugins/CoreHome/CoreHome.php6
-rw-r--r--plugins/CoreHome/LoginAllowlist.php (renamed from plugins/CoreHome/LoginWhitelist.php)28
-rw-r--r--plugins/CoreHome/lang/en.json2
-rw-r--r--plugins/CoreHome/tests/Integration/LoginAllowlistTest.php238
-rw-r--r--plugins/CoreHome/tests/Integration/LoginWhitelistTest.php219
5 files changed, 256 insertions, 237 deletions
diff --git a/plugins/CoreHome/CoreHome.php b/plugins/CoreHome/CoreHome.php
index 6b6b7bceb0..72d4aec660 100644
--- a/plugins/CoreHome/CoreHome.php
+++ b/plugins/CoreHome/CoreHome.php
@@ -82,10 +82,10 @@ class CoreHome extends \Piwik\Plugin
return;
}
- $whitelist = new LoginWhitelist();
- if ($whitelist->shouldCheckWhitelist()) {
+ $list = new LoginAllowlist();
+ if ($list->shouldCheckAllowlist()) {
$ip = IP::getIpFromHeader();
- $whitelist->checkIsWhitelisted($ip);
+ $list->checkIsAllowed($ip);
}
}
diff --git a/plugins/CoreHome/LoginWhitelist.php b/plugins/CoreHome/LoginAllowlist.php
index 8621e5a502..5101e7e3d9 100644
--- a/plugins/CoreHome/LoginWhitelist.php
+++ b/plugins/CoreHome/LoginAllowlist.php
@@ -20,15 +20,15 @@ use Piwik\SettingsServer;
* This class is in CoreHome since some alternative Login plugins disable the Login plugin and we want to ensure the
* feature works for all login plugins.
*/
-class LoginWhitelist
+class LoginAllowlist
{
- public function shouldWhitelistApplyToAPI()
+ public function shouldAllowlistApplyToAPI()
{
$general = $this->getGeneralConfig();
- return !empty($general['login_whitelist_apply_to_reporting_api_requests']);
+ return !empty($general['login_allowlist_apply_to_reporting_api_requests']) || !empty($general['login_whitelist_apply_to_reporting_api_requests']);
}
- public function shouldCheckWhitelist()
+ public function shouldCheckAllowlist()
{
if (Common::isPhpCliMode()) {
return false;
@@ -39,35 +39,35 @@ class LoginWhitelist
return false;
}
- $ips = $this->getWhitelistedLoginIps();
+ $ips = $this->getAllowlistedLoginIps();
return !empty($ips);
}
- public function checkIsWhitelisted($ipString)
+ public function checkIsAllowed($ipString)
{
- if (!$this->isIpWhitelisted($ipString)) {
- throw new NoAccessException(Piwik::translate('CoreHome_ExceptionNotWhitelistedIP', $ipString));
+ if (!$this->isIpAllowed($ipString)) {
+ throw new NoAccessException(Piwik::translate('CoreHome_ExceptionNotAllowlistedIP', $ipString));
}
}
- public function isIpWhitelisted($userIpString)
+ public function isIpAllowed($userIpString)
{
$userIp = NetworkIp::fromStringIP($userIpString);
- $ipsWhitelisted = $this->getWhitelistedLoginIps();
+ $ipsAllowed = $this->getAllowlistedLoginIps();
- if (empty($ipsWhitelisted)) {
+ if (empty($ipsAllowed)) {
return false;
}
- return $userIp->isInRanges($ipsWhitelisted);
+ return $userIp->isInRanges($ipsAllowed);
}
/**
* @return array
*/
- protected function getWhitelistedLoginIps()
+ protected function getAllowlistedLoginIps()
{
- $ips = StaticContainer::get('login.whitelist.ips');
+ $ips = StaticContainer::get('login.allowlist.ips');
if (!empty($ips) && is_array($ips)) {
$ips = array_map(function ($ip) {
diff --git a/plugins/CoreHome/lang/en.json b/plugins/CoreHome/lang/en.json
index 730834fcf9..fb1ae8c3ec 100644
--- a/plugins/CoreHome/lang/en.json
+++ b/plugins/CoreHome/lang/en.json
@@ -23,7 +23,7 @@
"EndShortcut": "End",
"EnterZenMode": "Enter Zen mode (hide the menus)",
"ExitZenMode": "Exit Zen mode (show the menus)",
- "ExceptionNotWhitelistedIP": "You cannot use this Matomo as your IP %s is not whitelisted",
+ "ExceptionNotAllowlistedIP": "You cannot use this Matomo as your IP %s is not allowed.",
"ExcludeRowsWithLowPopulation": "All rows are shown %s Exclude low population",
"ExternalHelp": "Help (opens in new tab)",
"FlattenDataTable": "The report is hierarchical %s Make it flat",
diff --git a/plugins/CoreHome/tests/Integration/LoginAllowlistTest.php b/plugins/CoreHome/tests/Integration/LoginAllowlistTest.php
new file mode 100644
index 0000000000..993a722648
--- /dev/null
+++ b/plugins/CoreHome/tests/Integration/LoginAllowlistTest.php
@@ -0,0 +1,238 @@
+<?php
+/**
+ * Matomo - free/libre analytics platform
+ *
+ * @link https://matomo.org
+ * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
+ */
+
+namespace Piwik\Plugins\CoreHome\tests\Integration;
+
+use Piwik\Common;
+use Piwik\Config;
+use Piwik\NoAccessException;
+use Piwik\Plugins\CoreHome\LoginAllowlist;
+use Piwik\Tests\Framework\Mock\FakeAccess;
+use Piwik\Tests\Framework\TestCase\IntegrationTestCase;
+
+class CustomLoginAllowlist extends LoginAllowlist {
+
+ public function getAllowlistedLoginIps()
+ {
+ return parent::getAllowlistedLoginIps();
+ }
+
+ public function isIpAllowed($ip)
+ {
+ return parent::isIpAllowed($ip);
+ }
+}
+
+/**
+ * @group Plugins
+ * @group LoginAllowlist
+ * @group LoginAllowlistTest
+ */
+class LoginAllowlistTest extends IntegrationTestCase
+{
+ /**
+ * @var CustomLoginAllowlist
+ */
+ private $allowlist;
+
+ private $cliMode;
+
+ public function setUp(): void
+ {
+ parent::setUp();
+
+ $this->cliMode = Common::$isCliMode;
+ Common::$isCliMode = false;
+
+ $this->allowlist = new CustomLoginAllowlist();
+ }
+
+ public function tearDown(): void
+ {
+ Common::$isCliMode = $this->cliMode;
+ parent::tearDown();
+ }
+
+ public function test_shouldAllowlistApplyToAPI_shouldBeEnabledByDefault()
+ {
+ $this->assertTrue($this->allowlist->shouldAllowlistApplyToAPI());
+ }
+
+ public function test_shouldAllowlistApplyToAPI_canBeDisabled()
+ {
+ $this->setGeneralConfig('login_allowlist_apply_to_reporting_api_requests', '0');
+ $this->assertFalse($this->allowlist->shouldAllowlistApplyToAPI());
+ }
+
+ public function test_shouldAllowlistApplyToAPI_enabled()
+ {
+ $this->setGeneralConfig('login_allowlist_apply_to_reporting_api_requests', '1');
+ $this->assertTrue($this->allowlist->shouldAllowlistApplyToAPI());
+ }
+
+ public function test_shouldWhitelistApplyToAPI_enabledBC()
+ {
+ $this->setGeneralConfig('login_whitelist_apply_to_reporting_api_requests', '1');
+ $this->assertTrue($this->allowlist->shouldAllowlistApplyToAPI());
+ }
+
+ public function test_shouldCheckWhitelist_shouldNotBeCheckedByDefaultAndNotHaveAnyIps()
+ {
+ $this->assertFalse($this->allowlist->shouldCheckAllowlist());
+ }
+
+ public function test_shouldCheckAllowlist_shouldBeCheckedIfHasAtLeastOneIp()
+ {
+ $this->setGeneralConfig('login_allowlist_ip', ['192.168.33.1']);
+ $this->assertTrue($this->allowlist->shouldCheckAllowlist());
+ }
+
+ public function test_shouldCheckAllowlist_shouldNotBeCheckedIfExecutedFromCLI()
+ {
+ Common::$isCliMode = true;
+ $this->setGeneralConfig('login_allowlist_ip', ['192.168.33.1']);
+ $this->assertFalse($this->allowlist->shouldCheckAllowlist());
+ }
+
+ public function test_shouldCheckWhitelist_shouldBeCheckedIfHasAtLeastOneIp_forBC()
+ {
+ $this->setGeneralConfig('login_whitelist_ip', ['192.168.33.1']);
+ $this->assertTrue($this->allowlist->shouldCheckAllowlist());
+ }
+
+ public function test_shouldCheckWhitelist_shouldNotBeCheckedIfExecutedFromCLI_forBC()
+ {
+ Common::$isCliMode = true;
+ $this->setGeneralConfig('login_whitelist_ip', ['192.168.33.1']);
+ $this->assertFalse($this->allowlist->shouldCheckAllowlist());
+ }
+
+ public function test_shouldCheckWhitelist_shouldNotBeCheckedIfOnlyEmptyEntries()
+ {
+ $this->setGeneralConfig('login_allowlist_ip', ['', ' ']);
+ $this->assertFalse($this->allowlist->shouldCheckAllowlist());
+ }
+
+ public function test_getAllowlistedLoginIps_shouldReturnEmptyArrayByDefault()
+ {
+ $this->assertSame($this->allowlist->getAllowlistedLoginIps(), []);
+ }
+
+ public function test_getAllowlistedLoginIps_shouldReturnIpsAndTrimIfNeeded()
+ {
+ $this->setGeneralConfig('login_allowlist_ip', ['192.168.33.1', ' 127.0.0.1 ', '2001:0db8:85a3:0000:0000:8a2e:0370:7334']);
+ $this->assertSame(['192.168.33.1', '127.0.0.1', '2001:0db8:85a3:0000:0000:8a2e:0370:7334'], $this->allowlist->getAllowlistedLoginIps());
+ }
+
+ public function test_getAllowlistedLoginIps_shouldResolveIp()
+ {
+ $this->setGeneralConfig('login_allowlist_ip', ['192.168.33.1', 'matomo.org', '127.0.0.1']);
+ $this->assertSame(['192.168.33.1', '185.31.40.177', '127.0.0.1'], $this->allowlist->getAllowlistedLoginIps());
+ }
+
+ public function test_getAllowlistedLoginIps_shouldNotBeCheckedIfOnlyEmptyEntries()
+ {
+ $this->setGeneralConfig('login_allowlist_ip', ['', '192.168.33.1 ', ' ']);
+ $this->assertSame(['192.168.33.1'], $this->allowlist->getAllowlistedLoginIps());
+ }
+
+ public function test_getAllowlistedLoginIps_shouldNotReturnDuplicates()
+ {
+ $this->setGeneralConfig('login_allowlist_ip', [' 192.168.33.1', '192.168.33.1 ', ' 192.168.33.1 ', '192.168.33.1']);
+ $this->assertSame(['192.168.33.1'], $this->allowlist->getAllowlistedLoginIps());
+ }
+
+ /**
+ * @dataProvider getIpAllowlistedTests
+ */
+ public function test_isIpAllowlisted($expectedIsAllowlisted, $ipString)
+ {
+ $ipsAllowlisted = [
+ '127.0.0.1',
+ '192.168.33.1',
+ '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
+ '204.93.240.*',
+ '204.93.177.0/25',
+ '2001:db9::/48'
+ ];
+ $this->setGeneralConfig('login_allowlist_ip', $ipsAllowlisted);
+ $this->assertSame($expectedIsAllowlisted, $this->allowlist->isIpAllowed($ipString));
+ }
+
+ /**
+ * @dataProvider getIpAllowlistedTests
+ */
+ public function test_isIpAllowed_WhenNoIpsConfigured_AllIpsAreAllowed($expectedIsWhitelisted, $ipString)
+ {
+ $this->assertFalse($this->allowlist->isIpAllowed($ipString));
+ }
+
+ /**
+ * @dataProvider getIpAllowlistedTests
+ */
+ public function test_checkIsAllowed($expectedIsAllowed, $ipString)
+ {
+ $ipsAllowed = [
+ '127.0.0.1',
+ '192.168.33.1',
+ '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
+ '204.93.240.*',
+ '204.93.177.0/25',
+ '2001:db9::/48'
+ ];
+ $this->setGeneralConfig('login_allowlist_ip', $ipsAllowed);
+
+ if ($expectedIsAllowed) {
+ $this->allowlist->checkIsAllowed($ipString);
+ $this->assertTrue(true);
+ } else {
+ try {
+ $this->allowlist->checkIsAllowed($ipString);
+ $this->fail('An expected exception has not been thrown');
+ } catch (NoAccessException $e) {
+ $this->assertTrue(true);
+ }
+ }
+ }
+
+ public function getIpAllowlistedTests()
+ {
+ return array(
+ array(true, '127.0.0.1'),
+ array(true, '192.168.33.1'),
+ array(true, '2001:0db8:85a3:0000:0000:8a2e:0370:7334'),
+ array(true, '204.93.240.5'),
+ array(true, '204.93.177.5'),
+ array(true, '2001:db9:0000:ffff:ffff:ffff:ffff:ffff'),
+
+
+ array(false, '127.0.0.2'),
+ array(false, '192.168.33.2'),
+ array(false, '2001:0db8:85a3:0000:0000:8a2e:0370:7333'),
+ array(false, '204.93.239.5'),
+ array(false, '204.93.177.255'),
+ array(false, '2001:db8:0000:ffff:ffff:ffff:ffff:ffff'),
+ );
+ }
+
+ private function setGeneralConfig($name, $value)
+ {
+ $config = Config::getInstance();
+ $general = $config->General;
+ $general[$name] = $value;
+ $config->General = $general;
+ $config->forceSave();
+ }
+
+ public function provideContainerConfig()
+ {
+ return array(
+ 'Piwik\Access' => new FakeAccess()
+ );
+ }
+}
diff --git a/plugins/CoreHome/tests/Integration/LoginWhitelistTest.php b/plugins/CoreHome/tests/Integration/LoginWhitelistTest.php
deleted file mode 100644
index 7753f17080..0000000000
--- a/plugins/CoreHome/tests/Integration/LoginWhitelistTest.php
+++ /dev/null
@@ -1,219 +0,0 @@
-<?php
-/**
- * Matomo - free/libre analytics platform
- *
- * @link https://matomo.org
- * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
- */
-
-namespace Piwik\Plugins\CoreHome\tests\Integration;
-
-use Piwik\Common;
-use Piwik\Config;
-use Piwik\NoAccessException;
-use Piwik\Plugins\CoreHome\LoginWhitelist;
-use Piwik\Tests\Framework\Mock\FakeAccess;
-use Piwik\Tests\Framework\TestCase\IntegrationTestCase;
-
-class CustomLoginWhitelist extends LoginWhitelist {
-
- public function getWhitelistedLoginIps()
- {
- return parent::getWhitelistedLoginIps();
- }
-
- public function isIpWhitelisted($ip)
- {
- return parent::isIpWhitelisted($ip);
- }
-}
-
-/**
- * @group Plugins
- * @group LoginWhitelist
- * @group LoginWhitelistTest
- */
-class LoginWhitelistTest extends IntegrationTestCase
-{
- /**
- * @var CustomLoginWhitelist
- */
- private $whitelist;
-
- private $cliMode;
-
- public function setUp(): void
- {
- parent::setUp();
-
- $this->cliMode = Common::$isCliMode;
- Common::$isCliMode = false;
-
- $this->whitelist = new CustomLoginWhitelist();
- }
-
- public function tearDown(): void
- {
- Common::$isCliMode = $this->cliMode;
- parent::tearDown();
- }
-
- public function test_shouldWhitelistApplyToAPI_shouldBeEnabledByDefault()
- {
- $this->assertTrue($this->whitelist->shouldWhitelistApplyToAPI());
- }
-
- public function test_shouldWhitelistApplyToAPI_canBeDisabled()
- {
- $this->setGeneralConfig('login_whitelist_apply_to_reporting_api_requests', '0');
- $this->assertFalse($this->whitelist->shouldWhitelistApplyToAPI());
- }
-
- public function test_shouldWhitelistApplyToAPI_enabled()
- {
- $this->setGeneralConfig('login_whitelist_apply_to_reporting_api_requests', '1');
- $this->assertTrue($this->whitelist->shouldWhitelistApplyToAPI());
- }
-
- public function test_shouldCheckWhitelist_shouldNotBeCheckedByDefaultAndNotHaveAnyIps()
- {
- $this->assertFalse($this->whitelist->shouldCheckWhitelist());
- }
-
- public function test_shouldCheckWhitelist_shouldBeCheckedIfHasAtLeastOneIp()
- {
- $this->setGeneralConfig('login_whitelist_ip', ['192.168.33.1']);
- $this->assertTrue($this->whitelist->shouldCheckWhitelist());
- }
-
- public function test_shouldCheckWhitelist_shouldNotBeCheckedIfExecutedFromCLI()
- {
- Common::$isCliMode = true;
- $this->setGeneralConfig('login_whitelist_ip', ['192.168.33.1']);
- $this->assertFalse($this->whitelist->shouldCheckWhitelist());
- }
-
- public function test_shouldCheckWhitelist_shouldNotBeCheckedIfOnlyEmptyEntries()
- {
- $this->setGeneralConfig('login_whitelist_ip', ['', ' ']);
- $this->assertFalse($this->whitelist->shouldCheckWhitelist());
- }
-
- public function test_getWhitelistedLoginIps_shouldReturnEmptyArrayByDefault()
- {
- $this->assertSame($this->whitelist->getWhitelistedLoginIps(), []);
- }
-
- public function test_getWhitelistedLoginIps_shouldReturnIpsAndTrimIfNeeded()
- {
- $this->setGeneralConfig('login_whitelist_ip', ['192.168.33.1', ' 127.0.0.1 ', '2001:0db8:85a3:0000:0000:8a2e:0370:7334']);
- $this->assertSame(['192.168.33.1', '127.0.0.1', '2001:0db8:85a3:0000:0000:8a2e:0370:7334'], $this->whitelist->getWhitelistedLoginIps());
- }
-
- public function test_getWhitelistedLoginIps_shouldResolveIp()
- {
- $this->setGeneralConfig('login_whitelist_ip', ['192.168.33.1', 'matomo.org', '127.0.0.1']);
- $this->assertSame(['192.168.33.1', '185.31.40.177', '127.0.0.1'], $this->whitelist->getWhitelistedLoginIps());
- }
-
- public function test_getWhitelistedLoginIps_shouldNotBeCheckedIfOnlyEmptyEntries()
- {
- $this->setGeneralConfig('login_whitelist_ip', ['', '192.168.33.1 ', ' ']);
- $this->assertSame(['192.168.33.1'], $this->whitelist->getWhitelistedLoginIps());
- }
-
- public function test_getWhitelistedLoginIps_shouldNotReturnDuplicates()
- {
- $this->setGeneralConfig('login_whitelist_ip', [' 192.168.33.1', '192.168.33.1 ', ' 192.168.33.1 ', '192.168.33.1']);
- $this->assertSame(['192.168.33.1'], $this->whitelist->getWhitelistedLoginIps());
- }
-
- /**
- * @dataProvider getIpWhitelistedTests
- */
- public function test_isIpWhitelisted($expectedIsWhitelisted, $ipString)
- {
- $ipsWhitelisted = [
- '127.0.0.1',
- '192.168.33.1',
- '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
- '204.93.240.*',
- '204.93.177.0/25',
- '2001:db9::/48'
- ];
- $this->setGeneralConfig('login_whitelist_ip', $ipsWhitelisted);
- $this->assertSame($expectedIsWhitelisted, $this->whitelist->isIpWhitelisted($ipString));
- }
-
- /**
- * @dataProvider getIpWhitelistedTests
- */
- public function test_isIpWhitelisted_WhenNoIpsConfigured_AllIpsAreWhitelisted($expectedIsWhitelisted, $ipString)
- {
- $this->assertFalse($this->whitelist->isIpWhitelisted($ipString));
- }
-
- /**
- * @dataProvider getIpWhitelistedTests
- */
- public function test_checkIsWhitelisted($expectedIsWhitelisted, $ipString)
- {
- $ipsWhitelisted = [
- '127.0.0.1',
- '192.168.33.1',
- '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
- '204.93.240.*',
- '204.93.177.0/25',
- '2001:db9::/48'
- ];
- $this->setGeneralConfig('login_whitelist_ip', $ipsWhitelisted);
-
- if ($expectedIsWhitelisted) {
- $this->whitelist->checkIsWhitelisted($ipString);
- $this->assertTrue(true);
- } else {
- try {
- $this->whitelist->checkIsWhitelisted($ipString);
- $this->fail('An expected exception has not been thrown');
- } catch (NoAccessException $e) {
- $this->assertTrue(true);
- }
- }
- }
-
- public function getIpWhitelistedTests()
- {
- return array(
- array(true, '127.0.0.1'),
- array(true, '192.168.33.1'),
- array(true, '2001:0db8:85a3:0000:0000:8a2e:0370:7334'),
- array(true, '204.93.240.5'),
- array(true, '204.93.177.5'),
- array(true, '2001:db9:0000:ffff:ffff:ffff:ffff:ffff'),
-
-
- array(false, '127.0.0.2'),
- array(false, '192.168.33.2'),
- array(false, '2001:0db8:85a3:0000:0000:8a2e:0370:7333'),
- array(false, '204.93.239.5'),
- array(false, '204.93.177.255'),
- array(false, '2001:db8:0000:ffff:ffff:ffff:ffff:ffff'),
- );
- }
-
- private function setGeneralConfig($name, $value)
- {
- $config = Config::getInstance();
- $general = $config->General;
- $general[$name] = $value;
- $config->General = $general;
- $config->forceSave();
- }
-
- public function provideContainerConfig()
- {
- return array(
- 'Piwik\Access' => new FakeAccess()
- );
- }
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-06 18:25:22 +0300