You are here

Home » API reference » Authenticated User Page Caching (Authcache) 7.2 » authcache_varnish.test

class AuthcacheVarnishTestDefaultValidation in Authenticated User Page Caching (Authcache) 7.2

Unit tests for authcache_varnish_request_validate().

Hierarchy

Expanded class hierarchy of AuthcacheVarnishTestDefaultValidation

File

modules/authcache_varnish/authcache_varnish.test, line 283
Test cases for authcache_varnish module.

View source 
class AuthcacheVarnishTestDefaultValidation extends DrupalUnitTestCase {
  protected $oldserver;
  protected $oldconf;
  protected $remoteIp;
  protected $proxyIp;
  protected $proxy2Ip;
  protected $untrustedIp;

  /**
   * {@inheritdoc}
   */
  public static function getInfo() {
    return array(
      'name' => 'Default Request Validation',
      'description' => 'Check whether a request should be accepted as comming from Varnish',
      'group' => 'Authcache Varnish',
    );
  }

  /**
   * {@inheritdoc}
   */
  public function setUp() {
    global $conf;
    parent::setUp();
    require_once __DIR__ . '/authcache_varnish.module';
    $this->oldserver = $_SERVER;
    $this->oldconf = $conf;
    $this->remoteIp = '127.0.0.1';
    $this->proxyIp = '127.0.0.2';
    $this->proxy2Ip = '127.0.0.3';
    $this->untrustedIp = '0.0.0.0';

    // @ignore sniffer_semantics_remoteaddress_remoteaddress:class
    $_SERVER['REMOTE_ADDR'] = $this->remoteIp;
    unset($_SERVER['HTTP_X_VARNISH']);
    unset($_SERVER['HTTP_X_FORWARDED_FOR']);
    unset($_SERVER['HTTP_X_CLUSTER_CLIENT_IP']);
    unset($_SERVER['HTTP_X_AUTHCACHE_VARNISH_PASSPHRASE']);
    unset($_SERVER['HTTP_X_CUSTOM_PASSPHRASE_HEADER']);
    $this
      ->variableDel('authcache_varnish_validate_reverse_proxy_address');
    $this
      ->variableDel('authcache_varnish_header');
    $this
      ->variableDel('authcache_varnish_passphrase');
    $this
      ->variableDel('authcache_varnish_passphrase_header');
  }

  /**
   * {@inheritdoc}
   */
  public function tearDown() {
    global $conf;
    $_SERVER = $this->oldserver;
    $conf = $this->oldconf;
    parent::tearDown();
  }

  /**
   * Set a variable without accessing the database.
   */
  protected function variableSet($name, $value) {
    global $conf;
    $conf[$name] = $value;
  }

  /**
   * Remove a variable without accessing the database.
   */
  protected function variableDel($name) {
    global $conf;
    unset($conf[$name]);
  }

  /**
   * Ensure that no validation takes place when both mechanisms are turned off.
   */
  public function testNoValidationIfChecksAreDisabled() {

    // No validation if both checks are disabled.
    $this
      ->variableSet('authcache_varnish_validate_reverse_proxy_address', FALSE);
    $this
      ->variableSet('authcache_varnish_header', FALSE);
    $this
      ->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Do not validate any headers when variables authcache_varnish_validate_reverse_proxy_address and authcache_varnish_header both are set to FALSE');
  }

  /**
   * Test validation of X-Varnish HTTP header.
   */
  public function testValidateDefaultXVarnishHeader() {
    $this
      ->variableSet('authcache_varnish_validate_reverse_proxy_address', FALSE);
    $this
      ->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when X-Varnish header is missing');
    $_SERVER['HTTP_X_VARNISH'] = '123';
    $this
      ->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when X-Varnish header is present');
  }

  /**
   * Test validation when custom reverse proxy header was selected.
   */
  public function testValidateCustomXVarnishHeader() {
    $this
      ->variableSet('authcache_varnish_validate_reverse_proxy_address', FALSE);
    $this
      ->variableSet('authcache_varnish_header', 'HTTP_X_CUSTOM_HEADER');
    $this
      ->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when X-Custom-Header header is missing');
    $_SERVER['HTTP_X_CUSTOM_HEADER'] = '123';
    $this
      ->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when X-Custom-Header header is present');
  }

  /**
   * Test reverse proxy validation.
   */
  public function testValidateRemoteAddrInReverseProxyAddresses() {
    $this
      ->variableSet('authcache_varnish_header', FALSE);
    $this
      ->variableSet('reverse_proxy', 1);
    $this
      ->variableSet('reverse_proxy_addresses', array(
      $this->proxyIp,
      $this->proxy2Ip,
    ));
    $_SERVER['HTTP_X_FORWARDED_FOR'] = $this->remoteIp;
    $_SERVER['REMOTE_ADDR'] = $this->proxyIp;
    $this
      ->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when remote address is in list of trusted proxies');
    $_SERVER['REMOTE_ADDR'] = $this->proxy2Ip;
    $this
      ->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when remote address is in list of trusted proxies');
    $_SERVER['REMOTE_ADDR'] = $this->untrustedIp;
    $this
      ->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when remote address is not in list of trusted proxies');
  }

  /**
   * Test reverse proxy validation when reverse_proxy_header variable is set.
   */
  public function testValidateCustomClientIPHeader() {
    $this
      ->variableSet('authcache_varnish_header', FALSE);
    $this
      ->variableSet('reverse_proxy', 1);
    $this
      ->variableSet('reverse_proxy_header', 'HTTP_X_CLUSTER_CLIENT_IP');
    $this
      ->variableSet('reverse_proxy_addresses', array(
      $this->proxyIp,
      $this->proxy2Ip,
    ));
    $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] = $this->remoteIp;
    $_SERVER['REMOTE_ADDR'] = $this->proxyIp;
    $this
      ->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when remote address is in list of trusted proxies');
    $_SERVER['REMOTE_ADDR'] = $this->proxy2Ip;
    $this
      ->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when remote address is in list of trusted proxies');
    $_SERVER['REMOTE_ADDR'] = $this->untrustedIp;
    $this
      ->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when remote address is not in list of trusted proxies');
  }

  /**
   * Request is not comming through varnish if reverse_proxy variable is off.
   */
  public function testRejectIfReverseProxyOff() {
    $this
      ->variableSet('authcache_varnish_header', FALSE);
    $this
      ->variableSet('reverse_proxy', 0);
    $this
      ->variableSet('reverse_proxy_addresses', array(
      $this->proxyIp,
      $this->proxy2Ip,
    ));
    $_SERVER['HTTP_X_FORWARDED_FOR'] = "";
    $_SERVER['REMOTE_ADDR'] = $this->proxyIp;
    $this
      ->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when reverse_proxy variable is off.');
    $_SERVER['REMOTE_ADDR'] = $this->proxy2Ip;
    $this
      ->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when reverse_proxy variable is off.');
    $_SERVER['REMOTE_ADDR'] = $this->untrustedIp;
    $this
      ->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when reverse_proxy variable is off.');
  }

  /**
   * Request is not comming through varnish if X-Forwarded-For is empty.
   */
  public function testRejectIfForwardedForEmpty() {
    $this
      ->variableSet('authcache_varnish_header', FALSE);
    $this
      ->variableSet('reverse_proxy', 1);
    $this
      ->variableSet('reverse_proxy_addresses', array(
      $this->proxyIp,
      $this->proxy2Ip,
    ));
    $_SERVER['HTTP_X_FORWARDED_FOR'] = "";
    $_SERVER['REMOTE_ADDR'] = $this->proxyIp;
    $this
      ->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when X-Forwarded-For is empty');
    $_SERVER['REMOTE_ADDR'] = $this->proxy2Ip;
    $this
      ->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when X-Forwarded-For is empty');
    $_SERVER['REMOTE_ADDR'] = $this->untrustedIp;
    $this
      ->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when X-Forwarded-For is empty');
  }

  /**
   * Request has correct X-Authcache-Varnish-Passphrase.
   */
  public function testValidatePassphraseHeader() {
    $this
      ->variableSet('authcache_varnish_passphrase', 'sEcr3t!');
    $_SERVER['REMOTE_ADDR'] = $this->proxyIp;
    $_SERVER['HTTP_X_AUTHCACHE_VARNISH_PASSPHRASE'] = 'sEcr3t!';
    $this
      ->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when proxy passphrase matches');
    $_SERVER['REMOTE_ADDR'] = $this->untrustedIp;
    $_SERVER['HTTP_X_AUTHCACHE_VARNISH_PASSPHRASE'] = 'sEcr3t!';
    $this
      ->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when proxy passphrase matches, even from untrusted ip');
  }

  /**
   * Request has correct custom passphrase header.
   */
  public function testValidateCustomPassphraseHeader() {
    $this
      ->variableSet('authcache_varnish_passphrase', 'sEcr3t!');
    $this
      ->variableSet('authcache_varnish_passphrase_header', 'HTTP_X_CUSTOM_PASSPHRASE_HEADER');
    $_SERVER['REMOTE_ADDR'] = $this->proxyIp;
    $_SERVER['HTTP_X_CUSTOM_PASSPHRASE_HEADER'] = 'sEcr3t!';
    $this
      ->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when proxy passphrase matches');
    $_SERVER['REMOTE_ADDR'] = $this->untrustedIp;
    $_SERVER['HTTP_X_CUSTOM_PASSPHRASE_HEADER'] = 'sEcr3t!';
    $this
      ->assertIdentical(TRUE, authcache_varnish_request_validate(), 'Accept request when proxy passphrase matches, even from untrusted ip');
  }

  /**
   * Request has the wrong X-Authcache-Varnish-Passphrase.
   */
  public function testRejectPassphraseIfNotIdentical() {
    $this
      ->variableSet('authcache_varnish_passphrase', 'sEcr3t!');
    $_SERVER['REMOTE_ADDR'] = $this->proxyIp;
    $_SERVER['HTTP_X_AUTHCACHE_VARNISH_PASSPHRASE'] = 'lEak3d!';
    $this
      ->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when proxy passphrase does not match, even from trusted ip');
    $_SERVER['REMOTE_ADDR'] = $this->untrustedIp;
    $_SERVER['HTTP_X_AUTHCACHE_VARNISH_PASSPHRASE'] = 'lEak3d!';
    $this
      ->assertIdentical(FALSE, authcache_varnish_request_validate(), 'Reject request when proxy passphrase does not match');
  }

}

Members

Namesort descending Modifiers Type Description Overrides
AuthcacheVarnishTestDefaultValidation::$oldconf protected property
AuthcacheVarnishTestDefaultValidation::$oldserver protected property
AuthcacheVarnishTestDefaultValidation::$proxy2Ip protected property
AuthcacheVarnishTestDefaultValidation::$proxyIp protected property
AuthcacheVarnishTestDefaultValidation::$remoteIp protected property
AuthcacheVarnishTestDefaultValidation::$untrustedIp protected property
AuthcacheVarnishTestDefaultValidation::getInfo public static function
AuthcacheVarnishTestDefaultValidation::setUp public function Sets up unit test environment. Overrides DrupalUnitTestCase::setUp
AuthcacheVarnishTestDefaultValidation::tearDown public function Overrides DrupalUnitTestCase::tearDown
AuthcacheVarnishTestDefaultValidation::testNoValidationIfChecksAreDisabled public function Ensure that no validation takes place when both mechanisms are turned off.
AuthcacheVarnishTestDefaultValidation::testRejectIfForwardedForEmpty public function Request is not comming through varnish if X-Forwarded-For is empty.
AuthcacheVarnishTestDefaultValidation::testRejectIfReverseProxyOff public function Request is not comming through varnish if reverse_proxy variable is off.
AuthcacheVarnishTestDefaultValidation::testRejectPassphraseIfNotIdentical public function Request has the wrong X-Authcache-Varnish-Passphrase.
AuthcacheVarnishTestDefaultValidation::testValidateCustomClientIPHeader public function Test reverse proxy validation when reverse_proxy_header variable is set.
AuthcacheVarnishTestDefaultValidation::testValidateCustomPassphraseHeader public function Request has correct custom passphrase header.
AuthcacheVarnishTestDefaultValidation::testValidateCustomXVarnishHeader public function Test validation when custom reverse proxy header was selected.
AuthcacheVarnishTestDefaultValidation::testValidateDefaultXVarnishHeader public function Test validation of X-Varnish HTTP header.
AuthcacheVarnishTestDefaultValidation::testValidatePassphraseHeader public function Request has correct X-Authcache-Varnish-Passphrase.
AuthcacheVarnishTestDefaultValidation::testValidateRemoteAddrInReverseProxyAddresses public function Test reverse proxy validation.
AuthcacheVarnishTestDefaultValidation::variableDel protected function Remove a variable without accessing the database.
AuthcacheVarnishTestDefaultValidation::variableSet protected function Set a variable without accessing the database.
DrupalTestCase::$assertions protected property Assertions thrown in that test case.
DrupalTestCase::$databasePrefix protected property The database prefix of this test run.
DrupalTestCase::$originalFileDirectory protected property The original file directory, before it was changed for testing purposes.
DrupalTestCase::$results public property Current results of this test case.
DrupalTestCase::$setup protected property Flag to indicate whether the test has been set up.
DrupalTestCase::$setupDatabasePrefix protected property
DrupalTestCase::$setupEnvironment protected property
DrupalTestCase::$skipClasses protected property This class is skipped when looking for the source of an assertion.
DrupalTestCase::$testId protected property The test run ID.
DrupalTestCase::$timeLimit protected property Time limit for the test.
DrupalTestCase::$useSetupInstallationCache public property Whether to cache the installation part of the setUp() method.
DrupalTestCase::$useSetupModulesCache public property Whether to cache the modules installation part of the setUp() method.
DrupalTestCase::$verboseDirectoryUrl protected property URL to the verbose output file directory.
DrupalTestCase::assert protected function Internal helper: stores the assert.
DrupalTestCase::assertEqual protected function Check to see if two values are equal.
DrupalTestCase::assertFalse protected function Check to see if a value is false (an empty string, 0, NULL, or FALSE).
DrupalTestCase::assertIdentical protected function Check to see if two values are identical.
DrupalTestCase::assertNotEqual protected function Check to see if two values are not equal.
DrupalTestCase::assertNotIdentical protected function Check to see if two values are not identical.
DrupalTestCase::assertNotNull protected function Check to see if a value is not NULL.
DrupalTestCase::assertNull protected function Check to see if a value is NULL.
DrupalTestCase::assertTrue protected function Check to see if a value is not false (not an empty string, 0, NULL, or FALSE).
DrupalTestCase::deleteAssert public static function Delete an assertion record by message ID.
DrupalTestCase::error protected function Fire an error assertion. 1
DrupalTestCase::errorHandler public function Handle errors during test runs. 1
DrupalTestCase::exceptionHandler protected function Handle exceptions.
DrupalTestCase::fail protected function Fire an assertion that is always negative.
DrupalTestCase::generatePermutations public static function Converts a list of possible parameters into a stack of permutations.
DrupalTestCase::getAssertionCall protected function Cycles through backtrace until the first non-assertion method is found.
DrupalTestCase::getDatabaseConnection public static function Returns the database connection to the site running Simpletest.
DrupalTestCase::insertAssert public static function Store an assertion from outside the testing context.
DrupalTestCase::pass protected function Fire an assertion that is always positive.
DrupalTestCase::randomName public static function Generates a random string containing letters and numbers.
DrupalTestCase::randomString public static function Generates a random string of ASCII characters of codes 32 to 126.
DrupalTestCase::run public function Run all tests in this class.
DrupalTestCase::verbose protected function Logs a verbose message in a text file.
DrupalUnitTestCase::__construct function Constructor for DrupalUnitTestCase. Overrides DrupalTestCase::__construct