From e54f184f447c0dee8dc9d0e5dbcaa9ffa055c0f4 Mon Sep 17 00:00:00 2001
From: tonytan4ever <tonytan198211@gmail.com>
Date: Mon, 5 Oct 2015 18:45:13 -0400
Subject: [PATCH] Allow IPv4 and IPv6 CIDR range in IP restriction

Change-Id: I8ee940abfbf2bb339e49ff6798af29a2057a5ee7
---
 poppy/transport/validators/schemas/service.py |   8 +-
 tests/api/services/data_create_service.json   | 147 ++++++++++++++++++
 .../data_create_service_negative.json         |  45 ++++++
 tests/api/services/data_patch_service.json    |  47 ++++++
 4 files changed, 245 insertions(+), 2 deletions(-)

diff --git a/poppy/transport/validators/schemas/service.py b/poppy/transport/validators/schemas/service.py
index 1fe9c9c8..889d2c02 100644
--- a/poppy/transport/validators/schemas/service.py
+++ b/poppy/transport/validators/schemas/service.py
@@ -524,7 +524,9 @@ class ServiceSchema(schema_base.SchemaBase):
                                                             "[0-9])\.){3,3}("
                                                             "25[0-5]|(2[0-4]|"
                                                             "1{0,1}[0-9]){0,1"
-                                                            "}[0-9]))$)"
+                                                            "}[0-9]))(\/("
+                                                            "d|dd|1[0-1]d|12[0"
+                                                            "-8]))?$)"
                                                             # IPv4 Address
                                                             "|(^(((25[0-5]|"
                                                             "(2[0-4]|1{0,1}"
@@ -532,7 +534,9 @@ class ServiceSchema(schema_base.SchemaBase):
                                                             "\.){3,3}(25[0-5]|"
                                                             "(2[0-4]|1{0,1}"
                                                             "[0-9]){0,1}[0-9])"
-                                                            ")$)"
+                                                            ")(\/([0-9]"
+                                                            "|[1-2][0-9]|"
+                                                            "3[0-2]))?$)"
                                                         ),
                                                         'required': True,
                                                     },
diff --git a/tests/api/services/data_create_service.json b/tests/api/services/data_create_service.json
index 47f4a6f8..e42c7fae 100644
--- a/tests/api/services/data_create_service.json
+++ b/tests/api/services/data_create_service.json
@@ -816,6 +816,153 @@
                         ]}
         ]
     },
+    "ip_restriction_ipv4_CIDR_3": {
+        "name": "my_service_name",
+        "domain_list": [{"domain": "www.mywebsite.com", "protocol": "http"},
+                        {"domain": "blog.mywebsite.com", "protocol": "http"}],
+        "origin_list": [{
+                         "origin": "myorigin.com",
+                         "port": 80,
+                         "ssl": false,
+                         "rules": [
+                            {
+                                "name" : "default",
+                                "request_url" : "/*"
+                            }]
+                        }],
+         "caching_list": [
+            {
+                "name": "default",
+                "ttl": 3600,
+                "rules": [
+                    {
+                        "name" : "default",
+                        "request_url" : "/*"
+                    }
+                ]
+            },
+            {
+                "name": "home",
+                "ttl": 1200,
+                "rules": [
+                    {
+                        "name" : "index",
+                        "request_url" : "/index.htm"
+                    }
+                ]
+            }
+         ],
+         "restrictions_list": [
+                        {
+                        "name": "test",
+                        "access": "whitelist",
+                        "rules": [
+                            {
+                                "name": "only this ipv4CIDR",
+                                "client_ip": "173.203.4.162/32",
+                                "request_url" : "/*"
+                            }
+                        ]}
+        ]
+     },
+     "ip_restriction_ipv4_CIDR_4": {
+        "name": "my_service_name",
+        "domain_list": [{"domain": "www.mywebsite.com", "protocol": "http"},
+                        {"domain": "blog.mywebsite.com", "protocol": "http"}],
+        "origin_list": [{
+                         "origin": "myorigin.com",
+                         "port": 80,
+                         "ssl": false,
+                         "rules": [
+                            {
+                                "name" : "default",
+                                "request_url" : "/*"
+                            }]
+                        }],
+         "caching_list": [
+            {
+                "name": "default",
+                "ttl": 3600,
+                "rules": [
+                    {
+                        "name" : "default",
+                        "request_url" : "/*"
+                    }
+                ]
+            },
+            {
+                "name": "home",
+                "ttl": 1200,
+                "rules": [
+                    {
+                        "name" : "index",
+                        "request_url" : "/index.htm"
+                    }
+                ]
+            }
+         ],
+         "restrictions_list": [
+                        {
+                        "name": "test",
+                        "access": "whitelist",
+                        "rules": [
+                            {
+                                "name": "only this ipv4CIDR",
+                                "client_ip": "173.203.4.162/24",
+                                "request_url" : "/*"
+                            }
+                        ]}
+        ]
+     },
+     "ip_restriction_ipv6_CIDR": {
+        "name": "my_service_name",
+        "domain_list": [{"domain": "www.mywebsite.com", "protocol": "http"},
+                        {"domain": "blog.mywebsite.com", "protocol": "http"}],
+        "origin_list": [{
+                         "origin": "myorigin.com",
+                         "port": 80,
+                         "ssl": false,
+                         "rules": [
+                            {
+                                "name" : "default",
+                                "request_url" : "/*"
+                            }]
+                        }],
+         "caching_list": [
+            {
+                "name": "default",
+                "ttl": 3600,
+                "rules": [
+                    {
+                        "name" : "default",
+                        "request_url" : "/*"
+                    }
+                ]
+            },
+            {
+                "name": "home",
+                "ttl": 1200,
+                "rules": [
+                    {
+                        "name" : "index",
+                        "request_url" : "/index.htm"
+                    }
+                ]
+            }
+         ],
+         "restrictions_list": [
+                        {
+                        "name": "test",
+                        "access": "whitelist",
+                        "rules": [
+                            {
+                                "name": "only this ipv6CIDR",
+                                "client_ip": "1203:8fe0:fe80:b897:8990:8a7c:99bf:323d/123",
+                                "request_url" : "/*"
+                            }
+                        ]}
+        ]
+     },
      "non_root_domains": {
           "name": "non_root_domains",
           "domain_list": [{"domain": "www.mywebsite.com", "protocol": "http"},
diff --git a/tests/api/services/data_create_service_negative.json b/tests/api/services/data_create_service_negative.json
index 0557b505..8ab50eb1 100644
--- a/tests/api/services/data_create_service_negative.json
+++ b/tests/api/services/data_create_service_negative.json
@@ -647,6 +647,51 @@
         "restrictions_list": [{"name":"default",
                                "rules": [{"client_ip": ":"}]}]
     },
+    "restrictions_invalid_ipv4_CIDR": {
+        "service_name": "my_service_name",
+        "domain_list": [{"domain": "www.mywebsite.com", "protocol": "http"},
+                        {"domain": "blog.mywebsite.com", "protocol": "http"}],
+        "origin_list": [{"origin": "myorigin.com",
+                         "port": 443,
+                         "ssl": false}],
+        "caching_list": [{"name": "default", "ttl": 3600},
+                         {"name": "home",
+                          "ttl": 3600,
+                          "rules": [{"name" : "index",
+                                     "request_url" : "/index.htm"}]}],
+        "restrictions_list": [{"name":"default",
+                               "rules": [{"client_ip": "192.168.0.1/33"}]}]
+    },
+    "restrictions_invalid_ipv4_CIDR_negative": {
+        "service_name": "my_service_name",
+        "domain_list": [{"domain": "www.mywebsite.com", "protocol": "http"},
+                        {"domain": "blog.mywebsite.com", "protocol": "http"}],
+        "origin_list": [{"origin": "myorigin.com",
+                         "port": 443,
+                         "ssl": false}],
+        "caching_list": [{"name": "default", "ttl": 3600},
+                         {"name": "home",
+                          "ttl": 3600,
+                          "rules": [{"name" : "index",
+                                     "request_url" : "/index.htm"}]}],
+        "restrictions_list": [{"name":"default",
+                               "rules": [{"client_ip": "192.168.0.1/-3"}]}]
+    },
+    "restrictions_invalid_ipv6_CIDR": {
+        "service_name": "my_service_name",
+        "domain_list": [{"domain": "www.mywebsite.com", "protocol": "http"},
+                        {"domain": "blog.mywebsite.com", "protocol": "http"}],
+        "origin_list": [{"origin": "myorigin.com",
+                         "port": 443,
+                         "ssl": false}],
+        "caching_list": [{"name": "default", "ttl": 3600},
+                         {"name": "home",
+                          "ttl": 3600,
+                          "rules": [{"name" : "index",
+                                     "request_url" : "/index.htm"}]}],
+        "restrictions_list": [{"name":"default",
+                               "rules": [{"client_ip": "1203:8fe0:fe80:b897:8990:8a7c:99bf:323d/129"}]}]
+    },
     "restrictions_invalid_ipv6_address_2": {
         "service_name": "my_service_name",
         "domain_list": [{"domain": "www.mywebsite.com", "protocol": "http"},
diff --git a/tests/api/services/data_patch_service.json b/tests/api/services/data_patch_service.json
index 1cf6cb34..59a39c97 100644
--- a/tests/api/services/data_patch_service.json
+++ b/tests/api/services/data_patch_service.json
@@ -385,6 +385,53 @@
                             "client_ip": "2001:4802:7802:104:be76:4eff:fe20:4b5f",
                             "request_url": "/*"}]}}
    ],
+   "add_new_restricted_ipv4CIDR":[
+        {"op": "replace",
+         "path": "/restrictions/0",
+          "value": {"name": "website only",
+             "access": "whitelist",
+             "rules": [{"name": "mywebsite.com",
+                        "referrer": "www.mywebsite.com",
+                        "request_url": "/*"
+                        }, {"name": "myrestricted-ip",
+                            "client_ip": "1.2.3.4",
+                            "request_url": "/*"}]}},
+        {"op": "replace",
+         "path": "/restrictions/0",
+          "value": {"name": "website only",
+             "access": "whitelist",
+             "rules": [{"name": "mywebsite.com",
+                        "referrer": "www.mywebsite.com",
+                        "request_url": "/*"
+                        }, {"name": "myrestricted-ip",
+                            "client_ip": "173.203.4.162/32",
+                            "request_url": "/*"}]}}
+   ],
+   "add_new_restricted_ipv4_and_ipv6_CIDR":[
+        {"op": "replace",
+         "path": "/restrictions/0",
+          "value": {"name": "website only",
+             "access": "whitelist",
+             "rules": [{"name": "mywebsite.com",
+                        "referrer": "www.mywebsite.com",
+                        "request_url": "/*"
+                        }, {"name": "myrestricted-ip",
+                            "client_ip": "1.2.3.4",
+                            "request_url": "/*"}]}},
+        {"op": "replace",
+         "path": "/restrictions/0",
+          "value": {"name": "website only",
+             "access": "whitelist",
+             "rules": [{"name": "mywebsite.com",
+                        "referrer": "www.mywebsite.com",
+                        "request_url": "/*"
+                        }, {"name": "myrestricted-ipv4-CIDR",
+                            "client_ip": "173.203.4.162/32",
+                            "request_url": "/*"},
+                            {"name": "myrestricted-ipv6-CIDR",
+                            "client_ip": "1203:8fe0:fe80:b897:8990:8a7c:99bf:323d/123",
+                            "request_url": "/*"}]}}
+   ],
    "replace_add_geo_restriction":[
         {"op": "replace",
          "path": "/restrictions/0",