class AuthcacheVarnishTestDefaultValidation in Authenticated User Page Caching (Authcache) 7.2
Unit tests for authcache_varnish_request_validate().
Hierarchy
- class \DrupalTestCase
- class \DrupalUnitTestCase
Expanded class hierarchy of AuthcacheVarnishTestDefaultValidation
File
- modules/
authcache_varnish/ authcache_varnish.test, line 283 - Test cases for authcache_varnish module.
View source
class AuthcacheVarnishTestDefaultValidation extends DrupalUnitTestCase {
protected $oldserver;
protected $oldconf;
protected $remoteIp;
protected $proxyIp;
protected $proxy2Ip;
protected $untrustedIp;
/**
* {@inheritdoc}
*/
public static function getInfo() {
return array(
'name' => 'Default Request Validation',
'description' => 'Check whether a request should be accepted as comming from Varnish',
'group' => 'Authcache Varnish',
);
}
/**
* {@inheritdoc}
*/
public function setUp() {
global $conf;
parent::setUp();
require_once __DIR__ . '/authcache_varnish.module';
$this->oldserver = $_SERVER;
$this->oldconf = $conf;
$this->remoteIp = '127.0.0.1';
$this->proxyIp = '127.0.0.2';
$this->proxy2Ip = '127.0.0.3';
$this->untrustedIp = '0.0.0.0';
// @ignore sniffer_semantics_remoteaddress_remoteaddress:class
$_SERVER['REMOTE_ADDR'] = $this->remoteIp;
unset($_SERVER['HTTP_X_VARNISH']);
unset($_SERVER['HTTP_X_FORWARDED_FOR']);
unset($_SERVER['HTTP_X_CLUSTER_CLIENT_IP']);
unset($_SERVER['HTTP_X_AUTHCACHE_VARNISH_PASSPHRASE']);
unset($_SERVER['HTTP_X_CUSTOM_PASSPHRASE_HEADER']);
$this
->variableDel('authcache_varnish_validate_reverse_proxy_address');
$this
->variableDel('authcache_varnish_header');
$this
->variableDel('authcache_varnish_passphrase');
$this
->variableDel('authcache_varnish_passphrase_header');
}
/**
* {@inheritdoc}
*/
public function tearDown() {
global $conf;
$_SERVER = $this->oldserver;
$conf = $this->oldconf;
parent::tearDown();
}
/**
* Set a variable without accessing the database.
*/
protected function variableSet($name, $value) {
global $conf;
$conf[$name] = $value;
}
/**
* Remove a variable without accessing the database.
*/
protected function variableDel($name) {
global $conf;
unset($conf[$name]);
}
/**
* Ensure that no validation takes place when both mechanisms are turned off.
*/
public function testNoValidationIfChecksAreDisabled() {
// No validation if both checks are disabled.
$this
->variableSet('authcache_varnish_validate_reverse_proxy_address', FALSE);
$this
->variableSet('authcache_varnish_header', FALSE);
$this
->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Do not validate any headers when variables authcache_varnish_validate_reverse_proxy_address and authcache_varnish_header both are set to FALSE');
}
/**
* Test validation of X-Varnish HTTP header.
*/
public function testValidateDefaultXVarnishHeader() {
$this
->variableSet('authcache_varnish_validate_reverse_proxy_address', FALSE);
$this
->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when X-Varnish header is missing');
$_SERVER['HTTP_X_VARNISH'] = '123';
$this
->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when X-Varnish header is present');
}
/**
* Test validation when custom reverse proxy header was selected.
*/
public function testValidateCustomXVarnishHeader() {
$this
->variableSet('authcache_varnish_validate_reverse_proxy_address', FALSE);
$this
->variableSet('authcache_varnish_header', 'HTTP_X_CUSTOM_HEADER');
$this
->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when X-Custom-Header header is missing');
$_SERVER['HTTP_X_CUSTOM_HEADER'] = '123';
$this
->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when X-Custom-Header header is present');
}
/**
* Test reverse proxy validation.
*/
public function testValidateRemoteAddrInReverseProxyAddresses() {
$this
->variableSet('authcache_varnish_header', FALSE);
$this
->variableSet('reverse_proxy', 1);
$this
->variableSet('reverse_proxy_addresses', array(
$this->proxyIp,
$this->proxy2Ip,
));
$_SERVER['HTTP_X_FORWARDED_FOR'] = $this->remoteIp;
$_SERVER['REMOTE_ADDR'] = $this->proxyIp;
$this
->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when remote address is in list of trusted proxies');
$_SERVER['REMOTE_ADDR'] = $this->proxy2Ip;
$this
->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when remote address is in list of trusted proxies');
$_SERVER['REMOTE_ADDR'] = $this->untrustedIp;
$this
->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when remote address is not in list of trusted proxies');
}
/**
* Test reverse proxy validation when reverse_proxy_header variable is set.
*/
public function testValidateCustomClientIPHeader() {
$this
->variableSet('authcache_varnish_header', FALSE);
$this
->variableSet('reverse_proxy', 1);
$this
->variableSet('reverse_proxy_header', 'HTTP_X_CLUSTER_CLIENT_IP');
$this
->variableSet('reverse_proxy_addresses', array(
$this->proxyIp,
$this->proxy2Ip,
));
$_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] = $this->remoteIp;
$_SERVER['REMOTE_ADDR'] = $this->proxyIp;
$this
->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when remote address is in list of trusted proxies');
$_SERVER['REMOTE_ADDR'] = $this->proxy2Ip;
$this
->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when remote address is in list of trusted proxies');
$_SERVER['REMOTE_ADDR'] = $this->untrustedIp;
$this
->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when remote address is not in list of trusted proxies');
}
/**
* Request is not comming through varnish if reverse_proxy variable is off.
*/
public function testRejectIfReverseProxyOff() {
$this
->variableSet('authcache_varnish_header', FALSE);
$this
->variableSet('reverse_proxy', 0);
$this
->variableSet('reverse_proxy_addresses', array(
$this->proxyIp,
$this->proxy2Ip,
));
$_SERVER['HTTP_X_FORWARDED_FOR'] = "";
$_SERVER['REMOTE_ADDR'] = $this->proxyIp;
$this
->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when reverse_proxy variable is off.');
$_SERVER['REMOTE_ADDR'] = $this->proxy2Ip;
$this
->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when reverse_proxy variable is off.');
$_SERVER['REMOTE_ADDR'] = $this->untrustedIp;
$this
->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when reverse_proxy variable is off.');
}
/**
* Request is not comming through varnish if X-Forwarded-For is empty.
*/
public function testRejectIfForwardedForEmpty() {
$this
->variableSet('authcache_varnish_header', FALSE);
$this
->variableSet('reverse_proxy', 1);
$this
->variableSet('reverse_proxy_addresses', array(
$this->proxyIp,
$this->proxy2Ip,
));
$_SERVER['HTTP_X_FORWARDED_FOR'] = "";
$_SERVER['REMOTE_ADDR'] = $this->proxyIp;
$this
->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when X-Forwarded-For is empty');
$_SERVER['REMOTE_ADDR'] = $this->proxy2Ip;
$this
->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when X-Forwarded-For is empty');
$_SERVER['REMOTE_ADDR'] = $this->untrustedIp;
$this
->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when X-Forwarded-For is empty');
}
/**
* Request has correct X-Authcache-Varnish-Passphrase.
*/
public function testValidatePassphraseHeader() {
$this
->variableSet('authcache_varnish_passphrase', 'sEcr3t!');
$_SERVER['REMOTE_ADDR'] = $this->proxyIp;
$_SERVER['HTTP_X_AUTHCACHE_VARNISH_PASSPHRASE'] = 'sEcr3t!';
$this
->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when proxy passphrase matches');
$_SERVER['REMOTE_ADDR'] = $this->untrustedIp;
$_SERVER['HTTP_X_AUTHCACHE_VARNISH_PASSPHRASE'] = 'sEcr3t!';
$this
->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when proxy passphrase matches, even from untrusted ip');
}
/**
* Request has correct custom passphrase header.
*/
public function testValidateCustomPassphraseHeader() {
$this
->variableSet('authcache_varnish_passphrase', 'sEcr3t!');
$this
->variableSet('authcache_varnish_passphrase_header', 'HTTP_X_CUSTOM_PASSPHRASE_HEADER');
$_SERVER['REMOTE_ADDR'] = $this->proxyIp;
$_SERVER['HTTP_X_CUSTOM_PASSPHRASE_HEADER'] = 'sEcr3t!';
$this
->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when proxy passphrase matches');
$_SERVER['REMOTE_ADDR'] = $this->untrustedIp;
$_SERVER['HTTP_X_CUSTOM_PASSPHRASE_HEADER'] = 'sEcr3t!';
$this
->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when proxy passphrase matches, even from untrusted ip');
}
/**
* Request has the wrong X-Authcache-Varnish-Passphrase.
*/
public function testRejectPassphraseIfNotIdentical() {
$this
->variableSet('authcache_varnish_passphrase', 'sEcr3t!');
$_SERVER['REMOTE_ADDR'] = $this->proxyIp;
$_SERVER['HTTP_X_AUTHCACHE_VARNISH_PASSPHRASE'] = 'lEak3d!';
$this
->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when proxy passphrase does not match, even from trusted ip');
$_SERVER['REMOTE_ADDR'] = $this->untrustedIp;
$_SERVER['HTTP_X_AUTHCACHE_VARNISH_PASSPHRASE'] = 'lEak3d!';
$this
->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when proxy passphrase does not match');
}
}
Members
Name | Modifiers | Type | Description | Overrides |
---|---|---|---|---|
AuthcacheVarnishTestDefaultValidation:: |
protected | property | ||
AuthcacheVarnishTestDefaultValidation:: |
protected | property | ||
AuthcacheVarnishTestDefaultValidation:: |
protected | property | ||
AuthcacheVarnishTestDefaultValidation:: |
protected | property | ||
AuthcacheVarnishTestDefaultValidation:: |
protected | property | ||
AuthcacheVarnishTestDefaultValidation:: |
protected | property | ||
AuthcacheVarnishTestDefaultValidation:: |
public static | function | ||
AuthcacheVarnishTestDefaultValidation:: |
public | function |
Sets up unit test environment. Overrides DrupalUnitTestCase:: |
|
AuthcacheVarnishTestDefaultValidation:: |
public | function |
Overrides DrupalUnitTestCase:: |
|
AuthcacheVarnishTestDefaultValidation:: |
public | function | Ensure that no validation takes place when both mechanisms are turned off. | |
AuthcacheVarnishTestDefaultValidation:: |
public | function | Request is not comming through varnish if X-Forwarded-For is empty. | |
AuthcacheVarnishTestDefaultValidation:: |
public | function | Request is not comming through varnish if reverse_proxy variable is off. | |
AuthcacheVarnishTestDefaultValidation:: |
public | function | Request has the wrong X-Authcache-Varnish-Passphrase. | |
AuthcacheVarnishTestDefaultValidation:: |
public | function | Test reverse proxy validation when reverse_proxy_header variable is set. | |
AuthcacheVarnishTestDefaultValidation:: |
public | function | Request has correct custom passphrase header. | |
AuthcacheVarnishTestDefaultValidation:: |
public | function | Test validation when custom reverse proxy header was selected. | |
AuthcacheVarnishTestDefaultValidation:: |
public | function | Test validation of X-Varnish HTTP header. | |
AuthcacheVarnishTestDefaultValidation:: |
public | function | Request has correct X-Authcache-Varnish-Passphrase. | |
AuthcacheVarnishTestDefaultValidation:: |
public | function | Test reverse proxy validation. | |
AuthcacheVarnishTestDefaultValidation:: |
protected | function | Remove a variable without accessing the database. | |
AuthcacheVarnishTestDefaultValidation:: |
protected | function | Set a variable without accessing the database. | |
DrupalTestCase:: |
protected | property | Assertions thrown in that test case. | |
DrupalTestCase:: |
protected | property | The database prefix of this test run. | |
DrupalTestCase:: |
protected | property | The original file directory, before it was changed for testing purposes. | |
DrupalTestCase:: |
public | property | Current results of this test case. | |
DrupalTestCase:: |
protected | property | Flag to indicate whether the test has been set up. | |
DrupalTestCase:: |
protected | property | ||
DrupalTestCase:: |
protected | property | ||
DrupalTestCase:: |
protected | property | This class is skipped when looking for the source of an assertion. | |
DrupalTestCase:: |
protected | property | The test run ID. | |
DrupalTestCase:: |
protected | property | Time limit for the test. | |
DrupalTestCase:: |
public | property | Whether to cache the installation part of the setUp() method. | |
DrupalTestCase:: |
public | property | Whether to cache the modules installation part of the setUp() method. | |
DrupalTestCase:: |
protected | property | URL to the verbose output file directory. | |
DrupalTestCase:: |
protected | function | Internal helper: stores the assert. | |
DrupalTestCase:: |
protected | function | Check to see if two values are equal. | |
DrupalTestCase:: |
protected | function | Check to see if a value is false (an empty string, 0, NULL, or FALSE). | |
DrupalTestCase:: |
protected | function | Check to see if two values are identical. | |
DrupalTestCase:: |
protected | function | Check to see if two values are not equal. | |
DrupalTestCase:: |
protected | function | Check to see if two values are not identical. | |
DrupalTestCase:: |
protected | function | Check to see if a value is not NULL. | |
DrupalTestCase:: |
protected | function | Check to see if a value is NULL. | |
DrupalTestCase:: |
protected | function | Check to see if a value is not false (not an empty string, 0, NULL, or FALSE). | |
DrupalTestCase:: |
public static | function | Delete an assertion record by message ID. | |
DrupalTestCase:: |
protected | function | Fire an error assertion. | 1 |
DrupalTestCase:: |
public | function | Handle errors during test runs. | 1 |
DrupalTestCase:: |
protected | function | Handle exceptions. | |
DrupalTestCase:: |
protected | function | Fire an assertion that is always negative. | |
DrupalTestCase:: |
public static | function | Converts a list of possible parameters into a stack of permutations. | |
DrupalTestCase:: |
protected | function | Cycles through backtrace until the first non-assertion method is found. | |
DrupalTestCase:: |
public static | function | Returns the database connection to the site running Simpletest. | |
DrupalTestCase:: |
public static | function | Store an assertion from outside the testing context. | |
DrupalTestCase:: |
protected | function | Fire an assertion that is always positive. | |
DrupalTestCase:: |
public static | function | Generates a random string containing letters and numbers. | |
DrupalTestCase:: |
public static | function | Generates a random string of ASCII characters of codes 32 to 126. | |
DrupalTestCase:: |
public | function | Run all tests in this class. | |
DrupalTestCase:: |
protected | function | Logs a verbose message in a text file. | |
DrupalUnitTestCase:: |
function |
Constructor for DrupalUnitTestCase. Overrides DrupalTestCase:: |