From 50d179183810a7b719bc10da2b9c4a95fd9dddee Mon Sep 17 00:00:00 2001
From: ArthurHoaro <arthur@hoa.ro>
Date: Wed, 3 Aug 2016 10:36:47 +0200
Subject: Add trusted IPs in config and try to ban forwarded IP on failed login

  * Add a new settings (which needs to be manually set): `security.trusted_proxies`
  * On login failure, if the `REMOTE_ADDR` is in the trusted proxies, try to retrieve the forwarded IP in headers.
  * If found, the client address is added in ipbans, else we do nothing.

Fixes #409
---
 tests/HttpUtils/GetIpAdressFromProxyTest.php | 58 ++++++++++++++++++++++++++++
 1 file changed, 58 insertions(+)
 create mode 100644 tests/HttpUtils/GetIpAdressFromProxyTest.php

(limited to 'tests/HttpUtils')

diff --git a/tests/HttpUtils/GetIpAdressFromProxyTest.php b/tests/HttpUtils/GetIpAdressFromProxyTest.php
new file mode 100644
index 00000000..6a74a45a
--- /dev/null
+++ b/tests/HttpUtils/GetIpAdressFromProxyTest.php
@@ -0,0 +1,58 @@
+<?php
+
+require_once 'application/HttpUtils.php';
+
+/**
+ * Unitary tests for getIpAddressFromProxy()
+ */
+class GetIpAdressFromProxyTest extends PHPUnit_Framework_TestCase {
+
+    /**
+     * Test without proxy
+     */
+    public function testWithoutProxy()
+    {
+        $this->assertFalse(getIpAddressFromProxy(array(), array()));
+    }
+
+    /**
+     * Test with a single IP in proxy header.
+     */
+    public function testWithOneForwardedIp()
+    {
+        $ip = '1.1.1.1';
+        $server = array('HTTP_X_FORWARDED_FOR' => $ip);
+        $this->assertEquals($ip, getIpAddressFromProxy($server, array()));
+    }
+
+    /**
+     * Test with a multiple IPs in proxy header.
+     */
+    public function testWithMultipleForwardedIp()
+    {
+        $ip = '1.1.1.1';
+        $ip2 = '2.2.2.2';
+
+        $server = array('HTTP_X_FORWARDED_FOR' => $ip .','. $ip2);
+        $this->assertEquals($ip2, getIpAddressFromProxy($server, array()));
+
+        $server = array('HTTP_X_FORWARDED_FOR' => $ip .' ,   '. $ip2);
+        $this->assertEquals($ip2, getIpAddressFromProxy($server, array()));
+    }
+
+    /**
+     * Test with a trusted IP address.
+     */
+    public function testWithTrustedIp()
+    {
+        $ip = '1.1.1.1';
+        $ip2 = '2.2.2.2';
+
+        $server = array('HTTP_X_FORWARDED_FOR' => $ip);
+        $this->assertFalse(getIpAddressFromProxy($server, array($ip)));
+
+        $server = array('HTTP_X_FORWARDED_FOR' => $ip .','. $ip2);
+        $this->assertEquals($ip2, getIpAddressFromProxy($server, array($ip)));
+        $this->assertFalse(getIpAddressFromProxy($server, array($ip, $ip2)));
+    }
+}
-- 
cgit v1.2.3