diff options
Diffstat (limited to 'railties')
| -rw-r--r-- | railties/lib/rails/configuration.rb | 5 | ||||
| -rw-r--r-- | railties/lib/rails/log_subscriber.rb | 1 | ||||
| -rw-r--r-- | railties/test/application/middleware_stack_defaults_test.rb | 53 |
3 files changed, 57 insertions, 2 deletions
diff --git a/railties/lib/rails/configuration.rb b/railties/lib/rails/configuration.rb index a1e901f04f..a26978ef92 100644 --- a/railties/lib/rails/configuration.rb +++ b/railties/lib/rails/configuration.rb @@ -84,11 +84,12 @@ module Rails middleware.use('::Rack::Runtime') middleware.use('::Rails::Rack::Logger') middleware.use('::ActionDispatch::ShowExceptions', lambda { consider_all_requests_local }) + middleware.use("::ActionDispatch::RemoteIp", lambda { action_dispatch.ip_spoofing_check }, lambda { action_dispatch.trusted_proxies }) middleware.use('::Rack::Sendfile', lambda { action_dispatch.x_sendfile_header }) middleware.use('::ActionDispatch::Callbacks', lambda { !cache_classes }) middleware.use('::ActionDispatch::Cookies') - middleware.use(lambda { ActionController::Base.session_store }, lambda { ActionController::Base.session_options }) - middleware.use('::ActionDispatch::Flash', :if => lambda { ActionController::Base.session_store }) + middleware.use(lambda { action_controller.session_store }, lambda { action_controller.session_options }) + middleware.use('::ActionDispatch::Flash', :if => lambda { action_controller.session_store }) middleware.use(lambda { metal_loader.build_middleware(metals) }, :if => lambda { metal_loader.metals.any? }) middleware.use('ActionDispatch::ParamsParser') middleware.use('::Rack::MethodOverride') diff --git a/railties/lib/rails/log_subscriber.rb b/railties/lib/rails/log_subscriber.rb index 0fbc19d89c..42697d2e32 100644 --- a/railties/lib/rails/log_subscriber.rb +++ b/railties/lib/rails/log_subscriber.rb @@ -87,6 +87,7 @@ module Rails %w(info debug warn error fatal unknown).each do |level| class_eval <<-METHOD, __FILE__, __LINE__ + 1 def #{level}(*args, &block) + return unless logger logger.#{level}(*args, &block) end METHOD diff --git a/railties/test/application/middleware_stack_defaults_test.rb b/railties/test/application/middleware_stack_defaults_test.rb new file mode 100644 index 0000000000..94151a90da --- /dev/null +++ b/railties/test/application/middleware_stack_defaults_test.rb @@ -0,0 +1,53 @@ +require 'isolation/abstract_unit' + +class MiddlewareStackDefaultsTest < Test::Unit::TestCase + include ActiveSupport::Testing::Isolation + + def setup + boot_rails + require "rails" + require "action_controller/railtie" + + Object.const_set(:MyApplication, Class.new(Rails::Application)) + MyApplication.class_eval do + config.action_controller.session = { :key => "_myapp_session", :secret => "OMG A SEKRET" * 10 } + end + end + + def remote_ip(env = {}) + remote_ip = nil + env = Rack::MockRequest.env_for("/").merge(env).merge('action_dispatch.show_exceptions' => false) + + endpoint = Proc.new do |e| + remote_ip = ActionDispatch::Request.new(e).remote_ip + [200, {}, ["Hello"]] + end + + out = MyApplication.middleware.build(endpoint).call(env) + remote_ip + end + + test "remote_ip works" do + assert_equal "1.1.1.1", remote_ip("REMOTE_ADDR" => "1.1.1.1") + end + + test "checks IP spoofing by default" do + assert_raises(ActionDispatch::RemoteIp::IpSpoofAttackError) do + remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2") + end + end + + test "can disable IP spoofing check" do + MyApplication.config.action_dispatch.ip_spoofing_check = false + + assert_nothing_raised(ActionDispatch::RemoteIp::IpSpoofAttackError) do + assert_equal "1.1.1.2", remote_ip("HTTP_X_FORWARDED_FOR" => "1.1.1.1", "HTTP_CLIENT_IP" => "1.1.1.2") + end + end + + test "the user can set trusted proxies" do + MyApplication.config.action_dispatch.trusted_proxies = /^4\.2\.42\.42$/ + + assert_equal "1.1.1.1", remote_ip("REMOTE_ADDR" => "4.2.42.42,1.1.1.1") + end +end |