commit 72174cef50a18a47dc4a0263d191b7e37b635c03
author Bert JW Regeer <bertjw@regeer.org> Sun Dec 02 11:55:33 2018
committer Bert JW Regeer <bertjw@regeer.org> Mon Dec 03 01:03:53 2018
tree 7440daf64f75ad6abc7c85b6b0ccb2d248d49d19
parent d55a20713262780e30a50759e5c3bb88d5683e06

Add tests for adjustments: trusted_proxy_headers

waitress/tests/test_adjustments.py

diff --git a/waitress/tests/test_adjustments.py b/waitress/tests/test_adjustments.py
index 05b4dbd..ea17080 100644
--- a/waitress/tests/test_adjustments.py
+++ b/waitress/tests/test_adjustments.py
@@ -1,5 +1,6 @@
 import sys
 import socket
+import warnings
 
 from waitress.compat import (
     PY2,
@@ -108,6 +109,9 @@
             port='8080',
             threads='5',
             trusted_proxy='192.168.1.1',
+            trusted_proxy_headers={'forwarded'},
+            trusted_proxy_count=2,
+            log_untrusted_proxy_headers=True,
             url_scheme='https',
             backlog='20',
             recv_bytes='200',
@@ -134,6 +138,9 @@
         self.assertEqual(inst.port, 8080)
         self.assertEqual(inst.threads, 5)
         self.assertEqual(inst.trusted_proxy, '192.168.1.1')
+        self.assertEqual(inst.trusted_proxy_headers, {'forwarded'})
+        self.assertEqual(inst.trusted_proxy_count, 2)
+        self.assertEqual(inst.log_untrusted_proxy_headers, True)
         self.assertEqual(inst.url_scheme, 'https')
         self.assertEqual(inst.backlog, 20)
         self.assertEqual(inst.recv_bytes, 200)
@@ -293,6 +300,49 @@
             sockets=sockets)
         sockets[0].close()
 
+    def test_dont_mix_forwarded_with_x_forwarded(self):
+        with self.assertRaises(ValueError) as cm:
+            self._makeOne(trusted_proxy_headers={'forwarded', 'x-forwarded-for'})
+
+        self.assertIn('The Forwarded proxy header', str(cm.exception))
+
+    def test_unknown_trusted_proxy_header(self):
+        with self.assertRaises(ValueError) as cm:
+            self._makeOne(trusted_proxy_headers={'forwarded', 'x-forwarded-unknown'})
+
+        self.assertIn(
+            'unknown trusted_proxy_headers value (x-forwarded-unknown)',
+            str(cm.exception)
+        )
+
+    def test_trusted_proxy_headers_string_list(self):
+        inst = self._makeOne(trusted_proxy_headers='x-forwarded-for x-forwarded-by')
+        self.assertEqual(inst.trusted_proxy_headers, {'x-forwarded-for', 'x-forwarded-by'})
+
+    def test_trusted_proxy_headers_string_list_newlines(self):
+        inst = self._makeOne(trusted_proxy_headers='x-forwarded-for\nx-forwarded-by\nx-forwarded-host')
+        self.assertEqual(inst.trusted_proxy_headers, {'x-forwarded-for', 'x-forwarded-by', 'x-forwarded-host'})
+
+    def test_no_trusted_proxy_headers_trusted_proxy(self):
+        with warnings.catch_warnings(record=True) as w:
+            warnings.resetwarnings()
+            warnings.simplefilter("always")
+            self._makeOne(trusted_proxy='localhost')
+
+            self.assertGreaterEqual(len(w), 1)
+            self.assertTrue(issubclass(w[0].category, DeprecationWarning))
+            self.assertIn("Implicitly trusting X-Forwarded-Proto", str(w[0]))
+
+    def test_clear_untrusted_proxy_headers(self):
+        with warnings.catch_warnings(record=True) as w:
+            warnings.resetwarnings()
+            warnings.simplefilter("always")
+            self._makeOne(trusted_proxy='localhost', trusted_proxy_headers={'x-forwarded-for'})
+
+            self.assertGreaterEqual(len(w), 1)
+            self.assertTrue(issubclass(w[0].category, DeprecationWarning))
+            self.assertIn("clear_untrusted_proxy_headers will be set to True", str(w[0]))
+
     def test_badvar(self):
         self.assertRaises(ValueError, self._makeOne, nope=True)