chiappa
/
sprint_planer_web
zrcadlo https://git.snix.ch/chiappa/sprint_planer_web.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293
							<?php

declare(strict_types=1);

namespace App\Tests\Http;

use App\Http\Request;
use App\Tests\TestCase;

/**
 * Smoke tests that `Request::ip()` and `Request::isHttps()` actually consult
 * `TRUSTED_PROXIES` (R01-N05 / R01-N07). The detail-level CIDR / XFF logic
 * is exercised in `TrustedProxiesTest`; here we only check the wiring.
 */
final class RequestTest extends TestCase
{
    /**
     * @param array<string,mixed> $server
     */
    private function makeRequest(array $server): Request
    {
        return new Request(
            method:  'GET',
            path:    '/',
            query:   [],
            post:    [],
            rawBody: '',
            headers: [],
            server:  $server,
        );
    }

    public function testIpReturnsRemoteAddrWhenNoTrustedProxiesConfigured(): void
    {
        $prev = getenv('TRUSTED_PROXIES');
        try {
            putenv('TRUSTED_PROXIES');
            $req = $this->makeRequest([
                'REMOTE_ADDR'           => '203.0.113.42',
                'HTTP_X_FORWARDED_FOR'  => '198.51.100.7',
            ]);
            self::assertSame('203.0.113.42', $req->ip());
        } finally {
            $prev === false ? putenv('TRUSTED_PROXIES') : putenv('TRUSTED_PROXIES=' . $prev);
        }
    }

    public function testIpHonoursXffWhenRemoteIsTrusted(): void
    {
        $prev = getenv('TRUSTED_PROXIES');
        try {
            putenv('TRUSTED_PROXIES=10.0.0.0/8');
            $req = $this->makeRequest([
                'REMOTE_ADDR'           => '10.0.0.1',
                'HTTP_X_FORWARDED_FOR'  => '198.51.100.7',
            ]);
            self::assertSame('198.51.100.7', $req->ip());
        } finally {
            $prev === false ? putenv('TRUSTED_PROXIES') : putenv('TRUSTED_PROXIES=' . $prev);
        }
    }

    public function testIsHttpsHonoursXfpOnlyFromTrustedProxy(): void
    {
        $prev = getenv('TRUSTED_PROXIES');
        try {
            putenv('TRUSTED_PROXIES=10.0.0.0/8');

            $trustedReq = $this->makeRequest([
                'REMOTE_ADDR'             => '10.0.0.1',
                'HTTP_X_FORWARDED_PROTO'  => 'https',
            ]);
            self::assertTrue($trustedReq->isHttps());

            $untrustedReq = $this->makeRequest([
                'REMOTE_ADDR'             => '203.0.113.5',
                'HTTP_X_FORWARDED_PROTO'  => 'https',
            ]);
            self::assertFalse($untrustedReq->isHttps());
        } finally {
            $prev === false ? putenv('TRUSTED_PROXIES') : putenv('TRUSTED_PROXIES=' . $prev);
        }
    }

    public function testIsHttpsRecognisesDirectTls(): void
    {
        $req = $this->makeRequest(['HTTPS' => 'on']);
        self::assertTrue($req->isHttps());

        $req = $this->makeRequest(['HTTPS' => 'off']);
        self::assertFalse($req->isHttps());
    }
}