From bc230dc83e7412de87683650826e139e33645076 Mon Sep 17 00:00:00 2001
From: Camelia Dumitru <62257307+Camelia-Orcid@users.noreply.github.com>
Date: Thu, 13 Feb 2025 15:15:16 +0000
Subject: [PATCH] Add cidr white list unit test (#7213)

* Added unit test for cidr papi whitelist change

* Fixed typo
---
 .../orcid/api/filters/ApiRateLimitFilter.java |  2 +-
 .../api/filters/ApiRateLimitFilterTest.java   | 40 +++++++++++++++++--
 2 files changed, 38 insertions(+), 4 deletions(-)

diff --git a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java
index d3fe76efcb..6424b8280c 100644
--- a/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java
+++ b/orcid-pub-web/src/main/java/org/orcid/api/filters/ApiRateLimitFilter.java
@@ -104,7 +104,7 @@ public class ApiRateLimitFilter extends OncePerRequestFilter {
     @Value("${org.orcid.papi.rate.limit.referrer.whiteSpaceSeparatedWhiteList}")
     private String papiReferrerWhiteSpaceSeparatedWhiteList;
 
-    @Value("${org.orcid.papi.rate.limit.cidrRange.whiteSpaceSeparatedWhiteList}")
+    @Value("${org.orcid.papi.rate.limit.cidrRange.whiteSpaceSeparatedWhiteList:10.0.0.0/8}")
     private String papiCidrRangeWhiteSpaceSeparatedWhiteList;
 
     private List<String> papiIpWhiteList;
diff --git a/orcid-pub-web/src/test/java/org/orcid/api/filters/ApiRateLimitFilterTest.java b/orcid-pub-web/src/test/java/org/orcid/api/filters/ApiRateLimitFilterTest.java
index 427a4dcaa2..25d1849dba 100644
--- a/orcid-pub-web/src/test/java/org/orcid/api/filters/ApiRateLimitFilterTest.java
+++ b/orcid-pub-web/src/test/java/org/orcid/api/filters/ApiRateLimitFilterTest.java
@@ -8,8 +8,6 @@
 import org.mockito.MockitoAnnotations;
 import org.orcid.core.api.rate_limit.PapiRateLimitRedisClient;
 import org.orcid.core.oauth.service.OrcidTokenStore;
-import org.orcid.persistence.dao.PublicApiDailyRateLimitDao;
-import org.orcid.persistence.jpa.entities.PublicApiDailyRateLimitEntity;
 import org.orcid.test.OrcidJUnit4ClassRunner;
 import org.orcid.test.TargetProxyHelper;
 import org.springframework.mock.web.MockHttpServletRequest;
@@ -219,4 +217,40 @@ public void doFilterInternal_checkLimitReachedTest() throws ServletException, IO
                 "Too Many Requests. You have exceeded the daily quota for anonymous usage of this API. \nYou can increase your daily quota by registering for and using Public API client credentials (https://info.orcid.org/documentation/integration-guide/registering-a-public-api-client/)",
                 content);
     }
-}
\ No newline at end of file
+
+    @Test
+    public void doFilterInternal_annonymousRequest_whitelisted_cidr_IP_Test() throws ServletException, IOException {
+        MockitoAnnotations.initMocks(this);
+        String ip_in_cidr = "10.0.0.0";
+
+        TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "enableRateLimiting", true);
+        TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "orcidTokenStore", orcidTokenStoreMock);
+        TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "papiRedisClient", papiRateLimitRedisMock);
+
+        when(papiRateLimitRedisMock.getTodayDailyLimitsForClient(eq(ip_in_cidr))).thenReturn(null);
+        httpServletRequestMock.addHeader("X-REAL-IP", ip_in_cidr);
+
+        apiRateLimitFilter.doFilterInternal(httpServletRequestMock, httpServletResponseMock, filterChainMock);
+
+        verify(orcidTokenStoreMock, never()).readClientId(anyString());
+        verify(papiRateLimitRedisMock, never()).setTodayLimitsForClient(eq(ip_in_cidr), any());
+    }
+
+    @Test
+    public void doFilterInternal_annonymousRequest_not_whitelisted_cidr_IP_Test() throws ServletException, IOException {
+        MockitoAnnotations.initMocks(this);
+        String ip_not_cidr = "20.0.0.0";
+
+        TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "enableRateLimiting", true);
+        TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "orcidTokenStore", orcidTokenStoreMock);
+        TargetProxyHelper.injectIntoProxy(apiRateLimitFilter, "papiRedisClient", papiRateLimitRedisMock);
+
+        when(papiRateLimitRedisMock.getTodayDailyLimitsForClient(eq(ip_not_cidr))).thenReturn(null);
+        httpServletRequestMock.addHeader("X-REAL-IP", ip_not_cidr);
+
+        apiRateLimitFilter.doFilterInternal(httpServletRequestMock, httpServletResponseMock, filterChainMock);
+
+        verify(orcidTokenStoreMock, never()).readClientId(anyString());
+        verify(papiRateLimitRedisMock, times(1)).setTodayLimitsForClient(eq(ip_not_cidr), any(JSONObject.class));
+    }
+}