diff --git a/module/finc/src/finc/Role/PermissionProvider/IpRangeFoFor.php b/module/finc/src/finc/Role/PermissionProvider/IpRangeFoFor.php
index 134d1a0dad6f9a6697eeb6f36ff4217bb1188263..37106e439210a6b3eae83e5838085b769c1fbf15 100644
--- a/module/finc/src/finc/Role/PermissionProvider/IpRangeFoFor.php
+++ b/module/finc/src/finc/Role/PermissionProvider/IpRangeFoFor.php
@@ -45,6 +45,28 @@ namespace finc\Role\PermissionProvider;
*/
class IpRangeFoFor extends \VuFind\Role\PermissionProvider\IpRange
{
+
+ /**
+ * returns remote address based on eventual proxy headers
+ *
+ * @return string
+ */
+ private function getRemoteAddr() {
+ // a list of ips the request is forwarded for - first is latest
+ $HttpXForwardedForList = explode(',', $this->request->getServer()->get('HTTP_X_FORWARDED_FOR'));
+
+ if ($ip = array_shift($HttpXForwardedForList)) {
+ return $ip;
+ }
+
+ // often provided by nginx-reverse-proxies, should be used since its the nature of the value
+ if ($ip = $this->request->getServer()->get('HTTP_X_REAL_IP')) {
+ return $ip;
+ }
+
+ return $this->request->getServer()->get('REMOTE_ADDR');
+ }
+
/**
* Return an array of roles which may be granted the permission based on
* the options.
@@ -57,11 +79,10 @@ class IpRangeFoFor extends \VuFind\Role\PermissionProvider\IpRange
*/
public function getPermissions($options)
{
+
+
// Check if any regex matches....
- $ip = $this->request->getServer()->get('HTTP_X_FORWARDED_FOR') != null
- ? $this->request->getServer()->get('HTTP_X_FORWARDED_FOR')
- : $this->request->getServer()->get('REMOTE_ADDR');
- if ($this->ipAddressUtils->isInRange($ip, (array)$options)) {
+ if ($this->ipAddressUtils->isInRange($this->getRemoteAddr(), (array)$options)) {
// Match? Grant to all users (guest or logged in).
return ['guest', 'loggedin'];
}
diff --git a/module/finc/src/finc/Role/PermissionProvider/IpRegExFoFor.php b/module/finc/src/finc/Role/PermissionProvider/IpRegExFoFor.php
index 07afb30d8f1717f736087d265ef6876b677b042d..c54b27513668296471c0f9843f86463f15f772ac 100644
--- a/module/finc/src/finc/Role/PermissionProvider/IpRegExFoFor.php
+++ b/module/finc/src/finc/Role/PermissionProvider/IpRegExFoFor.php
@@ -22,6 +22,7 @@
* @category VuFind
* @package Authorization
* @author Gregor Gawol <gawol@ub.uni-leipzig.de>
+ * @author Ulf Seltmann <ulf.seltmann@hmt-leipzig.de>
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License
* @link https://vufind.org Main Page
*/
@@ -33,11 +34,33 @@ namespace finc\Role\PermissionProvider;
* @category VuFind
* @package Authorization
* @author Gregor Gawol <gawol@ub.uni-leipzig.de>
+ * @author Ulf Seltmann <ulf.seltmann@hmt-leipzig.de>
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License
* @link https://vufind.org Main Page
*/
class IpRegExFoFor extends \VuFind\Role\PermissionProvider\IpRegEx
{
+ /**
+ * returns remote address based on eventual proxy headers
+ *
+ * @return string
+ */
+ private function getRemoteAddr() {
+ // a list of ips the request is forwarded for - first is latest
+ $HttpXForwardedForList = explode(',', $this->request->getServer()->get('HTTP_X_FORWARDED_FOR'));
+
+ if ($ip = array_shift($HttpXForwardedForList)) {
+ return $ip;
+ }
+
+ // often provided by nginx-reverse-proxies, should be used since its the nature of the value
+ if ($ip = $this->request->getServer()->get('HTTP_X_REAL_IP')) {
+ return $ip;
+ }
+
+ return $this->request->getServer()->get('REMOTE_ADDR');
+ }
+
/**
* Return an array of roles which may be granted the permission based on
* the options.
@@ -51,9 +74,7 @@ class IpRegExFoFor extends \VuFind\Role\PermissionProvider\IpRegEx
public function getPermissions($options)
{
// Check if any regex matches....
- $ip = $this->request->getServer()->get('HTTP_X_FORWARDED_FOR') != null
- ? $this->request->getServer()->get('HTTP_X_FORWARDED_FOR')
- : $this->request->getServer()->get('REMOTE_ADDR');
+ $ip = $this->getRemoteAddr();
foreach ((array)$options as $current) {
if (preg_match($current, $ip)) {
// Match? Grant to all users (guest or logged in).