core/tests/components/http/test_real_ip.py

"""Test real IP middleware."""
from aiohttp import web
from aiohttp.hdrs import X_FORWARDED_FOR
from ipaddress import ip_network

from homeassistant.components.http.real_ip import setup_real_ip
from homeassistant.components.http.const import KEY_REAL_IP


async def mock_handler(request):
    """Return the real IP as text."""
    return web.Response(text=str(request[KEY_REAL_IP]))


async def test_ignore_x_forwarded_for(aiohttp_client):
    """Test that we get the IP from the transport."""
    app = web.Application()
    app.router.add_get('/', mock_handler)
    setup_real_ip(app, False, [])

    mock_api_client = await aiohttp_client(app)

    resp = await mock_api_client.get('/', headers={
        X_FORWARDED_FOR: '255.255.255.255'
    })
    assert resp.status == 200
    text = await resp.text()
    assert text != '255.255.255.255'


async def test_use_x_forwarded_for_without_trusted_proxy(aiohttp_client):
    """Test that we get the IP from the transport."""
    app = web.Application()
    app.router.add_get('/', mock_handler)
    setup_real_ip(app, True, [])

    mock_api_client = await aiohttp_client(app)

    resp = await mock_api_client.get('/', headers={
        X_FORWARDED_FOR: '255.255.255.255'
    })
    assert resp.status == 200
    text = await resp.text()
    assert text != '255.255.255.255'


async def test_use_x_forwarded_for_with_trusted_proxy(aiohttp_client):
    """Test that we get the IP from the transport."""
    app = web.Application()
    app.router.add_get('/', mock_handler)
    setup_real_ip(app, True, [ip_network('127.0.0.1')])

    mock_api_client = await aiohttp_client(app)

    resp = await mock_api_client.get('/', headers={
        X_FORWARDED_FOR: '255.255.255.255'
    })
    assert resp.status == 200
    text = await resp.text()
    assert text == '255.255.255.255'


async def test_use_x_forwarded_for_with_untrusted_proxy(aiohttp_client):
    """Test that we get the IP from the transport."""
    app = web.Application()
    app.router.add_get('/', mock_handler)
    setup_real_ip(app, True, [ip_network('1.1.1.1')])

    mock_api_client = await aiohttp_client(app)

    resp = await mock_api_client.get('/', headers={
        X_FORWARDED_FOR: '255.255.255.255'
    })
    assert resp.status == 200
    text = await resp.text()
    assert text != '255.255.255.255'


async def test_use_x_forwarded_for_with_spoofed_header(aiohttp_client):
    """Test that we get the IP from the transport."""
    app = web.Application()
    app.router.add_get('/', mock_handler)
    setup_real_ip(app, True, [ip_network('127.0.0.1')])

    mock_api_client = await aiohttp_client(app)

    resp = await mock_api_client.get('/', headers={
        X_FORWARDED_FOR: '222.222.222.222, 255.255.255.255'
    })
    assert resp.status == 200
    text = await resp.text()
    assert text == '255.255.255.255'


async def test_use_x_forwarded_for_with_nonsense_header(aiohttp_client):
    """Test that we get the IP from the transport."""
    app = web.Application()
    app.router.add_get('/', mock_handler)
    setup_real_ip(app, True, [ip_network('127.0.0.1')])

    mock_api_client = await aiohttp_client(app)

    resp = await mock_api_client.get('/', headers={
        X_FORWARDED_FOR: 'This value is invalid'
    })
    assert resp.status == 200
    text = await resp.text()
    assert text == '127.0.0.1'
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 21:06:14 +00:00			`"""Test real IP middleware."""`
			`from aiohttp import web`
			`from aiohttp.hdrs import X_FORWARDED_FOR`
Only use the X-Forwarded-For header if connection is from a trusted network (#15182) See https://github.com/home-assistant/home-assistant/issues/14345#issuecomment-400854569 2018-06-28 13:16:11 +00:00			`from ipaddress import ip_network`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 21:06:14 +00:00
			`from homeassistant.components.http.real_ip import setup_real_ip`
			`from homeassistant.components.http.const import KEY_REAL_IP`


Move HomeAssistantView to separate file. Convert http to async syntax. [skip ci] (#12982) * Move HomeAssistantView to separate file. Convert http to async syntax. * pylint * websocket api * update emulated_hue for async/await * Lint 2018-03-09 01:51:49 +00:00			`async def mock_handler(request):`
Update pydocstyle to 2.1.1 and flake8-docstrings to 1.3.0 (#14557) * Update pydocstyle to 2.1.1 and flake8-docstrings to 1.3.0 * Pydocstyle D401 fixes 2018-08-24 08:28:43 +00:00			`"""Return the real IP as text."""`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 21:06:14 +00:00			`return web.Response(text=str(request[KEY_REAL_IP]))`


Fix aiohttp deprecation warnings (#13240) * Fix aiohttp deprecation warnings * Fix Ring deprecation warning * Lint 2018-03-15 20:49:49 +00:00			`async def test_ignore_x_forwarded_for(aiohttp_client):`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 21:06:14 +00:00			`"""Test that we get the IP from the transport."""`
			`app = web.Application()`
			`app.router.add_get('/', mock_handler)`
Only use the X-Forwarded-For header if connection is from a trusted network (#15182) See https://github.com/home-assistant/home-assistant/issues/14345#issuecomment-400854569 2018-06-28 13:16:11 +00:00			`setup_real_ip(app, False, [])`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 21:06:14 +00:00
Fix aiohttp deprecation warnings (#13240) * Fix aiohttp deprecation warnings * Fix Ring deprecation warning * Lint 2018-03-15 20:49:49 +00:00			`mock_api_client = await aiohttp_client(app)`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 21:06:14 +00:00
Move HomeAssistantView to separate file. Convert http to async syntax. [skip ci] (#12982) * Move HomeAssistantView to separate file. Convert http to async syntax. * pylint * websocket api * update emulated_hue for async/await * Lint 2018-03-09 01:51:49 +00:00			`resp = await mock_api_client.get('/', headers={`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 21:06:14 +00:00			`X_FORWARDED_FOR: '255.255.255.255'`
			`})`
			`assert resp.status == 200`
Move HomeAssistantView to separate file. Convert http to async syntax. [skip ci] (#12982) * Move HomeAssistantView to separate file. Convert http to async syntax. * pylint * websocket api * update emulated_hue for async/await * Lint 2018-03-09 01:51:49 +00:00			`text = await resp.text()`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 21:06:14 +00:00			`assert text != '255.255.255.255'`


Only use the X-Forwarded-For header if connection is from a trusted network (#15182) See https://github.com/home-assistant/home-assistant/issues/14345#issuecomment-400854569 2018-06-28 13:16:11 +00:00			`async def test_use_x_forwarded_for_without_trusted_proxy(aiohttp_client):`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 21:06:14 +00:00			`"""Test that we get the IP from the transport."""`
			`app = web.Application()`
			`app.router.add_get('/', mock_handler)`
Only use the X-Forwarded-For header if connection is from a trusted network (#15182) See https://github.com/home-assistant/home-assistant/issues/14345#issuecomment-400854569 2018-06-28 13:16:11 +00:00			`setup_real_ip(app, True, [])`

			`mock_api_client = await aiohttp_client(app)`

			`resp = await mock_api_client.get('/', headers={`
			`X_FORWARDED_FOR: '255.255.255.255'`
			`})`
			`assert resp.status == 200`
			`text = await resp.text()`
			`assert text != '255.255.255.255'`


			`async def test_use_x_forwarded_for_with_trusted_proxy(aiohttp_client):`
			`"""Test that we get the IP from the transport."""`
			`app = web.Application()`
			`app.router.add_get('/', mock_handler)`
			`setup_real_ip(app, True, [ip_network('127.0.0.1')])`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 21:06:14 +00:00
Fix aiohttp deprecation warnings (#13240) * Fix aiohttp deprecation warnings * Fix Ring deprecation warning * Lint 2018-03-15 20:49:49 +00:00			`mock_api_client = await aiohttp_client(app)`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 21:06:14 +00:00
Move HomeAssistantView to separate file. Convert http to async syntax. [skip ci] (#12982) * Move HomeAssistantView to separate file. Convert http to async syntax. * pylint * websocket api * update emulated_hue for async/await * Lint 2018-03-09 01:51:49 +00:00			`resp = await mock_api_client.get('/', headers={`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 21:06:14 +00:00			`X_FORWARDED_FOR: '255.255.255.255'`
			`})`
			`assert resp.status == 200`
Move HomeAssistantView to separate file. Convert http to async syntax. [skip ci] (#12982) * Move HomeAssistantView to separate file. Convert http to async syntax. * pylint * websocket api * update emulated_hue for async/await * Lint 2018-03-09 01:51:49 +00:00			`text = await resp.text()`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 21:06:14 +00:00			`assert text == '255.255.255.255'`
X-Forwarded-For improvements and bug fixes (#15204) * Use new trusted_proxies setting for X-Forwarded-For whitelist * Only use the last IP in the header Per Wikipedia (https://en.wikipedia.org/wiki/X-Forwarded-For#Format): > The last IP address is always the IP address that connects to the last proxy, > which means it is the most reliable source of information. * Add two additional tests * Ignore nonsense header values instead of failing 2018-06-29 20:27:06 +00:00

			`async def test_use_x_forwarded_for_with_untrusted_proxy(aiohttp_client):`
			`"""Test that we get the IP from the transport."""`
			`app = web.Application()`
			`app.router.add_get('/', mock_handler)`
			`setup_real_ip(app, True, [ip_network('1.1.1.1')])`

			`mock_api_client = await aiohttp_client(app)`

			`resp = await mock_api_client.get('/', headers={`
			`X_FORWARDED_FOR: '255.255.255.255'`
			`})`
			`assert resp.status == 200`
			`text = await resp.text()`
			`assert text != '255.255.255.255'`


			`async def test_use_x_forwarded_for_with_spoofed_header(aiohttp_client):`
			`"""Test that we get the IP from the transport."""`
			`app = web.Application()`
			`app.router.add_get('/', mock_handler)`
			`setup_real_ip(app, True, [ip_network('127.0.0.1')])`

			`mock_api_client = await aiohttp_client(app)`

			`resp = await mock_api_client.get('/', headers={`
			`X_FORWARDED_FOR: '222.222.222.222, 255.255.255.255'`
			`})`
			`assert resp.status == 200`
			`text = await resp.text()`
			`assert text == '255.255.255.255'`


			`async def test_use_x_forwarded_for_with_nonsense_header(aiohttp_client):`
			`"""Test that we get the IP from the transport."""`
			`app = web.Application()`
			`app.router.add_get('/', mock_handler)`
			`setup_real_ip(app, True, [ip_network('127.0.0.1')])`

			`mock_api_client = await aiohttp_client(app)`

			`resp = await mock_api_client.get('/', headers={`
			`X_FORWARDED_FOR: 'This value is invalid'`
			`})`
			`assert resp.status == 200`
			`text = await resp.text()`
			`assert text == '127.0.0.1'`