Merge pull request #573 from redixin/fix-wsgi-env-building

Fix wsgi environment building

Author: asvetlov

aiohttp/wsgi.py

@@ -14,7 +14,7 @@
 from urllib.parse import urlsplit
 
 import aiohttp
-from aiohttp import server, helpers, hdrs
+from aiohttp import server, hdrs
 
 __all__ = ('WSGIServerHttpProtocol',)
 
@@ -63,16 +63,11 @@ def create_wsgi_environ(self, message, payload):
             'SERVER_PROTOCOL': 'HTTP/%s.%s' % message.version
         }
 
-        # authors should be aware that REMOTE_HOST and REMOTE_ADDR
-        # may not qualify the remote addr:
-        # http://www.ietf.org/rfc/rfc3875
-        forward = self.transport.get_extra_info('addr', '127.0.0.1')
         script_name = self.SCRIPT_NAME
-        server = forward
 
         for hdr_name, hdr_value in message.headers.items():
-            if hdr_name == 'HOST':
-                server = hdr_value
+            if hdr_name == 'AUTHORIZATION':
+                continue
             elif hdr_name == 'SCRIPT_NAME':
                 script_name = hdr_value
             elif hdr_name == 'CONTENT-TYPE':
@@ -88,17 +83,23 @@ def create_wsgi_environ(self, message, payload):
 
             environ[key] = hdr_value
 
-        remote = helpers.parse_remote_addr(forward)
+        # authors should be aware that REMOTE_HOST and REMOTE_ADDR
+        # may not qualify the remote addr
+        # also SERVER_PORT variable MUST be set to the TCP/IP port number on
+        # which this request is received from the client.
+        # http://www.ietf.org/rfc/rfc3875
+
+        remote = self.transport.get_extra_info('peername')
         environ['REMOTE_ADDR'] = remote[0]
         environ['REMOTE_PORT'] = remote[1]
 
-        if isinstance(server, str):
-            server = server.split(':')
-            if len(server) == 1:
-                server.append('80' if url_scheme == 'http' else '443')
-
-        environ['SERVER_NAME'] = server[0]
-        environ['SERVER_PORT'] = str(server[1])
+        sockname = self.transport.get_extra_info('sockname')
+        environ['SERVER_PORT'] = str(sockname[1])
+        host = message.headers.get("HOST", None)
+        if host:
+            environ['SERVER_NAME'] = host.split(":")[0]
+        else:
+            environ['SERVER_NAME'] = sockname[0]
 
         path_info = uri_parts.path
         if script_name:

tests/test_wsgi.py

@@ -22,9 +22,10 @@ def setUp(self):
         self.writer = unittest.mock.Mock()
         self.writer.drain.return_value = ()
         self.transport = unittest.mock.Mock()
-        self.transport.get_extra_info.return_value = '127.0.0.1'
+        self.transport.get_extra_info.side_effect = [('1.2.3.4', 1234),
+                                                     ('2.3.4.5', 80)]
 
-        self.headers = multidict.MultiDict()
+        self.headers = multidict.MultiDict({"HOST": "python.org"})
         self.message = protocol.RawRequestMessage(
             'GET', '/path', (1, 0), self.headers, True, 'deflate')
         self.payload = aiohttp.FlowControlDataQueue(self.reader)
@@ -63,64 +64,40 @@ def test_environ(self):
 
     def test_environ_headers(self):
         self.headers.extend(
-            (('HOST', 'python.org'),
-             ('SCRIPT_NAME', 'script'),
+            (('SCRIPT_NAME', 'script'),
              ('CONTENT-TYPE', 'text/plain'),
              ('CONTENT-LENGTH', '209'),
              ('X_TEST', '123'),
              ('X_TEST', '456')))
-        environ = self._make_one(is_ssl=True)
+        environ = self._make_one()
         self.assertEqual(environ['CONTENT_TYPE'], 'text/plain')
         self.assertEqual(environ['CONTENT_LENGTH'], '209')
         self.assertEqual(environ['HTTP_X_TEST'], '123,456')
         self.assertEqual(environ['SCRIPT_NAME'], 'script')
         self.assertEqual(environ['SERVER_NAME'], 'python.org')
-        self.assertEqual(environ['SERVER_PORT'], '443')
-
-    def test_environ_host_header(self):
-        self.headers.add('HOST', 'python.org')
-        environ = self._make_one()
-
-        self.assertEqual(environ['HTTP_HOST'], 'python.org')
-        self.assertEqual(environ['SERVER_NAME'], 'python.org')
         self.assertEqual(environ['SERVER_PORT'], '80')
-        self.assertEqual(environ['SERVER_PROTOCOL'], 'HTTP/1.0')
-
-    def test_environ_host_port_header(self):
-        self.message = protocol.RawRequestMessage(
-            'GET', '/path', (1, 1), self.headers, True, 'deflate')
-        self.headers.add('HOST', 'python.org:443')
-        environ = self._make_one()
-
-        self.assertEqual(environ['HTTP_HOST'], 'python.org:443')
-        self.assertEqual(environ['SERVER_NAME'], 'python.org')
-        self.assertEqual(environ['SERVER_PORT'], '443')
-        self.assertEqual(environ['SERVER_PROTOCOL'], 'HTTP/1.1')
-
-    def test_environ_forward(self):
-        self.transport.get_extra_info.return_value = 'localhost,127.0.0.1'
-        environ = self._make_one()
-
-        self.assertEqual(environ['REMOTE_ADDR'], '127.0.0.1')
-        self.assertEqual(environ['REMOTE_PORT'], '80')
-
-        self.transport.get_extra_info.return_value = 'localhost,127.0.0.1:443'
-        environ = self._make_one()
-
-        self.assertEqual(environ['REMOTE_ADDR'], '127.0.0.1')
-        self.assertEqual(environ['REMOTE_PORT'], '443')
-
-        self.transport.get_extra_info.return_value = ('127.0.0.1', 443)
+        get_extra_info_calls = self.transport.get_extra_info.mock_calls
+        expected_calls = [
+            unittest.mock.call('peername'),
+            unittest.mock.call('sockname'),
+        ]
+        self.assertEqual(expected_calls, get_extra_info_calls)
+
+    def test_environ_host_header_alternate_port(self):
+        self.transport.get_extra_info = unittest.mock.Mock(
+            side_effect=[('1.2.3.4', 1234), ('3.4.5.6', 82)]
+        )
+        self.headers.update({'HOST': 'example.com:9999'})
         environ = self._make_one()
+        self.assertEqual(environ['SERVER_PORT'], '82')
 
-        self.assertEqual(environ['REMOTE_ADDR'], '127.0.0.1')
-        self.assertEqual(environ['REMOTE_PORT'], '443')
-
-        self.transport.get_extra_info.return_value = '[::1]'
-        environ = self._make_one()
-
-        self.assertEqual(environ['REMOTE_ADDR'], '::1')
-        self.assertEqual(environ['REMOTE_PORT'], '80')
+    def test_environ_host_header_alternate_port_ssl(self):
+        self.transport.get_extra_info = unittest.mock.Mock(
+            side_effect=[('1.2.3.4', 1234), ('3.4.5.6', 82)]
+        )
+        self.headers.update({'HOST': 'example.com:9999'})
+        environ = self._make_one(is_ssl=True)
+        self.assertEqual(environ['SERVER_PORT'], '82')
 
     def test_wsgi_response(self):
         srv = self._make_srv()
@@ -280,3 +257,20 @@ def test_dont_unquote_environ_path_info(self):
             'GET', path, (1, 0), self.headers, True, 'deflate')
         environ = self._make_one()
         self.assertEqual(environ['PATH_INFO'], path)
+
+    def test_not_add_authorization(self):
+        self.headers.extend({'AUTHORIZATION': 'spam',
+                             'X-CUSTOM-HEADER': 'eggs'})
+        self.message = protocol.RawRequestMessage(
+            'GET', '/', (1, 1), self.headers, True, 'deflate')
+        environ = self._make_one()
+        self.assertEqual('eggs', environ['HTTP_X_CUSTOM_HEADER'])
+        self.assertFalse('AUTHORIZATION' in environ)
+
+    def test_http_1_0_no_host(self):
+        headers = multidict.MultiDict({})
+        self.message = protocol.RawRequestMessage(
+            'GET', '/', (1, 0), headers, True, 'deflate')
+        environ = self._make_one()
+        self.assertEqual(environ['SERVER_NAME'], '2.3.4.5')
+        self.assertEqual(environ['SERVER_PORT'], '80')