From 85324123dd3ad03228d60c452a7eade70f58bd08 Mon Sep 17 00:00:00 2001 From: Jason Hu Date: Thu, 2 Aug 2018 23:10:07 -0700 Subject: [PATCH 1/2] Make sure use_x_forward_for and trusted_proxies must config together --- homeassistant/components/http/__init__.py | 8 +++---- tests/components/http/test_init.py | 28 +++++++++++++++++++++++ 2 files changed, 32 insertions(+), 4 deletions(-) diff --git a/homeassistant/components/http/__init__.py b/homeassistant/components/http/__init__.py index 42629f752ad14..9f1b5995839db 100644 --- a/homeassistant/components/http/__init__.py +++ b/homeassistant/components/http/__init__.py @@ -66,8 +66,8 @@ vol.Optional(CONF_SSL_KEY): cv.isfile, vol.Optional(CONF_CORS_ORIGINS, default=[]): vol.All(cv.ensure_list, [cv.string]), - vol.Optional(CONF_USE_X_FORWARDED_FOR, default=False): cv.boolean, - vol.Optional(CONF_TRUSTED_PROXIES, default=[]): + vol.Inclusive(CONF_USE_X_FORWARDED_FOR, 'proxy'): cv.boolean, + vol.Inclusive(CONF_TRUSTED_PROXIES, 'proxy'): vol.All(cv.ensure_list, [ip_network]), vol.Optional(CONF_TRUSTED_NETWORKS, default=[]): vol.All(cv.ensure_list, [ip_network]), @@ -96,8 +96,8 @@ async def async_setup(hass, config): ssl_peer_certificate = conf.get(CONF_SSL_PEER_CERTIFICATE) ssl_key = conf.get(CONF_SSL_KEY) cors_origins = conf[CONF_CORS_ORIGINS] - use_x_forwarded_for = conf[CONF_USE_X_FORWARDED_FOR] - trusted_proxies = conf[CONF_TRUSTED_PROXIES] + use_x_forwarded_for = conf.get(CONF_USE_X_FORWARDED_FOR, False) + trusted_proxies = conf.get(CONF_TRUSTED_PROXIES, []) trusted_networks = conf[CONF_TRUSTED_NETWORKS] is_ban_enabled = conf[CONF_IP_BAN_ENABLED] login_threshold = conf[CONF_LOGIN_ATTEMPTS_THRESHOLD] diff --git a/tests/components/http/test_init.py b/tests/components/http/test_init.py index d5368032a376b..2ffaf17bebcca 100644 --- a/tests/components/http/test_init.py +++ b/tests/components/http/test_init.py @@ -96,3 +96,31 @@ async def test_not_log_password(hass, aiohttp_client, caplog): # Ensure we don't log API passwords assert '/api/' in logs assert 'some-pass' not in logs + + +async def test_proxy_config(hass): + """Test use_x_forwarded_for must config together with trusted_proxies.""" + assert await async_setup_component(hass, 'http', { + 'http': { + http.CONF_USE_X_FORWARDED_FOR: True, + http.CONF_TRUSTED_PROXIES: ['127.0.0.1'] + } + }) is True + + +async def test_proxy_config_only_use_xff(hass): + """Test use_x_forwarded_for must config together with trusted_proxies.""" + assert await async_setup_component(hass, 'http', { + 'http': { + http.CONF_USE_X_FORWARDED_FOR: True + } + }) is not True + + +async def test_proxy_config_only_trust_proxies(hass): + """Test use_x_forwarded_for must config together with trusted_proxies.""" + assert await async_setup_component(hass, 'http', { + 'http': { + http.CONF_TRUSTED_PROXIES: ['127.0.0.1'] + } + }) is not True From 3af6bb420a0a40196b260d926038ea84c08f5a33 Mon Sep 17 00:00:00 2001 From: Jason Hu Date: Thu, 2 Aug 2018 23:49:54 -0700 Subject: [PATCH 2/2] Fix unit test --- tests/scripts/test_check_config.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/scripts/test_check_config.py b/tests/scripts/test_check_config.py index 540f8d91da914..59d8e27a672ee 100644 --- a/tests/scripts/test_check_config.py +++ b/tests/scripts/test_check_config.py @@ -159,9 +159,7 @@ def test_secrets(self, isfile_patch): 'login_attempts_threshold': -1, 'server_host': '0.0.0.0', 'server_port': 8123, - 'trusted_networks': [], - 'trusted_proxies': [], - 'use_x_forwarded_for': False} + 'trusted_networks': []} assert res['secret_cache'] == {secrets_path: {'http_pw': 'abc123'}} assert res['secrets'] == {'http_pw': 'abc123'} assert normalize_yaml_files(res) == [