1 files changed, 53 insertions, 0 deletions

diff --git a/railties/test/application/middleware_stack_defaults_test.rb b/railties/test/application/middleware_stack_defaults_test.rb
new file mode 100644
index 0000000000..94151a90da
--- /dev/null
+++ b/railties/test/application/middleware_stack_defaults_test.rb
@@ -0,0 +1,53 @@
+require 'isolation/abstract_unit'
+
+class MiddlewareStackDefaultsTest < Test::Unit::TestCase
+  include ActiveSupport::Testing::Isolation
+
+  def setup
+    boot_rails
+    require "rails"
+    require "action_controller/railtie"
+
+    Object.const_set(:MyApplication, Class.new(Rails::Application))
+    MyApplication.class_eval do
+      config.action_controller.session = { :key => "_myapp_session", :secret => "OMG A SEKRET" * 10 }
+    end
+  end
+
+  def remote_ip(env = {})
+    remote_ip = nil
+    env = Rack::MockRequest.env_for("/").merge(env).merge('action_dispatch.show_exceptions' => false)
+
+    endpoint = Proc.new do |e|
+      remote_ip = ActionDispatch::Request.new(e).remote_ip
+      [200, {}, ["Hello"]]
+    end
+
+    out = MyApplication.middleware.build(endpoint).call(env)
+    remote_ip
+  end
+
+  test "remote_ip works" do
+    assert_equal "1.1.1.1", remote_ip("REMOTE_ADDR" => "1.1.1.1")
+  end
+
+  test "checks IP spoofing by default" do
+    assert_raises(ActionDispatch::RemoteIp::IpSpoofAttackError) do
+      remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2")
+    end
+  end
+
+  test "can disable IP spoofing check" do
+    MyApplication.config.action_dispatch.ip_spoofing_check = false
+
+    assert_nothing_raised(ActionDispatch::RemoteIp::IpSpoofAttackError) do
+      assert_equal "1.1.1.2", remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2")
+    end
+  end
+
+  test "the user can set trusted proxies" do
+    MyApplication.config.action_dispatch.trusted_proxies = /^4\.2\.42\.42$/
+
+    assert_equal "1.1.1.1", remote_ip("REMOTE_ADDR" => "4.2.42.42,1.1.1.1")
+  end
+end