Skip to content

Revert "use the configured forwarded headers for the setup check" #25628

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rullzer merged 1 commit into from
Feb 13, 2021
Merged

Revert "use the configured forwarded headers for the setup check" #25628

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 1 addition & 8 deletions apps/settings/lib/Controller/CheckSetupController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -309,14 +309,7 @@ private function forwardedForHeadersWorking() {
$trustedProxies = $this->config->getSystemValue('trusted_proxies', []);
$remoteAddress = $this->request->getHeader('REMOTE_ADDR');

$forwardedForHeaders = $this->config->getSystemValue('forwarded_for_headers', [
'HTTP_X_FORWARDED_FOR'
]);
$hasForwardedHeaderSet = array_reduce($forwardedForHeaders, function($set, $header) {
return $set || ($this->request->getHeader($header) !== '');
}, false);

if (empty($trustedProxies) && $hasForwardedHeaderSet) {
if (empty($trustedProxies) && $this->request->getHeader('X-Forwarded-Host') !== '') {
return false;
}

Expand Down
70 changes: 39 additions & 31 deletions apps/settings/tests/Controller/CheckSetupControllerTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -329,37 +329,26 @@ public function testIsPhpSupportedTrue() {
}

/**
* @dataProvider dataForwardedForHeaders
* @dataProvider dataForwardedForHeadersWorking
*
* @param string[] $trustedProxies
* @param array $trustedProxies
* @param string $remoteAddrNotForwarded
* @param string $remoteAddr
* @param string[] $forwardedForHeaders
* @param array $requestHeaders
* @param bool $result
*/
public function testForwardedForHeaders(array $trustedProxies, string $remoteAddrNotForwarded, string $remoteAddr, array $forwardedForHeaders, array $requestHeaders, bool $result) {
$this->config->method('getSystemValue')
->willReturnCallback(function($key, $default) use ($forwardedForHeaders, $trustedProxies) {
switch ($key) {
case 'forwarded_for_headers':
return $forwardedForHeaders;
case 'trusted_proxies':
return $trustedProxies;
default:
return $default;
}
});
$headers = array_merge(
['REMOTE_ADDR' => $remoteAddrNotForwarded],
$requestHeaders
);
public function testForwardedForHeadersWorking(array $trustedProxies, string $remoteAddrNotForwarded, string $remoteAddr, bool $result) {
$this->config->expects($this->once())
->method('getSystemValue')
->with('trusted_proxies', [])
->willReturn($trustedProxies);
$this->request->expects($this->atLeastOnce())
->method('getHeader')
->willReturnCallback(function($header) use ($headers) {
return isset($headers[$header]) ? $headers[$header] : '';
});
$this->request->method('getRemoteAddress')
->willReturnMap([
['REMOTE_ADDR', $remoteAddrNotForwarded],
['X-Forwarded-Host', '']
]);
$this->request->expects($this->any())
->method('getRemoteAddress')
->willReturn($remoteAddr);

$this->assertEquals(
Expand All @@ -368,18 +357,37 @@ public function testForwardedForHeaders(array $trustedProxies, string $remoteAdd
);
}

public function dataForwardedForHeaders() {
public function dataForwardedForHeadersWorking() {
return [
// description => trusted proxies, getHeader('REMOTE_ADDR'), getRemoteAddr, expected result
'no trusted proxies' => [[], '2.2.2.2', '2.2.2.2', ['HTTP_X_FORWARDED_FOR'], [], true],
'trusted proxy, remote addr not trusted proxy' => [['1.1.1.1'], '2.2.2.2', '2.2.2.2', ['HTTP_X_FORWARDED_FOR'], [], true],
'trusted proxy, remote addr is trusted proxy, forwarded header working' => [['1.1.1.1'], '1.1.1.1', '2.2.2.2', ['HTTP_X_FORWARDED_FOR'], [], true],
'trusted proxy, remote addr is trusted proxy, forwarded header not set' => [['1.1.1.1'], '1.1.1.1', '1.1.1.1', ['HTTP_X_FORWARDED_FOR'], [], false],
'no trusted proxies, but header present' => [[], '2.2.2.2', '2.2.2.2', ['HTTP_X_FORWARDED_FOR'], ['HTTP_X_FORWARDED_FOR' => '1.1.1.1'], false],
'no trusted proxies, different header present' => [[], '2.2.2.2', '2.2.2.2', ['HTTP_X_FORWARDED_FOR'], ['FORWARDED' => '1.1.1.1'], true],
'no trusted proxies' => [[], '2.2.2.2', '2.2.2.2', true],
'trusted proxy, remote addr not trusted proxy' => [['1.1.1.1'], '2.2.2.2', '2.2.2.2', true],
'trusted proxy, remote addr is trusted proxy, x-forwarded-for working' => [['1.1.1.1'], '1.1.1.1', '2.2.2.2', true],
'trusted proxy, remote addr is trusted proxy, x-forwarded-for not set' => [['1.1.1.1'], '1.1.1.1', '1.1.1.1', false],
];
}

public function testForwardedHostPresentButTrustedProxiesEmpty() {
$this->config->expects($this->once())
->method('getSystemValue')
->with('trusted_proxies', [])
->willReturn([]);
$this->request->expects($this->atLeastOnce())
->method('getHeader')
->willReturnMap([
['REMOTE_ADDR', '1.1.1.1'],
['X-Forwarded-Host', 'nextcloud.test']
]);
$this->request->expects($this->any())
->method('getRemoteAddress')
->willReturn('1.1.1.1');

$this->assertEquals(
false,
self::invokePrivate($this->checkSetupController, 'forwardedForHeadersWorking')
);
}

public function testCheck() {
$this->config->expects($this->at(0))
->method('getAppValue')
Expand Down