Tested app with 403 and 404 requests

af60cd1c · Sheng · e94c8463 · af60cd1c · af60cd1c
Commit af60cd1c authored Oct 16, 2018 by Sheng
Show whitespace changes
Inline Side-by-side

Showing with 46 additions and 2 deletions

test_app.py tests/test_app.py +44 -0

handler.py webssh/handler.py +2 -2

No files found.
--- a/tests/test_app.py
+++ b/tests/test_app.py
@@ -561,3 +561,47 @@ class TestAppWithRejectPolicy(OtherTestBase):
        self.assertIsNone(data['encoding'])
        message = 'Connection to {}:{} is not allowed.'.format(self.body['hostname'], self.sshserver_port) # noqa
        self.assertEqual(message, data['status'])
+class TestAppWithTrustedStream(OtherTestBase):
+    tdstream = '127.0.0.2'
+    def test_with_forbidden_get_request(self):
+        response = self.fetch('/', method='GET')
+        self.assertEqual(response.code, 403)
+        self.assertIn(b'403: Forbidden', response.body)
+    def test_with_forbidden_post_request(self):
+        response = self.fetch('/', method='POST', body=urlencode(self.body),
+                              headers=self.headers)
+        self.assertEqual(response.code, 200)
+        self.assertIn(b'"status": "Forbidden"', response.body)
+    def test_with_forbidden_put_request(self):
+        response = self.fetch('/', method='PUT', body=urlencode(self.body),
+                              headers=self.headers)
+        self.assertEqual(response.code, 403)
+        self.assertIn(b'403: Forbidden', response.body)
+class TestAppNotFoundHandler(OtherTestBase):
+    def test_with_not_found_get_request(self):
+        response = self.fetch('/pathnotfound', method='GET')
+        self.assertEqual(response.code, 404)
+        self.assertEqual(response.headers['Server'], 'TornadoServer')
+        self.assertIn(b'404: Not Found', response.body)
+    def test_with_not_found_post_request(self):
+        response = self.fetch('/pathnotfound', method='POST',
+                              body=urlencode(self.body), headers=self.headers)
+        self.assertEqual(response.code, 404)
+        self.assertEqual(response.headers['Server'], 'TornadoServer')
+        self.assertIn(b'404: Not Found', response.body)
+    def test_with_not_found_put_request(self):
+        response = self.fetch('/pathnotfound', method='PUT',
+                              body=urlencode(self.body), headers=self.headers)
+        self.assertEqual(response.code, 404)
+        self.assertEqual(response.headers['Server'], 'TornadoServer')
+        self.assertIn(b'404: Not Found', response.body)
--- a/webssh/handler.py
+++ b/webssh/handler.py
@@ -54,7 +54,7 @@ class MixinHandler(object):
        lst = context.trusted_downstream
        if lst and ip not in lst:
-            logging.info(
+            logging.warning(
                'IP {!r} not found in trusted downstream {!r}'.format(ip, lst)
            )
            return True
@@ -62,7 +62,7 @@ class MixinHandler(object):
        if context._orig_protocol == 'http':
            ipaddr = to_ip_address(ip)
            if not ipaddr.is_private:
-                logging.info('Public non-https request is forbidden.')
+                logging.warning('Public non-https request is forbidden.')
                return True
    def set_default_headers(self):