Enable header checking on preview and staging, add test

2026-05-06 09:08:24 -04:00 · 2017-11-16 12:02:09 +00:00
parent 819c1a2dc5
commit 5d687d87e7
2 changed files with 23 additions and 2 deletions
--- a/app/config.py
+++ b/app/config.py
@@ -121,6 +121,8 @@ class Config(object):
    ONE_OFF_MESSAGE_FILENAME = 'Report'
    MAX_VERIFY_CODE_COUNT = 10

+    CHECK_PROXY_HEADER = False
+
    NOTIFY_SERVICE_ID = 'd6aa2c68-a2d9-4437-ab19-3ae8eb202553'
    NOTIFY_USER_ID = '6af522d0-2915-4e52-83a3-3690455a5fe6'
    INVITATION_EMAIL_TEMPLATE_ID = '4f46df42-f795-4cc4-83bb-65ca312f49cc'
@@ -371,6 +373,7 @@ class Preview(Config):
    DVLA_RESPONSE_BUCKET_NAME = 'notify.works-ftp'
    FROM_NUMBER = 'preview'
    API_RATE_LIMIT_ENABLED = True
+    CHECK_PROXY_HEADER = True


 class Staging(Config):
@@ -381,6 +384,7 @@ class Staging(Config):
    STATSD_ENABLED = True
    FROM_NUMBER = 'stage'
    API_RATE_LIMIT_ENABLED = True
+    CHECK_PROXY_HEADER = True


 class Live(Config):
@@ -394,6 +398,7 @@ class Live(Config):
    FUNCTIONAL_TEST_PROVIDER_SMS_TEMPLATE_ID = 'ba9e1789-a804-40b8-871f-cc60d4c1286f'
    PERFORMANCE_PLATFORM_ENABLED = True
    API_RATE_LIMIT_ENABLED = True
+    CHECK_PROXY_HEADER = False


 class CloudFoundryConfig(Config):
--- a/tests/app/authentication/test_authentication.py
+++ b/tests/app/authentication/test_authentication.py
@@ -380,7 +380,7 @@ def test_route_correct_secret_key(notify_api, client):
    with set_config_values(notify_api, {
        'ROUTE_SECRET_KEY_1': 'key_1',
        'ROUTE_SECRET_KEY_2': '',
-        'DEBUG': False,
+        'CHECK_PROXY_HEADER': True,
    }):

        response = client.get(
@@ -396,7 +396,7 @@ def test_route_incorrect_secret_key(notify_api, client):
    with set_config_values(notify_api, {
        'ROUTE_SECRET_KEY_1': 'key_1',
        'ROUTE_SECRET_KEY_2': '',
-        'DEBUG': False,
+        'CHECK_PROXY_HEADER': True,
    }):

        response = client.get(
@@ -406,3 +406,19 @@ def test_route_incorrect_secret_key(notify_api, client):
            ]
        )
        assert response.status_code == 403
+
+
+def test_route_check_proxy_header_flag(notify_api, client):
+    with set_config_values(notify_api, {
+        'ROUTE_SECRET_KEY_1': 'key_1',
+        'ROUTE_SECRET_KEY_2': '',
+        'CHECK_PROXY_HEADER': False,
+    }):
+
+        response = client.get(
+            path='/_status',
+            headers=[
+                ('X-Custom-Forwarder', 'wrong_key'),
+            ]
+        )
+        assert response.status_code == 200