Skip to content
Snippets Groups Projects
Unverified Commit 5ff092b4 authored by lukasmatusiewicz's avatar lukasmatusiewicz Committed by GitHub
Browse files

Merge pull request #45 from sqampy/patch-1

Forward the source IP as value for "client" in sendRequest()
parents 0a2b099e 56fb73e6
Branches
Tags
No related merge requests found
...@@ -42,6 +42,9 @@ class PrivacyIDEA ...@@ -42,6 +42,9 @@ class PrivacyIDEA
/* @var string Realm for a service account to the privacyIDEA server. This is required to use the /validate/triggerchallenge endpoint. This is optional. */ /* @var string Realm for a service account to the privacyIDEA server. This is required to use the /validate/triggerchallenge endpoint. This is optional. */
public $serviceAccountRealm = ""; public $serviceAccountRealm = "";
/* @var bool Send the "client" parameter to allow using the original IP address in the privacyIDEA policies. */
public $forwardClientIP = false;
/* @var object Implementation of the PILog interface. */ /* @var object Implementation of the PILog interface. */
public $logger = null; public $logger = null;
...@@ -422,6 +425,22 @@ class PrivacyIDEA ...@@ -422,6 +425,22 @@ class PrivacyIDEA
assert('string' === gettype($httpMethod)); assert('string' === gettype($httpMethod));
assert('string' === gettype($endpoint)); assert('string' === gettype($endpoint));
// Add the client parameter if wished.
if ($this->forwardClientIP === true)
{
$serverHeaders = $_SERVER;
foreach (array("X-Forwarded-For", "HTTP_X_FORWARDED_FOR", "REMOTE_ADDR") as $clientKey)
{
if (array_key_exists($clientKey, $serverHeaders))
{
$clientIP = $serverHeaders[$clientKey];
$this->debugLog("Forwarding Client IP: " . $clientKey . ": " . $clientIP);
$params['client'] = $clientIP;
break;
}
}
}
$this->debugLog("Sending " . http_build_query($params, '', ', ') . " to " . $endpoint); $this->debugLog("Sending " . http_build_query($params, '', ', ') . " to " . $endpoint);
$completeUrl = $this->serverURL . $endpoint; $completeUrl = $this->serverURL . $endpoint;
......
...@@ -32,6 +32,7 @@ class ValidateCheckTest extends TestCase implements PILog ...@@ -32,6 +32,7 @@ class ValidateCheckTest extends TestCase implements PILog
$this->pi->logger = $this; $this->pi->logger = $this;
$this->pi->sslVerifyHost = false; $this->pi->sslVerifyHost = false;
$this->pi->sslVerifyPeer = false; $this->pi->sslVerifyPeer = false;
$this->pi->forwardClientIP = true;
$this->pi->realm = "testRealm"; $this->pi->realm = "testRealm";
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment