VEH-10: Check Framework's IP source



Issue Information

Issue Type: Task
 
Priority: Major
Status: Closed

Reported By:
Ben Tasker
Assigned To:
Ben Tasker
Project: VehMan (VEH)
Resolution: Fixed (2013-11-10 01:36:40)
Target version: 1.0.1,
Labels: Sessions,

Created: 2013-10-18 04:37:38
Time Spent Working


Description
Check that BTFramework honours X-Forwarded-For in function getIP otherwise users behind the same proxy will be able to use each other's tokens


Toggle State Changes

Activity


method getip has been adjusted, but changes haven't yet been tested
btasker changed status from 'Open' to 'In Progress'
Added IP check to test submodule. Unfortunately it's returning the IP of the proxy, so need to identify why.


\{"timestamp":1384047032,"response":"127.0.0.1","errors":null,"error":0\}


Headers are


\{"timestamp":1384047145,"response"\:{"X-Real-IP":"81.134.152.4","X-Forwarded-For":"81.134.152.4","Host":"api.vehiclefueltracker.co.uk","Connection":"close","Accept":"text\/html,application\/xhtml+xml,application\/xml;q=0.9,\/;q=0.8","User-Agent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Ubuntu Chromium\/28.0.1500.71 Chrome\/28.0.1500.71 Safari\/537.36","Accept-Encoding":"gzip,deflate,sdch","Accept-Language":"en-GB,en-US;q=0.8,en;q=0.6","Cookie":"__utma=121090191.1565016685.1381890140.1382075380.1383390128.7; __utmz=121090191.1381890140.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)"\},"errors":null,"error":0\}


Don't want to rely on the X-Real-IP as that's something NGinx has been configured to send.
The keyname used with $_SERVER wasn't prefixed by HTTP_.

Commit a4e2475 resolves.
btasker changed status from 'In Progress' to 'Resolved'
btasker added 'Fixed' to resolution
btasker changed status from 'Resolved' to 'Closed'