mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
54 lines
1.6 KiB
Ruby
54 lines
1.6 KiB
Ruby
require 'isolation/abstract_unit'
|
|
|
|
class MiddlewareStackDefaultsTest < Test::Unit::TestCase
|
|
include ActiveSupport::Testing::Isolation
|
|
|
|
def setup
|
|
boot_rails
|
|
require "rails"
|
|
require "action_controller/railtie"
|
|
|
|
Object.const_set(:MyApplication, Class.new(Rails::Application))
|
|
MyApplication.class_eval do
|
|
config.cookie_secret = "3b7cd727ee24e8444053437c36cc66c4"
|
|
config.session_store :cookie_store, :key => "_myapp_session"
|
|
end
|
|
end
|
|
|
|
def remote_ip(env = {})
|
|
remote_ip = nil
|
|
env = Rack::MockRequest.env_for("/").merge(env).merge('action_dispatch.show_exceptions' => false)
|
|
|
|
endpoint = Proc.new do |e|
|
|
remote_ip = ActionDispatch::Request.new(e).remote_ip
|
|
[200, {}, ["Hello"]]
|
|
end
|
|
|
|
out = MyApplication.middleware.build(endpoint).call(env)
|
|
remote_ip
|
|
end
|
|
|
|
test "remote_ip works" do
|
|
assert_equal "1.1.1.1", remote_ip("REMOTE_ADDR" => "1.1.1.1")
|
|
end
|
|
|
|
test "checks IP spoofing by default" do
|
|
assert_raises(ActionDispatch::RemoteIp::IpSpoofAttackError) do
|
|
remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2")
|
|
end
|
|
end
|
|
|
|
test "can disable IP spoofing check" do
|
|
MyApplication.config.action_dispatch.ip_spoofing_check = false
|
|
|
|
assert_nothing_raised(ActionDispatch::RemoteIp::IpSpoofAttackError) do
|
|
assert_equal "1.1.1.2", remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2")
|
|
end
|
|
end
|
|
|
|
test "the user can set trusted proxies" do
|
|
MyApplication.config.action_dispatch.trusted_proxies = /^4\.2\.42\.42$/
|
|
|
|
assert_equal "1.1.1.1", remote_ip("REMOTE_ADDR" => "4.2.42.42,1.1.1.1")
|
|
end
|
|
end
|