Don't remove manually set trusted proxies

jdavidbakr · Jul 12, 2019 · be49f52 · be49f52
1 parent 4dcdc3a
commit be49f52
Show file tree

Hide file tree

Showing 4 changed files with 44 additions and 2 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 /vendor
 composer.lock
+.php_cs.cache
diff --git a/.php_cs.cache b/.php_cs.cache
diff --git a/src/CloudfrontProxies.php b/src/CloudfrontProxies.php
@@ -42,7 +42,7 @@ protected function loadTrustedProxies($request)
                 ->pluck('ip_prefix');
             return $data->toArray();
         });
-        $request->setTrustedProxies($proxies, Request::HEADER_X_FORWARDED_ALL);
+        $request->setTrustedProxies(array_merge($request->getTrustedProxies(), $proxies), Request::HEADER_X_FORWARDED_ALL);
     }
 
     protected function setCloudfrontHeaders($request)

diff --git a/tests/CloudfrontProxiesTest.php b/tests/CloudfrontProxiesTest.php
@@ -50,6 +50,48 @@ public function it_downloads_cloudfront_ips()
         $this->assertEquals(['127.0.0.1/16'], $request->getTrustedProxies());
     }
 
+    /**
+     * @test
+     */
+    public function it_retains_existing_trusted_ip_addresses()
+    {
+        $request = new Request(
+            [], // query
+            [], // request
+            [], // attributes
+            [], // cookies
+            [], // files
+            [
+                'HTTP_CLOUDFRONT_FORWARDED_PROTO' => 'https'
+            ], // server
+            null // content
+        );
+        $request->setTrustedProxies(['123.45.67/8'], Request::HEADER_X_FORWARDED_ALL);
+        $middleware = new CloudfrontProxies;
+        $mock = Mockery::mock(Guzzle::class);
+        $mock->shouldReceive('get')
+            ->with('https://ip-ranges.amazonaws.com/ip-ranges.json')
+            ->once()
+            ->andReturn(Mockery::mock([
+                'getBody' => json_encode([
+                    'prefixes' => [
+                        [
+                            'ip_prefix' => '127.0.0.1/16',
+                            'region' => 'GLOBAL',
+                            'service' => 'CLOUDFRONT'
+                        ]
+                    ]
+                ])
+            ]));
+        app()->instance(Guzzle::class, $mock);
+
+        $middleware->handle($request, function () {
+        });
+
+        // Verify that trusted proxies got properly set
+        $this->assertEquals(['123.45.67/8', '127.0.0.1/16'], $request->getTrustedProxies());
+    }
+
     /**
      * @test
      */