Revised firewall rule unit test to be more specific, fixed incorrect error codes returned in APIFirewallRuleCreate and APIFirewallRuleUpdate

Author: jaredhendrickson13

pfSense-pkg-API/files/etc/inc/api/models/APIFirewallRuleCreate.inc

@@ -249,9 +249,11 @@ class APIFirewallRuleCreate extends APIModel {
         $this->__validate_log();
         $this->__validate_top();
 
-        # Delay generating the tracker. Reduces the likelihood of two rules getting the same tracker in looped calls
+        # Delay generating the tracker. Reduces the likelihood of two rules getting the same tracker in looped calls.
         # todo: this is a quick fix and still does not guarantee uniqueness, a better solution is needed
-        sleep(1);
+        if (!$this->errors) {
+            sleep(1);
+        }
 
         # Add our static 'tracker', 'created' and 'updated' values
         $this->validated_data["tracker"] = (int)microtime(true);

pfSense-pkg-API/files/etc/inc/api/models/APIFirewallRuleUpdate.inc

@@ -161,14 +161,14 @@ class APIFirewallRuleUpdate extends APIModel {
     }
 
     private function __validate_dst() {
-        # Check for our optional 'src' payload value
+        # Check for our optional 'dst' payload value
         if (isset($this->initial_data['dst'])) {
             # Check if our source and destination values are valid
             $dir_check = APITools\is_valid_rule_addr($this->initial_data['dst'], "destination");
             if ($dir_check["valid"] === true) {
                 $this->validated_data = array_merge($this->validated_data, $dir_check["data"]);
             } else {
-                $this->errors[] = APIResponse\get(4049);
+                $this->errors[] = APIResponse\get(4045);
             }
         }
     }
@@ -195,7 +195,7 @@ class APIFirewallRuleUpdate extends APIModel {
             if (isset($this->initial_data['dstport'])) {
                 $val = str_replace("-", ":", $this->initial_data['dstport']);
                 if (!is_port_or_range_or_alias($val) and $val !== "any") {
-                    $this->errors[] = APIResponse\get(4048);
+                    $this->errors[] = APIResponse\get(4049);
                 } elseif ($val !== "any") {
                     $this->validated_data["destination"]["port"] = str_replace(":", "-", $val);;
                 }

tests/test_api_v1_firewall_alias.py

@@ -37,7 +37,7 @@ class APIUnitTestFirewallAlias(unit_test_framework.APIUnitTest):
                 "name": "HTTP_PORTS",
                 "type": "port",
                 "descr": "Unit Test",
-                "address": [80, 443, 8443],
+                "address": [80, 443, 8443, "8080:8081"],
                 "detail": ["HTTP", "HTTPS", "HTTPS-ALT"]
             },
             "resp_time": 3    # Allow a few seconds for the firewall filter to reload
@@ -52,6 +52,74 @@ class APIUnitTestFirewallAlias(unit_test_framework.APIUnitTest):
                 "detail": ["Cloudflare DNS", "Google DNS", "Secondary Google DNS"]
             },
             "resp_time": 3    # Allow a few seconds for the firewall filter to reload
+        },
+        {
+            "name": "Test name requirement",
+            "status": 400,
+            "return": 4050
+        },
+        {
+            "name": "Test name unique constraint",
+            "status": 400,
+            "return": 4056,
+            "payload": {
+                "name": "DNS_SERVERS"
+            }
+        },
+        {
+            "name": "Test name validation",
+            "status": 400,
+            "return": 4053,
+            "payload": {
+                "name": "!@#"
+            }
+        },
+        {
+            "name": "Test type requirement",
+            "status": 400,
+            "return": 4061,
+            "payload": {
+                "name": "TEST"
+            }
+        },
+        {
+            "name": "Test type validation",
+            "status": 400,
+            "return": 4057,
+            "payload": {
+                "name": "TEST",
+                "type": "INVALID"
+            }
+        },
+        {
+            "name": "Test network alias address validation",
+            "status": 400,
+            "return": 4059,
+            "payload": {
+                "name": "TEST",
+                "type": "network",
+                "address": ["!@#!@#!@#"]
+            }
+        },
+        {
+            "name": "Test host alias address validation",
+            "status": 400,
+            "return": 4058,
+            "payload": {
+                "name": "TEST",
+                "type": "host",
+                "address": ["!@#!@#!@#"]
+            }
+        },
+        {
+            "name": "Test port alias address validation",
+            "status": 400,
+            "return": 4060,
+            "payload": {
+                "name": "TEST",
+                "type": "port",
+                "address": ["!@#!@#!@#"]
+            }
         }
     ]
     put_tests = [
@@ -90,7 +158,66 @@ class APIUnitTestFirewallAlias(unit_test_framework.APIUnitTest):
                 "detail": ["Google DNS"]
             },
             "resp_time": 3    # Allow a few seconds for the firewall filter to reload
-        }
+        },
+        {
+            "name": "Test ID requirement",
+            "status": 400,
+            "return": 4050
+        },
+        {
+            "name": "Test name unique constraint",
+            "status": 400,
+            "return": 4056,
+            "payload": {
+                "id": "UPDATED_HTTP_PORTS",
+                "name": "UPDATED_DNS_SERVERS"
+            }
+        },
+        {
+            "name": "Test name validation",
+            "status": 400,
+            "return": 4053,
+            "payload": {
+                "id": "UPDATED_HTTP_PORTS",
+                "name": "!@#"
+            }
+        },
+        {
+            "name": "Test type validation",
+            "status": 400,
+            "return": 4057,
+            "payload": {
+                "id": "UPDATED_HTTP_PORTS",
+                "type": "INVALID"
+            }
+        },
+        {
+            "name": "Test update host to network alias address validation",
+            "status": 400,
+            "return": 4059,
+            "payload": {
+                "id": "UPDATED_DNS_SERVERS",
+                "type": "network"
+            }
+        },
+        {
+            "name": "Test update network to port alias address validation",
+            "status": 400,
+            "return": 4060,
+            "payload": {
+                "id": "UPDATED_RFC1918",
+                "type": "port"
+            }
+        },
+        {
+            "name": "Test update port to host alias address validation",
+            "status": 400,
+            "return": 4058,
+            "payload": {
+                "id": "UPDATED_HTTP_PORTS",
+                "type": "host"
+            }
+        },
     ]
     delete_tests = [
         {
@@ -113,7 +240,16 @@ class APIUnitTestFirewallAlias(unit_test_framework.APIUnitTest):
                 "id": "UPDATED_DNS_SERVERS"
             },
             "resp_time": 3    # Allow a few seconds for the firewall filter to reload
-        }
+        },
+        {
+            "name": "Test delete non-existing alias",
+            "status": 400,
+            "return": 4055,
+            "payload": {
+                "id": "INVALID"
+            }
+        },
+
     ]
 
 APIUnitTestFirewallAlias()