darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-20 23:41:17 -05:00
Code Issues Packages Projects Releases Wiki Activity

Check ip unit test and modify ways to parse IP address

Browse Source
This commit is contained in:
venusbb
2017-07-04 17:31:40 +01:00
parent 2ff9204a61
commit c182ceca90
2 changed files with 49 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/authentication/auth.py
View File

@@ -46,10 +46,10 @@ def requires_no_auth():
def restrict_ip_sms(): def restrict_ip_sms():
ip = '' ip = ''
if request.headers.getlist("X-Forwarded-For"): if request.headers.get("X-Forwarded-For"):
ip0 = request.headers.getlist("X-Forwarded-For") # X-Forwarded-For looks like "203.0.113.195, 70.41.3.18, 150.172.238.178"
ip1 = ip0.split(',') ip_list = request.headers.get("X-Forwarded-For")
ip = ip1[0] ip = ip_list.split(',')[0].strip()
if ip in current_app.config.get('ALLOW_IP_INBOUND_SMS'): if ip in current_app.config.get('ALLOW_IP_INBOUND_SMS'):
current_app.logger.info("Inbound sms ip addresses {} passed ".format(ip)) current_app.logger.info("Inbound sms ip addresses {} passed ".format(ip))

45
tests/app/authentication/test_authentication.py
View File

@@ -4,6 +4,7 @@ import time
from datetime import datetime from datetime import datetime
import pytest import pytest
import flask
from flask import json, current_app from flask import json, current_app
from freezegun import freeze_time from freezegun import freeze_time
from notifications_python_client.authentication import create_jwt_token from notifications_python_client.authentication import create_jwt_token
@@ -11,6 +12,7 @@ from notifications_python_client.authentication import create_jwt_token
from app import api_user from app import api_user
from app.dao.api_key_dao import get_unsigned_secrets, save_model_api_key, get_unsigned_secret, expire_api_key from app.dao.api_key_dao import get_unsigned_secrets, save_model_api_key, get_unsigned_secret, expire_api_key
from app.models import ApiKey, KEY_TYPE_NORMAL from app.models import ApiKey, KEY_TYPE_NORMAL
from app.authentication.auth import restrict_ip_sms, AuthError
# Test the require_admin_auth and require_auth methods # Test the require_admin_auth and require_auth methods
@@ -305,3 +307,46 @@ def test_should_return_403_when_token_is_expired(client,
def __create_token(service_id): def __create_token(service_id):
return create_jwt_token(secret=get_unsigned_secrets(service_id)[0], return create_jwt_token(secret=get_unsigned_secrets(service_id)[0],
client_id=str(service_id)) client_id=str(service_id))
@pytest.fixture
def restrict_ip_sms_app():
app = flask.Flask(__name__)
app.config['TESTING'] = True
app.config['ALLOW_IP_INBOUND_SMS'] = ['111.111.111.111']
blueprint = flask.Blueprint('restrict_ip_sms_app', __name__)
@blueprint.route('/')
def test_endpoint():
return 'OK', 200
blueprint.before_request(restrict_ip_sms)
app.register_blueprint(blueprint)
with app.test_request_context(), app.test_client() as client:
yield client
def test_allow_valid_ips(restrict_ip_sms_app):
response = restrict_ip_sms_app.get(
path='/',
headers=[
('X-Forwarded-For', '111.111.111.111, 222.222.222.222, 127.0.0.1'),
]
)
assert response.status_code == 200
@pytest.mark.xfail(reason='Currently not blocking invalid IPs', strict=True)
def test_reject_invalid_ips(restrict_ip_sms_app):
with pytest.raises(AuthError) as exc_info:
restrict_ip_sms_app.get(
path='/',
headers=[
('X-Forwarded-For', '222.222.222.222, 111.111.111.111, 127.0.0.1')
]
)
assert exc_info.value.short_message == 'Unknown source IP address from the SMS provider'