From af60cd1cd59abf0587b1b6a4d50e0d7c8d992f28 Mon Sep 17 00:00:00 2001
From: Sheng <webmaster0115@gmail.com>
Date: Tue, 16 Oct 2018 14:51:15 +0800
Subject: [PATCH] Tested app with 403 and 404 requests

---
 tests/test_app.py | 44 ++++++++++++++++++++++++++++++++++++++++++++
 webssh/handler.py |  4 ++--
 2 files changed, 46 insertions(+), 2 deletions(-)

diff --git a/tests/test_app.py b/tests/test_app.py
index c3f927c..69d81e1 100644
--- a/tests/test_app.py
+++ b/tests/test_app.py
@@ -561,3 +561,47 @@ class TestAppWithRejectPolicy(OtherTestBase):
         self.assertIsNone(data['encoding'])
         message = 'Connection to {}:{} is not allowed.'.format(self.body['hostname'], self.sshserver_port) # noqa
         self.assertEqual(message, data['status'])
+
+
+class TestAppWithTrustedStream(OtherTestBase):
+    tdstream = '127.0.0.2'
+
+    def test_with_forbidden_get_request(self):
+        response = self.fetch('/', method='GET')
+        self.assertEqual(response.code, 403)
+        self.assertIn(b'403: Forbidden', response.body)
+
+    def test_with_forbidden_post_request(self):
+        response = self.fetch('/', method='POST', body=urlencode(self.body),
+                              headers=self.headers)
+        self.assertEqual(response.code, 200)
+        self.assertIn(b'"status": "Forbidden"', response.body)
+
+    def test_with_forbidden_put_request(self):
+        response = self.fetch('/', method='PUT', body=urlencode(self.body),
+                              headers=self.headers)
+        self.assertEqual(response.code, 403)
+        self.assertIn(b'403: Forbidden', response.body)
+
+
+class TestAppNotFoundHandler(OtherTestBase):
+
+    def test_with_not_found_get_request(self):
+        response = self.fetch('/pathnotfound', method='GET')
+        self.assertEqual(response.code, 404)
+        self.assertEqual(response.headers['Server'], 'TornadoServer')
+        self.assertIn(b'404: Not Found', response.body)
+
+    def test_with_not_found_post_request(self):
+        response = self.fetch('/pathnotfound', method='POST',
+                              body=urlencode(self.body), headers=self.headers)
+        self.assertEqual(response.code, 404)
+        self.assertEqual(response.headers['Server'], 'TornadoServer')
+        self.assertIn(b'404: Not Found', response.body)
+
+    def test_with_not_found_put_request(self):
+        response = self.fetch('/pathnotfound', method='PUT',
+                              body=urlencode(self.body), headers=self.headers)
+        self.assertEqual(response.code, 404)
+        self.assertEqual(response.headers['Server'], 'TornadoServer')
+        self.assertIn(b'404: Not Found', response.body)
diff --git a/webssh/handler.py b/webssh/handler.py
index 0d162ee..7b69eda 100644
--- a/webssh/handler.py
+++ b/webssh/handler.py
@@ -54,7 +54,7 @@ class MixinHandler(object):
         lst = context.trusted_downstream
 
         if lst and ip not in lst:
-            logging.info(
+            logging.warning(
                 'IP {!r} not found in trusted downstream {!r}'.format(ip, lst)
             )
             return True
@@ -62,7 +62,7 @@ class MixinHandler(object):
         if context._orig_protocol == 'http':
             ipaddr = to_ip_address(ip)
             if not ipaddr.is_private:
-                logging.info('Public non-https request is forbidden.')
+                logging.warning('Public non-https request is forbidden.')
                 return True
 
     def set_default_headers(self):