silverstripe / cwp-core

src/Control/CwpBasicAuthMiddleware.php

Indentation +82 added lines, -82 removed lines

@@ -8,95 +8,95 @@
 
 class CwpBasicAuthMiddleware extends BasicAuthMiddleware implements PermissionProvider
 {
-    /**
-     * Whitelisted IP addresses will not be given a basic authentication prompt when other basic authentication
-     * rules via {@link BasicAuthMiddleware} are enabled.
-     *
-     * Please note that this will not have any effect if using BasicAuth.entire_site_protected, which will
-     * always enabled basic authentication for the entire site.
-     *
-     * @var array
-     */
-    protected $whitelistedIps = [];
+	/**
+	 * Whitelisted IP addresses will not be given a basic authentication prompt when other basic authentication
+	 * rules via {@link BasicAuthMiddleware} are enabled.
+	 *
+	 * Please note that this will not have any effect if using BasicAuth.entire_site_protected, which will
+	 * always enabled basic authentication for the entire site.
+	 *
+	 * @var array
+	 */
+	protected $whitelistedIps = [];
 
-    /**
-     * @return array
-     */
-    public function getWhitelistedIps()
-    {
-        return $this->whitelistedIps;
-    }
+	/**
+	 * @return array
+	 */
+	public function getWhitelistedIps()
+	{
+		return $this->whitelistedIps;
+	}
 
-    /**
-     * @param string|string[] $whitelistedIps An array of IP addresses, a comma delimited string, or an array of IPs
-     *                                        or comma delimited IP list strings
-     * @return $this
-     */
-    public function setWhitelistedIps($whitelistedIps)
-    {
-        // Allow string or array input
-        $ipLists = is_string($whitelistedIps) ? [$whitelistedIps] : $whitelistedIps;
+	/**
+	 * @param string|string[] $whitelistedIps An array of IP addresses, a comma delimited string, or an array of IPs
+	 *                                        or comma delimited IP list strings
+	 * @return $this
+	 */
+	public function setWhitelistedIps($whitelistedIps)
+	{
+		// Allow string or array input
+		$ipLists = is_string($whitelistedIps) ? [$whitelistedIps] : $whitelistedIps;
 
-        $whitelistedIps = [];
-        // Break each string in the array by commas to support nested IP lists
-        foreach ($ipLists as $ipList) {
-            $ips = array_map('trim', explode(',', $ipList));
-            $whitelistedIps = array_merge($whitelistedIps, $ips);
-        }
+		$whitelistedIps = [];
+		// Break each string in the array by commas to support nested IP lists
+		foreach ($ipLists as $ipList) {
+			$ips = array_map('trim', explode(',', $ipList));
+			$whitelistedIps = array_merge($whitelistedIps, $ips);
+		}
 
-        // Return unique values with keys reset
-        $this->whitelistedIps = array_values(array_unique($whitelistedIps));
-        return $this;
-    }
+		// Return unique values with keys reset
+		$this->whitelistedIps = array_values(array_unique($whitelistedIps));
+		return $this;
+	}
 
-    /**
-     * Check for any whitelisted IP addresses. If one matches the current user's IP then return false early,
-     * otherwise allow the default {@link BasicAuthMiddleware} to continue its logic.
-     *
-     * {@inheritDoc}
-     */
-    protected function checkMatchingURL(HTTPRequest $request)
-    {
-        if ($this->ipMatchesWhitelist()) {
-            return false;
-        }
-        return parent::checkMatchingURL($request);
-    }
+	/**
+	 * Check for any whitelisted IP addresses. If one matches the current user's IP then return false early,
+	 * otherwise allow the default {@link BasicAuthMiddleware} to continue its logic.
+	 *
+	 * {@inheritDoc}
+	 */
+	protected function checkMatchingURL(HTTPRequest $request)
+	{
+		if ($this->ipMatchesWhitelist()) {
+			return false;
+		}
+		return parent::checkMatchingURL($request);
+	}
 
-    /**
-     * Check whether the current user's IP address is in the IP whitelist
-     *
-     * @return bool
-     */
-    protected function ipMatchesWhitelist()
-    {
-        $whitelist = $this->getWhitelistedIps();
-        // Continue if no whitelist is defined
-        if (empty($whitelist)) {
-            return false;
-        }
+	/**
+	 * Check whether the current user's IP address is in the IP whitelist
+	 *
+	 * @return bool
+	 */
+	protected function ipMatchesWhitelist()
+	{
+		$whitelist = $this->getWhitelistedIps();
+		// Continue if no whitelist is defined
+		if (empty($whitelist)) {
+			return false;
+		}
 
-        $userIp = $_SERVER['REMOTE_ADDR'];
-        if (in_array($userIp, $whitelist)) {
-            return true;
-        }
+		$userIp = $_SERVER['REMOTE_ADDR'];
+		if (in_array($userIp, $whitelist)) {
+			return true;
+		}
 
-        return false;
-    }
+		return false;
+	}
 
-    /**
-     * Provide a permission code for users to be able to access the site in test mode (UAT sites). This will
-     * apply to any route other than those required to change your password.
-     *
-     * @return array
-     */
-    public function providePermissions()
-    {
-        return [
-            'ACCESS_UAT_SERVER' => _t(
-                __CLASS__ . '.UatServerPermission',
-                'Allow users to use their accounts to access the UAT server'
-            )
-        ];
-    }
+	/**
+	 * Provide a permission code for users to be able to access the site in test mode (UAT sites). This will
+	 * apply to any route other than those required to change your password.
+	 *
+	 * @return array
+	 */
+	public function providePermissions()
+	{
+		return [
+			'ACCESS_UAT_SERVER' => _t(
+				__CLASS__ . '.UatServerPermission',
+				'Allow users to use their accounts to access the UAT server'
+			)
+		];
+	}
 }

tests/Control/CwpBasicAuthMiddlewareTest.php

Indentation +110 added lines, -110 removed lines

@@ -13,114 +13,114 @@
 
 class CwpBasicAuthMiddlewareTest extends SapphireTest
 {
-    /**
-     * @var CwpBasicAuthMiddleware
-     */
-    protected $middleware;
-
-    /**
-     * @var array
-     */
-    protected $originalServersVars = [];
-
-    protected function setUp()
-    {
-        parent::setUp();
-
-        $this->middleware = Injector::inst()->get(BasicAuthMiddleware::class);
-        $this->originalServersVars = $_SERVER;
-
-        Config::modify()->set(BasicAuth::class, 'ignore_cli', false);
-    }
-
-    protected function tearDown()
-    {
-        $_SERVER = $this->originalServersVars;
-
-        parent::tearDown();
-    }
-
-    public function testSetWhitelistedIpsAcceptsStrings()
-    {
-        $this->middleware->setWhitelistedIps('127.0.0.1,127.0.0.2');
-        $this->assertSame([
-            '127.0.0.1',
-            '127.0.0.2',
-        ], $this->middleware->getWhitelistedIps(), 'Accepts comma delimited strings');
-    }
-
-    public function testSetWhitelistedIpsAcceptsArraysOfStrings()
-    {
-        $this->middleware->setWhitelistedIps(['127.0.0.1']);
-        $this->assertSame(['127.0.0.1'], $this->middleware->getWhitelistedIps(), 'Accepts array values');
-    }
-
-    public function testSetWhitelistedIpsSupportedNestedStringListsInsideArrays()
-    {
-        $this->middleware->setWhitelistedIps([
-            '127.0.0.1,127.0.0.2', // Example of `CWP_IP_BYPASS_BASICAUTH` env var value
-            ' 137.0.0.1 , 127.0.0.2', // Example of `CWP_IP_BYPASS_BASICAUTH` env var value with added spaces
-            '127.0.0.3',
-            '127.0.0.3', // check results are unique
-            '127.0.0.4',
-        ]);
-
-        $this->assertSame([
-            '127.0.0.1',
-            '127.0.0.2',
-            '137.0.0.1',
-            '127.0.0.3',
-            '127.0.0.4',
-        ], $this->middleware->getWhitelistedIps(), 'Accepts IP list strings inside arrays');
-    }
-
-    /**
-     * @param string $currentIp
-     * @param int $expected
-     * @dataProvider whitelistingProvider
-     */
-    public function testIpWhitelisting($currentIp, $expected)
-    {
-        // Enable basic auth everywhere
-        $this->middleware->setURLPatterns(['#.*#' => true]);
-
-        // Set a whitelisted IP address
-        $_SERVER['REMOTE_ADDR'] = $currentIp;
-        $this->middleware->setWhitelistedIps(['127.0.0.1']);
-
-        $response = $this->mockRequest();
-
-        $this->assertEquals($expected, $response->getStatusCode());
-    }
-
-    /**
-     * @return array[]
-     */
-    public function whitelistingProvider()
-    {
-        return [
-            'IP not in whitelist' => ['123.456.789.012', 401],
-            'IP in whitelist' => ['127.0.0.1', 200],
-        ];
-    }
-
-    public function testMiddlewareProvidesUatServerPermissions()
-    {
-        $this->assertArrayHasKey('ACCESS_UAT_SERVER', $this->middleware->providePermissions());
-    }
-
-    /**
-     * Perform a mock middleware request. Will return 200 if everything is OK.
-     *
-     * @param string $url
-     * @return HTTPResponse
-     */
-    protected function mockRequest($url = '/foo')
-    {
-        $request = new HTTPRequest('GET', $url);
-
-        return $this->middleware->process($request, function () {
-            return new HTTPResponse('OK', 200);
-        });
-    }
+	/**
+	 * @var CwpBasicAuthMiddleware
+	 */
+	protected $middleware;
+
+	/**
+	 * @var array
+	 */
+	protected $originalServersVars = [];
+
+	protected function setUp()
+	{
+		parent::setUp();
+
+		$this->middleware = Injector::inst()->get(BasicAuthMiddleware::class);
+		$this->originalServersVars = $_SERVER;
+
+		Config::modify()->set(BasicAuth::class, 'ignore_cli', false);
+	}
+
+	protected function tearDown()
+	{
+		$_SERVER = $this->originalServersVars;
+
+		parent::tearDown();
+	}
+
+	public function testSetWhitelistedIpsAcceptsStrings()
+	{
+		$this->middleware->setWhitelistedIps('127.0.0.1,127.0.0.2');
+		$this->assertSame([
+			'127.0.0.1',
+			'127.0.0.2',
+		], $this->middleware->getWhitelistedIps(), 'Accepts comma delimited strings');
+	}
+
+	public function testSetWhitelistedIpsAcceptsArraysOfStrings()
+	{
+		$this->middleware->setWhitelistedIps(['127.0.0.1']);
+		$this->assertSame(['127.0.0.1'], $this->middleware->getWhitelistedIps(), 'Accepts array values');
+	}
+
+	public function testSetWhitelistedIpsSupportedNestedStringListsInsideArrays()
+	{
+		$this->middleware->setWhitelistedIps([
+			'127.0.0.1,127.0.0.2', // Example of `CWP_IP_BYPASS_BASICAUTH` env var value
+			' 137.0.0.1 , 127.0.0.2', // Example of `CWP_IP_BYPASS_BASICAUTH` env var value with added spaces
+			'127.0.0.3',
+			'127.0.0.3', // check results are unique
+			'127.0.0.4',
+		]);
+
+		$this->assertSame([
+			'127.0.0.1',
+			'127.0.0.2',
+			'137.0.0.1',
+			'127.0.0.3',
+			'127.0.0.4',
+		], $this->middleware->getWhitelistedIps(), 'Accepts IP list strings inside arrays');
+	}
+
+	/**
+	 * @param string $currentIp
+	 * @param int $expected
+	 * @dataProvider whitelistingProvider
+	 */
+	public function testIpWhitelisting($currentIp, $expected)
+	{
+		// Enable basic auth everywhere
+		$this->middleware->setURLPatterns(['#.*#' => true]);
+
+		// Set a whitelisted IP address
+		$_SERVER['REMOTE_ADDR'] = $currentIp;
+		$this->middleware->setWhitelistedIps(['127.0.0.1']);
+
+		$response = $this->mockRequest();
+
+		$this->assertEquals($expected, $response->getStatusCode());
+	}
+
+	/**
+	 * @return array[]
+	 */
+	public function whitelistingProvider()
+	{
+		return [
+			'IP not in whitelist' => ['123.456.789.012', 401],
+			'IP in whitelist' => ['127.0.0.1', 200],
+		];
+	}
+
+	public function testMiddlewareProvidesUatServerPermissions()
+	{
+		$this->assertArrayHasKey('ACCESS_UAT_SERVER', $this->middleware->providePermissions());
+	}
+
+	/**
+	 * Perform a mock middleware request. Will return 200 if everything is OK.
+	 *
+	 * @param string $url
+	 * @return HTTPResponse
+	 */
+	protected function mockRequest($url = '/foo')
+	{
+		$request = new HTTPRequest('GET', $url);
+
+		return $this->middleware->process($request, function () {
+			return new HTTPResponse('OK', 200);
+		});
+	}
 }