Arsnael commented on code in PR #1824:
URL: https://github.com/apache/james-project/pull/1824#discussion_r1442626214
##########
third-party/crowdsec/src/test/java/org/apache/james/CrowdsecIntegrationTest.java:
##########
@@ -87,5 +99,55 @@ void
ipShouldBeBannedByCrowdSecWhenFailingToImapLoginThreeTimes(GuiceJamesServer
.untilAsserted(() -> assertThatThrownBy(() ->
testIMAPClient.connect("127.0.0.1",
server.getProbe(ImapGuiceProbe.class).getImapPort()))
.isInstanceOf(EOFException.class)
.hasMessage("Connection closed without indication."));
+
+ }
+
+ @Test
+ void
ipConnectViaProxyShouldBeBannedByCrowdSecWhenFailingToImapLoginThreeTimes(GuiceJamesServer
server) throws IOException, InterruptedException {
+ // GIVEN an IP failed to log in 3 consecutive times in a short period
+ String CLIENT_IP = "127.0.0.1";
+
haProxyExtension.getHaproxyContainer().execInContainer(createCommandHAProxyConfig(server));
+ clientConnection = SocketChannel.open();
+
+ clientConnection.connect(new
InetSocketAddress(haProxyExtension.getHaproxyContainer().getHost(),
haProxyExtension.getHaproxyContainer().getMappedPort(IMAPS_PORT)));
+ IntStream.range(0, 3)
+ .forEach(any -> {
+ try {
+ clientConnection.write(ByteBuffer.wrap(String.format("a0
LOGIN %s %s\r\n",
+ "TCP4", CLIENT_IP,
haProxyExtension.getHaproxyContainer().getHost(), 65535,
haProxyExtension.getHaproxyContainer().getMappedPort(IMAPS_PORT),
+ BOB, BAD_PASSWORD).getBytes(StandardCharsets.UTF_8)));
+ assertThat(new String(readBytes(clientConnection),
StandardCharsets.UTF_8))
+ .doesNotStartWith("a0 OK");
+ } catch (IOException e) {
+ throw new RuntimeException(e);
+ }});
+ clientConnection.finishConnect();
+ // THEN connection from the IP would be blocked. CrowdSec takes time
to processing the ban decision therefore the await below.
+ CALMLY_AWAIT.atMost(Durations.TEN_SECONDS)
+ .untilAsserted(() -> assertThatThrownBy(() ->
clientConnection.connect(new
InetSocketAddress(haProxyExtension.getHaproxyContainer().getHost(),
haProxyExtension.getHaproxyContainer().getMappedPort(IMAPS_PORT))))
+ .isInstanceOf(EOFException.class)
+ .hasMessage("Connection closed without indication."));
+
+ }
+
Review Comment:
Can we have a test as well for proxy where like above you have an IP that
attempts to login through the proxy 3 times with wrong creds. Then an other IP
tries to login via the same proxy with right creds and it should succeed. Just
to make sure the ip banned is the one from the client and not the proxy? :)
Should be similar to test above with an extra step, easy enough :)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
