summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorMorris Jobke <hey@morrisjobke.de>2018-10-30 10:49:08 +0100
committerGitHub <noreply@github.com>2018-10-30 10:49:08 +0100
commitdccfe4bf8410b2c24c2568c249e76270ed050eb1 (patch)
tree0e14de612eb7440f616e10574340d2e4f7d4cbfc /tests
parentc9e6a9963760403fe16c55e53937243563e9fa75 (diff)
parent401ca28f0773787146186bd568fd7901029dc5cd (diff)
downloadnextcloud-server-dccfe4bf8410b2c24c2568c249e76270ed050eb1.tar.gz
nextcloud-server-dccfe4bf8410b2c24c2568c249e76270ed050eb1.zip
Merge pull request #12036 from olivermg/master
Add capability of specifying "trusted_proxies" entries in CIDR notation (IPv4)
Diffstat (limited to 'tests')
-rw-r--r--tests/lib/AppFramework/Http/RequestTest.php115
1 files changed, 115 insertions, 0 deletions
diff --git a/tests/lib/AppFramework/Http/RequestTest.php b/tests/lib/AppFramework/Http/RequestTest.php
index a715eaa9599..c0e8dc97ef2 100644
--- a/tests/lib/AppFramework/Http/RequestTest.php
+++ b/tests/lib/AppFramework/Http/RequestTest.php
@@ -486,6 +486,35 @@ class RequestTest extends \Test\TestCase {
$this->assertSame('10.4.0.5', $request->getRemoteAddress());
}
+ public function testGetRemoteAddressIPv6WithSingleTrustedRemote() {
+ $this->config
+ ->expects($this->at(0))
+ ->method('getSystemValue')
+ ->with('trusted_proxies')
+ ->will($this->returnValue(['2001:db8:85a3:8d3:1319:8a2e:370:7348']));
+ $this->config
+ ->expects($this->at(1))
+ ->method('getSystemValue')
+ ->with('forwarded_for_headers')
+ ->will($this->returnValue(['HTTP_X_FORWARDED']));
+
+ $request = new Request(
+ [
+ 'server' => [
+ 'REMOTE_ADDR' => '2001:db8:85a3:8d3:1319:8a2e:370:7348',
+ 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
+ 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
+ ],
+ ],
+ $this->secureRandom,
+ $this->config,
+ $this->csrfTokenManager,
+ $this->stream
+ );
+
+ $this->assertSame('10.4.0.5', $request->getRemoteAddress());
+ }
+
public function testGetRemoteAddressVerifyPriorityHeader() {
$this->config
->expects($this->at(0))
@@ -519,6 +548,92 @@ class RequestTest extends \Test\TestCase {
$this->assertSame('192.168.0.233', $request->getRemoteAddress());
}
+ public function testGetRemoteAddressIPv6VerifyPriorityHeader() {
+ $this->config
+ ->expects($this->at(0))
+ ->method('getSystemValue')
+ ->with('trusted_proxies')
+ ->will($this->returnValue(['2001:db8:85a3:8d3:1319:8a2e:370:7348']));
+ $this->config
+ ->expects($this->at(1))
+ ->method('getSystemValue')
+ ->with('forwarded_for_headers')
+ ->will($this->returnValue([
+ 'HTTP_CLIENT_IP',
+ 'HTTP_X_FORWARDED_FOR',
+ 'HTTP_X_FORWARDED'
+ ]));
+
+ $request = new Request(
+ [
+ 'server' => [
+ 'REMOTE_ADDR' => '2001:db8:85a3:8d3:1319:8a2e:370:7348',
+ 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
+ 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
+ ],
+ ],
+ $this->secureRandom,
+ $this->config,
+ $this->csrfTokenManager,
+ $this->stream
+ );
+
+ $this->assertSame('192.168.0.233', $request->getRemoteAddress());
+ }
+
+ public function testGetRemoteAddressWithMatchingCidrTrustedRemote() {
+ $this->config
+ ->expects($this->at(0))
+ ->method('getSystemValue')
+ ->with('trusted_proxies')
+ ->will($this->returnValue(['192.168.2.0/24']));
+ $this->config
+ ->expects($this->at(1))
+ ->method('getSystemValue')
+ ->with('forwarded_for_headers')
+ ->will($this->returnValue(['HTTP_X_FORWARDED_FOR']));
+
+ $request = new Request(
+ [
+ 'server' => [
+ 'REMOTE_ADDR' => '192.168.2.99',
+ 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
+ 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
+ ],
+ ],
+ $this->secureRandom,
+ $this->config,
+ $this->csrfTokenManager,
+ $this->stream
+ );
+
+ $this->assertSame('192.168.0.233', $request->getRemoteAddress());
+ }
+
+ public function testGetRemoteAddressWithNotMatchingCidrTrustedRemote() {
+ $this->config
+ ->expects($this->once())
+ ->method('getSystemValue')
+ ->with('trusted_proxies')
+ ->will($this->returnValue(['192.168.2.0/24']));
+
+ $request = new Request(
+ [
+ 'server' => [
+ 'REMOTE_ADDR' => '192.168.3.99',
+ 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4',
+ 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
+ ],
+ ],
+ $this->secureRandom,
+ $this->config,
+ $this->csrfTokenManager,
+ $this->stream
+ );
+
+ $this->assertSame('192.168.3.99', $request->getRemoteAddress());
+ }
+
/**
* @return array
*/