154 lines
5.7 KiB
PHP
154 lines
5.7 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of the Symfony package.
|
|
*
|
|
* (c) Fabien Potencier <fabien@symfony.com>
|
|
*
|
|
* For the full copyright and license information, please view the LICENSE
|
|
* file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Symfony\Component\HttpKernel\Tests\HttpCache;
|
|
|
|
use PHPUnit\Framework\TestCase;
|
|
use Symfony\Component\HttpFoundation\Request;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
use Symfony\Component\HttpKernel\HttpCache\SubRequestHandler;
|
|
use Symfony\Component\HttpKernel\HttpKernelInterface;
|
|
|
|
class SubRequestHandlerTest extends TestCase
|
|
{
|
|
private static $globalState;
|
|
|
|
protected function setUp()
|
|
{
|
|
self::$globalState = $this->getGlobalState();
|
|
}
|
|
|
|
protected function tearDown()
|
|
{
|
|
Request::setTrustedProxies(self::$globalState[0], self::$globalState[1]);
|
|
}
|
|
|
|
public function testTrustedHeadersAreKept()
|
|
{
|
|
Request::setTrustedProxies(array('10.0.0.1'), -1);
|
|
$globalState = $this->getGlobalState();
|
|
|
|
$request = Request::create('/');
|
|
$request->server->set('REMOTE_ADDR', '10.0.0.1');
|
|
$request->headers->set('X-Forwarded-For', '10.0.0.2');
|
|
$request->headers->set('X-Forwarded-Host', 'Good');
|
|
$request->headers->set('X-Forwarded-Port', '1234');
|
|
$request->headers->set('X-Forwarded-Proto', 'https');
|
|
|
|
$kernel = new TestSubRequestHandlerKernel(function ($request, $type, $catch) {
|
|
$this->assertSame('127.0.0.1', $request->server->get('REMOTE_ADDR'));
|
|
$this->assertSame('10.0.0.2', $request->getClientIp());
|
|
$this->assertSame('Good', $request->headers->get('X-Forwarded-Host'));
|
|
$this->assertSame('1234', $request->headers->get('X-Forwarded-Port'));
|
|
$this->assertSame('https', $request->headers->get('X-Forwarded-Proto'));
|
|
});
|
|
|
|
SubRequestHandler::handle($kernel, $request, HttpKernelInterface::MASTER_REQUEST, true);
|
|
|
|
$this->assertSame($globalState, $this->getGlobalState());
|
|
}
|
|
|
|
public function testUntrustedHeadersAreRemoved()
|
|
{
|
|
$request = Request::create('/');
|
|
$request->server->set('REMOTE_ADDR', '10.0.0.1');
|
|
$request->headers->set('X-Forwarded-For', '10.0.0.2');
|
|
$request->headers->set('X-Forwarded-Host', 'Evil');
|
|
$request->headers->set('X-Forwarded-Port', '1234');
|
|
$request->headers->set('X-Forwarded-Proto', 'http');
|
|
$request->headers->set('Forwarded', 'Evil2');
|
|
|
|
$kernel = new TestSubRequestHandlerKernel(function ($request, $type, $catch) {
|
|
$this->assertSame('127.0.0.1', $request->server->get('REMOTE_ADDR'));
|
|
$this->assertSame('10.0.0.1', $request->getClientIp());
|
|
$this->assertFalse($request->headers->has('X-Forwarded-Host'));
|
|
$this->assertFalse($request->headers->has('X-Forwarded-Port'));
|
|
$this->assertFalse($request->headers->has('X-Forwarded-Proto'));
|
|
$this->assertSame('for="10.0.0.1";host="localhost";proto=http', $request->headers->get('Forwarded'));
|
|
});
|
|
|
|
SubRequestHandler::handle($kernel, $request, HttpKernelInterface::MASTER_REQUEST, true);
|
|
|
|
$this->assertSame(self::$globalState, $this->getGlobalState());
|
|
}
|
|
|
|
public function testTrustedForwardedHeader()
|
|
{
|
|
Request::setTrustedProxies(array('10.0.0.1'), -1);
|
|
$globalState = $this->getGlobalState();
|
|
|
|
$request = Request::create('/');
|
|
$request->server->set('REMOTE_ADDR', '10.0.0.1');
|
|
$request->headers->set('Forwarded', 'for="10.0.0.2";host="foo.bar:1234";proto=https');
|
|
|
|
$kernel = new TestSubRequestHandlerKernel(function ($request, $type, $catch) {
|
|
$this->assertSame('127.0.0.1', $request->server->get('REMOTE_ADDR'));
|
|
$this->assertSame('10.0.0.2', $request->getClientIp());
|
|
$this->assertSame('foo.bar:1234', $request->getHttpHost());
|
|
$this->assertSame('https', $request->getScheme());
|
|
$this->assertSame(1234, $request->getPort());
|
|
});
|
|
|
|
SubRequestHandler::handle($kernel, $request, HttpKernelInterface::MASTER_REQUEST, true);
|
|
|
|
$this->assertSame($globalState, $this->getGlobalState());
|
|
}
|
|
|
|
public function testTrustedXForwardedForHeader()
|
|
{
|
|
Request::setTrustedProxies(array('10.0.0.1'), -1);
|
|
$globalState = $this->getGlobalState();
|
|
|
|
$request = Request::create('/');
|
|
$request->server->set('REMOTE_ADDR', '10.0.0.1');
|
|
$request->headers->set('X-Forwarded-For', '10.0.0.2');
|
|
$request->headers->set('X-Forwarded-Host', 'foo.bar');
|
|
$request->headers->set('X-Forwarded-Proto', 'https');
|
|
|
|
$kernel = new TestSubRequestHandlerKernel(function ($request, $type, $catch) {
|
|
$this->assertSame('127.0.0.1', $request->server->get('REMOTE_ADDR'));
|
|
$this->assertSame('10.0.0.2', $request->getClientIp());
|
|
$this->assertSame('foo.bar', $request->getHttpHost());
|
|
$this->assertSame('https', $request->getScheme());
|
|
});
|
|
|
|
SubRequestHandler::handle($kernel, $request, HttpKernelInterface::MASTER_REQUEST, true);
|
|
|
|
$this->assertSame($globalState, $this->getGlobalState());
|
|
}
|
|
|
|
private function getGlobalState()
|
|
{
|
|
return array(
|
|
Request::getTrustedProxies(),
|
|
Request::getTrustedHeaderSet(),
|
|
);
|
|
}
|
|
}
|
|
|
|
class TestSubRequestHandlerKernel implements HttpKernelInterface
|
|
{
|
|
private $assertCallback;
|
|
|
|
public function __construct(\Closure $assertCallback)
|
|
{
|
|
$this->assertCallback = $assertCallback;
|
|
}
|
|
|
|
public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = true)
|
|
{
|
|
$assertCallback = $this->assertCallback;
|
|
$assertCallback($request, $type, $catch);
|
|
|
|
return new Response();
|
|
}
|
|
}
|