Allow overwriting getting the remote addrv0.1.4

3 files changed, 44 insertions, 10 deletions

diff --git a/examples/remoteaddr_fix.php b/examples/remoteaddr_fix.php
new file mode 100644
index 0000000..10b9796
--- /dev/null
+++ b/examples/remoteaddr_fix.php
@@ -0,0 +1,12 @@
+<?php
+
+// This file set $_SERVER['REMOTE_ADDR'] and should be used when testing a
+// broker on localhost with a remote server.
+//
+// Use this file by adding `-d auto_prepend_file=../remoteaddr_fix.php`.
+
+$externalContent = file_get_contents('http://ip4.me/');
+preg_match('/\b(\d{1,3}\.){3}\d{1,3}\b/', $externalContent, $m);
+
+$_SERVER['REMOTE_ADDR'] = $m[0];
+
diff --git a/src/Broker.php b/src/Broker.php
index a9ffdd7..df8b07c 100644
--- a/src/Broker.php
+++ b/src/Broker.php
@@ -41,7 +41,6 @@ class Broker
      */
     protected $userinfo;
     
-    
     /**
      * Class constructor
      *
@@ -60,6 +59,8 @@ class Broker
         $this->secret = $secret;
         
         if (isset($_COOKIE[$this->getCookieName()])) $this->token = $_COOKIE[$this->getCookieName()];
+        
+        
     }
     
     /**
@@ -72,7 +73,7 @@ class Broker
      */
     protected function getCookieName()
     {
-        return 'sso_token_' . strtolower($this->broker);
+        return 'sso_token_' . preg_replace('/[_\W]+/', '_', strtolower($this->broker));
     }
 
     /**
@@ -84,7 +85,7 @@ class Broker
     {
         if (!$this->token) return null;
 
-        $checksum = hash('sha256', 'session' . $this->token . $_SERVER['REMOTE_ADDR'] . $this->secret);
+        $checksum = hash('sha256', 'session' . $this->token . static::getRemoteAddr() . $this->secret);
         return "SSO-{$this->broker}-{$this->token}-$checksum";
     }
 
@@ -118,12 +119,12 @@ class Broker
     public function getAttachUrl($params = [])
     {
         $this->generateToken();
-
+        
         $data = [
             'command' => 'attach',
             'broker' => $this->broker,
             'token' => $this->token,
-            'checksum' => hash('sha256', 'attach' . $this->token . $_SERVER['REMOTE_ADDR'] . $this->secret)
+            'checksum' => hash('sha256', 'attach' . $this->token . static::getRemoteAddr() . $this->secret)
         ] + $_GET;
         
         return $this->url . "?" . http_build_query($data + $params);
@@ -249,4 +250,15 @@ class Broker
 
         return $this->userinfo;
     }
+
+
+    /**
+     * Get the client IP address
+     *
+     * @return string
+     */
+    protected static function getRemoteAddr()
+    {
+        return $_SERVER['REMOTE_ADDR'];
+    }
 }
diff --git a/src/Server.php b/src/Server.php
index 9716c25..1afbd1e 100644
--- a/src/Server.php
+++ b/src/Server.php
@@ -115,10 +115,9 @@ abstract class Server
         }
         
         if (!$clientAddr) {
-            $this->setSessionData('client_addr', $_SERVER['REMOTE_ADDR']);
+            $this->setSessionData('client_addr', static::getRemoteAddr());
         }
-    }
-    
+    }    
     
     /**
      * Generate session id from session token
@@ -130,7 +129,7 @@ abstract class Server
         $broker = $this->getBrokerInfo($brokerId);
 
         if (!isset($broker)) return null;
-        if (!isset($client_addr)) $client_addr = $_SERVER['REMOTE_ADDR'];
+        if (!isset($client_addr)) $client_addr = static::getRemoteAddr();
 
         return "SSO-{$brokerId}-{$token}-" . hash('sha256', 'session' . $token . $client_addr . $broker['secret']);
     }
@@ -146,7 +145,7 @@ abstract class Server
         
         if (!isset($broker)) return null;
 
-        return hash('sha256', 'attach' . $token . $_SERVER['REMOTE_ADDR'] . $broker['secret']);
+        return hash('sha256', 'attach' . $token . static::getRemoteAddr() . $broker['secret']);
     }
     
 
@@ -367,5 +366,16 @@ abstract class Server
      * @return array|object
      */
     abstract protected function getUserInfo($username);
+    
+    
+    /**
+     * Get the client IP address
+     *
+     * @return string
+     */
+    protected static function getRemoteAddr()
+    {
+        return $_SERVER['REMOTE_ADDR'];
+    }
 }