hass-core/tests/components/http/test_real_ip.py

"""Test real IP middleware."""
from ipaddress import ip_network

from aiohttp import web
from aiohttp.hdrs import X_FORWARDED_FOR

from homeassistant.components.http.const import KEY_REAL_IP
from homeassistant.components.http.real_ip import setup_real_ip


async def mock_handler(request):
    """Return the real IP as text."""
    return web.Response(text=str(request[KEY_REAL_IP]))


async def test_ignore_x_forwarded_for(aiohttp_client):
    """Test that we get the IP from the transport."""
    app = web.Application()
    app.router.add_get("/", mock_handler)
    setup_real_ip(app, False, [])

    mock_api_client = await aiohttp_client(app)

    resp = await mock_api_client.get("/", headers={X_FORWARDED_FOR: "255.255.255.255"})
    assert resp.status == 200
    text = await resp.text()
    assert text != "255.255.255.255"


async def test_use_x_forwarded_for_without_trusted_proxy(aiohttp_client):
    """Test that we get the IP from the transport."""
    app = web.Application()
    app.router.add_get("/", mock_handler)
    setup_real_ip(app, True, [])

    mock_api_client = await aiohttp_client(app)

    resp = await mock_api_client.get("/", headers={X_FORWARDED_FOR: "255.255.255.255"})
    assert resp.status == 200
    text = await resp.text()
    assert text != "255.255.255.255"


async def test_use_x_forwarded_for_with_trusted_proxy(aiohttp_client):
    """Test that we get the IP from the transport."""
    app = web.Application()
    app.router.add_get("/", mock_handler)
    setup_real_ip(app, True, [ip_network("127.0.0.1")])

    mock_api_client = await aiohttp_client(app)

    resp = await mock_api_client.get("/", headers={X_FORWARDED_FOR: "255.255.255.255"})
    assert resp.status == 200
    text = await resp.text()
    assert text == "255.255.255.255"


async def test_use_x_forwarded_for_with_untrusted_proxy(aiohttp_client):
    """Test that we get the IP from the transport."""
    app = web.Application()
    app.router.add_get("/", mock_handler)
    setup_real_ip(app, True, [ip_network("1.1.1.1")])

    mock_api_client = await aiohttp_client(app)

    resp = await mock_api_client.get("/", headers={X_FORWARDED_FOR: "255.255.255.255"})
    assert resp.status == 200
    text = await resp.text()
    assert text != "255.255.255.255"


async def test_use_x_forwarded_for_with_spoofed_header(aiohttp_client):
    """Test that we get the IP from the transport."""
    app = web.Application()
    app.router.add_get("/", mock_handler)
    setup_real_ip(app, True, [ip_network("127.0.0.1")])

    mock_api_client = await aiohttp_client(app)

    resp = await mock_api_client.get(
        "/", headers={X_FORWARDED_FOR: "222.222.222.222, 255.255.255.255"}
    )
    assert resp.status == 200
    text = await resp.text()
    assert text == "255.255.255.255"


async def test_use_x_forwarded_for_with_nonsense_header(aiohttp_client):
    """Test that we get the IP from the transport."""
    app = web.Application()
    app.router.add_get("/", mock_handler)
    setup_real_ip(app, True, [ip_network("127.0.0.1")])

    mock_api_client = await aiohttp_client(app)

    resp = await mock_api_client.get(
        "/", headers={X_FORWARDED_FOR: "This value is invalid"}
    )
    assert resp.status == 200
    text = await resp.text()
    assert text == "127.0.0.1"
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 13:06:14 -08:00			`"""Test real IP middleware."""`
Sort imports according to PEP8 for http (#29679) 2019-12-09 11:59:38 +01:00			`from ipaddress import ip_network`

Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 13:06:14 -08:00			`from aiohttp import web`
			`from aiohttp.hdrs import X_FORWARDED_FOR`

			`from homeassistant.components.http.const import KEY_REAL_IP`
Sort imports according to PEP8 for http (#29679) 2019-12-09 11:59:38 +01:00			`from homeassistant.components.http.real_ip import setup_real_ip`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 13:06:14 -08:00

Move HomeAssistantView to separate file. Convert http to async syntax. [skip ci] (#12982) * Move HomeAssistantView to separate file. Convert http to async syntax. * pylint * websocket api * update emulated_hue for async/await * Lint 2018-03-09 09:51:49 +08:00			`async def mock_handler(request):`
Update pydocstyle to 2.1.1 and flake8-docstrings to 1.3.0 (#14557) * Update pydocstyle to 2.1.1 and flake8-docstrings to 1.3.0 * Pydocstyle D401 fixes 2018-08-24 11:28:43 +03:00			`"""Return the real IP as text."""`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 13:06:14 -08:00			`return web.Response(text=str(request[KEY_REAL_IP]))`


Fix aiohttp deprecation warnings (#13240) * Fix aiohttp deprecation warnings * Fix Ring deprecation warning * Lint 2018-03-15 13:49:49 -07:00			`async def test_ignore_x_forwarded_for(aiohttp_client):`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 13:06:14 -08:00			`"""Test that we get the IP from the transport."""`
			`app = web.Application()`
Black 2019-07-31 12:25:30 -07:00			`app.router.add_get("/", mock_handler)`
Only use the X-Forwarded-For header if connection is from a trusted network (#15182) See https://github.com/home-assistant/home-assistant/issues/14345#issuecomment-400854569 2018-06-28 09:16:11 -04:00			`setup_real_ip(app, False, [])`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 13:06:14 -08:00
Fix aiohttp deprecation warnings (#13240) * Fix aiohttp deprecation warnings * Fix Ring deprecation warning * Lint 2018-03-15 13:49:49 -07:00			`mock_api_client = await aiohttp_client(app)`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 13:06:14 -08:00
Black 2019-07-31 12:25:30 -07:00			`resp = await mock_api_client.get("/", headers={X_FORWARDED_FOR: "255.255.255.255"})`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 13:06:14 -08:00			`assert resp.status == 200`
Move HomeAssistantView to separate file. Convert http to async syntax. [skip ci] (#12982) * Move HomeAssistantView to separate file. Convert http to async syntax. * pylint * websocket api * update emulated_hue for async/await * Lint 2018-03-09 09:51:49 +08:00			`text = await resp.text()`
Black 2019-07-31 12:25:30 -07:00			`assert text != "255.255.255.255"`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 13:06:14 -08:00

Only use the X-Forwarded-For header if connection is from a trusted network (#15182) See https://github.com/home-assistant/home-assistant/issues/14345#issuecomment-400854569 2018-06-28 09:16:11 -04:00			`async def test_use_x_forwarded_for_without_trusted_proxy(aiohttp_client):`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 13:06:14 -08:00			`"""Test that we get the IP from the transport."""`
			`app = web.Application()`
Black 2019-07-31 12:25:30 -07:00			`app.router.add_get("/", mock_handler)`
Only use the X-Forwarded-For header if connection is from a trusted network (#15182) See https://github.com/home-assistant/home-assistant/issues/14345#issuecomment-400854569 2018-06-28 09:16:11 -04:00			`setup_real_ip(app, True, [])`

			`mock_api_client = await aiohttp_client(app)`

Black 2019-07-31 12:25:30 -07:00			`resp = await mock_api_client.get("/", headers={X_FORWARDED_FOR: "255.255.255.255"})`
Only use the X-Forwarded-For header if connection is from a trusted network (#15182) See https://github.com/home-assistant/home-assistant/issues/14345#issuecomment-400854569 2018-06-28 09:16:11 -04:00			`assert resp.status == 200`
			`text = await resp.text()`
Black 2019-07-31 12:25:30 -07:00			`assert text != "255.255.255.255"`
Only use the X-Forwarded-For header if connection is from a trusted network (#15182) See https://github.com/home-assistant/home-assistant/issues/14345#issuecomment-400854569 2018-06-28 09:16:11 -04:00

			`async def test_use_x_forwarded_for_with_trusted_proxy(aiohttp_client):`
			`"""Test that we get the IP from the transport."""`
			`app = web.Application()`
Black 2019-07-31 12:25:30 -07:00			`app.router.add_get("/", mock_handler)`
			`setup_real_ip(app, True, [ip_network("127.0.0.1")])`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 13:06:14 -08:00
Fix aiohttp deprecation warnings (#13240) * Fix aiohttp deprecation warnings * Fix Ring deprecation warning * Lint 2018-03-15 13:49:49 -07:00			`mock_api_client = await aiohttp_client(app)`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 13:06:14 -08:00
Black 2019-07-31 12:25:30 -07:00			`resp = await mock_api_client.get("/", headers={X_FORWARDED_FOR: "255.255.255.255"})`
Cleanup http (#12424) * Clean up HTTP component * Clean up HTTP mock * Remove unused import * Fix test * Lint 2018-02-15 13:06:14 -08:00			`assert resp.status == 200`
Move HomeAssistantView to separate file. Convert http to async syntax. [skip ci] (#12982) * Move HomeAssistantView to separate file. Convert http to async syntax. * pylint * websocket api * update emulated_hue for async/await * Lint 2018-03-09 09:51:49 +08:00			`text = await resp.text()`
Black 2019-07-31 12:25:30 -07:00			`assert text == "255.255.255.255"`
X-Forwarded-For improvements and bug fixes (#15204) * Use new trusted_proxies setting for X-Forwarded-For whitelist * Only use the last IP in the header Per Wikipedia (https://en.wikipedia.org/wiki/X-Forwarded-For#Format): > The last IP address is always the IP address that connects to the last proxy, > which means it is the most reliable source of information. * Add two additional tests * Ignore nonsense header values instead of failing 2018-06-29 16:27:06 -04:00

			`async def test_use_x_forwarded_for_with_untrusted_proxy(aiohttp_client):`
			`"""Test that we get the IP from the transport."""`
			`app = web.Application()`
Black 2019-07-31 12:25:30 -07:00			`app.router.add_get("/", mock_handler)`
			`setup_real_ip(app, True, [ip_network("1.1.1.1")])`
X-Forwarded-For improvements and bug fixes (#15204) * Use new trusted_proxies setting for X-Forwarded-For whitelist * Only use the last IP in the header Per Wikipedia (https://en.wikipedia.org/wiki/X-Forwarded-For#Format): > The last IP address is always the IP address that connects to the last proxy, > which means it is the most reliable source of information. * Add two additional tests * Ignore nonsense header values instead of failing 2018-06-29 16:27:06 -04:00
			`mock_api_client = await aiohttp_client(app)`

Black 2019-07-31 12:25:30 -07:00			`resp = await mock_api_client.get("/", headers={X_FORWARDED_FOR: "255.255.255.255"})`
X-Forwarded-For improvements and bug fixes (#15204) * Use new trusted_proxies setting for X-Forwarded-For whitelist * Only use the last IP in the header Per Wikipedia (https://en.wikipedia.org/wiki/X-Forwarded-For#Format): > The last IP address is always the IP address that connects to the last proxy, > which means it is the most reliable source of information. * Add two additional tests * Ignore nonsense header values instead of failing 2018-06-29 16:27:06 -04:00			`assert resp.status == 200`
			`text = await resp.text()`
Black 2019-07-31 12:25:30 -07:00			`assert text != "255.255.255.255"`
X-Forwarded-For improvements and bug fixes (#15204) * Use new trusted_proxies setting for X-Forwarded-For whitelist * Only use the last IP in the header Per Wikipedia (https://en.wikipedia.org/wiki/X-Forwarded-For#Format): > The last IP address is always the IP address that connects to the last proxy, > which means it is the most reliable source of information. * Add two additional tests * Ignore nonsense header values instead of failing 2018-06-29 16:27:06 -04:00

			`async def test_use_x_forwarded_for_with_spoofed_header(aiohttp_client):`
			`"""Test that we get the IP from the transport."""`
			`app = web.Application()`
Black 2019-07-31 12:25:30 -07:00			`app.router.add_get("/", mock_handler)`
			`setup_real_ip(app, True, [ip_network("127.0.0.1")])`
X-Forwarded-For improvements and bug fixes (#15204) * Use new trusted_proxies setting for X-Forwarded-For whitelist * Only use the last IP in the header Per Wikipedia (https://en.wikipedia.org/wiki/X-Forwarded-For#Format): > The last IP address is always the IP address that connects to the last proxy, > which means it is the most reliable source of information. * Add two additional tests * Ignore nonsense header values instead of failing 2018-06-29 16:27:06 -04:00
			`mock_api_client = await aiohttp_client(app)`

Black 2019-07-31 12:25:30 -07:00			`resp = await mock_api_client.get(`
			`"/", headers={X_FORWARDED_FOR: "222.222.222.222, 255.255.255.255"}`
			`)`
X-Forwarded-For improvements and bug fixes (#15204) * Use new trusted_proxies setting for X-Forwarded-For whitelist * Only use the last IP in the header Per Wikipedia (https://en.wikipedia.org/wiki/X-Forwarded-For#Format): > The last IP address is always the IP address that connects to the last proxy, > which means it is the most reliable source of information. * Add two additional tests * Ignore nonsense header values instead of failing 2018-06-29 16:27:06 -04:00			`assert resp.status == 200`
			`text = await resp.text()`
Black 2019-07-31 12:25:30 -07:00			`assert text == "255.255.255.255"`
X-Forwarded-For improvements and bug fixes (#15204) * Use new trusted_proxies setting for X-Forwarded-For whitelist * Only use the last IP in the header Per Wikipedia (https://en.wikipedia.org/wiki/X-Forwarded-For#Format): > The last IP address is always the IP address that connects to the last proxy, > which means it is the most reliable source of information. * Add two additional tests * Ignore nonsense header values instead of failing 2018-06-29 16:27:06 -04:00

			`async def test_use_x_forwarded_for_with_nonsense_header(aiohttp_client):`
			`"""Test that we get the IP from the transport."""`
			`app = web.Application()`
Black 2019-07-31 12:25:30 -07:00			`app.router.add_get("/", mock_handler)`
			`setup_real_ip(app, True, [ip_network("127.0.0.1")])`
X-Forwarded-For improvements and bug fixes (#15204) * Use new trusted_proxies setting for X-Forwarded-For whitelist * Only use the last IP in the header Per Wikipedia (https://en.wikipedia.org/wiki/X-Forwarded-For#Format): > The last IP address is always the IP address that connects to the last proxy, > which means it is the most reliable source of information. * Add two additional tests * Ignore nonsense header values instead of failing 2018-06-29 16:27:06 -04:00
			`mock_api_client = await aiohttp_client(app)`

Black 2019-07-31 12:25:30 -07:00			`resp = await mock_api_client.get(`
			`"/", headers={X_FORWARDED_FOR: "This value is invalid"}`
			`)`
X-Forwarded-For improvements and bug fixes (#15204) * Use new trusted_proxies setting for X-Forwarded-For whitelist * Only use the last IP in the header Per Wikipedia (https://en.wikipedia.org/wiki/X-Forwarded-For#Format): > The last IP address is always the IP address that connects to the last proxy, > which means it is the most reliable source of information. * Add two additional tests * Ignore nonsense header values instead of failing 2018-06-29 16:27:06 -04:00			`assert resp.status == 200`
			`text = await resp.text()`
Black 2019-07-31 12:25:30 -07:00			`assert text == "127.0.0.1"`