From 5d687d87e72bd210c4766bc6cb71f62236c76661 Mon Sep 17 00:00:00 2001
From: Athanasios Voutsadakis
 <athanasios.voutsadakis@digital.cabinet-office.gov.uk>
Date: Thu, 16 Nov 2017 12:02:09 +0000
Subject: [PATCH] Enable header checking on preview and staging, add test

---
 app/config.py                                 |  5 +++++
 .../app/authentication/test_authentication.py | 20 +++++++++++++++++--
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/app/config.py b/app/config.py
index 86a635985..c5a656999 100644
--- a/app/config.py
+++ b/app/config.py
@@ -121,6 +121,8 @@ class Config(object):
     ONE_OFF_MESSAGE_FILENAME = 'Report'
     MAX_VERIFY_CODE_COUNT = 10
 
+    CHECK_PROXY_HEADER = False
+
     NOTIFY_SERVICE_ID = 'd6aa2c68-a2d9-4437-ab19-3ae8eb202553'
     NOTIFY_USER_ID = '6af522d0-2915-4e52-83a3-3690455a5fe6'
     INVITATION_EMAIL_TEMPLATE_ID = '4f46df42-f795-4cc4-83bb-65ca312f49cc'
@@ -371,6 +373,7 @@ class Preview(Config):
     DVLA_RESPONSE_BUCKET_NAME = 'notify.works-ftp'
     FROM_NUMBER = 'preview'
     API_RATE_LIMIT_ENABLED = True
+    CHECK_PROXY_HEADER = True
 
 
 class Staging(Config):
@@ -381,6 +384,7 @@ class Staging(Config):
     STATSD_ENABLED = True
     FROM_NUMBER = 'stage'
     API_RATE_LIMIT_ENABLED = True
+    CHECK_PROXY_HEADER = True
 
 
 class Live(Config):
@@ -394,6 +398,7 @@ class Live(Config):
     FUNCTIONAL_TEST_PROVIDER_SMS_TEMPLATE_ID = 'ba9e1789-a804-40b8-871f-cc60d4c1286f'
     PERFORMANCE_PLATFORM_ENABLED = True
     API_RATE_LIMIT_ENABLED = True
+    CHECK_PROXY_HEADER = False
 
 
 class CloudFoundryConfig(Config):
diff --git a/tests/app/authentication/test_authentication.py b/tests/app/authentication/test_authentication.py
index 2c25db217..e0565154f 100644
--- a/tests/app/authentication/test_authentication.py
+++ b/tests/app/authentication/test_authentication.py
@@ -380,7 +380,7 @@ def test_route_correct_secret_key(notify_api, client):
     with set_config_values(notify_api, {
         'ROUTE_SECRET_KEY_1': 'key_1',
         'ROUTE_SECRET_KEY_2': '',
-        'DEBUG': False,
+        'CHECK_PROXY_HEADER': True,
     }):
 
         response = client.get(
@@ -396,7 +396,7 @@ def test_route_incorrect_secret_key(notify_api, client):
     with set_config_values(notify_api, {
         'ROUTE_SECRET_KEY_1': 'key_1',
         'ROUTE_SECRET_KEY_2': '',
-        'DEBUG': False,
+        'CHECK_PROXY_HEADER': True,
     }):
 
         response = client.get(
@@ -406,3 +406,19 @@ def test_route_incorrect_secret_key(notify_api, client):
             ]
         )
         assert response.status_code == 403
+
+
+def test_route_check_proxy_header_flag(notify_api, client):
+    with set_config_values(notify_api, {
+        'ROUTE_SECRET_KEY_1': 'key_1',
+        'ROUTE_SECRET_KEY_2': '',
+        'CHECK_PROXY_HEADER': False,
+    }):
+
+        response = client.get(
+            path='/_status',
+            headers=[
+                ('X-Custom-Forwarder', 'wrong_key'),
+            ]
+        )
+        assert response.status_code == 200