VEH-10: Check Framework's IP source

Issue Information

Issue Type: Task
 
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: VehMan (VEH)
Resolution: Fixed (2013-11-10 01:36:40)
Target version: 1.0.1,
Labels: Sessions,

Created: 2013-10-18 04:37:38
Time Spent Working


Description
Check that BTFramework honours X-Forwarded-For in function getIP otherwise users behind the same proxy will be able to use each other's tokens


Toggle State Changes

Activity


2013-10-18 06:39:41
method getip has been adjusted, but changes haven't yet been tested

2013-10-18 06:39:45
btasker changed status from 'Open' to 'In Progress'

2013-11-10 01:33:21
Added IP check to test submodule. Unfortunately it's returning the IP of the proxy, so need to identify why.


\{"timestamp":1384047032,"response":"127.0.0.1","errors":null,"error":0\}


Headers are


\{"timestamp":1384047145,"response"\:{"X-Real-IP":"81.134.152.4","X-Forwarded-For":"81.134.152.4","Host":"api.vehiclefueltracker.co.uk","Connection":"close","Accept":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,\/;q=0.8","User-Agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Ubuntu Chromium\/28.0.1500.71 Chrome\/28.0.1500.71 Safari\/537.36","Accept-Encoding":"gzip,deflate,sdch","Accept-Language":"en-GB,en-US;q=0.8,en;q=0.6","Cookie":"__utma=121090191.1565016685.1381890140.1382075380.1383390128.7; __utmz=121090191.1381890140.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)"\},"errors":null,"error":0\}


Don't want to rely on the X-Real-IP as that's something NGinx has been configured to send.

2013-11-10 01:36:27
The keyname used with $_SERVER wasn't prefixed by HTTP_.

Commit a4e2475 resolves.

2013-11-10 01:36:40
btasker changed status from 'In Progress' to 'Resolved'

2013-11-10 01:36:40
btasker added 'Fixed' to resolution

2013-11-10 01:36:46
btasker changed status from 'Resolved' to 'Closed'