From a5cf8ff60f107968feec673d72f515ae9b9848f0 Mon Sep 17 00:00:00 2001
From: venusbb <venus.bailey@digital.cabinet-office.gov.uk>
Date: Wed, 12 Jul 2017 13:49:20 +0100
Subject: [PATCH 1/2] put more log messages to view what env returns

---
 app/authentication/auth.py                      | 3 ++-
 tests/app/authentication/test_authentication.py | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/app/authentication/auth.py b/app/authentication/auth.py
index 8242795b2..9c42f2431 100644
--- a/app/authentication/auth.py
+++ b/app/authentication/auth.py
@@ -52,7 +52,8 @@ def restrict_ip_sms():
         ip_list = ip_route.split(',')
         if len(ip_list) >= 3:
             ip = ip_list[len(ip_list) - 3]
-        current_app.logger.info("Inbound sms ip route list {}".format(ip_route))
+        current_app.logger.info("Inbound sms ip route list {} OS environ{}"
+                                .format(ip_route, current_app.config.get('SMS_INBOUND_WHITELIST')))
 
     if ip in current_app.config.get('SMS_INBOUND_WHITELIST'):
         current_app.logger.info("Inbound sms ip addresses {} passed ".format(ip))
diff --git a/tests/app/authentication/test_authentication.py b/tests/app/authentication/test_authentication.py
index e423ab9a2..f0420e755 100644
--- a/tests/app/authentication/test_authentication.py
+++ b/tests/app/authentication/test_authentication.py
@@ -351,7 +351,7 @@ def test_reject_invalid_ips(restrict_ip_sms_app):
     assert exc_info.value.short_message == 'Unknown source IP address from the SMS provider'
 
 
-@pytest.mark.xfail(reason='Currently not blocking invalid IPs', strict=True)
+@pytest.mark.xfail(reason='Currently not blocking invalid senders', strict=True)
 def test_illegitimate_ips(restrict_ip_sms_app):
     with pytest.raises(AuthError) as exc_info:
         restrict_ip_sms_app.get(
@@ -361,4 +361,4 @@ def test_illegitimate_ips(restrict_ip_sms_app):
             ]
         )
 
-    assert exc_info.value.short_message == 'Unknown source IP address from the SMS provider'
+    assert exc_info.value.short_message == 'Unknown IP route not from known SMS provider'

From 9da5682c7022c5b298a828befb837e29bed25a0f Mon Sep 17 00:00:00 2001
From: venusbb <venus.bailey@digital.cabinet-office.gov.uk>
Date: Tue, 25 Jul 2017 17:17:06 +0100
Subject: [PATCH 2/2] Experiment with logging a custom request header

---
 app/authentication/auth.py | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/authentication/auth.py b/app/authentication/auth.py
index 9c42f2431..d10a98bb0 100644
--- a/app/authentication/auth.py
+++ b/app/authentication/auth.py
@@ -52,14 +52,18 @@ def restrict_ip_sms():
         ip_list = ip_route.split(',')
         if len(ip_list) >= 3:
             ip = ip_list[len(ip_list) - 3]
-        current_app.logger.info("Inbound sms ip route list {} OS environ{}"
-                                .format(ip_route, current_app.config.get('SMS_INBOUND_WHITELIST')))
+        current_app.logger.info("Inbound sms ip route list {}"
+                                .format(ip_route))
+
+    # Temporary custom header for route security - to experiment if the header passes through
+    if request.headers.get("X-Custom-forwarder"):
+        current_app.logger.info("X-Custom-forwarder {}".format(request.headers.get("X-Custom-forwarder")))
 
     if ip in current_app.config.get('SMS_INBOUND_WHITELIST'):
         current_app.logger.info("Inbound sms ip addresses {} passed ".format(ip))
         return
     else:
-        current_app.logger.info("Inbound sms ip addresses {} blocked ".format(ip))
+        current_app.logger.info("Inbound sms ip addresses blocked {}".format(ip))
         return
         # raise AuthError('Unknown source IP address from the SMS provider', 403)