From 94cfa45a46ad63fa74e102b746bfb7775f425137 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Gallego?= <mic.gallego@gmail.com>
Date: Mon, 27 Jun 2016 15:54:56 +0200
Subject: [PATCH] Take into account Docker localhost

---
 CHANGELOG.md                                  |  4 ++++
 src/Middleware/LocalhostCheckerMiddleware.php |  4 ++--
 .../LocalhostCheckerMiddlewareTest.php        | 24 +++++++++++++++++++
 3 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b1dc966..546a832 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,7 @@
+# 5.1.1
+
+* Adds support for detecting localhost requests coming from Docker environment
+
 # 5.1.0
 
 * ZfrEbWorker adds a new security improvement by restricting the internal worker to localhost only.
diff --git a/src/Middleware/LocalhostCheckerMiddleware.php b/src/Middleware/LocalhostCheckerMiddleware.php
index ee452df..572fb1b 100644
--- a/src/Middleware/LocalhostCheckerMiddleware.php
+++ b/src/Middleware/LocalhostCheckerMiddleware.php
@@ -31,8 +31,8 @@ public function __invoke(
         $serverParams = $request->getServerParams();
         $remoteAddr   = $serverParams['REMOTE_ADDR'] ?? '';
 
-        // If request is not originating from localhost, we simply return 200
-        if (!in_array($remoteAddr, $this->localhost)) {
+        // If request is not originating from localhost or from Docker local IP, we simply return 200
+        if (!in_array($remoteAddr, $this->localhost) && !fnmatch('172.17.*', $remoteAddr)) {
             return $response->withStatus(403);
         }
 
diff --git a/test/Middleware/LocalhostCheckerMiddlewareTest.php b/test/Middleware/LocalhostCheckerMiddlewareTest.php
index d7fbb8e..989043e 100644
--- a/test/Middleware/LocalhostCheckerMiddlewareTest.php
+++ b/test/Middleware/LocalhostCheckerMiddlewareTest.php
@@ -24,6 +24,30 @@ public function testReturns403IfNotFromLocalhost()
         $this->assertEquals(403, $returnedResponse->getStatusCode());
     }
 
+    public function dockerIpAddresses()
+    {
+        return [['172.17.42.1'], ['172.17.0.1']];
+    }
+
+    /**
+     * @dataProvider dockerIpAddresses
+     */
+    public function testDelegatesIfFromDockerLocal(string $ipAddress)
+    {
+        $request  = $this->prophesize(ServerRequestInterface::class);
+        $response = new Response();
+
+        $request->getServerParams()->shouldBeCalled()->willReturn(['REMOTE_ADDR' => $ipAddress]);
+
+        $middleware = new LocalhostCheckerMiddleware();
+
+        $returnedResponse = $middleware->__invoke($request->reveal(), $response, function($request, $response, $out) {
+            return $response;
+        });
+
+        $this->assertEquals(200, $returnedResponse->getStatusCode());
+    }
+
     public function testDelegateIfFromIPv4Localhost()
     {
         $request  = $this->prophesize(ServerRequestInterface::class);