diff --git a/app/authentication/auth.py b/app/authentication/auth.py index 8242795b2..d10a98bb0 100644 --- a/app/authentication/auth.py +++ b/app/authentication/auth.py @@ -52,13 +52,18 @@ def restrict_ip_sms(): ip_list = ip_route.split(',') if len(ip_list) >= 3: ip = ip_list[len(ip_list) - 3] - current_app.logger.info("Inbound sms ip route list {}".format(ip_route)) + current_app.logger.info("Inbound sms ip route list {}" + .format(ip_route)) + + # Temporary custom header for route security - to experiment if the header passes through + if request.headers.get("X-Custom-forwarder"): + current_app.logger.info("X-Custom-forwarder {}".format(request.headers.get("X-Custom-forwarder"))) if ip in current_app.config.get('SMS_INBOUND_WHITELIST'): current_app.logger.info("Inbound sms ip addresses {} passed ".format(ip)) return else: - current_app.logger.info("Inbound sms ip addresses {} blocked ".format(ip)) + current_app.logger.info("Inbound sms ip addresses blocked {}".format(ip)) return # raise AuthError('Unknown source IP address from the SMS provider', 403) diff --git a/tests/app/authentication/test_authentication.py b/tests/app/authentication/test_authentication.py index e423ab9a2..f0420e755 100644 --- a/tests/app/authentication/test_authentication.py +++ b/tests/app/authentication/test_authentication.py @@ -351,7 +351,7 @@ def test_reject_invalid_ips(restrict_ip_sms_app): assert exc_info.value.short_message == 'Unknown source IP address from the SMS provider' -@pytest.mark.xfail(reason='Currently not blocking invalid IPs', strict=True) +@pytest.mark.xfail(reason='Currently not blocking invalid senders', strict=True) def test_illegitimate_ips(restrict_ip_sms_app): with pytest.raises(AuthError) as exc_info: restrict_ip_sms_app.get( @@ -361,4 +361,4 @@ def test_illegitimate_ips(restrict_ip_sms_app): ] ) - assert exc_info.value.short_message == 'Unknown source IP address from the SMS provider' + assert exc_info.value.short_message == 'Unknown IP route not from known SMS provider'