wipproxyfix

4 files changed, 256 insertions, 93 deletions

diff --git a/tests/contrib/test_fixers.py b/tests/contrib/test_fixers.py
index 0ff91a93..a6a29956 100644
--- a/tests/contrib/test_fixers.py
+++ b/tests/contrib/test_fixers.py
@@ -158,6 +158,41 @@ class TestServerFixer(object):
         assert wsgi_headers['Location'] == '{}/foo/bar.hml'.format(
             assumed_host)
 
+    @pytest.mark.parametrize(('environ', 'remote_addr', 'url_root'), (
+        pytest.param({
+            'REMOTE_ADDR': '192.168.0.1',
+            'HTTP_HOST': 'spam',
+        }, '192.168.0.1', 'http://spam/', id='basic'),
+    ))
+    def test_proxy_fix_new(self, environ, remote_addr, url_root):
+        map = Map([Rule('/parrot', endpoint='parrot')])
+
+        @Request.application
+        def app(request):
+            assert request.remote_addr == remote_addr
+            assert request.url_root == url_root
+
+            urls = map.bind_to_environ(request.environ)
+            assert urls.build('parrot') == '/'.join((
+                request.script_root, 'parrot'))
+            assert urls.match('/parrot')[0] == 'parrot'
+
+            return Response('success')
+
+        app = fixers.ProxyFix(app)
+
+        environ = create_environ(environ_overrides=environ)
+        if 'HTTP_HOST' not in environ:
+            del environ['HTTP_HOST']
+
+        response = Response.from_app(app, environ)
+        assert response.get_data() == b'success'
+
+        redirect_app = redirect('/parrot')
+        response = Response.from_app(redirect_app, environ)
+        location = response.get_wsgi_headers(environ)['Location']
+        assert location == '/'.join(url_root, )
+
     def test_proxy_fix_forwarded_prefix(self):
         @fixers.ProxyFix
         @Request.application
diff --git a/tests/test_wsgi.py b/tests/test_wsgi.py
index 4fd99ed1..1e3c5ba8 100644
--- a/tests/test_wsgi.py
+++ b/tests/test_wsgi.py
@@ -98,32 +98,46 @@ def test_dispatchermiddleware():
     assert b''.join(app_iter).strip() == b'NOT FOUND'
 
 
-def test_get_host_by_http_host():
-    env = {'HTTP_HOST': 'example.org', 'wsgi.url_scheme': 'http'}
-    assert wsgi.get_host(env) == 'example.org'
-    env['HTTP_HOST'] = 'example.org:8080'
-    assert wsgi.get_host(env) == 'example.org:8080'
-    env['HOST_NAME'] = 'ignore me'
-    assert wsgi.get_host(env) == 'example.org:8080'
-
-
-def test_get_host_by_server_name_and_port():
-    env = {'SERVER_NAME': 'example.org', 'SERVER_PORT': '80',
-           'wsgi.url_scheme': 'http'}
-    assert wsgi.get_host(env) == 'example.org'
-    env['wsgi.url_scheme'] = 'https'
-    assert wsgi.get_host(env) == 'example.org:80'
-    env['SERVER_PORT'] = '8080'
-    assert wsgi.get_host(env) == 'example.org:8080'
-    env['SERVER_PORT'] = '443'
-    assert wsgi.get_host(env) == 'example.org'
-
-
-def test_get_host_ignore_x_forwarded_for():
-    env = {'HTTP_X_FORWARDED_HOST': 'forwarded',
-           'HTTP_HOST': 'example.org',
-           'wsgi.url_scheme': 'http'}
-    assert wsgi.get_host(env) == 'example.org'
+@pytest.mark.parametrize(('environ', 'expect'), (
+    pytest.param({
+        'HTTP_HOST': 'spam',
+    }, 'spam', id='host'),
+    pytest.param({
+        'HTTP_HOST': 'spam:80',
+    }, 'spam', id='host, strip http port'),
+    pytest.param({
+        'wsgi.url_scheme': 'https',
+        'HTTP_HOST': 'spam:443',
+    }, 'spam', id='host, strip https port'),
+    pytest.param({
+        'HTTP_HOST': 'spam:8080',
+    }, 'spam:8080', id='host, custom port'),
+    pytest.param({
+        'HTTP_HOST': 'spam',
+        'SERVER_NAME': 'eggs',
+        'SERVER_PORT': '80',
+    }, 'spam', id='prefer host'),
+    pytest.param({
+        'SERVER_NAME': 'eggs',
+        'SERVER_PORT': '80'
+    }, 'eggs', id='name, ignore http port'),
+    pytest.param({
+        'wsgi.url_scheme': 'https',
+        'SERVER_NAME': 'eggs',
+        'SERVER_PORT': '443'
+    }, 'eggs', id='name, ignore https port'),
+    pytest.param({
+        'SERVER_NAME': 'eggs',
+        'SERVER_PORT': '8080'
+    }, 'eggs:8080', id='name, custom port'),
+    pytest.param({
+        'HTTP_HOST': 'ham',
+        'HTTP_X_FORWARDED_HOST': 'eggs'
+    }, 'ham', id='ignore x-forwarded-host'),
+))
+def test_get_host(environ, expect):
+    environ.setdefault('wsgi.url_scheme', 'http')
+    assert wsgi.get_host(environ) == expect
 
 
 def test_get_host_validate_trusted_hosts():
diff --git a/werkzeug/contrib/fixers.py b/werkzeug/contrib/fixers.py
index 86e977ba..735df329 100644
--- a/werkzeug/contrib/fixers.py
+++ b/werkzeug/contrib/fixers.py
@@ -16,6 +16,8 @@
     :copyright: Copyright 2009 by the Werkzeug Team, see AUTHORS for more details.
     :license: BSD, see LICENSE for more details.
 """
+import warnings
+
 try:
     from urllib import unquote
 except ImportError:
@@ -95,76 +97,185 @@ class PathInfoFromRequestUriFix(object):
 
 
 class ProxyFix(object):
+    """Adjust the WSGI environ based on ``Forwarded`` headers that
+    proxies in front of the application may set.
+
+    When the application is running behind a server like Nginx (or
+    another server or proxy), WSGI will see the request as coming from
+    that server rather than the real client. Proxies set various headers
+    to track where the request actually came from.
+
+    This middleware should only be applied if the application is
+    actually behind such a proxy, and should be configured with the
+    number of proxies that are chained in front of it. Not all proxies
+    set all the headers. Since incoming headers can be faked, you must
+    set how many proxies are setting each header so the middleware knows
+    what to trust.
+
+    The original values of the headers are stored in the WSGI
+    environ as ``werkzeug.proxy_fix.orig``, a dict.
+
+    :param app: The WSGI application.
+    :param x_for: Number of values to trust for ``X-Forwarded-For``.
+    :param x_proto: Number of values to trust for ``X-Forwarded-Proto``.
+    :param x_host: Number of values to trust for ``X-Forwarded-Host``.
+    :param x_port: Number of values to trust for ``X-Forwarded-Port``.
+    :param x_prefix: Number of values to trust for
+        ``X-Forwarded-Prefix``.
+    :param num_proxies: Deprecated, use ``x_for`` instead.
+
+    .. versionchanged:: 0.15
+        Support ``X-Forwarded-Proto``, ``X-Forwarded-Port``,
+        ``X-Forwarded-Prefix``.
+
+    .. versionchanged:: 0.15
+        All headers support multiple values. Previously only
+        ``X-Forwarded-For`` parsed multiple values.
+
+    .. versionchanged:: 0.15
+        Deprecate ``num_proxies`` argument. Each header is configured
+        with a separate number of trusted proxies.
+
+    .. versionchanged:: 0.15
+        Original WSGI environ values are stored in the
+        ``werkzeug.proxy_fix.orig`` dict. Previously they were stored
+        under separate keys.
+    """
 
-    """This middleware can be applied to add HTTP proxy support to an
-    application that was not designed with HTTP proxies in mind.  It
-    sets `REMOTE_ADDR`, `HTTP_HOST` from `X-Forwarded` headers.  While
-    Werkzeug-based applications already can use
-    :py:func:`werkzeug.wsgi.get_host` to retrieve the current host even if
-    behind proxy setups, this middleware can be used for applications which
-    access the WSGI environment directly.
+    def __init__(
+        self, app, num_proxies=None,
+        x_for=1, x_proto=0, x_host=0, x_port=0, x_prefix=0
+    ):
+        self.app = app
+        self.trusted = {
+            'x_for': x_for,
+            'x_proto': x_proto,
+            'x_host': x_host,
+            'x_port': x_port,
+            'x_prefix': x_prefix,
+        }
+        self.num_proxies = num_proxies
 
-    If you have more than one proxy server in front of your app, set
-    `num_proxies` accordingly.
+    @property
+    def num_proxies(self):
+        """The number of proxies setting ``X-Forwarded-For`` in front
+        of the application.
 
-    Do not use this middleware in non-proxy setups for security reasons.
+        .. deprecated:: 0.15
+            A separate number of trusted proxies for each header is
+            stored in :attr:`trusted`. ``num_proxies`` maps to the
+            ``x_for`` key.
 
-    The original values of `REMOTE_ADDR` and `HTTP_HOST` are stored in
-    the WSGI environment as `werkzeug.proxy_fix.orig_remote_addr` and
-    `werkzeug.proxy_fix.orig_http_host`.
+        :internal:
+        """
+        warnings.warn(DeprecationWarning(
+            "num_proxies is deprecated. Use trusted['x_for'] instead."))
+        return self.trusted['x_for']
+
+    @num_proxies.setter
+    def num_proxies(self, value):
+        if value is not None:
+            warnings.warn(DeprecationWarning(
+                'num_proxies is deprecated. Use x_for and other header'
+                ' offsets instead.'))
+            self.trusted['x_for'] = value
 
-    :param app: the WSGI application
-    :param num_proxies: the number of proxy servers in front of the app.
-    """
+    def get_remote_addr(self, forwarded_for):
+        """Get the real ``remote_addr`` by looking backwards ``x_for``
+        number of values in the ``X-Forwarded-For`` header.
 
-    def __init__(self, app, num_proxies=1):
-        self.app = app
-        self.num_proxies = num_proxies
+        :param forwarded_for: List of values parsed from the
+            ``X-Forwarded-For`` header.
+        :return: The real ``remote_addr``, or ``None`` if there were not
+            at least ``x_for`` values.
 
-    def get_remote_addr(self, forwarded_for):
-        """Selects the new remote addr from the given list of ips in
-        X-Forwarded-For.  By default it picks the one that the `num_proxies`
-        proxy server provides.  Before 0.9 it would always pick the first.
+        .. deprecated:: 0.15
+            Use :meth:`get_by_offset('x_for', values) <get_by_offset>`
+            instead.
+
+        .. versionchanged:: 0.9
+            Use ``num_proxies`` instead of always picking the first
+            value.
 
         .. versionadded:: 0.8
         """
-        if len(forwarded_for) >= self.num_proxies:
-            return forwarded_for[-self.num_proxies]
+        warnings.warn(DeprecationWarning(
+            "get_remote_addr is deprecated. Use"
+            " get_by_offset('x_for', values) instead."))
+        return self.get_by_offset('x_for', forwarded_for)
+
+    def get_by_offset(self, key, values):
+        """Get the real value from a list of values parsed from a header
+        based on the configured number of trusted proxies.
+
+        :param key: Key to get from :attr:`trusted`.
+        :param values: List of values parsed from a header.
+        :return: The real value, or ``None`` if there are fewer values
+            than the number of trusted proxies.
+
+        .. versionadded:: 0.15
+        """
+        offset = self.trusted[key]
+        if len(values) >= offset:
+            return values[-offset]
+
+    def set_x_host(self, value, environ):
+        """Set ``HTTP_HOST`` and ``SERVER_NAME`` based on
+        ``X-Forwarded-Host``.
+
+        :internal:
+        """
+        environ['HTTP_HOST'] = value
+        environ['SERVER_NAME'] = value
+
+    def set_x_port(self, value, environ):
+        """Set ``HTTP_HOST`` and ``SERVER_PORT`` based on
+        ``X-Forwarded-Port``.
+
+        If ``HTTP_HOST`` is not set, it will be skipped. Otherwise the
+        port will be added or changed.
+
+        :internal:
+        """
+        host = environ.get('HTTP_HOST')
+        if host:
+            parts = host.split(':', 1)
+            host = parts[0] if len(parts) == 2 else host
+            environ['HTTP_HOST'] = '%s:%s' % (host, value)
+
+        environ['SERVER_PORT'] = value
 
     def __call__(self, environ, start_response):
+        """Modify the WSGI environ based on the various ``Forwarded``
+        headers before calling the wrapped application. Store the
+        original environ values in ``werkzeug.proxy_fix.orig_{key}``.
+        """
         getter = environ.get
-        forwarded_proto = getter('HTTP_X_FORWARDED_PROTO', '').split(',')
-        forwarded_for = getter('HTTP_X_FORWARDED_FOR', '').split(',')
-        forwarded_host = getter('HTTP_X_FORWARDED_HOST', '')
-        forwarded_port = getter('HTTP_X_FORWARDED_PORT', '')
-        forwarded_prefix = getter('HTTP_X_FORWARDED_PREFIX', '')
-        environ.update({
-            'werkzeug.proxy_fix.orig_wsgi_url_scheme': getter('wsgi.url_scheme'),
-            'werkzeug.proxy_fix.orig_remote_addr': getter('REMOTE_ADDR'),
-            'werkzeug.proxy_fix.orig_http_host': getter('HTTP_HOST'),
-            'werkzeug.proxy_fix.orig_server_port': getter('SERVER_PORT'),
-            'werkzeug.proxy_fix.orig_script_name': getter('SCRIPT_NAME'),
-        })
-        forwarded_for = [x for x in [x.strip() for x in forwarded_for] if x]
-        forwarded_proto = [x for x in [x.strip() for x in forwarded_proto] if x]
-        remote_addr = self.get_remote_addr(forwarded_for)
-        if remote_addr is not None:
-            environ['REMOTE_ADDR'] = remote_addr
-        if forwarded_host:
-            environ['HTTP_HOST'] = forwarded_host
-        if forwarded_port:
-            if environ.get('HTTP_HOST'):
-                parts = environ['HTTP_HOST'].split(':', 1)
-                if len(parts) == 2:
-                    environ['HTTP_HOST'] = parts[0] + ':' + forwarded_port
+        environ['werkzeug.proxy_fix.orig'] = {
+            'REMOTE_ADDR': getter('REMOTE_ADDR'),
+            'wsgi.url_scheme': getter('wsgi.url_scheme'),
+            'HTTP_HOST': getter('HTTP_HOST'),
+            'SERVER_NAME': getter('SERVER_NAME'),
+            'SERVER_PORT': getter('SERVER_PORT'),
+            'SCRIPT_NAME': getter('SCRIPT_NAME'),
+        }
+
+        for get_key, offset_key, set_key in (
+            ('X_FORWARDED_FOR', 'x_for', 'REMOTE_ADDR'),
+            ('X_FORWARDED_PROTO', 'x_proto', 'wsgi.url_scheme'),
+            ('X_FORWARDED_HOST', 'x_host', self.set_x_host),
+            ('X_FORWARDED_PORT', 'x_port', self.set_x_port),
+            ('X_FORWARDED_PREFIX', 'x_prefix', 'SCRIPT_NAME'),
+        ):
+            value = self.get_by_offset(
+                offset_key,
+                [x.strip() for x in getter(get_key, '').split(',')])
+            if value:
+                if callable(set_key):
+                    set_key(value, environ)
                 else:
-                    environ['HTTP_HOST'] += ':' + forwarded_port
-            else:
-                environ['SERVER_PORT'] = forwarded_port
-        if forwarded_proto:
-            environ['wsgi.url_scheme'] = forwarded_proto[0]
-        if forwarded_prefix:
-            environ['SCRIPT_NAME'] = forwarded_prefix
+                    environ[set_key] = value
+
         return self.app(environ, start_response)
 
 
diff --git a/werkzeug/wsgi.py b/werkzeug/wsgi.py
index ec7bb0a9..1f58c18b 100644
--- a/werkzeug/wsgi.py
+++ b/werkzeug/wsgi.py
@@ -143,17 +143,20 @@ def host_is_trusted(hostname, trusted_list):
 
 
 def get_host(environ, trusted_hosts=None):
-    """Return the real host for the given WSGI environment.  This first checks
-    the normal `Host` header, and if it's not present, then `SERVER_NAME`
-    and `SERVER_PORT` environment variables.
-
-    Optionally it verifies that the host is in a list of trusted hosts.
-    If the host is not in there it will raise a
-    :exc:`~werkzeug.exceptions.SecurityError`.
-
-    :param environ: the WSGI environment to get the host of.
-    :param trusted_hosts: a list of trusted hosts, see :func:`host_is_trusted`
-                          for more information.
+    """Return the host for the given WSGI environment. This first checks
+    the ``Host`` header. If it's not present, then ``SERVER_NAME`` and
+    ``SERVER_PORT`` are used. The host will only contain the port if it
+    is different than the standard port for the protocol.
+
+    Optionally, verify that the host is trusted using
+    :func:`host_is_trusted` and raise a
+    :exc:`~werkzeug.exceptions.SecurityError` if it is not.
+
+    :param environ: The WSGI environment to get the host from.
+    :param trusted_hosts: A list of trusted hosts.
+    :return: Host, with port if necessary.
+    :raise ~werkzeug.exceptions.SecurityError: If the host is not
+        trusted.
     """
     if 'HTTP_HOST' in environ:
         rv = environ['HTTP_HOST']