From be49f52d5c9ffdd5faeb2d8b789c98a363d6e1ce Mon Sep 17 00:00:00 2001 From: Jon Baker Date: Fri, 12 Jul 2019 10:25:11 -0500 Subject: [PATCH] Don't remove manually set trusted proxies --- .gitignore | 1 + .php_cs.cache | 1 - src/CloudfrontProxies.php | 2 +- tests/CloudfrontProxiesTest.php | 42 +++++++++++++++++++++++++++++++++ 4 files changed, 44 insertions(+), 2 deletions(-) delete mode 100644 .php_cs.cache diff --git a/.gitignore b/.gitignore index 8b7ef35..bb21a23 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ /vendor composer.lock +.php_cs.cache diff --git a/.php_cs.cache b/.php_cs.cache deleted file mode 100644 index 73ecc9f..0000000 --- a/.php_cs.cache +++ /dev/null @@ -1 +0,0 @@ -{"php":"7.2.13","version":"2.13.1:v2.13.1#54814c62d5beef3ba55297b9b3186ed8b8a1b161","rules":{"blank_line_after_namespace":true,"braces":true,"class_definition":true,"elseif":true,"function_declaration":true,"indentation_type":true,"line_ending":true,"lowercase_constants":true,"lowercase_keywords":true,"method_argument_space":{"on_multiline":"ensure_fully_multiline"},"no_break_comment":true,"no_closing_tag":true,"no_spaces_after_function_name":true,"no_spaces_inside_parenthesis":true,"no_trailing_whitespace":true,"no_trailing_whitespace_in_comment":true,"single_blank_line_at_eof":true,"single_class_element_per_statement":{"elements":["property"]},"single_import_per_statement":true,"single_line_after_imports":true,"switch_case_semicolon_to_colon":true,"switch_case_space":true,"visibility_required":true,"encoding":true,"full_opening_tag":true,"binary_operator_spaces":true,"array_syntax":{"syntax":"short"}},"hashes":{"tests\/CloudfrontProxiesTest.php":1840520538,"src\/CloudfrontProxies.php":23204375}} \ No newline at end of file diff --git a/src/CloudfrontProxies.php b/src/CloudfrontProxies.php index dc786b2..8354bf0 100644 --- a/src/CloudfrontProxies.php +++ b/src/CloudfrontProxies.php @@ -42,7 +42,7 @@ protected function loadTrustedProxies($request) ->pluck('ip_prefix'); return $data->toArray(); }); - $request->setTrustedProxies($proxies, Request::HEADER_X_FORWARDED_ALL); + $request->setTrustedProxies(array_merge($request->getTrustedProxies(), $proxies), Request::HEADER_X_FORWARDED_ALL); } protected function setCloudfrontHeaders($request) diff --git a/tests/CloudfrontProxiesTest.php b/tests/CloudfrontProxiesTest.php index 2a96abf..7513b0f 100644 --- a/tests/CloudfrontProxiesTest.php +++ b/tests/CloudfrontProxiesTest.php @@ -50,6 +50,48 @@ public function it_downloads_cloudfront_ips() $this->assertEquals(['127.0.0.1/16'], $request->getTrustedProxies()); } + /** + * @test + */ + public function it_retains_existing_trusted_ip_addresses() + { + $request = new Request( + [], // query + [], // request + [], // attributes + [], // cookies + [], // files + [ + 'HTTP_CLOUDFRONT_FORWARDED_PROTO' => 'https' + ], // server + null // content + ); + $request->setTrustedProxies(['123.45.67/8'], Request::HEADER_X_FORWARDED_ALL); + $middleware = new CloudfrontProxies; + $mock = Mockery::mock(Guzzle::class); + $mock->shouldReceive('get') + ->with('https://ip-ranges.amazonaws.com/ip-ranges.json') + ->once() + ->andReturn(Mockery::mock([ + 'getBody' => json_encode([ + 'prefixes' => [ + [ + 'ip_prefix' => '127.0.0.1/16', + 'region' => 'GLOBAL', + 'service' => 'CLOUDFRONT' + ] + ] + ]) + ])); + app()->instance(Guzzle::class, $mock); + + $middleware->handle($request, function () { + }); + + // Verify that trusted proxies got properly set + $this->assertEquals(['123.45.67/8', '127.0.0.1/16'], $request->getTrustedProxies()); + } + /** * @test */