Fix IP access middleware

DaneEveritt · DaneEveritt · commit 8f72571895dc · 2018-02-28T23:39:59.000-06:00
diff --git a/app/Http/Middleware/Api/AuthenticateIPAccess.php b/app/Http/Middleware/Api/AuthenticateIPAccess.php
@@ -29,12 +29,12 @@ public function handle(Request $request, Closure $next)
         }
 
         $find = new IP($request->ip());
-        foreach ($model->allowed_ips as $ip) {
+        foreach (json_decode($model->allowed_ips) as $ip) {
             if (Range::parse($ip)->contains($find)) {
                 return $next($request);
             }
         }
 
-        throw new AccessDeniedHttpException('This IP address does not have permission to access the API using these credentials.');
+        throw new AccessDeniedHttpException('This IP address (' . $request->ip() . ') does not have permission to access the API using these credentials.');
     }
 }
diff --git a/tests/Unit/Http/Middleware/API/AuthenticateIPAccessTest.php b/tests/Unit/Http/Middleware/API/AuthenticateIPAccessTest.php
@@ -25,7 +25,7 @@ public function testWithNoIPRestrictions()
      */
     public function testWithValidIP()
     {
-        $model = factory(ApiKey::class)->make(['allowed_ips' => ['127.0.0.1']]);
+        $model = factory(ApiKey::class)->make(['allowed_ips' => '["127.0.0.1"]']);
         $this->setRequestAttribute('api_key', $model);
 
         $this->request->shouldReceive('ip')->withNoArgs()->once()->andReturn('127.0.0.1');
@@ -38,7 +38,7 @@ public function testWithValidIP()
      */
     public function testValidIPAganistCIDRRange()
     {
-        $model = factory(ApiKey::class)->make(['allowed_ips' => ['192.168.1.1/28']]);
+        $model = factory(ApiKey::class)->make(['allowed_ips' => '["192.168.1.1/28"]']);
         $this->setRequestAttribute('api_key', $model);
 
         $this->request->shouldReceive('ip')->withNoArgs()->once()->andReturn('192.168.1.15');
@@ -54,10 +54,10 @@ public function testValidIPAganistCIDRRange()
      */
     public function testWithInvalidIP()
     {
-        $model = factory(ApiKey::class)->make(['allowed_ips' => ['127.0.0.1']]);
+        $model = factory(ApiKey::class)->make(['allowed_ips' => '["127.0.0.1"]']);
         $this->setRequestAttribute('api_key', $model);
 
-        $this->request->shouldReceive('ip')->withNoArgs()->once()->andReturn('127.0.0.2');
+        $this->request->shouldReceive('ip')->withNoArgs()->twice()->andReturn('127.0.0.2');
 
         $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
     }

Original file line number	Diff line number	Diff line change
`@@ -29,12 +29,12 @@ public function handle(Request $request, Closure $next)`
`29`	`29`	`}`
`30`	`30`
`31`	`31`	`$find = new IP($request->ip());`
`32`		`- foreach ($model->allowed_ips as $ip) {`
	`32`	`+ foreach (json_decode($model->allowed_ips) as $ip) {`
`33`	`33`	`if (Range::parse($ip)->contains($find)) {`
`34`	`34`	`return $next($request);`
`35`	`35`	`}`
`36`	`36`	`}`
`37`	`37`
`38`		`- throw new AccessDeniedHttpException('This IP address does not have permission to access the API using these credentials.');`
	`38`	`+ throw new AccessDeniedHttpException('This IP address (' . $request->ip() . ') does not have permission to access the API using these credentials.');`
`39`	`39`	`}`
`40`	`40`	`}`