Merge pull request #1128 from alphagov/http-custom-header

Http custom header

app/authentication/auth.py

@@ -52,13 +52,18 @@ def restrict_ip_sms():
         ip_list = ip_route.split(',')
         if len(ip_list) >= 3:
             ip = ip_list[len(ip_list) - 3]
-        current_app.logger.info("Inbound sms ip route list {}".format(ip_route))
+        current_app.logger.info("Inbound sms ip route list {}"
+                                .format(ip_route))
+
+    # Temporary custom header for route security - to experiment if the header passes through
+    if request.headers.get("X-Custom-forwarder"):
+        current_app.logger.info("X-Custom-forwarder {}".format(request.headers.get("X-Custom-forwarder")))
 
     if ip in current_app.config.get('SMS_INBOUND_WHITELIST'):
         current_app.logger.info("Inbound sms ip addresses {} passed ".format(ip))
         return
     else:
-        current_app.logger.info("Inbound sms ip addresses {} blocked ".format(ip))
+        current_app.logger.info("Inbound sms ip addresses blocked {}".format(ip))
         return
         # raise AuthError('Unknown source IP address from the SMS provider', 403)
 

tests/app/authentication/test_authentication.py

@@ -351,7 +351,7 @@ def test_reject_invalid_ips(restrict_ip_sms_app):
     assert exc_info.value.short_message == 'Unknown source IP address from the SMS provider'
 
 
-@pytest.mark.xfail(reason='Currently not blocking invalid IPs', strict=True)
+@pytest.mark.xfail(reason='Currently not blocking invalid senders', strict=True)
 def test_illegitimate_ips(restrict_ip_sms_app):
     with pytest.raises(AuthError) as exc_info:
         restrict_ip_sms_app.get(
@@ -361,4 +361,4 @@ def test_illegitimate_ips(restrict_ip_sms_app):
             ]
         )
 
-    assert exc_info.value.short_message == 'Unknown source IP address from the SMS provider'
+    assert exc_info.value.short_message == 'Unknown IP route not from known SMS provider'