|
| 1 | +<?php |
| 2 | + |
| 3 | +declare(strict_types=1); |
| 4 | + |
| 5 | +/** |
| 6 | + * @copyright Copyright (c) 2021 Morris Jobke <[email protected]> |
| 7 | + * |
| 8 | + * @author Morris Jobke <[email protected]> |
| 9 | + * @author Côme Chilliet <[email protected]> |
| 10 | + * |
| 11 | + * @license GNU AGPL version 3 or any later version |
| 12 | + * |
| 13 | + * This program is free software: you can redistribute it and/or modify |
| 14 | + * it under the terms of the GNU Affero General Public License as |
| 15 | + * published by the Free Software Foundation, either version 3 of the |
| 16 | + * License, or (at your option) any later version. |
| 17 | + * |
| 18 | + * This program is distributed in the hope that it will be useful, |
| 19 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 20 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 21 | + * GNU Affero General Public License for more details. |
| 22 | + * |
| 23 | + * You should have received a copy of the GNU Affero General Public License |
| 24 | + * along with this program. If not, see <http://www.gnu.org/licenses/>. |
| 25 | + * |
| 26 | + */ |
| 27 | +namespace OCA\Settings\Tests; |
| 28 | + |
| 29 | +use OCA\Settings\SetupChecks\ForwardedForHeaders; |
| 30 | +use OCP\IConfig; |
| 31 | +use OCP\IL10N; |
| 32 | +use OCP\IRequest; |
| 33 | +use OCP\IURLGenerator; |
| 34 | +use OCP\SetupCheck\SetupResult; |
| 35 | +use Test\TestCase; |
| 36 | + |
| 37 | +class ForwardedForHeadersTest extends TestCase { |
| 38 | + private IL10N $l10n; |
| 39 | + private IConfig $config; |
| 40 | + private IURLGenerator $urlGenerator; |
| 41 | + private IRequest $request; |
| 42 | + private ForwardedForHeaders $check; |
| 43 | + |
| 44 | + protected function setUp(): void { |
| 45 | + parent::setUp(); |
| 46 | + |
| 47 | + $this->l10n = $this->getMockBuilder(IL10N::class) |
| 48 | + ->disableOriginalConstructor()->getMock(); |
| 49 | + $this->l10n->expects($this->any()) |
| 50 | + ->method('t') |
| 51 | + ->willReturnCallback(function ($message, array $replace) { |
| 52 | + return vsprintf($message, $replace); |
| 53 | + }); |
| 54 | + $this->config = $this->getMockBuilder(IConfig::class)->getMock(); |
| 55 | + $this->urlGenerator = $this->getMockBuilder(IURLGenerator::class)->getMock(); |
| 56 | + $this->request = $this->getMockBuilder(IRequest::class)->getMock(); |
| 57 | + $this->check = new ForwardedForHeaders( |
| 58 | + $this->l10n, |
| 59 | + $this->config, |
| 60 | + $this->urlGenerator, |
| 61 | + $this->request, |
| 62 | + ); |
| 63 | + } |
| 64 | + |
| 65 | + /** |
| 66 | + * @dataProvider dataForwardedForHeadersWorking |
| 67 | + */ |
| 68 | + public function testForwardedForHeadersWorking(array $trustedProxies, string $remoteAddrNotForwarded, string $remoteAddr, string $result): void { |
| 69 | + $this->config->expects($this->once()) |
| 70 | + ->method('getSystemValue') |
| 71 | + ->with('trusted_proxies', []) |
| 72 | + ->willReturn($trustedProxies); |
| 73 | + $this->request->expects($this->atLeastOnce()) |
| 74 | + ->method('getHeader') |
| 75 | + ->willReturnMap([ |
| 76 | + ['REMOTE_ADDR', $remoteAddrNotForwarded], |
| 77 | + ['X-Forwarded-Host', ''] |
| 78 | + ]); |
| 79 | + $this->request->expects($this->any()) |
| 80 | + ->method('getRemoteAddress') |
| 81 | + ->willReturn($remoteAddr); |
| 82 | + |
| 83 | + $this->assertEquals( |
| 84 | + $result, |
| 85 | + $this->check->run()->getSeverity() |
| 86 | + ); |
| 87 | + } |
| 88 | + |
| 89 | + public function dataForwardedForHeadersWorking(): array { |
| 90 | + return [ |
| 91 | + // description => trusted proxies, getHeader('REMOTE_ADDR'), getRemoteAddr, expected result |
| 92 | + 'no trusted proxies' => [[], '2.2.2.2', '2.2.2.2', SetupResult::SUCCESS], |
| 93 | + 'trusted proxy, remote addr not trusted proxy' => [['1.1.1.1'], '2.2.2.2', '2.2.2.2', SetupResult::SUCCESS], |
| 94 | + 'trusted proxy, remote addr is trusted proxy, x-forwarded-for working' => [['1.1.1.1'], '1.1.1.1', '2.2.2.2', SetupResult::SUCCESS], |
| 95 | + 'trusted proxy, remote addr is trusted proxy, x-forwarded-for not set' => [['1.1.1.1'], '1.1.1.1', '1.1.1.1', SetupResult::WARNING], |
| 96 | + ]; |
| 97 | + } |
| 98 | + |
| 99 | + public function testForwardedHostPresentButTrustedProxiesNotAnArray(): void { |
| 100 | + $this->config->expects($this->once()) |
| 101 | + ->method('getSystemValue') |
| 102 | + ->with('trusted_proxies', []) |
| 103 | + ->willReturn('1.1.1.1'); |
| 104 | + $this->request->expects($this->atLeastOnce()) |
| 105 | + ->method('getHeader') |
| 106 | + ->willReturnMap([ |
| 107 | + ['REMOTE_ADDR', '1.1.1.1'], |
| 108 | + ['X-Forwarded-Host', 'nextcloud.test'] |
| 109 | + ]); |
| 110 | + $this->request->expects($this->any()) |
| 111 | + ->method('getRemoteAddress') |
| 112 | + ->willReturn('1.1.1.1'); |
| 113 | + |
| 114 | + $this->assertEquals( |
| 115 | + SetupResult::ERROR, |
| 116 | + $this->check->run()->getSeverity() |
| 117 | + ); |
| 118 | + } |
| 119 | + |
| 120 | + public function testForwardedHostPresentButTrustedProxiesEmpty(): void { |
| 121 | + $this->config->expects($this->once()) |
| 122 | + ->method('getSystemValue') |
| 123 | + ->with('trusted_proxies', []) |
| 124 | + ->willReturn([]); |
| 125 | + $this->request->expects($this->atLeastOnce()) |
| 126 | + ->method('getHeader') |
| 127 | + ->willReturnMap([ |
| 128 | + ['REMOTE_ADDR', '1.1.1.1'], |
| 129 | + ['X-Forwarded-Host', 'nextcloud.test'] |
| 130 | + ]); |
| 131 | + $this->request->expects($this->any()) |
| 132 | + ->method('getRemoteAddress') |
| 133 | + ->willReturn('1.1.1.1'); |
| 134 | + |
| 135 | + $this->assertEquals( |
| 136 | + SetupResult::WARNING, |
| 137 | + $this->check->run()->getSeverity() |
| 138 | + ); |
| 139 | + } |
| 140 | +} |
0 commit comments