Vectorface /
whip
| @@ 123-143 (lines=21) @@ | ||
| 120 | * Tests that we accept proxy method based on a whitelisted IP using the |
|
| 121 | * dashed range notation. |
|
| 122 | */ |
|
| 123 | public function testValidWhitelistedProxyMethodWithDashNotation() |
|
| 124 | { |
|
| 125 | $_SERVER = array( |
|
| 126 | 'REMOTE_ADDR' => '127.0.0.1', |
|
| 127 | 'HTTP_X_FORWARDED_FOR' => '32.32.32.32' |
|
| 128 | ); |
|
| 129 | $lookup = new Whip( |
|
| 130 | Whip::PROXY_HEADERS, |
|
| 131 | array( |
|
| 132 | Whip::PROXY_HEADERS => array( |
|
| 133 | IpWhitelist::IPV4 => array( |
|
| 134 | '127.0.0.0-127.0.255.255', |
|
| 135 | ), |
|
| 136 | IpWhitelist::IPV6 => array( |
|
| 137 | '::1' |
|
| 138 | ) |
|
| 139 | ) |
|
| 140 | ) |
|
| 141 | ); |
|
| 142 | $this->assertEquals('32.32.32.32', $lookup->getIpAddress()); |
|
| 143 | } |
|
| 144 | ||
| 145 | /** |
|
| 146 | * Tests that we accept proxy method based on a whitelisted IP using the |
|
| @@ 149-169 (lines=21) @@ | ||
| 146 | * Tests that we accept proxy method based on a whitelisted IP using the |
|
| 147 | * wildcard asterix notation. |
|
| 148 | */ |
|
| 149 | public function testValidWhitelistedProxyMethodWithWildcardNotation() |
|
| 150 | { |
|
| 151 | $_SERVER = array( |
|
| 152 | 'REMOTE_ADDR' => '127.0.0.1', |
|
| 153 | 'HTTP_X_FORWARDED_FOR' => '32.32.32.32' |
|
| 154 | ); |
|
| 155 | $lookup = new Whip( |
|
| 156 | Whip::PROXY_HEADERS, |
|
| 157 | array( |
|
| 158 | Whip::PROXY_HEADERS => array( |
|
| 159 | IpWhitelist::IPV4 => array( |
|
| 160 | '127.0.*' |
|
| 161 | ), |
|
| 162 | IpWhitelist::IPV6 => array( |
|
| 163 | '::1' |
|
| 164 | ) |
|
| 165 | ) |
|
| 166 | ) |
|
| 167 | ); |
|
| 168 | $this->assertEquals('32.32.32.32', $lookup->getIpAddress()); |
|
| 169 | } |
|
| 170 | ||
| 171 | /** |
|
| 172 | * Tests that we accept proxy method based on a whitelisted IP using the |
|
| @@ 175-195 (lines=21) @@ | ||
| 172 | * Tests that we accept proxy method based on a whitelisted IP using the |
|
| 173 | * CIDR address notation. |
|
| 174 | */ |
|
| 175 | public function testValidWhitelistedProxyMethodWithCIDRdNotation() |
|
| 176 | { |
|
| 177 | $_SERVER = array( |
|
| 178 | 'REMOTE_ADDR' => '127.0.0.1', |
|
| 179 | 'HTTP_X_FORWARDED_FOR' => '32.32.32.32' |
|
| 180 | ); |
|
| 181 | $lookup = new Whip( |
|
| 182 | Whip::PROXY_HEADERS, |
|
| 183 | array( |
|
| 184 | Whip::PROXY_HEADERS => array( |
|
| 185 | IpWhitelist::IPV4 => array( |
|
| 186 | '127.0.0.0/24' |
|
| 187 | ), |
|
| 188 | IpWhitelist::IPV6 => array( |
|
| 189 | '::1' |
|
| 190 | ) |
|
| 191 | ) |
|
| 192 | ) |
|
| 193 | ); |
|
| 194 | $this->assertEquals('32.32.32.32', $lookup->getIpAddress()); |
|
| 195 | } |
|
| 196 | ||
| 197 | /** |
|
| 198 | * Tests that we get false if there is a valid IP in a proxy header but |
|
| @@ 201-221 (lines=21) @@ | ||
| 198 | * Tests that we get false if there is a valid IP in a proxy header but |
|
| 199 | * we reject it due to REMOTE_ADDR not being in the whitelist. |
|
| 200 | */ |
|
| 201 | public function testValidIpRejectedDueToWhitelist() |
|
| 202 | { |
|
| 203 | $_SERVER = array( |
|
| 204 | 'REMOTE_ADDR' => '24.24.24.24', |
|
| 205 | 'HTTP_X_FORWARDED_FOR' => '32.32.32.32' |
|
| 206 | ); |
|
| 207 | $lookup = new Whip( |
|
| 208 | Whip::PROXY_HEADERS, |
|
| 209 | array( |
|
| 210 | Whip::PROXY_HEADERS => array( |
|
| 211 | IpWhitelist::IPV4 => array( |
|
| 212 | '127.0.0.1/24' |
|
| 213 | ), |
|
| 214 | IpWhitelist::IPV6 => array( |
|
| 215 | '::1' |
|
| 216 | ) |
|
| 217 | ) |
|
| 218 | ) |
|
| 219 | ); |
|
| 220 | $this->assertFalse($lookup->getIpAddress()); |
|
| 221 | } |
|
| 222 | ||
| 223 | /** |
|
| 224 | * Tests that we reject a proxy listed IPv6 address that does not fall within |
|
| @@ 250-267 (lines=18) @@ | ||
| 247 | * Tests that we reject a proxy listed IPv6 address that does not fall within |
|
| 248 | * the allowed subnet. |
|
| 249 | */ |
|
| 250 | public function testIPv6AddressFoundInWhitelist() |
|
| 251 | { |
|
| 252 | $_SERVER = array( |
|
| 253 | 'REMOTE_ADDR' => '::1', |
|
| 254 | 'HTTP_X_FORWARDED_FOR' => '::1' |
|
| 255 | ); |
|
| 256 | $lookup = new Whip( |
|
| 257 | Whip::PROXY_HEADERS, |
|
| 258 | array( |
|
| 259 | Whip::PROXY_HEADERS => array( |
|
| 260 | IpWhitelist::IPV6 => array( |
|
| 261 | '::1/32' |
|
| 262 | ) |
|
| 263 | ) |
|
| 264 | ) |
|
| 265 | ); |
|
| 266 | $this->assertEquals('::1', $lookup->getIpAddress()); |
|
| 267 | } |
|
| 268 | ||
| 269 | /** |
|
| 270 | * Test that an IPv4 address is rejected because the whitelist is empty for |
|
| @@ 318-339 (lines=22) @@ | ||
| 315 | /** |
|
| 316 | * Test a custom header with a whitelisted IP. |
|
| 317 | */ |
|
| 318 | public function testCustomHeader() |
|
| 319 | { |
|
| 320 | $_SERVER = array( |
|
| 321 | 'REMOTE_ADDR' => '127.0.0.1', |
|
| 322 | 'HTTP_CUSTOM_SECRET_HEADER' => '32.32.32.32' |
|
| 323 | ); |
|
| 324 | $lookup = new Whip( |
|
| 325 | Whip::CUSTOM_HEADERS | Whip::REMOTE_ADDR, |
|
| 326 | array( |
|
| 327 | Whip::CUSTOM_HEADERS => array( |
|
| 328 | IpWhitelist::IPV4 => array( |
|
| 329 | '127.0.0.1', |
|
| 330 | '::1' |
|
| 331 | ) |
|
| 332 | ) |
|
| 333 | ) |
|
| 334 | ); |
|
| 335 | $this->assertEquals( |
|
| 336 | '32.32.32.32', |
|
| 337 | $lookup->addCustomHeader('HTTP_CUSTOM_SECRET_HEADER')->getIpAddress() |
|
| 338 | ); |
|
| 339 | } |
|
| 340 | ||
| 341 | /** |
|
| 342 | * Test HTTP_X_REAL_IP header. |
|
