aboutsummaryrefslogtreecommitdiffstats
path: root/tests/lib
diff options
context:
space:
mode:
authorRoeland Jago Douma <roeland@famdouma.nl>2018-12-17 12:44:23 +0100
committerRoeland Jago Douma <roeland@famdouma.nl>2018-12-17 15:54:45 +0100
commit514426e27d9e6c9c7e3882697ea66a57f20a8bc0 (patch)
tree0e486605c7b09879b4594fb52fac8062d6e7cd14 /tests/lib
parent6788e6e75cca95357a64202d331bf61e975df7d3 (diff)
downloadnextcloud-server-514426e27d9e6c9c7e3882697ea66a57f20a8bc0.tar.gz
nextcloud-server-514426e27d9e6c9c7e3882697ea66a57f20a8bc0.zip
Only trust the X-FORWARDED-HOST header for trusted proxies
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'tests/lib')
-rw-r--r--tests/lib/AppFramework/Http/RequestTest.php143
1 files changed, 90 insertions, 53 deletions
diff --git a/tests/lib/AppFramework/Http/RequestTest.php b/tests/lib/AppFramework/Http/RequestTest.php
index c0e8dc97ef2..b01176f0cf1 100644
--- a/tests/lib/AppFramework/Http/RequestTest.php
+++ b/tests/lib/AppFramework/Http/RequestTest.php
@@ -715,15 +715,20 @@ class RequestTest extends \Test\TestCase {
public function testGetServerProtocolWithProtoValid() {
$this->config
- ->expects($this->exactly(2))
->method('getSystemValue')
- ->with('overwriteprotocol')
- ->will($this->returnValue(''));
+ ->will($this->returnCallback(function($key, $default) {
+ if ($key === 'trusted_proxies') {
+ return ['1.2.3.4'];
+ }
+
+ return $default;
+ }));
$requestHttps = new Request(
[
'server' => [
- 'HTTP_X_FORWARDED_PROTO' => 'HtTpS'
+ 'HTTP_X_FORWARDED_PROTO' => 'HtTpS',
+ 'REMOTE_ADDR' => '1.2.3.4',
],
],
$this->secureRandom,
@@ -734,7 +739,8 @@ class RequestTest extends \Test\TestCase {
$requestHttp = new Request(
[
'server' => [
- 'HTTP_X_FORWARDED_PROTO' => 'HTTp'
+ 'HTTP_X_FORWARDED_PROTO' => 'HTTp',
+ 'REMOTE_ADDR' => '1.2.3.4',
],
],
$this->secureRandom,
@@ -750,10 +756,10 @@ class RequestTest extends \Test\TestCase {
public function testGetServerProtocolWithHttpsServerValueOn() {
$this->config
- ->expects($this->once())
->method('getSystemValue')
- ->with('overwriteprotocol')
- ->will($this->returnValue(''));
+ ->will($this->returnCallback(function($key, $default) {
+ return $default;
+ }));
$request = new Request(
[
@@ -771,10 +777,10 @@ class RequestTest extends \Test\TestCase {
public function testGetServerProtocolWithHttpsServerValueOff() {
$this->config
- ->expects($this->once())
->method('getSystemValue')
- ->with('overwriteprotocol')
- ->will($this->returnValue(''));
+ ->will($this->returnCallback(function($key, $default) {
+ return $default;
+ }));
$request = new Request(
[
@@ -792,10 +798,10 @@ class RequestTest extends \Test\TestCase {
public function testGetServerProtocolWithHttpsServerValueEmpty() {
$this->config
- ->expects($this->once())
->method('getSystemValue')
- ->with('overwriteprotocol')
- ->will($this->returnValue(''));
+ ->will($this->returnCallback(function($key, $default) {
+ return $default;
+ }));
$request = new Request(
[
@@ -813,10 +819,10 @@ class RequestTest extends \Test\TestCase {
public function testGetServerProtocolDefault() {
$this->config
- ->expects($this->once())
->method('getSystemValue')
- ->with('overwriteprotocol')
- ->will($this->returnValue(''));
+ ->will($this->returnCallback(function($key, $default) {
+ return $default;
+ }));
$request = new Request(
[],
@@ -830,15 +836,20 @@ class RequestTest extends \Test\TestCase {
public function testGetServerProtocolBehindLoadBalancers() {
$this->config
- ->expects($this->once())
->method('getSystemValue')
- ->with('overwriteprotocol')
- ->will($this->returnValue(''));
+ ->will($this->returnCallback(function($key, $default) {
+ if ($key === 'trusted_proxies') {
+ return ['1.2.3.4'];
+ }
+
+ return $default;
+ }));
$request = new Request(
[
'server' => [
- 'HTTP_X_FORWARDED_PROTO' => 'https,http,http'
+ 'HTTP_X_FORWARDED_PROTO' => 'https,http,http',
+ 'REMOTE_ADDR' => '1.2.3.4',
],
],
$this->secureRandom,
@@ -1025,12 +1036,23 @@ class RequestTest extends \Test\TestCase {
}
public function testInsecureServerHostHttpFromForwardedHeaderSingle() {
+ $this->config
+ ->method('getSystemValue')
+ ->will($this->returnCallback(function($key, $default) {
+ if ($key === 'trusted_proxies') {
+ return ['1.2.3.4'];
+ }
+
+ return $default;
+ }));
+
$request = new Request(
[
'server' => [
'SERVER_NAME' => 'from.server.name:8080',
'HTTP_HOST' => 'from.host.header:8080',
'HTTP_X_FORWARDED_HOST' => 'from.forwarded.host:8080',
+ 'REMOTE_ADDR' => '1.2.3.4',
]
],
$this->secureRandom,
@@ -1043,12 +1065,23 @@ class RequestTest extends \Test\TestCase {
}
public function testInsecureServerHostHttpFromForwardedHeaderStacked() {
+ $this->config
+ ->method('getSystemValue')
+ ->will($this->returnCallback(function($key, $default) {
+ if ($key === 'trusted_proxies') {
+ return ['1.2.3.4'];
+ }
+
+ return $default;
+ }));
+
$request = new Request(
[
'server' => [
'SERVER_NAME' => 'from.server.name:8080',
'HTTP_HOST' => 'from.host.header:8080',
'HTTP_X_FORWARDED_HOST' => 'from.forwarded.host2:8080,another.one:9000',
+ 'REMOTE_ADDR' => '1.2.3.4',
]
],
$this->secureRandom,
@@ -1062,20 +1095,16 @@ class RequestTest extends \Test\TestCase {
public function testGetServerHostWithOverwriteHost() {
$this->config
- ->expects($this->at(0))
- ->method('getSystemValue')
- ->with('overwritehost')
- ->will($this->returnValue('my.overwritten.host'));
- $this->config
- ->expects($this->at(1))
->method('getSystemValue')
- ->with('overwritecondaddr')
- ->will($this->returnValue(''));
- $this->config
- ->expects($this->at(2))
- ->method('getSystemValue')
- ->with('overwritehost')
- ->will($this->returnValue('my.overwritten.host'));
+ ->will($this->returnCallback(function($key, $default) {
+ if ($key === 'overwritecondaddr') {
+ return '';
+ } else if ($key === 'overwritehost') {
+ return 'my.overwritten.host';
+ }
+
+ return $default;
+ }));
$request = new Request(
[],
@@ -1090,15 +1119,22 @@ class RequestTest extends \Test\TestCase {
public function testGetServerHostWithTrustedDomain() {
$this->config
- ->expects($this->at(3))
->method('getSystemValue')
- ->with('trusted_domains')
- ->will($this->returnValue(['my.trusted.host']));
+ ->will($this->returnCallback(function($key, $default) {
+ if ($key === 'trusted_proxies') {
+ return ['1.2.3.4'];
+ } else if ($key === 'trusted_domains') {
+ return ['my.trusted.host'];
+ }
+
+ return $default;
+ }));
$request = new Request(
[
'server' => [
'HTTP_X_FORWARDED_HOST' => 'my.trusted.host',
+ 'REMOTE_ADDR' => '1.2.3.4',
],
],
$this->secureRandom,
@@ -1112,20 +1148,22 @@ class RequestTest extends \Test\TestCase {
public function testGetServerHostWithUntrustedDomain() {
$this->config
- ->expects($this->at(3))
- ->method('getSystemValue')
- ->with('trusted_domains')
- ->will($this->returnValue(['my.trusted.host']));
- $this->config
- ->expects($this->at(4))
->method('getSystemValue')
- ->with('trusted_domains')
- ->will($this->returnValue(['my.trusted.host']));
+ ->will($this->returnCallback(function($key, $default) {
+ if ($key === 'trusted_proxies') {
+ return ['1.2.3.4'];
+ } else if ($key === 'trusted_domains') {
+ return ['my.trusted.host'];
+ }
+
+ return $default;
+ }));
$request = new Request(
[
'server' => [
'HTTP_X_FORWARDED_HOST' => 'my.untrusted.host',
+ 'REMOTE_ADDR' => '1.2.3.4',
],
],
$this->secureRandom,
@@ -1139,20 +1177,19 @@ class RequestTest extends \Test\TestCase {
public function testGetServerHostWithNoTrustedDomain() {
$this->config
- ->expects($this->at(3))
->method('getSystemValue')
- ->with('trusted_domains')
- ->will($this->returnValue([]));
- $this->config
- ->expects($this->at(4))
- ->method('getSystemValue')
- ->with('trusted_domains')
- ->will($this->returnValue([]));
+ ->will($this->returnCallback(function($key, $default) {
+ if ($key === 'trusted_proxies') {
+ return ['1.2.3.4'];
+ }
+ return $default;
+ }));
$request = new Request(
[
'server' => [
'HTTP_X_FORWARDED_HOST' => 'my.untrusted.host',
+ 'REMOTE_ADDR' => '1.2.3.4',
],
],
$this->secureRandom,