Knah-Tsaeb/MyShaarli
Knah-Tsaeb/MyShaarli
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Add trusted IPs in config and try to ban forwarded IP on failed login

Browse source 
* Add a new settings (which needs to be manually set): `security.trusted_proxies`
  * On login failure, if the `REMOTE_ADDR` is in the trusted proxies, try to retrieve the forwarded IP in headers.
  * If found, the client address is added in ipbans, else we do nothing.

Fixes
This commit is contained in:
ArthurHoaro 2016-08-03 10:36:47 +02:00
parent c7a42ab1d9
commit 50d1791838
3 changed files with 94 additions and 1 deletions

58
tests/HttpUtils/GetIpAdressFromProxyTest.php Normal file
View file

@ -0,0 +1,58 @@
<?php
require_once 'application/HttpUtils.php';
/**
* Unitary tests for getIpAddressFromProxy()
*/
class GetIpAdressFromProxyTest extends PHPUnit_Framework_TestCase {
/**
* Test without proxy
*/
public function testWithoutProxy()
{
$this->assertFalse(getIpAddressFromProxy(array(), array()));
}
/**
* Test with a single IP in proxy header.
*/
public function testWithOneForwardedIp()
{
$ip = '1.1.1.1';
$server = array('HTTP_X_FORWARDED_FOR' => $ip);
$this->assertEquals($ip, getIpAddressFromProxy($server, array()));
}
/**
* Test with a multiple IPs in proxy header.
*/
public function testWithMultipleForwardedIp()
{
$ip = '1.1.1.1';
$ip2 = '2.2.2.2';
$server = array('HTTP_X_FORWARDED_FOR' => $ip .','. $ip2);
$this->assertEquals($ip2, getIpAddressFromProxy($server, array()));
$server = array('HTTP_X_FORWARDED_FOR' => $ip .' , '. $ip2);
$this->assertEquals($ip2, getIpAddressFromProxy($server, array()));
}
/**
* Test with a trusted IP address.
*/
public function testWithTrustedIp()
{
$ip = '1.1.1.1';
$ip2 = '2.2.2.2';
$server = array('HTTP_X_FORWARDED_FOR' => $ip);
$this->assertFalse(getIpAddressFromProxy($server, array($ip)));
$server = array('HTTP_X_FORWARDED_FOR' => $ip .','. $ip2);
$this->assertEquals($ip2, getIpAddressFromProxy($server, array($ip)));
$this->assertFalse(getIpAddressFromProxy($server, array($ip, $ip2)));
}
}