4 # Copyright 2020 Prosentient Systems
6 # This file is part of Koha.
8 # Koha is free software; you can redistribute it and/or modify it
9 # under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 3 of the License, or
11 # (at your option) any later version.
13 # Koha is distributed in the hope that it will be useful, but
14 # WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 # GNU General Public License for more details.
18 # You should have received a copy of the GNU General Public License
19 # along with Koha; if not, see <http://www.gnu.org/licenses>.
23 use Test::More tests => 14;
27 use_ok("Koha::Middleware::RealIP");
29 my ($remote_address,$x_forwarded_for_header,$address);
31 $remote_address = "1.1.1.1";
32 $x_forwarded_for_header = "";
33 $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
34 is($address,'1.1.1.1',"There is no X-Forwarded-For header, so just use the remote address");
36 $remote_address = "1.1.1.1";
37 $x_forwarded_for_header = "2.2.2.2";
38 $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
39 is($address,'1.1.1.1',"Don't trust 1.1.1.1 as a proxy, so use it as the remote address");
41 $remote_address = "1.1.1.1";
42 $x_forwarded_for_header = "2.2.2.2";
43 t::lib::Mocks::mock_config('koha_trusted_proxies', '1.1.1.1');
44 $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
45 is($address,'2.2.2.2',"Trust proxy (1.1.1.1), so use the X-Forwarded-For header for the remote address");
48 $remote_address = "1.1.1.1";
49 $x_forwarded_for_header = "2.2.2.2,3.3.3.3";
50 t::lib::Mocks::mock_config('koha_trusted_proxies', '1.1.1.1 3.3.3.3');
51 $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
52 is($address,'2.2.2.2',"Trust multiple proxies (1.1.1.1 and 3.3.3.3), so use the X-Forwaded-For <client> portion for the remote address");
54 $remote_address = "1.1.1.1";
55 $x_forwarded_for_header = "2.2.2.2,3.3.3.3";
56 t::lib::Mocks::mock_config('koha_trusted_proxies', 'bad configuration');
58 $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
59 } ["could not parse bad","could not parse configuration"],"Warn on misconfigured koha_trusted_proxies";
60 is($address,'1.1.1.1',"koha_trusted_proxies is misconfigured so ignore the X-Forwarded-For header");
62 $remote_address = "1.1.1.1";
63 $x_forwarded_for_header = "2.2.2.2";
64 t::lib::Mocks::mock_config('koha_trusted_proxies', 'bad 1.1.1.1');
66 $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
67 } "could not parse bad","Warn on partially misconfigured koha_trusted_proxies";
68 is($address,'2.2.2.2',"koha_trusted_proxies contains an invalid value but still includes one correct value, which is relevant, so use X-Forwarded-For header");
70 $remote_address = "1.1.1.1";
71 $x_forwarded_for_header = "2.2.2.2";
72 t::lib::Mocks::mock_config('koha_trusted_proxies', '1.1.1.0/24');
73 $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
74 is($address,'2.2.2.2',"Trust proxy (1.1.1.1) using CIDR notation, so use the X-Forwarded-For header for the remote address");
76 $remote_address = "1.1.1.1";
77 $x_forwarded_for_header = "2.2.2.2";
78 t::lib::Mocks::mock_config('koha_trusted_proxies', '1.1.1');
79 $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
80 is($address,'2.2.2.2',"Trust proxy (1.1.1.1) using abbreviated notation, so use the X-Forwarded-For header for the remote address");
82 $remote_address = "1.1.1.1";
83 $x_forwarded_for_header = "2.2.2.2";
84 t::lib::Mocks::mock_config('koha_trusted_proxies', '1.1.1.0:255.255.255.0');
85 $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
86 is($address,'2.2.2.2',"Trust proxy (1.1.1.1) using an IP address and netmask separated by a colon, so use the X-Forwarded-For header for the remote address");
90 skip "Net::Netmask at 1.9104+ supports IPv6", 2 unless Net::Netmask->VERSION < 1.9104;
92 $remote_address = "2001:db8:1234:5678:abcd:1234:abcd:1234";
93 $x_forwarded_for_header = "2.2.2.2";
94 t::lib::Mocks::mock_config( 'koha_trusted_proxies', '2001:db8:1234:5678::/64' );
96 $address = Koha::Middleware::RealIP::get_real_ip( $remote_address,
97 $x_forwarded_for_header );
99 "could not parse 2001:db8:1234:5678::/64",
100 "Warn on IPv6 koha_trusted_proxies";
103 '2001:db8:1234:5678:abcd:1234:abcd:1234',
104 "IPv6 support was added in 1.9104 version of Net::Netmask"