Allow to configure trusted proxies via ActionController::Base.trusted_proxies [#2126 state:resolved]

Signed-off-by: Pratik Naik <pratiknaik@gmail.com>

3 files changed, 32 insertions, 2 deletions

diff --git a/actionpack/lib/action_controller/metal/compatibility.rb b/actionpack/lib/action_controller/metal/compatibility.rb
index 23e7b1b3af..f94d1c669c 100644
--- a/actionpack/lib/action_controller/metal/compatibility.rb
+++ b/actionpack/lib/action_controller/metal/compatibility.rb
@@ -64,6 +64,8 @@ module ActionController
 
       cattr_accessor :ip_spoofing_check
       self.ip_spoofing_check = true
+
+      cattr_accessor :trusted_proxies
     end
 
     # For old tests
diff --git a/actionpack/lib/action_dispatch/http/request.rb b/actionpack/lib/action_dispatch/http/request.rb
index 5f9463eb91..4190fa21cd 100755
--- a/actionpack/lib/action_dispatch/http/request.rb
+++ b/actionpack/lib/action_dispatch/http/request.rb
@@ -246,7 +246,7 @@ module ActionDispatch
       remote_addr_list = @env['REMOTE_ADDR'] && @env['REMOTE_ADDR'].scan(/[^,\s]+/)
 
       unless remote_addr_list.blank?
-        not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES}
+        not_trusted_addrs = remote_addr_list.reject {|addr| addr =~ TRUSTED_PROXIES || addr =~ ActionController::Base.trusted_proxies}
         return not_trusted_addrs.first unless not_trusted_addrs.empty?
       end
       remote_ips = @env['HTTP_X_FORWARDED_FOR'] && @env['HTTP_X_FORWARDED_FOR'].split(',')
@@ -265,7 +265,7 @@ EOM
       end
 
       if remote_ips
-        while remote_ips.size > 1 && TRUSTED_PROXIES =~ remote_ips.last.strip
+        while remote_ips.size > 1 && (TRUSTED_PROXIES =~ remote_ips.last.strip || ActionController::Base.trusted_proxies =~ remote_ips.last.strip)
           remote_ips.pop
         end
 
diff --git a/actionpack/test/dispatch/request_test.rb b/actionpack/test/dispatch/request_test.rb
index 8ebf9aa186..f3500fca34 100644
--- a/actionpack/test/dispatch/request_test.rb
+++ b/actionpack/test/dispatch/request_test.rb
@@ -72,6 +72,34 @@ class RequestTest < ActiveSupport::TestCase
     assert_equal '9.9.9.9', request.remote_ip
   end
 
+  test "remote ip with user specified trusted proxies" do
+    ActionController::Base.trusted_proxies = /^67\.205\.106\.73$/i
+
+    request = stub_request 'REMOTE_ADDR' => '67.205.106.73',
+                           'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
+    assert_equal '3.4.5.6', request.remote_ip
+
+    request = stub_request 'REMOTE_ADDR' => '172.16.0.1,67.205.106.73',
+                           'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
+    assert_equal '3.4.5.6', request.remote_ip
+
+    request = stub_request 'REMOTE_ADDR' => '67.205.106.73,172.16.0.1',
+                           'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
+    assert_equal '3.4.5.6', request.remote_ip
+
+    request = stub_request 'REMOTE_ADDR' => '67.205.106.74,172.16.0.1',
+                           'HTTP_X_FORWARDED_FOR' => '3.4.5.6'
+    assert_equal '67.205.106.74', request.remote_ip
+
+    request = stub_request 'HTTP_X_FORWARDED_FOR' => 'unknown,67.205.106.73'
+    assert_equal 'unknown', request.remote_ip
+
+    request = stub_request 'HTTP_X_FORWARDED_FOR' => '9.9.9.9, 3.4.5.6, 10.0.0.1, 67.205.106.73'
+    assert_equal '3.4.5.6', request.remote_ip
+
+    ActionController::Base.trusted_proxies = nil
+  end
+
   test "domains" do
     request = stub_request 'HTTP_HOST' => 'www.rubyonrails.org'
     assert_equal "rubyonrails.org", request.domain