diff options
| author | Simon Leiner <simon@leiner.me> | 2022-07-23 23:29:45 +0200 |
|---|---|---|
| committer | Simon Leiner <simon@leiner.me> | 2022-08-02 17:36:47 +0200 |
| commit | 09362eaeaa24e4458b5e52c1099759484b1a528d (patch) | |
| tree | 7c419cfbe31c5acf86edbeb5fa384ce75f17d51f /tests | |
| parent | 9475cc02b218f7cab402ec0b2b370ed6c68650c1 (diff) | |
| download | nextcloud-server-09362eaeaa24e4458b5e52c1099759484b1a528d.tar.gz nextcloud-server-09362eaeaa24e4458b5e52c1099759484b1a528d.zip | |
Support specifying IPv6 proxies in CIDR notation
Previously, it was not possible to use CIDR notation for IPv6 proxies
in the trusted_proxies parameter of config.php [1]. This patch adds
support for that.
[1]: https://docs.nextcloud.com/server/24/admin_manual/configuration_server/reverse_proxy_configuration.html#defining-trusted-proxies
Signed-off-by: Simon Leiner <simon@leiner.me>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/lib/AppFramework/Http/RequestTest.php | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/tests/lib/AppFramework/Http/RequestTest.php b/tests/lib/AppFramework/Http/RequestTest.php index 3289a373a12..cf5ebdca2f0 100644 --- a/tests/lib/AppFramework/Http/RequestTest.php +++ b/tests/lib/AppFramework/Http/RequestTest.php @@ -585,6 +585,83 @@ class RequestTest extends \Test\TestCase { $this->assertSame('192.168.3.99', $request->getRemoteAddress()); } + public function testGetRemoteIpv6AddressWithMatchingIpv6CidrTrustedRemote() { + $this->config + ->expects($this->exactly(2)) + ->method('getSystemValue') + ->withConsecutive( + ['trusted_proxies'], + ['forwarded_for_headers'] + )->willReturnOnConsecutiveCalls( + ['2001:db8:85a3:8d3:1319:8a20::/95'], + ['HTTP_X_FORWARDED_FOR'] + ); + + $request = new Request( + [ + 'server' => [ + 'REMOTE_ADDR' => '2001:db8:85a3:8d3:1319:8a21:370:7348', + 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233' + ], + ], + $this->requestId, + $this->config, + $this->csrfTokenManager, + $this->stream + ); + + $this->assertSame('192.168.0.233', $request->getRemoteAddress()); + } + + public function testGetRemoteAddressIpv6WithNotMatchingCidrTrustedRemote() { + $this->config + ->expects($this->once()) + ->method('getSystemValue') + ->with('trusted_proxies') + ->willReturn(['fd::/8']); + + $request = new Request( + [ + 'server' => [ + 'REMOTE_ADDR' => '2001:db8:85a3:8d3:1319:8a2e:370:7348', + 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233' + ], + ], + $this->requestId, + $this->config, + $this->csrfTokenManager, + $this->stream + ); + + $this->assertSame('2001:db8:85a3:8d3:1319:8a2e:370:7348', $request->getRemoteAddress()); + } + + public function testGetRemoteAddressIpv6WithInvalidTrustedProxy() { + $this->config + ->expects($this->once()) + ->method('getSystemValue') + ->with('trusted_proxies') + ->willReturn(['fx::/8']); + + $request = new Request( + [ + 'server' => [ + 'REMOTE_ADDR' => '2001:db8:85a3:8d3:1319:8a2e:370:7348', + 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4', + 'HTTP_X_FORWARDED_FOR' => '192.168.0.233' + ], + ], + $this->requestId, + $this->config, + $this->csrfTokenManager, + $this->stream + ); + + $this->assertSame('2001:db8:85a3:8d3:1319:8a2e:370:7348', $request->getRemoteAddress()); + } + public function testGetRemoteAddressWithXForwardedForIPv6() { $this->config ->expects($this->exactly(2)) |