summaryrefslogtreecommitdiff
path: root/spec/initializers
diff options
context:
space:
mode:
authorDJ Mountney <david@twkie.net>2016-05-04 15:49:39 -0700
committerDJ Mountney <david@twkie.net>2016-05-04 15:49:39 -0700
commite37b31456774c92fd718f7ef0a576266ffcca894 (patch)
tree869c15427292ac82daf445980f30c98bd36faac7 /spec/initializers
parent9ab70184e3299766165017267a74f53e80b03836 (diff)
downloadgitlab-ce-e37b31456774c92fd718f7ef0a576266ffcca894.tar.gz
Add tests for setting trusted_proxiestrusted-proxies-ip-addr
Each test reloads the trusted_proxies initializer, which in turn will set Rails.application.config.action_dispatch.trusted_proxies to something new. This will leak into the other tests, but the middleware that it is used in has already been loaded for the whole test suite, so it should have no impact.
Diffstat (limited to 'spec/initializers')
-rw-r--r--spec/initializers/trusted_proxies_spec.rb51
1 files changed, 51 insertions, 0 deletions
diff --git a/spec/initializers/trusted_proxies_spec.rb b/spec/initializers/trusted_proxies_spec.rb
new file mode 100644
index 00000000000..4bb149f25ff
--- /dev/null
+++ b/spec/initializers/trusted_proxies_spec.rb
@@ -0,0 +1,51 @@
+require 'spec_helper'
+
+describe 'trusted_proxies', lib: true do
+ context 'with default config' do
+ before do
+ set_trusted_proxies([])
+ end
+
+ it 'preserves private IPs as remote_ip' do
+ request = stub_request('HTTP_X_FORWARDED_FOR' => '10.1.5.89')
+ expect(request.remote_ip).to eq('10.1.5.89')
+ end
+
+ it 'filters out localhost from remote_ip' do
+ request = stub_request('HTTP_X_FORWARDED_FOR' => '1.1.1.1, 10.1.5.89, 127.0.0.1')
+ expect(request.remote_ip).to eq('10.1.5.89')
+ end
+ end
+
+ context 'with private IP ranges added' do
+ before do
+ set_trusted_proxies([ "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" ])
+ end
+
+ it 'filters out private and local IPs from remote_ip' do
+ request = stub_request('HTTP_X_FORWARDED_FOR' => '1.2.3.6, 1.1.1.1, 10.1.5.89, 127.0.0.1')
+ expect(request.remote_ip).to eq('1.1.1.1')
+ end
+ end
+
+ context 'with proxy IP added' do
+ before do
+ set_trusted_proxies([ "60.98.25.47" ])
+ end
+
+ it 'filters out proxy IP from remote_ip' do
+ request = stub_request('HTTP_X_FORWARDED_FOR' => '1.2.3.6, 1.1.1.1, 60.98.25.47, 127.0.0.1')
+ expect(request.remote_ip).to eq('1.1.1.1')
+ end
+ end
+
+ def stub_request(headers = {})
+ ActionDispatch::RemoteIp.new(Proc.new { }, false, Rails.application.config.action_dispatch.trusted_proxies).call(headers)
+ ActionDispatch::Request.new(headers)
+ end
+
+ def set_trusted_proxies(proxies = [])
+ stub_config_setting('trusted_proxies' => proxies)
+ load File.join(__dir__, '../../config/initializers/trusted_proxies.rb')
+ end
+end