t/Koha/Middleware/RealIP.t

   1 #!/usr/bin/perl
   2
   3 #
   4 # Copyright 2020 Prosentient Systems
   5 #
   6 # This file is part of Koha.
   7 #
   8 # Koha is free software; you can redistribute it and/or modify it
   9 # under the terms of the GNU General Public License as published by
  10 # the Free Software Foundation; either version 3 of the License, or
  11 # (at your option) any later version.
  12 #
  13 # Koha is distributed in the hope that it will be useful, but
  14 # WITHOUT ANY WARRANTY; without even the implied warranty of
  15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16 # GNU General Public License for more details.
  17 #
  18 # You should have received a copy of the GNU General Public License
  19 # along with Koha; if not, see <http://www.gnu.org/licenses>.
  20
  21 use strict;
  22 use warnings;
  23 use Test::More tests => 14;
  24 use Test::Warn;
  25
  26 use t::lib::Mocks;
  27 use_ok("Koha::Middleware::RealIP");
  28
  29 my ($remote_address,$x_forwarded_for_header,$address);
  30
  31 $remote_address = "1.1.1.1";
  32 $x_forwarded_for_header = "";
  33 $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
  34 is($address,'1.1.1.1',"There is no X-Forwarded-For header, so just use the remote address");
  35
  36 $remote_address = "1.1.1.1";
  37 $x_forwarded_for_header = "2.2.2.2";
  38 $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
  39 is($address,'1.1.1.1',"Don't trust 1.1.1.1 as a proxy, so use it as the remote address");
  40
  41 $remote_address = "1.1.1.1";
  42 $x_forwarded_for_header = "2.2.2.2";
  43 t::lib::Mocks::mock_config('koha_trusted_proxies', '1.1.1.1');
  44 $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
  45 is($address,'2.2.2.2',"Trust proxy (1.1.1.1), so use the X-Forwarded-For header for the remote address");
  46
  47
  48 $remote_address = "1.1.1.1";
  49 $x_forwarded_for_header = "2.2.2.2,3.3.3.3";
  50 t::lib::Mocks::mock_config('koha_trusted_proxies', '1.1.1.1 3.3.3.3');
  51 $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
  52 is($address,'2.2.2.2',"Trust multiple proxies (1.1.1.1 and 3.3.3.3), so use the X-Forwaded-For <client> portion for the remote address");
  53
  54 $remote_address = "1.1.1.1";
  55 $x_forwarded_for_header = "2.2.2.2,3.3.3.3";
  56 t::lib::Mocks::mock_config('koha_trusted_proxies', 'bad configuration');
  57 warnings_are {
  58     $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
  59 } ["could not parse bad","could not parse configuration"],"Warn on misconfigured koha_trusted_proxies";
  60 is($address,'1.1.1.1',"koha_trusted_proxies is misconfigured so ignore the X-Forwarded-For header");
  61
  62 $remote_address = "1.1.1.1";
  63 $x_forwarded_for_header = "2.2.2.2";
  64 t::lib::Mocks::mock_config('koha_trusted_proxies', 'bad 1.1.1.1');
  65 warning_is {
  66     $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
  67 } "could not parse bad","Warn on partially misconfigured koha_trusted_proxies";
  68 is($address,'2.2.2.2',"koha_trusted_proxies contains an invalid value but still includes one correct value, which is relevant, so use X-Forwarded-For header");
  69
  70 $remote_address = "1.1.1.1";
  71 $x_forwarded_for_header = "2.2.2.2";
  72 t::lib::Mocks::mock_config('koha_trusted_proxies', '1.1.1.0/24');
  73 $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
  74 is($address,'2.2.2.2',"Trust proxy (1.1.1.1) using CIDR notation, so use the X-Forwarded-For header for the remote address");
  75
  76 $remote_address = "1.1.1.1";
  77 $x_forwarded_for_header = "2.2.2.2";
  78 t::lib::Mocks::mock_config('koha_trusted_proxies', '1.1.1');
  79 $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
  80 is($address,'2.2.2.2',"Trust proxy (1.1.1.1) using abbreviated notation, so use the X-Forwarded-For header for the remote address");
  81
  82 $remote_address = "1.1.1.1";
  83 $x_forwarded_for_header = "2.2.2.2";
  84 t::lib::Mocks::mock_config('koha_trusted_proxies', '1.1.1.0:255.255.255.0');
  85 $address = Koha::Middleware::RealIP::get_real_ip( $remote_address, $x_forwarded_for_header );
  86 is($address,'2.2.2.2',"Trust proxy (1.1.1.1) using an IP address and netmask separated by a colon, so use the X-Forwarded-For header for the remote address");
  87
  88 require Net::Netmask;
  89 SKIP: {
  90     skip "Net::Netmask at 1.9104+ supports IPv6", 2 unless Net::Netmask->VERSION < 1.9104;
  91
  92     $remote_address         = "2001:db8:1234:5678:abcd:1234:abcd:1234";
  93     $x_forwarded_for_header = "2.2.2.2";
  94     t::lib::Mocks::mock_config( 'koha_trusted_proxies', '2001:db8:1234:5678::/64' );
  95     warning_is {
  96         $address = Koha::Middleware::RealIP::get_real_ip( $remote_address,
  97             $x_forwarded_for_header );
  98     }
  99     "could not parse 2001:db8:1234:5678::/64",
 100       "Warn on IPv6 koha_trusted_proxies";
 101     is(
 102         $address,
 103         '2001:db8:1234:5678:abcd:1234:abcd:1234',
 104         "IPv6 support was added in 1.9104 version of Net::Netmask"
 105     );
 106 }