diff options
author | ArthurHoaro <arthur@hoa.ro> | 2016-08-03 10:36:47 +0200 |
---|---|---|
committer | ArthurHoaro <arthur@hoa.ro> | 2016-11-05 14:29:52 +0100 |
commit | 3116d8671d388690bac1070e39d2c74d28b14f0e (patch) | |
tree | a310adfe8af2c0bd0c792d914dd7c26bcf9d910e /tests | |
parent | 4fd053d6b29a1b6724eda17a3daddb29b1bf1ca3 (diff) | |
download | Shaarli-3116d8671d388690bac1070e39d2c74d28b14f0e.tar.gz Shaarli-3116d8671d388690bac1070e39d2c74d28b14f0e.tar.zst Shaarli-3116d8671d388690bac1070e39d2c74d28b14f0e.zip |
Add trusted IPs in config and try to ban forwarded IP on failed login
* Add a new settings (which needs to be manually set): `security.trusted_proxies`
* On login failure, if the `REMOTE_ADDR` is in the trusted proxies, try to retrieve the forwarded IP in headers.
* If found, the client address is added in ipbans, else we do nothing.
Fixes #409
Diffstat (limited to 'tests')
-rw-r--r-- | tests/HttpUtils/GetIpAdressFromProxyTest.php | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/tests/HttpUtils/GetIpAdressFromProxyTest.php b/tests/HttpUtils/GetIpAdressFromProxyTest.php new file mode 100644 index 00000000..6a74a45a --- /dev/null +++ b/tests/HttpUtils/GetIpAdressFromProxyTest.php | |||
@@ -0,0 +1,58 @@ | |||
1 | <?php | ||
2 | |||
3 | require_once 'application/HttpUtils.php'; | ||
4 | |||
5 | /** | ||
6 | * Unitary tests for getIpAddressFromProxy() | ||
7 | */ | ||
8 | class GetIpAdressFromProxyTest extends PHPUnit_Framework_TestCase { | ||
9 | |||
10 | /** | ||
11 | * Test without proxy | ||
12 | */ | ||
13 | public function testWithoutProxy() | ||
14 | { | ||
15 | $this->assertFalse(getIpAddressFromProxy(array(), array())); | ||
16 | } | ||
17 | |||
18 | /** | ||
19 | * Test with a single IP in proxy header. | ||
20 | */ | ||
21 | public function testWithOneForwardedIp() | ||
22 | { | ||
23 | $ip = '1.1.1.1'; | ||
24 | $server = array('HTTP_X_FORWARDED_FOR' => $ip); | ||
25 | $this->assertEquals($ip, getIpAddressFromProxy($server, array())); | ||
26 | } | ||
27 | |||
28 | /** | ||
29 | * Test with a multiple IPs in proxy header. | ||
30 | */ | ||
31 | public function testWithMultipleForwardedIp() | ||
32 | { | ||
33 | $ip = '1.1.1.1'; | ||
34 | $ip2 = '2.2.2.2'; | ||
35 | |||
36 | $server = array('HTTP_X_FORWARDED_FOR' => $ip .','. $ip2); | ||
37 | $this->assertEquals($ip2, getIpAddressFromProxy($server, array())); | ||
38 | |||
39 | $server = array('HTTP_X_FORWARDED_FOR' => $ip .' , '. $ip2); | ||
40 | $this->assertEquals($ip2, getIpAddressFromProxy($server, array())); | ||
41 | } | ||
42 | |||
43 | /** | ||
44 | * Test with a trusted IP address. | ||
45 | */ | ||
46 | public function testWithTrustedIp() | ||
47 | { | ||
48 | $ip = '1.1.1.1'; | ||
49 | $ip2 = '2.2.2.2'; | ||
50 | |||
51 | $server = array('HTTP_X_FORWARDED_FOR' => $ip); | ||
52 | $this->assertFalse(getIpAddressFromProxy($server, array($ip))); | ||
53 | |||
54 | $server = array('HTTP_X_FORWARDED_FOR' => $ip .','. $ip2); | ||
55 | $this->assertEquals($ip2, getIpAddressFromProxy($server, array($ip))); | ||
56 | $this->assertFalse(getIpAddressFromProxy($server, array($ip, $ip2))); | ||
57 | } | ||
58 | } | ||