17caad012SAndreas Gohr<?php 27caad012SAndreas Gohr 37caad012SAndreas Gohrnamespace dokuwiki\test; 47caad012SAndreas Gohr 57caad012SAndreas Gohruse dokuwiki\Input\Input; 67caad012SAndreas Gohruse dokuwiki\Ip; 77caad012SAndreas Gohr 87caad012SAndreas Gohrclass IpTest extends \DokuWikiTest { 97caad012SAndreas Gohr 107caad012SAndreas Gohr /** 117caad012SAndreas Gohr * The data provider for ipToNumber() tests. 127caad012SAndreas Gohr * 137caad012SAndreas Gohr * @return mixed[][] Returns an array of test cases. 147caad012SAndreas Gohr */ 157caad012SAndreas Gohr public function ip_to_number_provider() : array 167caad012SAndreas Gohr { 177caad012SAndreas Gohr $tests = [ 187caad012SAndreas Gohr ['127.0.0.1', 4, 0x00000000, 0x7f000001], 197caad012SAndreas Gohr ['::127.0.0.1', 6, 0x00000000, 0x7f000001], 207caad012SAndreas Gohr ['::1', 6, 0x00000000, 0x00000001], 217caad012SAndreas Gohr ['38AF:3033:AA39:CDE3:1A46:094C:44ED:5300', 6, 0x38AF3033AA39CDE3, 0x1A46094C44ED5300], 227caad012SAndreas Gohr ['193.53.125.7', 4, 0x00000000, 0xC1357D07], 237caad012SAndreas Gohr ]; 247caad012SAndreas Gohr 257caad012SAndreas Gohr return $tests; 267caad012SAndreas Gohr } 277caad012SAndreas Gohr 287caad012SAndreas Gohr /** 297caad012SAndreas Gohr * Test ipToNumber(). 307caad012SAndreas Gohr * 317caad012SAndreas Gohr * @dataProvider ip_to_number_provider 327caad012SAndreas Gohr * 337caad012SAndreas Gohr * @param string $ip The IP address to convert. 347caad012SAndreas Gohr * @param int $version The IP version, either 4 or 6. 357caad012SAndreas Gohr * @param int $upper The upper 64 bits of the IP. 367caad012SAndreas Gohr * @param int $lower The lower 64 bits of the IP. 377caad012SAndreas Gohr * 387caad012SAndreas Gohr * @return void 397caad012SAndreas Gohr */ 407caad012SAndreas Gohr public function test_ip_to_number(string $ip, int $version, int $upper, int $lower): void 417caad012SAndreas Gohr { 427caad012SAndreas Gohr $result = Ip::ipToNumber($ip); 437caad012SAndreas Gohr 447caad012SAndreas Gohr $this->assertSame($version, $result['version']); 457caad012SAndreas Gohr $this->assertSame($upper, $result['upper']); 467caad012SAndreas Gohr $this->assertSame($lower, $result['lower']); 477caad012SAndreas Gohr } 487caad012SAndreas Gohr 497caad012SAndreas Gohr /** 507caad012SAndreas Gohr * The data provider for test_ip_in_range(). 517caad012SAndreas Gohr * 527caad012SAndreas Gohr * @return mixed[][] Returns an array of test cases. 537caad012SAndreas Gohr */ 547caad012SAndreas Gohr public function ip_in_range_provider(): array 557caad012SAndreas Gohr { 567caad012SAndreas Gohr $tests = [ 577caad012SAndreas Gohr ['192.168.11.2', '192.168.0.0/16', true], 587caad012SAndreas Gohr ['192.168.11.2', '192.168.64.1/16', true], 597caad012SAndreas Gohr ['192.168.11.2', '192.168.64.1/18', false], 607caad012SAndreas Gohr ['192.168.11.2', '192.168.11.0/20', true], 617caad012SAndreas Gohr ['127.0.0.1', '127.0.0.0/7', true], 627caad012SAndreas Gohr ['127.0.0.1', '127.0.0.0/8', true], 637caad012SAndreas Gohr ['127.0.0.1', '127.200.0.0/8', true], 647caad012SAndreas Gohr ['127.0.0.1', '127.200.0.0/9', false], 657caad012SAndreas Gohr ['127.0.0.1', '127.0.0.0/31', true], 667caad012SAndreas Gohr ['127.0.0.1', '127.0.0.0/32', false], 677caad012SAndreas Gohr ['127.0.0.1', '127.0.0.1/32', true], 687caad012SAndreas Gohr ['1111:2222:3333:4444:5555:6666:7777:8888', '1110::/12', true], 697caad012SAndreas Gohr ['1110:2222:3333:4444:5555:6666:7777:8888', '1110::/12', true], 707caad012SAndreas Gohr ['1100:2222:3333:4444:5555:6666:7777:8888', '1110::/12', false], 717caad012SAndreas Gohr ['1111:2222:3333:4444:5555:6666:7777:8888', '1111:2222:3300::/40', true], 727caad012SAndreas Gohr ['1111:2222:3333:4444:5555:6666:7777:8888', '1111:2222:3200::/40', false], 737caad012SAndreas Gohr ['1111:2222:3333:4444:5555:6666:7777:8888', '1111:2222:3333:4444:5555:6666:7777:8889/127', true], 747caad012SAndreas Gohr ['1111:2222:3333:4444:5555:6666:7777:8888', '1111:2222:3333:4444:5555:6666:7777:8889/128', false], 757caad012SAndreas Gohr ['1111:2222:3333:4444:5555:6666:7777:8889', '1111:2222:3333:4444:5555:6666:7777:8889/128', true], 767caad012SAndreas Gohr ['abcd:ef0a:bcde:f0ab:cdef:0abc:def0:abcd', 'abcd:ef0a:bcde:f0ab:cdef:0abc:def0:abcd/128', true], 777caad012SAndreas Gohr ['abcd:ef0a:bcde:f0ab:cdef:0abc:def0:abce', 'abcd:ef0a:bcde:f0ab:cdef:0abc:def0:abcd/128', false], 787caad012SAndreas Gohr ]; 797caad012SAndreas Gohr 807caad012SAndreas Gohr return $tests; 817caad012SAndreas Gohr } 827caad012SAndreas Gohr 837caad012SAndreas Gohr /** 847caad012SAndreas Gohr * Test ipInRange(). 857caad012SAndreas Gohr * 867caad012SAndreas Gohr * @dataProvider ip_in_range_provider 877caad012SAndreas Gohr * 887caad012SAndreas Gohr * @param string $ip The IP to test. 897caad012SAndreas Gohr * @param string $range The IP range to test against. 907caad012SAndreas Gohr * @param bool $expected The expected result from ipInRange(). 917caad012SAndreas Gohr * 927caad012SAndreas Gohr * @return void 937caad012SAndreas Gohr */ 947caad012SAndreas Gohr public function test_ip_in_range(string $ip, string $range, bool $expected): void 957caad012SAndreas Gohr { 967caad012SAndreas Gohr $result = Ip::ipInRange($ip, $range); 977caad012SAndreas Gohr 987caad012SAndreas Gohr $this->assertSame($expected, $result); 997caad012SAndreas Gohr } 1007caad012SAndreas Gohr 1017caad012SAndreas Gohr /** 1027caad012SAndreas Gohr * Data provider for test_ip_matches(). 1037caad012SAndreas Gohr * 1047caad012SAndreas Gohr * @return mixed[][] Returns an array of test cases. 1057caad012SAndreas Gohr */ 1067caad012SAndreas Gohr public function ip_matches_provider(): array 1077caad012SAndreas Gohr { 1087caad012SAndreas Gohr // Tests for a CIDR range. 1097caad012SAndreas Gohr $rangeTests = $this->ip_in_range_provider(); 1107caad012SAndreas Gohr 1117caad012SAndreas Gohr // Tests for an exact IP match. 1127caad012SAndreas Gohr $exactTests = [ 1137caad012SAndreas Gohr ['127.0.0.1', '127.0.0.1', true], 1147caad012SAndreas Gohr ['127.0.0.1', '127.0.0.0', false], 1157caad012SAndreas Gohr ['aaaa:bbbb:cccc:dddd:eeee::', 'aaaa:bbbb:cccc:dddd:eeee:0000:0000:0000', true], 1167caad012SAndreas Gohr ['aaaa:bbbb:cccc:dddd:eeee:0000:0000:0000', 'aaaa:bbbb:cccc:dddd:eeee::', true], 1177caad012SAndreas Gohr ['aaaa:bbbb:0000:0000:0000:0000:0000:0001', 'aaaa:bbbb::1', true], 1187caad012SAndreas Gohr ['aaaa:bbbb::0001', 'aaaa:bbbb::1', true], 1197caad012SAndreas Gohr ['aaaa:bbbb::0001', 'aaaa:bbbb::', false], 1207caad012SAndreas Gohr ['::ffff:127.0.0.1', '127.0.0.1', false], 1217caad012SAndreas Gohr ['::ffff:127.0.0.1', '::0:ffff:127.0.0.1', true], 1227caad012SAndreas Gohr ]; 1237caad012SAndreas Gohr 1247caad012SAndreas Gohr 1257caad012SAndreas Gohr return array_merge($rangeTests, $exactTests); 1267caad012SAndreas Gohr } 1277caad012SAndreas Gohr 1287caad012SAndreas Gohr /** 1297caad012SAndreas Gohr * Test ipMatches(). 1307caad012SAndreas Gohr * 1317caad012SAndreas Gohr * @dataProvider ip_matches_provider 1327caad012SAndreas Gohr * 1337caad012SAndreas Gohr * @param string $ip The IP to test. 1347caad012SAndreas Gohr * @param string $ipOrRange The IP or IP range to test against. 1357caad012SAndreas Gohr * @param bool $expected The expeced result from ipMatches(). 1367caad012SAndreas Gohr * 1377caad012SAndreas Gohr * @return void 1387caad012SAndreas Gohr */ 1397caad012SAndreas Gohr public function test_ip_matches(string $ip, string $ipOrRange, bool $expected): void 1407caad012SAndreas Gohr { 1417caad012SAndreas Gohr $result = Ip::ipMatches($ip, $ipOrRange); 1427caad012SAndreas Gohr 1437caad012SAndreas Gohr $this->assertSame($expected, $result); 1447caad012SAndreas Gohr } 1457caad012SAndreas Gohr 1467caad012SAndreas Gohr /** 1477caad012SAndreas Gohr * Data provider for proxyIsTrusted(). 1487caad012SAndreas Gohr * 1497caad012SAndreas Gohr * @return mixed[][] Returns an array of test cases. 1507caad012SAndreas Gohr */ 1517caad012SAndreas Gohr public function proxy_is_trusted_provider(): array 1527caad012SAndreas Gohr { 1537caad012SAndreas Gohr // The new default configuration value. 1547caad012SAndreas Gohr $default = ['::1', 'fe80::/10', '127.0.0.0/8', '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16']; 1557caad012SAndreas Gohr 1567caad012SAndreas Gohr // Adding some custom trusted proxies. 1577caad012SAndreas Gohr $custom = array_merge($default, ['1.2.3.4', '1122::', '3.0.0.1/8', '1111:2222::/32']); 1587caad012SAndreas Gohr 1597caad012SAndreas Gohr $tests = [ 1607caad012SAndreas Gohr // Empty configuration. 1617caad012SAndreas Gohr ['', '127.0.0.1', false], 1627caad012SAndreas Gohr 1637caad012SAndreas Gohr // Configuration with an array of IPs/CIDRs. 1647caad012SAndreas Gohr [$default, '127.0.0.1', true], 1657caad012SAndreas Gohr [$default, '127.1.2.3', true], 1667caad012SAndreas Gohr [$default, '10.1.2.3', true], 1677caad012SAndreas Gohr [$default, '11.1.2.3', false], 1687caad012SAndreas Gohr [$default, '172.16.0.1', true], 1697caad012SAndreas Gohr [$default, '172.160.0.1', false], 1707caad012SAndreas Gohr [$default, '172.31.255.255', true], 1717caad012SAndreas Gohr [$default, '172.32.0.0', false], 1727caad012SAndreas Gohr [$default, '172.200.0.0', false], 1737caad012SAndreas Gohr [$default, '192.168.2.3', true], 1747caad012SAndreas Gohr [$default, '192.169.1.2', false], 1757caad012SAndreas Gohr [$default, '::1', true], 1767caad012SAndreas Gohr [$default, '0000:0000:0000:0000:0000:0000:0000:0001', true], 1777caad012SAndreas Gohr 1787caad012SAndreas Gohr // With custom proxies set. 1797caad012SAndreas Gohr [$custom, '127.0.0.1', true], 1807caad012SAndreas Gohr [$custom, '1.2.3.4', true], 1817caad012SAndreas Gohr [$custom, '3.0.1.2', true], 1827caad012SAndreas Gohr [$custom, '1122::', true], 1837caad012SAndreas Gohr [$custom, '1122:0000:0000:0000:0000:0000:0000:0000', true], 1847caad012SAndreas Gohr [$custom, '1111:2223::', false], 1857caad012SAndreas Gohr [$custom, '1111:2222::', true], 1867caad012SAndreas Gohr [$custom, '1111:2222:3333::', true], 1877caad012SAndreas Gohr [$custom, '1111:2222:3333::1', true], 1887caad012SAndreas Gohr ]; 1897caad012SAndreas Gohr 1907caad012SAndreas Gohr return $tests; 1917caad012SAndreas Gohr } 1927caad012SAndreas Gohr 1937caad012SAndreas Gohr /** 1947caad012SAndreas Gohr * Test proxyIsTrusted(). 1957caad012SAndreas Gohr * 1967caad012SAndreas Gohr * @dataProvider proxy_is_trusted_provider 1977caad012SAndreas Gohr * 1987caad012SAndreas Gohr * @param string|string[] $config The value for $conf[trustedproxies]. 1997caad012SAndreas Gohr * @param string $ip The proxy IP to test. 2007caad012SAndreas Gohr * @param bool $expected The expected result from proxyIsTrusted(). 2017caad012SAndreas Gohr */ 2027caad012SAndreas Gohr public function test_proxy_is_trusted($config, string $ip, bool $expected): void 2037caad012SAndreas Gohr { 2047caad012SAndreas Gohr global $conf; 2057caad012SAndreas Gohr $conf['trustedproxies'] = $config; 2067caad012SAndreas Gohr 2077caad012SAndreas Gohr $result = Ip::proxyIsTrusted($ip); 2087caad012SAndreas Gohr 2097caad012SAndreas Gohr $this->assertSame($expected, $result); 2107caad012SAndreas Gohr } 2117caad012SAndreas Gohr 2127caad012SAndreas Gohr /** 2137caad012SAndreas Gohr * Data provider for test_forwarded_for(). 2147caad012SAndreas Gohr * 2157caad012SAndreas Gohr * @return mixed[][] Returns an array of test cases. 2167caad012SAndreas Gohr */ 2177caad012SAndreas Gohr public function forwarded_for_provider(): array 2187caad012SAndreas Gohr { 2197caad012SAndreas Gohr // The new default configuration value. 2207caad012SAndreas Gohr $default = ['::1', 'fe80::/10', '127.0.0.0/8', '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16']; 2217caad012SAndreas Gohr 2227caad012SAndreas Gohr // Adding some custom trusted proxies. 2237caad012SAndreas Gohr $custom = array_merge($default, ['1.2.3.4', '1122::', '3.0.0.1/8', '1111:2222::/32']); 2247caad012SAndreas Gohr 2257caad012SAndreas Gohr $tests = [ 2267caad012SAndreas Gohr // Empty config value should always return empty array. 2277caad012SAndreas Gohr [[], '', '127.0.0.1', []], 2287caad012SAndreas Gohr [[], '127.0.0.1', '127.0.0.1', []], 2297caad012SAndreas Gohr 2307caad012SAndreas Gohr // The new default configuration. 2317caad012SAndreas Gohr [$default, '', '127.0.0.1', []], 2327caad012SAndreas Gohr [$default, '1.2.3.4', '127.0.0.1', ['1.2.3.4', '127.0.0.1']], 2337caad012SAndreas Gohr [$default, '1.2.3.4', '192.168.1.1', ['1.2.3.4', '192.168.1.1']], 2347caad012SAndreas Gohr [$default, '1.2.3.4,172.16.0.1', '192.168.1.1', ['1.2.3.4', '172.16.0.1', '192.168.1.1']], 2357caad012SAndreas Gohr [$default, '1.2.3.4,172.16.0.1', '::1', ['1.2.3.4', '172.16.0.1', '::1']], 2367caad012SAndreas Gohr [$default, '1.2.3.4,172.16.0.1', '::0001', ['1.2.3.4', '172.16.0.1', '::0001']], 2377caad012SAndreas Gohr 2387caad012SAndreas Gohr // Directly from an untrusted proxy. 2397caad012SAndreas Gohr [$default, '', '127.0.0.1', []], 2407caad012SAndreas Gohr [$default, '1.2.3.4', '11.22.33.44', []], 2417caad012SAndreas Gohr [$default, '::1', '11.22.33.44', []], 2427caad012SAndreas Gohr [$default, '::1', '::2', []], 2437caad012SAndreas Gohr 2447caad012SAndreas Gohr // From a trusted proxy, but via an untrusted proxy. 2457caad012SAndreas Gohr [$default, '1.2.3.4,11.22.33.44,172.16.0.1', '192.168.1.1', []], 2467caad012SAndreas Gohr [$default, '1.2.3.4,::2,172.16.0.1', '::1', []], 2477caad012SAndreas Gohr 2487caad012SAndreas Gohr // A custom configuration. 2497caad012SAndreas Gohr [$custom, '', '127.0.0.1', []], 2507caad012SAndreas Gohr [$custom, '1.2.3.4', '127.0.0.1', ['1.2.3.4', '127.0.0.1']], 2517caad012SAndreas Gohr [$custom, '1.2.3.4', '192.168.1.1', ['1.2.3.4', '192.168.1.1']], 2527caad012SAndreas Gohr [$custom, '1.2.3.4,172.16.0.1', '192.168.1.1', ['1.2.3.4', '172.16.0.1', '192.168.1.1']], 2537caad012SAndreas Gohr [$custom, '1.2.3.4,172.16.0.1', '::1', ['1.2.3.4', '172.16.0.1', '::1']], 2547caad012SAndreas Gohr [$custom, '1.2.3.4,172.16.0.1', '::0001', ['1.2.3.4', '172.16.0.1', '::0001']], 2557caad012SAndreas Gohr 2567caad012SAndreas Gohr // Directly from an untrusted proxy. 2577caad012SAndreas Gohr [$custom, '', '127.0.0.1', []], 2587caad012SAndreas Gohr [$custom, '1.2.3.4', '11.22.33.44', []], 2597caad012SAndreas Gohr [$custom, '::1', '11.22.33.44', []], 2607caad012SAndreas Gohr [$custom, '::1', '::2', []], 2617caad012SAndreas Gohr 2627caad012SAndreas Gohr // From a trusted proxy, but via an untrusted proxy. 2637caad012SAndreas Gohr [$custom, '1.2.3.4,11.22.33.44,172.16.0.1', '192.168.1.1', []], 2647caad012SAndreas Gohr [$custom, '1.2.3.4,::2,172.16.0.1', '::1', []], 2657caad012SAndreas Gohr 2667caad012SAndreas Gohr // Via a custom proxy. 2677caad012SAndreas Gohr [$custom, '11.2.3.4,3.1.2.3,172.16.0.1', '192.168.1.1', ['11.2.3.4', '3.1.2.3', '172.16.0.1', '192.168.1.1']], 2687caad012SAndreas Gohr [$custom, '11.2.3.4,1122::,172.16.0.1', '3.0.0.1', ['11.2.3.4', '1122::', '172.16.0.1', '3.0.0.1']], 2697caad012SAndreas Gohr [$custom, '11.2.3.4,1122::,172.16.0.1', '1111:2222:3333::', ['11.2.3.4', '1122::', '172.16.0.1', '1111:2222:3333::']], 2707caad012SAndreas Gohr ]; 2717caad012SAndreas Gohr 2727caad012SAndreas Gohr return $tests; 2737caad012SAndreas Gohr } 2747caad012SAndreas Gohr 2757caad012SAndreas Gohr /** 2767caad012SAndreas Gohr * Test forwardedFor(). 2777caad012SAndreas Gohr * 2787caad012SAndreas Gohr * @dataProvider forwarded_for_provider 2797caad012SAndreas Gohr * 2807caad012SAndreas Gohr * @param string|string[] $config The trustedproxies config value. 2817caad012SAndreas Gohr * @param string $header The X-Forwarded-For header value. 2827caad012SAndreas Gohr * @param string $remoteAddr The TCP/IP peer address. 2837caad012SAndreas Gohr * @param array $expected The expected result from forwardedFor(). 2847caad012SAndreas Gohr * 2857caad012SAndreas Gohr * @return void 2867caad012SAndreas Gohr */ 2877caad012SAndreas Gohr public function test_forwarded_for($config, string $header, string $remoteAddr, array $expected): void 2887caad012SAndreas Gohr { 2897caad012SAndreas Gohr /* @var Input $INPUT */ 2907caad012SAndreas Gohr global $INPUT, $conf; 2917caad012SAndreas Gohr 2927caad012SAndreas Gohr $conf['trustedproxies'] = $config; 2937caad012SAndreas Gohr $INPUT->server->set('HTTP_X_FORWARDED_FOR', $header); 2947caad012SAndreas Gohr $INPUT->server->set('REMOTE_ADDR', $remoteAddr); 2957caad012SAndreas Gohr 2967caad012SAndreas Gohr $result = Ip::forwardedFor(); 2977caad012SAndreas Gohr 2987caad012SAndreas Gohr $this->assertSame($expected, $result); 2997caad012SAndreas Gohr } 3007caad012SAndreas Gohr 3017caad012SAndreas Gohr /** 3027caad012SAndreas Gohr * Data provider for test_is_ssl(). 3037caad012SAndreas Gohr * 3047caad012SAndreas Gohr * @return mixed[][] Returns an array of test cases. 3057caad012SAndreas Gohr */ 3067caad012SAndreas Gohr public function is_ssl_provider(): array 3077caad012SAndreas Gohr { 3087caad012SAndreas Gohr // The new default configuration value. 3097caad012SAndreas Gohr $default = ['::1', 'fe80::/10', '127.0.0.0/8', '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16']; 3107caad012SAndreas Gohr 3117caad012SAndreas Gohr $tests = [ 3127caad012SAndreas Gohr // Running behind an SSL proxy, HTTP between server and proxy 3137caad012SAndreas Gohr // Proxy (REMOTE_ADDR) is matched by trustedproxies config 3147caad012SAndreas Gohr // HTTPS not set, HTTP_X_FORWARDED_PROTO set to https 3157caad012SAndreas Gohr [$default, '127.0.0.1', '', 'https', true], 3167caad012SAndreas Gohr 3177caad012SAndreas Gohr // Running behind an SSL proxy, HTTP between server and proxy 3187caad012SAndreas Gohr // Proxy (REMOTE_ADDR) is not matched by trustedproxies config 3197caad012SAndreas Gohr // HTTPS not set, HTTP_X_FORWARDED_PROTO set to https 3207caad012SAndreas Gohr [[], '8.8.8.8', '', 'https', false], 3217caad012SAndreas Gohr 3227caad012SAndreas Gohr // Running behind a plain HTTP proxy, HTTP between server and proxy 3237caad012SAndreas Gohr // HTTPS not set, HTTP_X_FORWARDED_PROTO set to http 3247caad012SAndreas Gohr [$default, '127.0.0.1', '', 'http', false], 3257caad012SAndreas Gohr 3267caad012SAndreas Gohr // Running behind an SSL proxy, HTTP between server and proxy 3277caad012SAndreas Gohr // HTTPS set to off, HTTP_X_FORWARDED_PROTO set to https 3287caad012SAndreas Gohr [$default, '127.0.0.1', 'off', 'https', true], 3297caad012SAndreas Gohr 3307caad012SAndreas Gohr // Not running behind a proxy, HTTPS server 3317caad012SAndreas Gohr // HTTPS set to on, HTTP_X_FORWARDED_PROTO not set 3327caad012SAndreas Gohr [[], '8.8.8.8', 'on', '', true], 3337caad012SAndreas Gohr 3347caad012SAndreas Gohr // Not running behind a proxy, plain HTTP server 3357caad012SAndreas Gohr // HTTPS not set, HTTP_X_FORWARDED_PROTO not set 3367caad012SAndreas Gohr [[], '8.8.8.8', '', '', false], 3377caad012SAndreas Gohr 3387caad012SAndreas Gohr // Not running behind a proxy, plain HTTP server 3397caad012SAndreas Gohr // HTTPS set to off, HTTP_X_FORWARDED_PROTO not set 3407caad012SAndreas Gohr [[], '8.8.8.8', 'off', '', false], 3417caad012SAndreas Gohr 3427caad012SAndreas Gohr // Running behind an SSL proxy, SSL between proxy and HTTP server 3437caad012SAndreas Gohr // HTTPS set to on, HTTP_X_FORWARDED_PROTO set to https 3447caad012SAndreas Gohr [$default, '127.0.0.1', 'on', 'https', true], 3457caad012SAndreas Gohr ]; 3467caad012SAndreas Gohr 3477caad012SAndreas Gohr return $tests; 3487caad012SAndreas Gohr } 3497caad012SAndreas Gohr 3507caad012SAndreas Gohr /** 3517caad012SAndreas Gohr * Test isSsl(). 3527caad012SAndreas Gohr * 3537caad012SAndreas Gohr * @dataProvider is_ssl_provider 3547caad012SAndreas Gohr * 3557caad012SAndreas Gohr * @param string|string[] $config The trustedproxies config value. 3567caad012SAndreas Gohr * @param string $remoteAddr The REMOTE_ADDR value. 3577caad012SAndreas Gohr * @param string $https The HTTPS value. 3587caad012SAndreas Gohr * @param string $forwardedProto The HTTP_X_FORWARDED_PROTO value. 3597caad012SAndreas Gohr * @param bool $expected The expected result from isSsl(). 3607caad012SAndreas Gohr * 3617caad012SAndreas Gohr * @return void 3627caad012SAndreas Gohr */ 3637caad012SAndreas Gohr public function test_is_ssl($config, string $remoteAddr, string $https, string $forwardedProto, bool $expected): void 3647caad012SAndreas Gohr { 3657caad012SAndreas Gohr /* @var Input $INPUT */ 3667caad012SAndreas Gohr global $INPUT, $conf; 3677caad012SAndreas Gohr 3687caad012SAndreas Gohr $conf['trustedproxies'] = $config; 3697caad012SAndreas Gohr $INPUT->server->set('REMOTE_ADDR', $remoteAddr); 3707caad012SAndreas Gohr $INPUT->server->set('HTTPS', $https); 3717caad012SAndreas Gohr $INPUT->server->set('HTTP_X_FORWARDED_PROTO', $forwardedProto); 3727caad012SAndreas Gohr 3737caad012SAndreas Gohr $result = Ip::isSsl(); 3747caad012SAndreas Gohr 3757caad012SAndreas Gohr $this->assertSame($expected, $result); 3767caad012SAndreas Gohr } 3777caad012SAndreas Gohr 3787caad012SAndreas Gohr /** 3797caad012SAndreas Gohr * Data provider for test_host_name(). 3807caad012SAndreas Gohr * 3817caad012SAndreas Gohr * @return mixed[][] Returns an array of test cases. 3827caad012SAndreas Gohr */ 3837caad012SAndreas Gohr public function host_name_provider(): array 3847caad012SAndreas Gohr { 3857caad012SAndreas Gohr // The new default configuration value. 3867caad012SAndreas Gohr $default = ['::1', 'fe80::/10', '127.0.0.0/8', '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16']; 3877caad012SAndreas Gohr 3887caad012SAndreas Gohr $tests = [ 3897caad012SAndreas Gohr // X-Forwarded-Host with trusted proxy 3907caad012SAndreas Gohr [$default, '127.0.0.1', 'proxy.example.com', 'www.example.com', 'server.local', 'proxy.example.com'], 3917caad012SAndreas Gohr 3927caad012SAndreas Gohr // X-Forwarded-Host with untrusted proxy (should fall back to HTTP_HOST) 3937caad012SAndreas Gohr [[], '8.8.8.8', 'proxy.example.com', 'www.example.com', 'server.local', 'www.example.com'], 3947caad012SAndreas Gohr 3957caad012SAndreas Gohr // No X-Forwarded-Host, use HTTP_HOST 3967caad012SAndreas Gohr [$default, '127.0.0.1', '', 'www.example.com', 'server.local', 'www.example.com'], 3977caad012SAndreas Gohr 3987caad012SAndreas Gohr // No X-Forwarded-Host or HTTP_HOST, use SERVER_NAME 3997caad012SAndreas Gohr [$default, '127.0.0.1', '', '', 'server.local', 'server.local'], 4007caad012SAndreas Gohr 4017caad012SAndreas Gohr // No headers set, should fall back to system hostname 4027caad012SAndreas Gohr [$default, '127.0.0.1', '', '', '', php_uname('n')], 4037caad012SAndreas Gohr ]; 4047caad012SAndreas Gohr 4057caad012SAndreas Gohr return $tests; 4067caad012SAndreas Gohr } 4077caad012SAndreas Gohr 4087caad012SAndreas Gohr /** 4097caad012SAndreas Gohr * Test hostName(). 4107caad012SAndreas Gohr * 4117caad012SAndreas Gohr * @dataProvider host_name_provider 4127caad012SAndreas Gohr * 4137caad012SAndreas Gohr * @param string|string[] $config The trustedproxies config value. 4147caad012SAndreas Gohr * @param string $remoteAddr The REMOTE_ADDR value. 4157caad012SAndreas Gohr * @param string $forwardedHost The HTTP_X_FORWARDED_HOST value. 4167caad012SAndreas Gohr * @param string $httpHost The HTTP_HOST value. 4177caad012SAndreas Gohr * @param string $serverName The SERVER_NAME value. 4187caad012SAndreas Gohr * @param string $expected The expected result from hostName(). 4197caad012SAndreas Gohr * 4207caad012SAndreas Gohr * @return void 4217caad012SAndreas Gohr */ 4227caad012SAndreas Gohr public function test_host_name($config, string $remoteAddr, string $forwardedHost, string $httpHost, string $serverName, string $expected): void 4237caad012SAndreas Gohr { 4247caad012SAndreas Gohr /* @var Input $INPUT */ 4257caad012SAndreas Gohr global $INPUT, $conf; 4267caad012SAndreas Gohr 4277caad012SAndreas Gohr $conf['trustedproxies'] = $config; 4287caad012SAndreas Gohr $INPUT->server->set('REMOTE_ADDR', $remoteAddr); 4297caad012SAndreas Gohr $INPUT->server->set('HTTP_X_FORWARDED_HOST', $forwardedHost); 4307caad012SAndreas Gohr $INPUT->server->set('HTTP_HOST', $httpHost); 4317caad012SAndreas Gohr $INPUT->server->set('SERVER_NAME', $serverName); 4327caad012SAndreas Gohr 4337caad012SAndreas Gohr $result = Ip::hostName(); 4347caad012SAndreas Gohr 4357caad012SAndreas Gohr $this->assertSame($expected, $result); 4367caad012SAndreas Gohr } 4372b760c9fSAlexander Lehmann 4382b760c9fSAlexander Lehmann /** 4392b760c9fSAlexander Lehmann * Test x-real-ip and custom header vars. 4402b760c9fSAlexander Lehmann * 4416f0cf24eSAlexander Lehmann * Note that the first config option could be replaced by the second with keeping it only for backward compatibility 4426f0cf24eSAlexander Lehmann * 4432b760c9fSAlexander Lehmann */ 4448f178b70SAlexander Lehmann public function client_ip_provider(): array 4452b760c9fSAlexander Lehmann { 4468f178b70SAlexander Lehmann return [ 447*fe6048ccSAlexander Lehmann // client_ip_header disabled, X-Real-IP present -> use REMOTE_ADDR 448*fe6048ccSAlexander Lehmann [null, ['HTTP_X_REAL_IP' => '5.6.7.8', 'REMOTE_ADDR' => '1.2.3.4'], '1.2.3.4'], 4492b760c9fSAlexander Lehmann 4508f178b70SAlexander Lehmann // realip enabled, X-Real-IP present -> use X-Real-IP 451*fe6048ccSAlexander Lehmann ['X_REAL_IP', ['HTTP_X_REAL_IP' => '5.6.7.8', 'REMOTE_ADDR' => '1.2.3.4'], '5.6.7.8'], 4522b760c9fSAlexander Lehmann 4538f178b70SAlexander Lehmann // custom client_ip_header set to CF_CONNECTING_IP -> use CF header 454*fe6048ccSAlexander Lehmann ['CF_CONNECTING_IP', ['HTTP_CF_CONNECTING_IP' => '5.6.7.8', 'REMOTE_ADDR' => '1.2.3.4'], '5.6.7.8'], 4552b760c9fSAlexander Lehmann 4568f178b70SAlexander Lehmann // client_ip_header set to X_REAL_IP but only CF header present -> fallback to REMOTE_ADDR 457*fe6048ccSAlexander Lehmann ['X_REAL_IP', ['HTTP_CF_CONNECTING_IP' => '5.6.7.8', 'REMOTE_ADDR' => '1.2.3.4'], '1.2.3.4'], 4588f178b70SAlexander Lehmann ]; 4592b760c9fSAlexander Lehmann } 4602b760c9fSAlexander Lehmann 4618f178b70SAlexander Lehmann /** 4628f178b70SAlexander Lehmann * @dataProvider client_ip_provider 4638f178b70SAlexander Lehmann */ 464*fe6048ccSAlexander Lehmann public function test_client_ip($client_ip_header, array $server, string $expected): void 4652b760c9fSAlexander Lehmann { 4662b760c9fSAlexander Lehmann /* @var Input $INPUT */ 4672b760c9fSAlexander Lehmann global $INPUT, $conf; 4682b760c9fSAlexander Lehmann 4698f178b70SAlexander Lehmann if ($client_ip_header !== null) { 4708f178b70SAlexander Lehmann $conf['client_ip_header'] = $client_ip_header; 4718f178b70SAlexander Lehmann } else { 4728f178b70SAlexander Lehmann unset($conf['client_ip_header']); 4732b760c9fSAlexander Lehmann } 4742b760c9fSAlexander Lehmann 4758f178b70SAlexander Lehmann // Set provided header variables 4768f178b70SAlexander Lehmann foreach ($server as $key => $value) { 4778f178b70SAlexander Lehmann $INPUT->server->set($key, $value); 4782b760c9fSAlexander Lehmann } 4792b760c9fSAlexander Lehmann 4802b760c9fSAlexander Lehmann $result = Ip::ClientIp(); 4812b760c9fSAlexander Lehmann 4828f178b70SAlexander Lehmann $this->assertSame($expected, $result); 4832b760c9fSAlexander Lehmann } 4847caad012SAndreas Gohr} 485