Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 11b1429

Browse files
fabpotfabpot
committed
feature #38149 [SecurityBundle] Comma separated ips for security.access_control (a-menshchikov)
This PR was squashed before being merged into the 5.2-dev branch. Discussion ---------- [SecurityBundle] Comma separated ips for security.access_control | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | Deprecations? | no | Tickets | | License | MIT | Doc PR | symfony/symfony-docs#14219 There is currently no way to use env vars to configure `security.access_control` ips with multiple values. Ability to use comma separated ips make it able. Commits ------- 0412e91 [SecurityBundle] Comma separated ips for security.access_control
2 parents 021ba35 + 0412e91 commit 11b1429

File tree

5 files changed

+45
-2
lines changed

5 files changed

+45
-2
lines changed

src/Symfony/Bundle/SecurityBundle/CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ CHANGELOG
77
* Added `FirewallListenerFactoryInterface`, which can be implemented by security factories to add firewall listeners
88
* Added `SortFirewallListenersPass` to make the execution order of firewall listeners configurable by
99
leveraging `Symfony\Component\Security\Http\Firewall\FirewallListenerInterface`
10+
* Added ability to use comma separated ip address list for `security.access_control`
1011

1112
5.1.0
1213
-----

src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ imports:
33

44
parameters:
55
env(APP_IP): '127.0.0.1'
6+
env(APP_IPS): '127.0.0.1, ::1'
67

78
security:
89
encoders:
@@ -47,7 +48,9 @@ security:
4748
- { path: ^/secured-by-one-real-ip-with-mask$, ips: '203.0.113.0/24', roles: IS_AUTHENTICATED_ANONYMOUSLY }
4849
- { path: ^/secured-by-one-real-ipv6$, ips: 0:0:0:0:0:ffff:c633:6400, roles: IS_AUTHENTICATED_ANONYMOUSLY }
4950
- { path: ^/secured-by-one-env-placeholder$, ips: '%env(APP_IP)%', roles: IS_AUTHENTICATED_ANONYMOUSLY }
51+
- { path: ^/secured-by-one-env-placeholder-multiple-ips$, ips: '%env(APP_IPS)%', roles: IS_AUTHENTICATED_ANONYMOUSLY }
5052
- { path: ^/secured-by-one-env-placeholder-and-one-real-ip$, ips: ['%env(APP_IP)%', 198.51.100.0], roles: IS_AUTHENTICATED_ANONYMOUSLY }
53+
- { path: ^/secured-by-one-env-placeholder-multiple-ips-and-one-real-ip$, ips: ['%env(APP_IPS)%', 198.51.100.0], roles: IS_AUTHENTICATED_ANONYMOUSLY }
5154
- { path: ^/highly_protected_resource$, roles: IS_ADMIN }
5255
- { path: ^/protected-via-expression$, allow_if: "(is_anonymous() and request.headers.get('user-agent') matches '/Firefox/i') or is_granted('ROLE_USER')" }
5356
- { path: .*, roles: IS_AUTHENTICATED_FULLY }

src/Symfony/Component/HttpFoundation/CHANGELOG.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,10 @@ CHANGELOG
44
5.2.0
55
-----
66

7-
* added support for `X-Forwarded-Prefix` header
7+
* added support for `X-Forwarded-Prefix` header
88
* added `HeaderUtils::parseQuery()`: it does the same as `parse_str()` but preserves dots in variable names
99
* added `File::getContent()`
10+
* added ability to use comma separated ip addresses for `RequestMatcher::matchIps()`
1011

1112
5.1.0
1213
-----

src/Symfony/Component/HttpFoundation/RequestMatcher.php

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -125,7 +125,11 @@ public function matchIp(string $ip)
125125
*/
126126
public function matchIps($ips)
127127
{
128-
$this->ips = null !== $ips ? (array) $ips : [];
128+
$ips = null !== $ips ? (array) $ips : [];
129+
130+
$this->ips = array_reduce($ips, static function (array $ips, string $ip) {
131+
return array_merge($ips, preg_split('/\s*,\s*/', $ip));
132+
}, []);
129133
}
130134

131135
/**

src/Symfony/Component/HttpFoundation/Tests/RequestMatcherTest.php

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -163,4 +163,38 @@ public function testAttributes()
163163
$matcher->matchAttribute('foo', 'babar');
164164
$this->assertFalse($matcher->matches($request));
165165
}
166+
167+
public function testIps()
168+
{
169+
$matcher = new RequestMatcher();
170+
171+
$request = Request::create('', 'GET', [], [], [], ['REMOTE_ADDR' => '127.0.0.1']);
172+
173+
$matcher->matchIp('127.0.0.1');
174+
$this->assertTrue($matcher->matches($request));
175+
176+
$matcher->matchIp('192.168.0.1');
177+
$this->assertFalse($matcher->matches($request));
178+
179+
$matcher->matchIps('127.0.0.1');
180+
$this->assertTrue($matcher->matches($request));
181+
182+
$matcher->matchIps('127.0.0.1, ::1');
183+
$this->assertTrue($matcher->matches($request));
184+
185+
$matcher->matchIps('192.168.0.1, ::1');
186+
$this->assertFalse($matcher->matches($request));
187+
188+
$matcher->matchIps(['127.0.0.1', '::1']);
189+
$this->assertTrue($matcher->matches($request));
190+
191+
$matcher->matchIps(['192.168.0.1', '::1']);
192+
$this->assertFalse($matcher->matches($request));
193+
194+
$matcher->matchIps(['1.1.1.1', '2.2.2.2', '127.0.0.1, ::1']);
195+
$this->assertTrue($matcher->matches($request));
196+
197+
$matcher->matchIps(['1.1.1.1', '2.2.2.2', '192.168.0.1, ::1']);
198+
$this->assertFalse($matcher->matches($request));
199+
}
166200
}

0 commit comments

Comments
 (0)