diff options
author | Joas Schilling <coding@schilljs.com> | 2023-10-30 14:14:20 +0100 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2023-11-16 07:45:19 +0100 |
commit | 2fa78f62452cfa69adc86f6730866a28b723ca05 (patch) | |
tree | 38248b35e9dc43f1da6b5a80f9f5f96aabb2d4f3 /tests/lib | |
parent | 50f8d6c1295f2847160d615343fae924a043bdf2 (diff) | |
download | nextcloud-server-2fa78f62452cfa69adc86f6730866a28b723ca05.tar.gz nextcloud-server-2fa78f62452cfa69adc86f6730866a28b723ca05.zip |
Reverse X-Forwarded-For list to read the correct proxy remote address
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'tests/lib')
-rw-r--r-- | tests/lib/AppFramework/Http/RequestTest.php | 38 |
1 files changed, 32 insertions, 6 deletions
diff --git a/tests/lib/AppFramework/Http/RequestTest.php b/tests/lib/AppFramework/Http/RequestTest.php index 0ce2e283bb5..4f53b3d8d5c 100644 --- a/tests/lib/AppFramework/Http/RequestTest.php +++ b/tests/lib/AppFramework/Http/RequestTest.php @@ -628,7 +628,33 @@ class RequestTest extends \Test\TestCase { $this->stream ); - $this->assertSame('10.4.0.5', $request->getRemoteAddress()); + $this->assertSame('10.4.0.4', $request->getRemoteAddress()); + } + + public function testGetRemoteAddressWithMultipleTrustedRemotes() { + $this->config + ->expects($this->exactly(2)) + ->method('getSystemValue') + ->willReturnMap([ + ['trusted_proxies', [], ['10.0.0.2', '::1']], + ['forwarded_for_headers', ['HTTP_X_FORWARDED_FOR'], ['HTTP_X_FORWARDED']], + ]); + + $request = new Request( + [ + 'server' => [ + 'REMOTE_ADDR' => '10.0.0.2', + 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4, ::1', + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233' + ], + ], + $this->requestId, + $this->config, + $this->csrfTokenManager, + $this->stream + ); + + $this->assertSame('10.4.0.4', $request->getRemoteAddress()); } public function testGetRemoteAddressIPv6WithSingleTrustedRemote() { @@ -657,7 +683,7 @@ class RequestTest extends \Test\TestCase { $this->stream ); - $this->assertSame('10.4.0.5', $request->getRemoteAddress()); + $this->assertSame('10.4.0.4', $request->getRemoteAddress()); } public function testGetRemoteAddressVerifyPriorityHeader() { @@ -670,9 +696,9 @@ class RequestTest extends \Test\TestCase { )-> willReturnOnConsecutiveCalls( ['10.0.0.2'], [ - 'HTTP_CLIENT_IP', - 'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', + 'HTTP_X_FORWARDED_FOR', + 'HTTP_CLIENT_IP', ], ); @@ -703,9 +729,9 @@ class RequestTest extends \Test\TestCase { )-> willReturnOnConsecutiveCalls( ['2001:db8:85a3:8d3:1319:8a2e:370:7348'], [ - 'HTTP_CLIENT_IP', + 'HTTP_X_FORWARDED', 'HTTP_X_FORWARDED_FOR', - 'HTTP_X_FORWARDED' + 'HTTP_CLIENT_IP', ], ); |