diff options
| author | Brice Figureau <brice-puppet@daysofwonder.com> | 2009-05-30 23:25:08 +0200 |
|---|---|---|
| committer | James Turnbull <james@lovedthanlost.net> | 2009-06-05 07:59:56 +1000 |
| commit | f3b40923605420f774dac298fb1708de180c0a81 (patch) | |
| tree | af7ebe00f208dd3a1f3d6089ca5732ee0e01260e /spec/unit/network/http/mongrel | |
| parent | 7b0413e59ed0d4391a5ff54fb3cd08f0d005c26d (diff) | |
| download | puppet-f3b40923605420f774dac298fb1708de180c0a81.tar.gz puppet-f3b40923605420f774dac298fb1708de180c0a81.tar.xz puppet-f3b40923605420f774dac298fb1708de180c0a81.zip | |
Fix #2308 - Mongrel should use X-Forwarded-For
Mongrel puppet code uses REMOTE_ADDR to set the ip address which will
be use to authenticate the client access.
Since mongrel is always used in a proxy mode with Puppet, REMOTE_ADDR
is always the address of the proxy (usually 127.0.0.1), which defeats
the purpose.
With this changeset, the mongrel code now uses the X-Forwarded-For
HTTP header value if it is passed over the REMOTE_ADDR.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
Diffstat (limited to 'spec/unit/network/http/mongrel')
| -rwxr-xr-x | spec/unit/network/http/mongrel/rest.rb | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/spec/unit/network/http/mongrel/rest.rb b/spec/unit/network/http/mongrel/rest.rb index 317fdaf8b..5a5d2cfec 100755 --- a/spec/unit/network/http/mongrel/rest.rb +++ b/spec/unit/network/http/mongrel/rest.rb @@ -152,6 +152,22 @@ describe "Puppet::Network::HTTP::MongrelREST" do @handler.params(@request)[:ip].should == "ipaddress" end + it "should pass the client's provided X-Forwared-For value as the ip" do + @request.stubs(:params).returns("HTTP_X_FORWARDED_FOR" => "ipaddress") + @handler.params(@request)[:ip].should == "ipaddress" + end + + it "should pass the client's provided X-Forwared-For first value as the ip" do + @request.stubs(:params).returns("HTTP_X_FORWARDED_FOR" => "ipproxy1,ipproxy2,ipaddress") + @handler.params(@request)[:ip].should == "ipaddress" + end + + it "should pass the client's provided X-Forwared-For value as the ip instead of the REMOTE_ADDR" do + @request.stubs(:params).returns("REMOTE_ADDR" => "remote_addr") + @request.stubs(:params).returns("HTTP_X_FORWARDED_FOR" => "ipaddress") + @handler.params(@request)[:ip].should == "ipaddress" + end + it "should use the :ssl_client_header to determine the parameter when looking for the certificate" do Puppet.settings.stubs(:value).returns "eh" Puppet.settings.expects(:value).with(:ssl_client_header).returns "myheader" |