getTrustedProxies() public static method

Gets the list of trusted proxies.
public static getTrustedProxies ( ) : array
return array An array of trusted proxies
 public function testItAddsRequestTrustedProxiesSubscriberOnBoot()
 {
     $app = new Application();
     $app['root.path'] = __DIR__ . '/../../../../../..';
     $app->register(new ConfigurationServiceProvider());
     $app['phraseanet.configuration.config-path'] = __DIR__ . '/fixtures/config-proxies.yml';
     $app['phraseanet.configuration.config-compiled-path'] = __DIR__ . '/fixtures/config-proxies.php';
     $app->boot();
     /** @var EventDispatcherInterface $dispatcher */
     $dispatcher = $app['dispatcher'];
     $listener = null;
     $method = null;
     foreach ($dispatcher->getListeners(KernelEvents::REQUEST) as $callable) {
         // Only look for TrustedProxySubscriber instances
         if (!is_array($callable)) {
             continue;
         }
         list($listener, $method) = $callable;
         if ($listener instanceof TrustedProxySubscriber) {
             break;
         }
     }
     $this->assertInstanceOf('Alchemy\\Phrasea\\Core\\Event\\Subscriber\\TrustedProxySubscriber', $listener, 'TrustedProxySubscriber was not properly registered');
     $this->assertEquals('setProxyConf', $method);
     $this->assertSame([], Request::getTrustedProxies());
     $listener->setProxyConf();
     $this->assertSame(['127.0.0.1', '66.6.66.6'], Request::getTrustedProxies());
     unlink($app['phraseanet.configuration.config-compiled-path']);
 }
Example #2
0
 /**
  * Load config test.
  */
 public function testLoadConfig()
 {
     $logFile = $this->makeFile($this->baseTempDir, 'hook.log');
     $logger = new Logger('git-web-hook');
     $logger->pushHandler(new StreamHandler($logFile, Logger::WARNING));
     $hook = new Hook(__DIR__, array(), $logger);
     $reposDir = $this->makeTempDir('repos.d');
     $testFile = $this->makeFile($reposDir, 'test3.yml');
     $this->generateRepoConfigFile($testFile, 3);
     $mainConfigFile = $this->makeFile($this->baseTempDir, 'main_config.yml');
     file_put_contents($mainConfigFile, $this->configTemplates->render('config1.php', array('reposDir' => $reposDir)));
     $hook->loadConfig($mainConfigFile);
     $options = $hook->getOptions();
     $this->assertFalse($options['sendEmails'], 'Wrong loaded configuration option sendEmails ');
     $this->assertFalse($options['sendEmailAuthor'], 'Wrong loaded configuration option sendEmailAuthor');
     $repository = $hook->getRepository('git@github.com:amaxlab/git-web-hook-test.git');
     $this->assertNotNull($repository, 'Repository was not loaded through config.yml ');
     $this->assertInstanceOf('AmaxLab\\GitWebHook\\Repository', $repository, 'It is not a repository object');
     $masterBranch = $repository->getBranch('master');
     $productionBranch = $repository->getBranch('production');
     $this->assertInstanceOf('AmaxLab\\GitWebHook\\Branch', $masterBranch, 'There is not a branch master');
     $this->assertInstanceOf('AmaxLab\\GitWebHook\\Branch', $productionBranch, 'There is not a branch master');
     $this->assertContains('*****@*****.**', $masterBranch->getOptions()['mailRecipients']);
     $this->assertContains('192.168.0.2', Request::getTrustedProxies(), 'There is error in configuring trusted proxies');
     $this->assertContains('192.168.0.3', Request::getTrustedProxies(), 'There is error in configuring trusted proxies');
     $this->assertNotContains('192.168.0.4', Request::getTrustedProxies(), 'There is error in configuring trusted proxies');
     $content = file_get_contents($logFile);
     $this->assertEmpty($content, sprintf('Log file is not empty: %s', $content));
 }
 /**
  * @param array   $config
  * @param Session $session
  * @param string  $prefix
  */
 public function __construct($config, Session $session, $prefix = self::PREFIX)
 {
     $this->session = $session;
     $this->prefix = $prefix;
     $this->setAppId($config['appId']);
     $this->setAppSecret($config['secret']);
     if (isset($config['fileUpload'])) {
         $this->setFileUploadSupport($config['fileUpload']);
     }
     // Add trustProxy configuration
     $this->trustForwarded = isset($config['trustForwarded']) ? $config['trustForwarded'] : Request::getTrustedProxies();
 }
 public function testAllowedIpsAreSetWhenEmpty()
 {
     $configuration = $this->getConfigurationMock();
     $configuration->expects($this->once())->method('isSetup')->will($this->returnValue(true));
     $configuration->expects($this->once())->method('offsetExists')->with('trusted-proxies')->will($this->returnValue(false));
     $app = new Application();
     $app['dispatcher']->addSubscriber(new TrustedProxySubscriber($configuration));
     $app->get('/', function () {
         return 'data';
     });
     $client = new Client($app);
     $client->request('GET', '/');
     $this->assertEquals(200, $client->getResponse()->getStatusCode());
     $this->assertEquals([], Request::getTrustedProxies());
 }
 public function testRequestTrustedProxiesAreSetOnRequest()
 {
     $app = $this->loadApp();
     $app['root.path'] = __DIR__ . '/../../../../../..';
     $app->register(new ConfigurationServiceProvider());
     $app['phraseanet.configuration.config-path'] = __DIR__ . '/fixtures/config-proxies.yml';
     $app['phraseanet.configuration.config-compiled-path'] = __DIR__ . '/fixtures/config-proxies.php';
     $this->assertSame([], Request::getTrustedProxies());
     $app->boot();
     $app->get('/', function () {
         return 'data';
     });
     $client = new Client($app);
     $client->request('GET', '/');
     $this->assertSame(['127.0.0.1', '66.6.66.6'], Request::getTrustedProxies());
     unlink($app['phraseanet.configuration.config-compiled-path']);
 }
Example #6
0
 protected function validateRequest(Request $request)
 {
     // is the Request safe?
     if (!$request->isMethodSafe()) {
         throw new AccessDeniedHttpException();
     }
     // does the Request come from a trusted IP?
     $trustedIps = array_merge($this->getLocalIpAddresses(), $request->getTrustedProxies());
     $remoteAddress = $request->server->get('REMOTE_ADDR');
     if (IpUtils::checkIp($remoteAddress, $trustedIps)) {
         return;
     }
     // is the Request signed?
     // we cannot use $request->getUri() here as we want to work with the original URI (no query string reordering)
     if ($this->signer->check($request->getSchemeAndHttpHost() . $request->getBaseUrl() . $request->getPathInfo() . (null !== ($qs = $request->server->get('QUERY_STRING')) ? '?' . $qs : ''))) {
         return;
     }
     throw new AccessDeniedHttpException();
 }
 /**
  * @dataProvider getTrustedProxyData
  */
 public function testHttpCacheIsSetAsATrustedProxy(array $existing, array $expected)
 {
     Request::setTrustedProxies($existing);
     $this->setNextResponse();
     $this->request('GET', '/', array('REMOTE_ADDR' => '10.0.0.1'));
     $this->assertEquals($expected, Request::getTrustedProxies());
 }
Example #8
0
 /**
  * Forwards the Request to the backend and returns the Response.
  *
  * @param Request  $request A Request instance
  * @param bool     $catch   Whether to catch exceptions or not
  * @param Response $entry   A Response instance (the stale entry if present, null otherwise)
  *
  * @return Response A Response instance
  */
 protected function forward(Request $request, $catch = false, Response $entry = null)
 {
     if ($this->surrogate) {
         $this->surrogate->addSurrogateCapability($request);
     }
     // modify the X-Forwarded-For header if needed
     $forwardedFor = $request->headers->get('X-Forwarded-For');
     if ($forwardedFor) {
         $request->headers->set('X-Forwarded-For', $forwardedFor . ', ' . $request->server->get('REMOTE_ADDR'));
     } else {
         $request->headers->set('X-Forwarded-For', $request->server->get('REMOTE_ADDR'));
     }
     // fix the client IP address by setting it to 127.0.0.1 as HttpCache
     // is always called from the same process as the backend.
     $request->server->set('REMOTE_ADDR', '127.0.0.1');
     // make sure HttpCache is a trusted proxy
     if (!in_array('127.0.0.1', $trustedProxies = Request::getTrustedProxies())) {
         $trustedProxies[] = '127.0.0.1';
         Request::setTrustedProxies($trustedProxies);
     }
     // always a "master" request (as the real master request can be in cache)
     $response = $this->kernel->handle($request, HttpKernelInterface::MASTER_REQUEST, $catch);
     // FIXME: we probably need to also catch exceptions if raw === true
     // we don't implement the stale-if-error on Requests, which is nonetheless part of the RFC
     if (null !== $entry && in_array($response->getStatusCode(), array(500, 502, 503, 504))) {
         if (null === ($age = $entry->headers->getCacheControlDirective('stale-if-error'))) {
             $age = $this->options['stale_if_error'];
         }
         if (abs($entry->getTtl()) < $age) {
             $this->record($request, 'stale-if-error');
             return $entry;
         }
     }
     $this->processResponseBody($request, $response);
     if ($this->isPrivateRequest($request) && !$response->headers->hasCacheControlDirective('public')) {
         $response->setPrivate(true);
     } elseif ($this->options['default_ttl'] > 0 && null === $response->getTtl() && !$response->headers->getCacheControlDirective('must-revalidate')) {
         $response->setTtl($this->options['default_ttl']);
     }
     return $response;
 }
Example #9
0
 /**
  * Checks if current request is allowed to generate the user hash.
  * Default behavior is to accept values set in TRUSTED_PROXIES env variable and local IP addresses:
  *  - 127.0.0.1
  *  - ::1
  *  - fe80::1
  *
  * @param Request $request
  *
  * @return bool
  */
 protected function canGenerateUserHash(Request $request)
 {
     $trustedProxies = array_unique(array_merge(Request::getTrustedProxies(), array('127.0.0.1', '::1', 'fe80::1')));
     return $request->attributes->get('internalRequest') || in_array($request->getClientIp(), $trustedProxies);
 }