git.squeep.com Git - akkoma/blob - test/pleroma/web/plugs/remote_ip_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.Plugs.RemoteIpTest do
   6   use ExUnit.Case
   7   use Plug.Test
   8
   9   alias Pleroma.Web.Plugs.RemoteIp
  10
  11   import Pleroma.Tests.Helpers, only: [clear_config: 2]
  12
  13   setup do:
  14           clear_config(RemoteIp,
  15             enabled: true,
  16             headers: ["x-forwarded-for"],
  17             proxies: [],
  18             reserved: [
  19               "127.0.0.0/8",
  20               "::1/128",
  21               "fc00::/7",
  22               "10.0.0.0/8",
  23               "172.16.0.0/12",
  24               "192.168.0.0/16"
  25             ]
  26           )
  27
  28   test "disabled" do
  29     clear_config(RemoteIp, enabled: false)
  30
  31     %{remote_ip: remote_ip} = conn(:get, "/")
  32
  33     conn =
  34       conn(:get, "/")
  35       |> put_req_header("x-forwarded-for", "1.1.1.1")
  36       |> RemoteIp.call(nil)
  37
  38     assert conn.remote_ip == remote_ip
  39   end
  40
  41   test "enabled" do
  42     conn =
  43       conn(:get, "/")
  44       |> put_req_header("x-forwarded-for", "1.1.1.1")
  45       |> RemoteIp.call(nil)
  46
  47     assert conn.remote_ip == {1, 1, 1, 1}
  48   end
  49
  50   test "custom headers" do
  51     clear_config(RemoteIp, enabled: true, headers: ["cf-connecting-ip"])
  52
  53     conn =
  54       conn(:get, "/")
  55       |> put_req_header("x-forwarded-for", "1.1.1.1")
  56       |> RemoteIp.call(nil)
  57
  58     refute conn.remote_ip == {1, 1, 1, 1}
  59
  60     conn =
  61       conn(:get, "/")
  62       |> put_req_header("cf-connecting-ip", "1.1.1.1")
  63       |> RemoteIp.call(nil)
  64
  65     assert conn.remote_ip == {1, 1, 1, 1}
  66   end
  67
  68   test "custom proxies" do
  69     conn =
  70       conn(:get, "/")
  71       |> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1, 173.245.48.2")
  72       |> RemoteIp.call(nil)
  73
  74     refute conn.remote_ip == {1, 1, 1, 1}
  75
  76     clear_config([RemoteIp, :proxies], ["173.245.48.0/20"])
  77
  78     conn =
  79       conn(:get, "/")
  80       |> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1, 173.245.48.2")
  81       |> RemoteIp.call(nil)
  82
  83     assert conn.remote_ip == {1, 1, 1, 1}
  84   end
  85
  86   test "proxies set without CIDR format" do
  87     clear_config([RemoteIp, :proxies], ["173.245.48.1"])
  88
  89     conn =
  90       conn(:get, "/")
  91       |> put_req_header("x-forwarded-for", "173.245.48.1, 1.1.1.1")
  92       |> RemoteIp.call(nil)
  93
  94     assert conn.remote_ip == {1, 1, 1, 1}
  95   end
  96
  97   test "proxies set `nonsensical` CIDR" do
  98     clear_config([RemoteIp, :reserved], ["127.0.0.0/8"])
  99     clear_config([RemoteIp, :proxies], ["10.0.0.3/24"])
 100
 101     conn =
 102       conn(:get, "/")
 103       |> put_req_header("x-forwarded-for", "10.0.0.3, 1.1.1.1")
 104       |> RemoteIp.call(nil)
 105
 106     assert conn.remote_ip == {1, 1, 1, 1}
 107   end
 108 end