summaryrefslogtreecommitdiffstats
path: root/tests
diff options
context:
space:
mode:
authorJoas Schilling <coding@schilljs.com>2023-10-30 14:14:20 +0100
committerJoas Schilling <coding@schilljs.com>2023-11-16 07:45:19 +0100
commit2fa78f62452cfa69adc86f6730866a28b723ca05 (patch)
tree38248b35e9dc43f1da6b5a80f9f5f96aabb2d4f3 /tests
parent50f8d6c1295f2847160d615343fae924a043bdf2 (diff)
downloadnextcloud-server-2fa78f62452cfa69adc86f6730866a28b723ca05.tar.gz
nextcloud-server-2fa78f62452cfa69adc86f6730866a28b723ca05.zip
Reverse X-Forwarded-For list to read the correct proxy remote address
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'tests')
-rw-r--r--tests/lib/AppFramework/Http/RequestTest.php38
1 files changed, 32 insertions, 6 deletions
diff --git a/tests/lib/AppFramework/Http/RequestTest.php b/tests/lib/AppFramework/Http/RequestTest.php
index 0ce2e283bb5..4f53b3d8d5c 100644
--- a/tests/lib/AppFramework/Http/RequestTest.php
+++ b/tests/lib/AppFramework/Http/RequestTest.php
@@ -628,7 +628,33 @@ class RequestTest extends \Test\TestCase {
$this->stream
);
- $this->assertSame('10.4.0.5', $request->getRemoteAddress());
+ $this->assertSame('10.4.0.4', $request->getRemoteAddress());
+ }
+
+ public function testGetRemoteAddressWithMultipleTrustedRemotes() {
+ $this->config
+ ->expects($this->exactly(2))
+ ->method('getSystemValue')
+ ->willReturnMap([
+ ['trusted_proxies', [], ['10.0.0.2', '::1']],
+ ['forwarded_for_headers', ['HTTP_X_FORWARDED_FOR'], ['HTTP_X_FORWARDED']],
+ ]);
+
+ $request = new Request(
+ [
+ 'server' => [
+ 'REMOTE_ADDR' => '10.0.0.2',
+ 'HTTP_X_FORWARDED' => '10.4.0.5, 10.4.0.4, ::1',
+ 'HTTP_X_FORWARDED_FOR' => '192.168.0.233'
+ ],
+ ],
+ $this->requestId,
+ $this->config,
+ $this->csrfTokenManager,
+ $this->stream
+ );
+
+ $this->assertSame('10.4.0.4', $request->getRemoteAddress());
}
public function testGetRemoteAddressIPv6WithSingleTrustedRemote() {
@@ -657,7 +683,7 @@ class RequestTest extends \Test\TestCase {
$this->stream
);
- $this->assertSame('10.4.0.5', $request->getRemoteAddress());
+ $this->assertSame('10.4.0.4', $request->getRemoteAddress());
}
public function testGetRemoteAddressVerifyPriorityHeader() {
@@ -670,9 +696,9 @@ class RequestTest extends \Test\TestCase {
)-> willReturnOnConsecutiveCalls(
['10.0.0.2'],
[
- 'HTTP_CLIENT_IP',
- 'HTTP_X_FORWARDED_FOR',
'HTTP_X_FORWARDED',
+ 'HTTP_X_FORWARDED_FOR',
+ 'HTTP_CLIENT_IP',
],
);
@@ -703,9 +729,9 @@ class RequestTest extends \Test\TestCase {
)-> willReturnOnConsecutiveCalls(
['2001:db8:85a3:8d3:1319:8a2e:370:7348'],
[
- 'HTTP_CLIENT_IP',
+ 'HTTP_X_FORWARDED',
'HTTP_X_FORWARDED_FOR',
- 'HTTP_X_FORWARDED'
+ 'HTTP_CLIENT_IP',
],
);