Fix wsgi environment building

Sergey Skripnick · Sergey Skripnick · commit d904071c3073 · 2015-10-18T00:28:21.000+03:00
Fixed issues: SERVER_NAME and SERVER_PORT variables may be determined in two ways: if protocol is HTTP/1.0: Value of `Host` header. If there is no such header, then address of transport may be taken (transport.get_extra_info('sockname')) if protocol is HTTP/1.1: Value of `Host` header. If there is no such header, the Bad Request should be raised, because this header is required in HTTP/1.1. REMOTE_ADDR and REMOTE_PORT should be address and port of host connected to http server. (https://www.ietf.org/rfc/rfc3875) Also, header `Authorization` should not be in environment at all.
diff --git a/aiohttp/wsgi.py b/aiohttp/wsgi.py
@@ -14,7 +14,7 @@
 from urllib.parse import urlsplit
 
 import aiohttp
-from aiohttp import server, helpers, hdrs
+from aiohttp import server, hdrs
 
 __all__ = ('WSGIServerHttpProtocol',)
 
@@ -63,17 +63,12 @@ def create_wsgi_environ(self, message, payload):
             'SERVER_PROTOCOL': 'HTTP/%s.%s' % message.version
         }
 
-        # authors should be aware that REMOTE_HOST and REMOTE_ADDR
-        # may not qualify the remote addr:
-        # http://www.ietf.org/rfc/rfc3875
-        forward = self.transport.get_extra_info('addr', '127.0.0.1')
         script_name = self.SCRIPT_NAME
-        server = forward
 
         for hdr_name, hdr_value in message.headers.items():
-            if hdr_name == 'HOST':
-                server = hdr_value
-            elif hdr_name == 'SCRIPT_NAME':
+            if hdr_name == 'AUTHORIZATION':
+                continue
+            if hdr_name == 'SCRIPT_NAME':
                 script_name = hdr_value
             elif hdr_name == 'CONTENT-TYPE':
                 environ['CONTENT_TYPE'] = hdr_value
@@ -88,17 +83,16 @@ def create_wsgi_environ(self, message, payload):
 
             environ[key] = hdr_value
 
-        remote = helpers.parse_remote_addr(forward)
+        remote = self.transport.get_extra_info('peername')
         environ['REMOTE_ADDR'] = remote[0]
         environ['REMOTE_PORT'] = remote[1]
-
-        if isinstance(server, str):
-            server = server.split(':')
-            if len(server) == 1:
-                server.append('80' if url_scheme == 'http' else '443')
-
-        environ['SERVER_NAME'] = server[0]
-        environ['SERVER_PORT'] = str(server[1])
+        host = message.headers.get("HOST", None)
+        if host:
+            host = host.split(":")
+        else:
+            host = self.transport.get_extra_info('sockname')
+        environ['SERVER_NAME'] = host[0]
+        environ['SERVER_PORT'] = str(host[1]) if len(host) > 1 else '80'
 
         path_info = uri_parts.path
         if script_name:
diff --git a/tests/test_wsgi.py b/tests/test_wsgi.py
@@ -22,9 +22,9 @@ def setUp(self):
         self.writer = unittest.mock.Mock()
         self.writer.drain.return_value = ()
         self.transport = unittest.mock.Mock()
-        self.transport.get_extra_info.return_value = '127.0.0.1'
+        self.transport.get_extra_info.return_value = ('1.2.3.4', 8080)
 
-        self.headers = multidict.MultiDict()
+        self.headers = multidict.MultiDict({"HOST": "python.org"})
         self.message = protocol.RawRequestMessage(
             'GET', '/path', (1, 0), self.headers, True, 'deflate')
         self.payload = aiohttp.FlowControlDataQueue(self.reader)
@@ -63,8 +63,7 @@ def test_environ(self):
 
     def test_environ_headers(self):
         self.headers.extend(
-            (('HOST', 'python.org'),
-             ('SCRIPT_NAME', 'script'),
+            (('SCRIPT_NAME', 'script'),
              ('CONTENT-TYPE', 'text/plain'),
              ('CONTENT-LENGTH', '209'),
              ('X_TEST', '123'),
@@ -75,10 +74,9 @@ def test_environ_headers(self):
         self.assertEqual(environ['HTTP_X_TEST'], '123,456')
         self.assertEqual(environ['SCRIPT_NAME'], 'script')
         self.assertEqual(environ['SERVER_NAME'], 'python.org')
-        self.assertEqual(environ['SERVER_PORT'], '443')
+        self.assertEqual(environ['SERVER_PORT'], '80')
 
     def test_environ_host_header(self):
-        self.headers.add('HOST', 'python.org')
         environ = self._make_one()
 
         self.assertEqual(environ['HTTP_HOST'], 'python.org')
@@ -87,41 +85,16 @@ def test_environ_host_header(self):
         self.assertEqual(environ['SERVER_PROTOCOL'], 'HTTP/1.0')
 
     def test_environ_host_port_header(self):
+        headers = multidict.MultiDict({'HOST': 'python.org:443'})
         self.message = protocol.RawRequestMessage(
-            'GET', '/path', (1, 1), self.headers, True, 'deflate')
-        self.headers.add('HOST', 'python.org:443')
+            'GET', '/path', (1, 1), headers, True, 'deflate')
         environ = self._make_one()
 
         self.assertEqual(environ['HTTP_HOST'], 'python.org:443')
         self.assertEqual(environ['SERVER_NAME'], 'python.org')
         self.assertEqual(environ['SERVER_PORT'], '443')
         self.assertEqual(environ['SERVER_PROTOCOL'], 'HTTP/1.1')
 
-    def test_environ_forward(self):
-        self.transport.get_extra_info.return_value = 'localhost,127.0.0.1'
-        environ = self._make_one()
-
-        self.assertEqual(environ['REMOTE_ADDR'], '127.0.0.1')
-        self.assertEqual(environ['REMOTE_PORT'], '80')
-
-        self.transport.get_extra_info.return_value = 'localhost,127.0.0.1:443'
-        environ = self._make_one()
-
-        self.assertEqual(environ['REMOTE_ADDR'], '127.0.0.1')
-        self.assertEqual(environ['REMOTE_PORT'], '443')
-
-        self.transport.get_extra_info.return_value = ('127.0.0.1', 443)
-        environ = self._make_one()
-
-        self.assertEqual(environ['REMOTE_ADDR'], '127.0.0.1')
-        self.assertEqual(environ['REMOTE_PORT'], '443')
-
-        self.transport.get_extra_info.return_value = '[::1]'
-        environ = self._make_one()
-
-        self.assertEqual(environ['REMOTE_ADDR'], '::1')
-        self.assertEqual(environ['REMOTE_PORT'], '80')
-
     def test_wsgi_response(self):
         srv = self._make_srv()
         resp = srv.create_wsgi_response(self.message)
@@ -280,3 +253,20 @@ def test_dont_unquote_environ_path_info(self):
             'GET', path, (1, 0), self.headers, True, 'deflate')
         environ = self._make_one()
         self.assertEqual(environ['PATH_INFO'], path)
+
+    def test_not_add_authorization(self):
+        self.headers.extend({"AUTHORIZATION": "spam",
+                             "X-CUSTOM-HEADER": "eggs"})
+        self.message = protocol.RawRequestMessage(
+            'GET', '/', (1, 1), self.headers, True, 'deflate')
+        environ = self._make_one()
+        self.assertEqual('eggs', environ['HTTP_X_CUSTOM_HEADER'])
+        self.assertFalse('AUTHORIZATION' in environ)
+
+    def test_http_1_0_no_host(self):
+        headers = multidict.MultiDict({})
+        self.message = protocol.RawRequestMessage(
+            'GET', '/', (1, 0), headers, True, 'deflate')
+        environ = self._make_one()
+        self.assertEqual('1.2.3.4', environ["SERVER_NAME"])
+        self.assertEqual('8080', environ["SERVER_PORT"])
