Vectorface /
whip
| @@ 153-169 (lines=17) @@ | ||
| 150 | * |
|
| 151 | * @dataProvider proxyMethodWhitelistProvider |
|
| 152 | */ |
|
| 153 | public function testValidWhitelistedProxyMethod($remoteAddr) |
|
| 154 | { |
|
| 155 | $lookup = new Whip( |
|
| 156 | Whip::PROXY_HEADERS, |
|
| 157 | array( |
|
| 158 | Whip::PROXY_HEADERS => array( |
|
| 159 | IpWhitelist::IPV4 => array('127.0.0.1'), |
|
| 160 | IpWhitelist::IPV6 => array('::1') |
|
| 161 | ) |
|
| 162 | ), |
|
| 163 | array( |
|
| 164 | 'REMOTE_ADDR' => $remoteAddr, |
|
| 165 | 'HTTP_X_FORWARDED_FOR' => '192.168.1.1,32.32.32.32' |
|
| 166 | ) |
|
| 167 | ); |
|
| 168 | $this->assertEquals('32.32.32.32', $lookup->getIpAddress()); |
|
| 169 | } |
|
| 170 | ||
| 171 | /** |
|
| 172 | * Repeats the above test twice for ipv4 and ipv6 |
|
| @@ 186-206 (lines=21) @@ | ||
| 183 | * Tests that we accept proxy method based on a whitelisted IP using the |
|
| 184 | * dashed range notation. |
|
| 185 | */ |
|
| 186 | public function testValidWhitelistedProxyMethodWithDashNotation() |
|
| 187 | { |
|
| 188 | $lookup = new Whip( |
|
| 189 | Whip::PROXY_HEADERS, |
|
| 190 | array( |
|
| 191 | Whip::PROXY_HEADERS => array( |
|
| 192 | IpWhitelist::IPV4 => array( |
|
| 193 | '127.0.0.0-127.0.255.255', |
|
| 194 | ), |
|
| 195 | IpWhitelist::IPV6 => array( |
|
| 196 | '::1' |
|
| 197 | ) |
|
| 198 | ) |
|
| 199 | ), |
|
| 200 | array( |
|
| 201 | 'REMOTE_ADDR' => '127.0.0.1', |
|
| 202 | 'HTTP_X_FORWARDED_FOR' => '32.32.32.32' |
|
| 203 | ) |
|
| 204 | ); |
|
| 205 | $this->assertEquals('32.32.32.32', $lookup->getIpAddress()); |
|
| 206 | } |
|
| 207 | ||
| 208 | /** |
|
| 209 | * Tests that we accept proxy method based on a whitelisted IP using the |
|
| @@ 212-232 (lines=21) @@ | ||
| 209 | * Tests that we accept proxy method based on a whitelisted IP using the |
|
| 210 | * wildcard asterix notation. |
|
| 211 | */ |
|
| 212 | public function testValidWhitelistedProxyMethodWithWildcardNotation() |
|
| 213 | { |
|
| 214 | $lookup = new Whip( |
|
| 215 | Whip::PROXY_HEADERS, |
|
| 216 | array( |
|
| 217 | Whip::PROXY_HEADERS => array( |
|
| 218 | IpWhitelist::IPV4 => array( |
|
| 219 | '127.0.*' |
|
| 220 | ), |
|
| 221 | IpWhitelist::IPV6 => array( |
|
| 222 | '::1' |
|
| 223 | ) |
|
| 224 | ) |
|
| 225 | ), |
|
| 226 | array( |
|
| 227 | 'REMOTE_ADDR' => '127.0.0.1', |
|
| 228 | 'HTTP_X_FORWARDED_FOR' => '32.32.32.32' |
|
| 229 | ) |
|
| 230 | ); |
|
| 231 | $this->assertEquals('32.32.32.32', $lookup->getIpAddress()); |
|
| 232 | } |
|
| 233 | ||
| 234 | /** |
|
| 235 | * Tests that we accept proxy method based on a whitelisted IP using the |
|
| @@ 238-258 (lines=21) @@ | ||
| 235 | * Tests that we accept proxy method based on a whitelisted IP using the |
|
| 236 | * CIDR address notation. |
|
| 237 | */ |
|
| 238 | public function testValidWhitelistedProxyMethodWithCIDRdNotation() |
|
| 239 | { |
|
| 240 | $lookup = new Whip( |
|
| 241 | Whip::PROXY_HEADERS, |
|
| 242 | array( |
|
| 243 | Whip::PROXY_HEADERS => array( |
|
| 244 | IpWhitelist::IPV4 => array( |
|
| 245 | '127.0.0.0/24' |
|
| 246 | ), |
|
| 247 | IpWhitelist::IPV6 => array( |
|
| 248 | '::1' |
|
| 249 | ) |
|
| 250 | ) |
|
| 251 | ), |
|
| 252 | array( |
|
| 253 | 'REMOTE_ADDR' => '127.0.0.1', |
|
| 254 | 'HTTP_X_FORWARDED_FOR' => '32.32.32.32' |
|
| 255 | ) |
|
| 256 | ); |
|
| 257 | $this->assertEquals('32.32.32.32', $lookup->getIpAddress()); |
|
| 258 | } |
|
| 259 | ||
| 260 | /** |
|
| 261 | * Tests that we get false if there is a valid IP in a proxy header but |
|
| @@ 264-284 (lines=21) @@ | ||
| 261 | * Tests that we get false if there is a valid IP in a proxy header but |
|
| 262 | * we reject it due to REMOTE_ADDR not being in the whitelist. |
|
| 263 | */ |
|
| 264 | public function testValidIpRejectedDueToWhitelist() |
|
| 265 | { |
|
| 266 | $lookup = new Whip( |
|
| 267 | Whip::PROXY_HEADERS, |
|
| 268 | array( |
|
| 269 | Whip::PROXY_HEADERS => array( |
|
| 270 | IpWhitelist::IPV4 => array( |
|
| 271 | '127.0.0.1/24' |
|
| 272 | ), |
|
| 273 | IpWhitelist::IPV6 => array( |
|
| 274 | '::1' |
|
| 275 | ) |
|
| 276 | ) |
|
| 277 | ), |
|
| 278 | array( |
|
| 279 | 'REMOTE_ADDR' => '24.24.24.24', |
|
| 280 | 'HTTP_X_FORWARDED_FOR' => '32.32.32.32' |
|
| 281 | ) |
|
| 282 | ); |
|
| 283 | $this->assertFalse($lookup->getIpAddress()); |
|
| 284 | } |
|
| 285 | ||
| 286 | /** |
|
| 287 | * Tests that we reject a proxy listed IPv6 address that does not fall within |
|
| @@ 381-402 (lines=22) @@ | ||
| 378 | /** |
|
| 379 | * Test a custom header with a whitelisted IP. |
|
| 380 | */ |
|
| 381 | public function testCustomHeader() |
|
| 382 | { |
|
| 383 | $lookup = new Whip( |
|
| 384 | Whip::CUSTOM_HEADERS | Whip::REMOTE_ADDR, |
|
| 385 | array( |
|
| 386 | Whip::CUSTOM_HEADERS => array( |
|
| 387 | IpWhitelist::IPV4 => array( |
|
| 388 | '127.0.0.1', |
|
| 389 | '::1' |
|
| 390 | ) |
|
| 391 | ) |
|
| 392 | ), |
|
| 393 | array( |
|
| 394 | 'REMOTE_ADDR' => '127.0.0.1', |
|
| 395 | 'HTTP_CUSTOM_SECRET_HEADER' => '32.32.32.32' |
|
| 396 | ) |
|
| 397 | ); |
|
| 398 | $this->assertEquals( |
|
| 399 | '32.32.32.32', |
|
| 400 | $lookup->addCustomHeader('HTTP_CUSTOM_SECRET_HEADER')->getIpAddress() |
|
| 401 | ); |
|
| 402 | } |
|
| 403 | ||
| 404 | /** |
|
| 405 | * Test HTTP_X_REAL_IP header. |
|
