Check cloud trusted proxies (#24395)

2019-06-07 23:08:55 -07:00 · 2019-06-07 23:08:55 -07:00 · f77514c6f2
commit f77514c6f2
parent 7887d6d6e4
5 changed files with 83 additions and 5 deletions
--- a/tests/components/cloud/test_http_api.py
+++ b/tests/components/cloud/test_http_api.py
@ -1,6 +1,7 @@
 """Tests for the HTTP API for the cloud component."""
 import asyncio
 from unittest.mock import patch, MagicMock
+from ipaddress import ip_network

 import pytest
 from jose import jwt
@ -672,7 +673,7 @@ async def test_enabling_remote_trusted_networks_local6(

 async def test_enabling_remote_trusted_networks_other(
        hass, hass_ws_client, setup_api, mock_cloud_login):
-    """Test we cannot enable remote UI when trusted networks active."""
+    """Test we can enable remote UI when trusted networks active."""
    hass.auth._providers[('trusted_networks', None)] = \
        tn_auth.TrustedNetworksAuthProvider(
            hass, None, tn_auth.CONFIG_SCHEMA({
@ -749,3 +750,53 @@ async def test_update_google_entity(
        'aliases': ['lefty', 'righty'],
        'disable_2fa': False,
    }
+
+
+async def test_enabling_remote_trusted_proxies_local4(
+        hass, hass_ws_client, setup_api, mock_cloud_login):
+    """Test we cannot enable remote UI when trusted networks active."""
+    hass.http.trusted_proxies.append(ip_network('127.0.0.1'))
+
+    client = await hass_ws_client(hass)
+
+    with patch(
+            'hass_nabucasa.remote.RemoteUI.connect',
+            side_effect=AssertionError
+    ) as mock_connect:
+        await client.send_json({
+            'id': 5,
+            'type': 'cloud/remote/connect',
+        })
+        response = await client.receive_json()
+
+    assert not response['success']
+    assert response['error']['code'] == 500
+    assert response['error']['message'] == \
+        'Remote UI not compatible with 127.0.0.1/::1 as trusted proxies.'
+
+    assert len(mock_connect.mock_calls) == 0
+
+
+async def test_enabling_remote_trusted_proxies_local6(
+        hass, hass_ws_client, setup_api, mock_cloud_login):
+    """Test we cannot enable remote UI when trusted networks active."""
+    hass.http.trusted_proxies.append(ip_network('::1'))
+
+    client = await hass_ws_client(hass)
+
+    with patch(
+            'hass_nabucasa.remote.RemoteUI.connect',
+            side_effect=AssertionError
+    ) as mock_connect:
+        await client.send_json({
+            'id': 5,
+            'type': 'cloud/remote/connect',
+        })
+        response = await client.receive_json()
+
+    assert not response['success']
+    assert response['error']['code'] == 500
+    assert response['error']['message'] == \
+        'Remote UI not compatible with 127.0.0.1/::1 as trusted proxies.'
+
+    assert len(mock_connect.mock_calls) == 0