From 1d8d6b1ef18981a49e9541bc5e29d5c158790cb7 Mon Sep 17 00:00:00 2001 From: venusbb Date: Wed, 5 Jul 2017 14:02:20 +0100 Subject: [PATCH] Add list of IP address that X-Forwarded-For return to add more visibility to the traffic --- app/authentication/auth.py | 2 ++ tests/app/authentication/test_authentication.py | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/authentication/auth.py b/app/authentication/auth.py index d8f45f5c6..391bf2e2a 100644 --- a/app/authentication/auth.py +++ b/app/authentication/auth.py @@ -51,6 +51,8 @@ def restrict_ip_sms(): ip_list = request.headers.get("X-Forwarded-For") ip = ip_list.split(',')[0].strip() + current_app.logger.info("Inbound sms ip list {}".format(ip_list)) + if ip in current_app.config.get('ALLOW_IP_INBOUND_SMS'): current_app.logger.info("Inbound sms ip addresses {} passed ".format(ip)) return diff --git a/tests/app/authentication/test_authentication.py b/tests/app/authentication/test_authentication.py index 0b5be25c4..32bb47327 100644 --- a/tests/app/authentication/test_authentication.py +++ b/tests/app/authentication/test_authentication.py @@ -313,7 +313,7 @@ def __create_token(service_id): def restrict_ip_sms_app(): app = flask.Flask(__name__) app.config['TESTING'] = True - app.config['ALLOW_IP_INBOUND_SMS'] = ['111.111.111.111'] + app.config['ALLOW_IP_INBOUND_SMS'] = ['134.213.243.188'] blueprint = flask.Blueprint('restrict_ip_sms_app', __name__) @@ -332,7 +332,7 @@ def test_allow_valid_ips(restrict_ip_sms_app): response = restrict_ip_sms_app.get( path='/', headers=[ - ('X-Forwarded-For', '111.111.111.111, 222.222.222.222, 127.0.0.1'), + ('X-Forwarded-For', '134.213.243.188, 222.222.222.222, 127.0.0.1'), ] )