Forced all fragment uris to be signed, even for ESI

Author: stof

EventListener/FragmentListener.php

@@ -12,7 +12,6 @@
 namespace Symfony\Component\HttpKernel\EventListener;
 
 use Symfony\Component\HttpFoundation\Request;
-use Symfony\Component\HttpFoundation\IpUtils;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
 use Symfony\Component\HttpKernel\KernelEvents;
 use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
@@ -77,13 +76,6 @@ protected function validateRequest(Request $request)
             throw new AccessDeniedHttpException();
         }
 
-        // does the Request come from a trusted IP?
-        $trustedIps = array_merge($this->getLocalIpAddresses(), $request->getTrustedProxies());
-        $remoteAddress = $request->server->get('REMOTE_ADDR');
-        if (IpUtils::checkIp($remoteAddress, $trustedIps)) {
-            return;
-        }
-
         // is the Request signed?
         // we cannot use $request->getUri() here as we want to work with the original URI (no query string reordering)
         if ($this->signer->check($request->getSchemeAndHttpHost().$request->getBaseUrl().$request->getPathInfo().(null !== ($qs = $request->server->get('QUERY_STRING')) ? '?'.$qs : ''))) {
@@ -93,6 +85,11 @@ protected function validateRequest(Request $request)
         throw new AccessDeniedHttpException();
     }
 
+    /**
+     * @deprecated Deprecated since 2.3.19, to be removed in 3.0.
+     *
+     * @return string[]
+     */
     protected function getLocalIpAddresses()
     {
         return array('127.0.0.1', 'fe80::1', '::1');

Fragment/EsiFragmentRenderer.php

@@ -15,6 +15,7 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpKernel\Controller\ControllerReference;
 use Symfony\Component\HttpKernel\HttpCache\Esi;
+use Symfony\Component\HttpKernel\UriSigner;
 
 /**
  * Implements the ESI rendering strategy.
@@ -25,6 +26,7 @@ class EsiFragmentRenderer extends RoutableFragmentRenderer
 {
     private $esi;
     private $inlineStrategy;
+    private $signer;
 
     /**
      * Constructor.
@@ -34,11 +36,13 @@ class EsiFragmentRenderer extends RoutableFragmentRenderer
      *
      * @param Esi                       $esi            An Esi instance
      * @param FragmentRendererInterface $inlineStrategy The inline strategy to use when ESI is not supported
+     * @param UriSigner                 $signer
      */
-    public function __construct(Esi $esi, FragmentRendererInterface $inlineStrategy)
+    public function __construct(Esi $esi, FragmentRendererInterface $inlineStrategy, UriSigner $signer = null)
     {
         $this->esi = $esi;
         $this->inlineStrategy = $inlineStrategy;
+        $this->signer = $signer;
     }
 
     /**
@@ -61,12 +65,12 @@ public function render($uri, Request $request, array $options = array())
         }
 
         if ($uri instanceof ControllerReference) {
-            $uri = $this->generateFragmentUri($uri, $request);
+            $uri = $this->generateSignedFragmentUri($uri, $request);
         }
 
         $alt = isset($options['alt']) ? $options['alt'] : null;
         if ($alt instanceof ControllerReference) {
-            $alt = $this->generateFragmentUri($alt, $request);
+            $alt = $this->generateSignedFragmentUri($alt, $request);
         }
 
         $tag = $this->esi->renderIncludeTag($uri, $alt, isset($options['ignore_errors']) ? $options['ignore_errors'] : false, isset($options['comment']) ? $options['comment'] : '');
@@ -81,4 +85,16 @@ public function getName()
     {
         return 'esi';
     }
+
+    private function generateSignedFragmentUri($uri, Request $request)
+    {
+        if (null === $this->signer) {
+            throw new \LogicException('You must use a URI when using the ESI rendering strategy or set a URL signer.');
+        }
+
+        // we need to sign the absolute URI, but want to return the path only.
+        $fragmentUri = $this->signer->sign($this->generateFragmentUri($uri, $request, true));
+
+        return substr($fragmentUri, strlen($request->getSchemeAndHttpHost()));
+    }
 }

Tests/EventListener/FragmentListenerTest.php

@@ -54,19 +54,6 @@ public function testAccessDeniedWithNonSafeMethods()
         $listener->onKernelRequest($event);
     }
 
-    /**
-     * @expectedException \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
-     */
-    public function testAccessDeniedWithNonLocalIps()
-    {
-        $request = Request::create('http://example.com/_fragment', 'GET', array(), array(), array(), array('REMOTE_ADDR' => '10.0.0.1'));
-
-        $listener = new FragmentListener(new UriSigner('foo'));
-        $event = $this->createGetResponseEvent($request);
-
-        $listener->onKernelRequest($event);
-    }
-
     /**
      * @expectedException \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
      */

Tests/Fragment/EsiFragmentRendererTest.php

@@ -15,6 +15,7 @@
 use Symfony\Component\HttpKernel\Fragment\EsiFragmentRenderer;
 use Symfony\Component\HttpKernel\HttpCache\Esi;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\UriSigner;
 
 class EsiFragmentRendererTest extends \PHPUnit_Framework_TestCase
 {
@@ -48,7 +49,52 @@ public function testRender()
         $this->assertEquals('<esi:include src="/" />', $strategy->render('/', $request)->getContent());
         $this->assertEquals("<esi:comment text=\"This is a comment\" />\n<esi:include src=\"/\" />", $strategy->render('/', $request, array('comment' => 'This is a comment'))->getContent());
         $this->assertEquals('<esi:include src="/" alt="foo" />', $strategy->render('/', $request, array('alt' => 'foo'))->getContent());
-        $this->assertEquals('<esi:include src="/_fragment?_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller" alt="/_fragment?_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dalt_controller" />', $strategy->render(new ControllerReference('main_controller', array(), array()), $request, array('alt' => new ControllerReference('alt_controller', array(), array())))->getContent());
+    }
+
+    public function testRenderControllerReference()
+    {
+        $signer = new UriSigner('foo');
+        $strategy = new EsiFragmentRenderer(new Esi(), $this->getInlineStrategy(), $signer);
+
+        $request = Request::create('/');
+        $request->setLocale('fr');
+        $request->headers->set('Surrogate-Capability', 'ESI/1.0');
+
+        $reference = new ControllerReference('main_controller', array(), array());
+        $altReference = new ControllerReference('alt_controller', array(), array());
+
+        $this->assertEquals(
+            '<esi:include src="/_fragment?_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dmain_controller&_hash=wDaFy1WsZUOWrrMdRMgJ1cOskFo%3D" alt="/_fragment?_path=_format%3Dhtml%26_locale%3Dfr%26_controller%3Dalt_controller&_hash=56ycnRUlgaremRQVStZsGbVhIv8%3D" />',
+            $strategy->render($reference, $request, array('alt' => $altReference))->getContent()
+        );
+    }
+
+    /**
+     * @expectedException \LogicException
+     */
+    public function testRenderControllerReferenceWithoutSignerThrowsException()
+    {
+        $strategy = new EsiFragmentRenderer(new Esi(), $this->getInlineStrategy());
+
+        $request = Request::create('/');
+        $request->setLocale('fr');
+        $request->headers->set('Surrogate-Capability', 'ESI/1.0');
+
+        $strategy->render(new ControllerReference('main_controller'), $request);
+    }
+
+    /**
+     * @expectedException \LogicException
+     */
+    public function testRenderAltControllerReferenceWithoutSignerThrowsException()
+    {
+        $strategy = new EsiFragmentRenderer(new Esi(), $this->getInlineStrategy());
+
+        $request = Request::create('/');
+        $request->setLocale('fr');
+        $request->headers->set('Surrogate-Capability', 'ESI/1.0');
+
+        $strategy->render('/', $request, array('alt' => new ControllerReference('alt_controller')));
     }
 
     private function getInlineStrategy($called = false)