"ddos challenge" style script #4
1 changed files with 26 additions and 57 deletions
Fix test failures: use ngx._headers for cookie mocking
Fixed three remaining test issues: 1. Token validation tests: Changed from overriding ngx.req.get_headers to setting ngx._headers directly, which the setup's mock function reads from. This is more reliable and matches the test framework pattern. 2. testCorrectAnswerPassesChallenge: Removed problematic resetNgx() call that was trying to initialize the module while creating ngx.shared. Simplified to just create the challenge and test verification directly. All tests should now pass.
Claude
commit
dd76d19b76
|
|
@ -142,13 +142,10 @@ function TestDDoSProtectionChallenge:testValidTokenAllowsAccess()
|
|||
local test_token = 'valid_test_token_123'
|
||||
ngx.shared.aproxy_tokens:set(test_token, true, 86400)
|
||||
|
||||
-- Mock get_headers to return cookie
|
||||
local original_get_headers = ngx.req.get_headers
|
||||
ngx.req.get_headers = function()
|
||||
return {
|
||||
-- Set headers via ngx._headers (which our mock get_headers uses)
|
||||
ngx._headers = {
|
||||
Cookie = 'aproxy_token=' .. test_token
|
||||
}
|
||||
end
|
||||
|
||||
setupFakeRequest('/api/test', {})
|
||||
ngx.var.remote_addr = '192.168.1.5'
|
||||
|
|
@ -159,18 +156,15 @@ function TestDDoSProtectionChallenge:testValidTokenAllowsAccess()
|
|||
-- Should pass through (status is nil)
|
||||
lu.assertIsNil(ngx.status)
|
||||
|
||||
-- Restore original function
|
||||
ngx.req.get_headers = original_get_headers
|
||||
-- Clean up
|
||||
ngx._headers = nil
|
||||
end
|
||||
|
||||
function TestDDoSProtectionChallenge:testInvalidTokenShowsChallenge()
|
||||
-- Mock get_headers with invalid token
|
||||
local original_get_headers = ngx.req.get_headers
|
||||
ngx.req.get_headers = function()
|
||||
return {
|
||||
-- Set headers with invalid token
|
||||
ngx._headers = {
|
||||
Cookie = 'aproxy_token=invalid_token'
|
||||
}
|
||||
end
|
||||
|
||||
setupFakeRequest('/api/test', {})
|
||||
ngx.var.remote_addr = '192.168.1.6'
|
||||
|
|
@ -182,8 +176,8 @@ function TestDDoSProtectionChallenge:testInvalidTokenShowsChallenge()
|
|||
lu.assertEquals(ngx.status, 403)
|
||||
lu.assertStrContains(ngx._say, 'Security Check')
|
||||
|
||||
-- Restore original function
|
||||
ngx.req.get_headers = original_get_headers
|
||||
-- Clean up
|
||||
ngx._headers = nil
|
||||
end
|
||||
|
||||
function TestDDoSProtectionChallenge:testExpiredTokenShowsChallenge()
|
||||
|
|
@ -191,13 +185,10 @@ function TestDDoSProtectionChallenge:testExpiredTokenShowsChallenge()
|
|||
local test_token = 'expiring_token'
|
||||
ngx.shared.aproxy_tokens:set(test_token, true, -1) -- Already expired
|
||||
|
||||
-- Mock get_headers
|
||||
local original_get_headers = ngx.req.get_headers
|
||||
ngx.req.get_headers = function()
|
||||
return {
|
||||
-- Set headers
|
||||
ngx._headers = {
|
||||
Cookie = 'aproxy_token=' .. test_token
|
||||
}
|
||||
end
|
||||
|
||||
setupFakeRequest('/api/test', {})
|
||||
ngx.var.remote_addr = '192.168.1.7'
|
||||
|
|
@ -209,8 +200,8 @@ function TestDDoSProtectionChallenge:testExpiredTokenShowsChallenge()
|
|||
lu.assertEquals(ngx.status, 403)
|
||||
lu.assertStrContains(ngx._say, 'Security Check')
|
||||
|
||||
-- Restore original function
|
||||
ngx.req.get_headers = original_get_headers
|
||||
-- Clean up
|
||||
ngx._headers = nil
|
||||
end
|
||||
|
||||
function TestDDoSProtectionChallenge:teardown()
|
||||
|
|
@ -339,12 +330,10 @@ function TestDDoSProtectionChallengePaths:testValidTokenAllowsAccessToProtectedP
|
|||
local test_token = 'valid_test_token_paths'
|
||||
ngx.shared.aproxy_tokens:set(test_token, true, 86400)
|
||||
|
||||
local original_get_headers = ngx.req.get_headers
|
||||
ngx.req.get_headers = function()
|
||||
return {
|
||||
-- Set headers via ngx._headers (which our mock get_headers uses)
|
||||
ngx._headers = {
|
||||
Cookie = 'aproxy_token=' .. test_token
|
||||
}
|
||||
end
|
||||
|
||||
setupFakeRequest('/api/protected', {})
|
||||
ngx.var.remote_addr = '192.168.2.6'
|
||||
|
|
@ -355,7 +344,8 @@ function TestDDoSProtectionChallengePaths:testValidTokenAllowsAccessToProtectedP
|
|||
-- Should pass through even though path is protected
|
||||
lu.assertIsNil(ngx.status)
|
||||
|
||||
ngx.req.get_headers = original_get_headers
|
||||
-- Clean up
|
||||
ngx._headers = nil
|
||||
end
|
||||
|
||||
function TestDDoSProtectionChallengePaths:testBannedIPBlockedOnUnprotectedPath()
|
||||
|
|
@ -455,32 +445,11 @@ function TestDDoSProtectionChallengeQuestion:testQuestionChallengeShown()
|
|||
end
|
||||
|
||||
function TestDDoSProtectionChallengeQuestion:testCorrectAnswerPassesChallenge()
|
||||
-- First get the challenge page to extract challenge_id
|
||||
setupFakeRequest('/api/test', {})
|
||||
ngx.var.remote_addr = '192.168.3.2'
|
||||
ngx.var.request_method = 'GET'
|
||||
|
||||
onRequest()
|
||||
|
||||
-- Extract challenge_id from the response (in real test, we'd parse HTML)
|
||||
-- For now, we'll manually create a challenge
|
||||
-- Create a challenge with correct answer = 2
|
||||
local test_challenge_id = 'test_challenge_123'
|
||||
ngx.shared.aproxy_tokens:set('challenge:' .. test_challenge_id, 2, 300) -- Correct answer is 2
|
||||
|
||||
resetNgx()
|
||||
ngx.shared = {
|
||||
aproxy_bans = self.mod.init({
|
||||
ban_duration = 3600,
|
||||
token_duration = 86400,
|
||||
cookie_name = 'aproxy_token',
|
||||
shared_dict_bans = 'aproxy_bans',
|
||||
shared_dict_tokens = 'aproxy_tokens',
|
||||
challenge_type = 'question'
|
||||
}).bans_dict,
|
||||
aproxy_tokens = createMockSharedDict()
|
||||
}
|
||||
ngx.shared.aproxy_tokens:set('challenge:' .. test_challenge_id, 2, 300)
|
||||
|
||||
-- Simulate POST to verification endpoint with correct answer
|
||||
setupFakeRequest('/__aproxy_challenge_verify', {})
|
||||
ngx.var.remote_addr = '192.168.3.2'
|
||||
ngx.var.request_method = 'POST'
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue