Support custom headers extraction

Author: Inbal Tako

README.md

@@ -111,7 +111,6 @@ You can also create request context from requests:
 
 ```python
 from securenative.securenative import SecureNative
-from securenative.context.securenative_context import SecureNativeContext
 from securenative.models.event_options import EventOptions
 from securenative.enums.event_types import EventTypes
 from securenative.models.user_traits import UserTraits
@@ -120,7 +119,7 @@ from securenative.models.user_traits import UserTraits
 def track(request):
     securenative = SecureNative.get_instance()
 
-    context = SecureNativeContext.from_http_request(request)
+    context = SecureNative.from_http_request(request)
     event_options = EventOptions(event=EventTypes.LOG_IN,
                                 user_id="1234",
                                 user_traits=UserTraits("Your Name", "name@gmail.com", "+1234567890"),
@@ -137,15 +136,14 @@ def track(request):
 ```python
 from securenative.securenative import SecureNative
 from securenative.models.event_options import EventOptions
-from securenative.context.securenative_context import SecureNativeContext
 from securenative.enums.event_types import EventTypes
 from securenative.models.user_traits import UserTraits
 
 
 def verify(request):
     securenative = SecureNative.get_instance()
 
-    context = SecureNativeContext.from_http_request(request)
+    context = SecureNative.from_http_request(request)
     event_options = EventOptions(event=EventTypes.LOG_IN,
                                 user_id="1234",
                                 user_traits=UserTraits("Your Name", "name@gmail.com", "+1234567890"),
@@ -173,3 +171,26 @@ def webhook_endpoint(request):
     is_verified = securenative.verify_request_payload(request)
  ```
 
+## Extract proxy headers from Cloudflare
+
+You can specify custom header keys to allow extraction of client ip from different providers.
+This example demonstrates the usage of proxy headers for ip extraction from Cloudflare.
+
+### Option 1: Using config file
+```ini
+SECURENATIVE_API_KEY: dsbe27fh3437r2yd326fg3fdg36f43
+SECURENATIVE_PROXY_HEADERS: ["CF-Connecting-IP"]
+```
+
+Initialize sdk as shown above.
+
+### Options 2: Using ConfigurationBuilder
+
+```python
+from securenative.securenative import SecureNative
+from securenative.config.securenative_options import SecureNativeOptions
+
+
+options = SecureNativeOptions(api_key="YOUR_API_KEY", max_events=10, log_level="ERROR", proxy_headers=['CF-Connecting-IP'])
+securenative = SecureNative.init_with_options(options)
+```

VERSION

@@ -1 +1 @@
-0.3.1
+0.3.2

securenative/config/configuration_manager.py

@@ -63,4 +63,6 @@ def load_config(cls, resource_path):
                                                                      options.log_level),
                                    fail_over_strategy=cls._get_env_or_default(properties,
                                                                               "SECURENATIVE_FAILOVER_STRATEGY",
-                                                                              options.fail_over_strategy))
+                                                                              options.fail_over_strategy),
+                                   proxy_headers=cls._get_env_or_default(properties, "SECURENATIVE_PROXY_HEADERS",
+                                                                         options.proxy_headers))

securenative/config/securenative_options.py

@@ -5,8 +5,10 @@ class SecureNativeOptions(object):
 
     def __init__(self, api_key=None, api_url="https://api.securenative.com/collector/api/v1", interval=1000,
                  max_events=1000, timeout=1500, auto_send=True, disable=False, log_level="CRITICAL",
-                 fail_over_strategy=FailOverStrategy.FAIL_OPEN.value):
+                 fail_over_strategy=FailOverStrategy.FAIL_OPEN.value, proxy_headers=None):
 
+        if proxy_headers is None:
+            proxy_headers = []
         if fail_over_strategy != FailOverStrategy.FAIL_OPEN.value and \
                 fail_over_strategy != FailOverStrategy.FAIL_CLOSED.value:
             self.fail_over_strategy = FailOverStrategy.FAIL_OPEN.value
@@ -21,3 +23,4 @@ def __init__(self, api_key=None, api_url="https://api.securenative.com/collector
         self.auto_send = auto_send
         self.disable = disable
         self.log_level = log_level
+        self.proxy_headers = proxy_headers

securenative/context/securenative_context.py

@@ -14,7 +14,7 @@ def __init__(self, client_token=None, ip=None, remote_ip=None, headers=None, url
         self.body = body
 
     @staticmethod
-    def from_http_request(request):
+    def from_http_request(request, options):
         try:
             client_token = request.cookies[RequestUtils.SECURENATIVE_COOKIE]
         except Exception:
@@ -28,6 +28,6 @@ def from_http_request(request):
         if Utils.is_null_or_empty(client_token):
             client_token = RequestUtils.get_secure_header_from_request(headers)
 
-        return SecureNativeContext(client_token, RequestUtils.get_client_ip_from_request(request),
+        return SecureNativeContext(client_token, RequestUtils.get_client_ip_from_request(request, options),
                                    RequestUtils.get_remote_ip_from_request(request), headers, request.url,
                                    request.method, None)

securenative/securenative.py

@@ -1,6 +1,7 @@
 from securenative.api_manager import ApiManager
 from securenative.config.configuration_manager import ConfigurationManager
 from securenative.config.securenative_options import SecureNativeOptions
+from securenative.context.securenative_context import SecureNativeContext
 from securenative.event_manager import EventManager
 from securenative.exceptions.securenative_config_exception import SecureNativeConfigException
 from securenative.exceptions.securenative_sdk_Illegal_state_exception import SecureNativeSDKIllegalStateException
@@ -75,6 +76,10 @@ def verify(self, event_options):
     def _flush(cls):
         cls._securenative = None
 
+    @classmethod
+    def from_http_request(cls, request):
+        return SecureNativeContext.from_http_request(request, SecureNative._options)
+
     def verify_request_payload(self, request):
         request_signature = request.header[SignatureUtils.SignatureHeader]
         body = request.body

securenative/utils/request_utils.py

@@ -10,7 +10,16 @@ def get_secure_header_from_request(headers):
             return ""
 
     @staticmethod
-    def get_client_ip_from_request(request):
+    def get_client_ip_from_request(request, options):
+        if options and len(options.proxy_headers) > 0:
+            for header in options.proxy_headers:
+                try:
+                    if request.environ.get(header) is not None:
+                        return request.environ.get(header)
+                except AttributeError:
+                    if request.headers[header] is not None:
+                        return request.headers[header]
+
         try:
             x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR')
             if x_forwarded_for:

securenative/utils/version_utils.py

@@ -2,4 +2,4 @@ class VersionUtils(object):
 
     @staticmethod
     def get_version():
-        return "0.3.1"
+        return "0.3.2"

tests/context_builder_test.py

@@ -21,7 +21,7 @@ def test_create_context_from_request(self):
             request.headers = {
                 "x-securenative": "71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a"}
 
-            context = SecureNativeContext.from_http_request(request)
+            context = SecureNativeContext.from_http_request(request, None)
 
             self.assertEqual(context.client_token,
                              "71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a")
@@ -47,7 +47,7 @@ def test_create_context_from_request_with_cookie(self):
             request.cookies = {"_sn":
                                    "71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a"}
 
-            context = SecureNativeContext.from_http_request(request)
+            context = SecureNativeContext.from_http_request(request, None)
 
             self.assertEqual(context.client_token,
                              "71532c1fad2c7f56118f7969e401f3cf080239140d208e7934e6a530818c37e544a0c2330a487bcc6fe4f662a57f265a3ed9f37871e80529128a5e4f2ca02db0fb975ded401398f698f19bb0cafd68a239c6caff99f6f105286ab695eaf3477365bdef524f5d70d9be1d1d474506b433aed05d7ed9a435eeca357de57817b37c638b6bb417ffb101eaf856987615a77a")

tests/encryption_utils_test.py

@@ -1,7 +1,5 @@
 import unittest
 
-import pytest
-
 from securenative.utils.encryption_utils import EncryptionUtils
 
 
@@ -19,10 +17,3 @@ def test_decrypt(self):
 
         self.assertEqual(result.cid, self.CID)
         self.assertEqual(result.fp, self.FP)
-
-    @pytest.mark.skip("Differences in crypto version fails this test when in reality it's passing")
-    def test_encrypt(self):
-        result = EncryptionUtils.encrypt(self.PAYLOAD, self.SECRET_KEY)
-
-        self.assertIsNotNone(result)
-        self.assertGreater(len(self.PAYLOAD), len(result))