mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
f9a84bb236
Refactored IP address checking in ActionDispatch::RemoteIp to rely on
the IPAddr class instead of the unwieldly regular expression to match
IP addresses. This commit keeps the same api but allows users to pass
IPAddr objects to config.action_dispatch.trusted_proxies in addition
to passing strings and regular expressions.
Example:
# config/environments/production.rb
config.action_dispatch.trusted_proxies = IPAddr.new('4.8.15.0/16')
78 lines
2.6 KiB
Ruby
78 lines
2.6 KiB
Ruby
require 'ipaddr'
|
|
require 'isolation/abstract_unit'
|
|
require 'active_support/key_generator'
|
|
|
|
module ApplicationTests
|
|
class RemoteIpTest < ActiveSupport::TestCase
|
|
include ActiveSupport::Testing::Isolation
|
|
|
|
def remote_ip(env = {})
|
|
remote_ip = nil
|
|
env = Rack::MockRequest.env_for("/").merge(env).merge!(
|
|
'action_dispatch.show_exceptions' => false,
|
|
'action_dispatch.key_generator' => ActiveSupport::LegacyKeyGenerator.new('b3c631c314c0bbca50c1b2843150fe33')
|
|
)
|
|
|
|
endpoint = Proc.new do |e|
|
|
remote_ip = ActionDispatch::Request.new(e).remote_ip
|
|
[200, {}, ["Hello"]]
|
|
end
|
|
|
|
Rails.application.middleware.build(endpoint).call(env)
|
|
remote_ip
|
|
end
|
|
|
|
test "remote_ip works" do
|
|
make_basic_app
|
|
assert_equal "1.1.1.1", remote_ip("REMOTE_ADDR" => "1.1.1.1")
|
|
end
|
|
|
|
test "checks IP spoofing by default" do
|
|
make_basic_app
|
|
assert_raises(ActionDispatch::RemoteIp::IpSpoofAttackError) do
|
|
remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2")
|
|
end
|
|
end
|
|
|
|
test "works with both headers individually" do
|
|
make_basic_app
|
|
assert_nothing_raised(ActionDispatch::RemoteIp::IpSpoofAttackError) do
|
|
assert_equal "1.1.1.1", remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1")
|
|
end
|
|
assert_nothing_raised(ActionDispatch::RemoteIp::IpSpoofAttackError) do
|
|
assert_equal "1.1.1.2", remote_ip("HTTP_CLIENT_IP" => "1.1.1.2")
|
|
end
|
|
end
|
|
|
|
test "can disable IP spoofing check" do
|
|
make_basic_app do |app|
|
|
app.config.action_dispatch.ip_spoofing_check = false
|
|
end
|
|
|
|
assert_nothing_raised(ActionDispatch::RemoteIp::IpSpoofAttackError) do
|
|
assert_equal "1.1.1.1", remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2")
|
|
end
|
|
end
|
|
|
|
test "remote_ip works with HTTP_X_FORWARDED_FOR" do
|
|
make_basic_app
|
|
assert_equal "4.2.42.42", remote_ip("REMOTE_ADDR" => "1.1.1.1", "HTTP_X_FORWARDED_FOR" => "4.2.42.42")
|
|
end
|
|
|
|
test "the user can set trusted proxies" do
|
|
make_basic_app do |app|
|
|
app.config.action_dispatch.trusted_proxies = /^4\.2\.42\.42$/
|
|
end
|
|
|
|
assert_equal "1.1.1.1", remote_ip("REMOTE_ADDR" => "1.1.1.1", "HTTP_X_FORWARDED_FOR" => "4.2.42.42")
|
|
end
|
|
|
|
test "the user can set trusted proxies with an IPAddr argument" do
|
|
make_basic_app do |app|
|
|
app.config.action_dispatch.trusted_proxies = IPAddr.new('4.2.42.0/24')
|
|
end
|
|
|
|
assert_equal "1.1.1.1", remote_ip("REMOTE_ADDR" => "1.1.1.1", "HTTP_X_FORWARDED_FOR" => "10.0.0.0,4.2.42.42")
|
|
end
|
|
end
|
|
end
|