Merge pull request #1163 from alphagov/revert-1154-revert-1151-pp_570…

…9_ip_address_in_auth_request Revert "Revert "PP-5709: add ip address to auth request""
alphagov · Nov 13, 2019 · 6881797 · 6881797
2 parents 7ae8d29 + 3a96c80
commit 6881797
Show file tree

Hide file tree

Showing 9 changed files with 68 additions and 6 deletions.
diff --git a/app/services/normalise_charge.js b/app/services/normalise_charge.js
@@ -7,6 +7,7 @@ const lodash = require('lodash')
 // Local dependencies
 const countries = require('../services/countries')
 const normaliseCards = require('../services/normalise_cards')
+const userIpAddress = require('../utils/user_ip_address')
 
 module.exports = (function () {
   const charge = function (charge, chargeId) {
@@ -155,7 +156,8 @@ module.exports = (function () {
       'prepaid': card.prepaid,
       'address': addressForApi(req.body),
       'accept_header': req.header('accept'),
-      'user_agent_header': req.header('user-agent')
+      'user_agent_header': req.header('user-agent'),
+      'ip_address': userIpAddress(req)
     }
     if (req.body.worldpay3dsFlexDdcResult) {
       payload['worldpay_3ds_flex_ddc_result'] = req.body.worldpay3dsFlexDdcResult

diff --git a/app/utils/user_ip_address.js b/app/utils/user_ip_address.js
@@ -0,0 +1,14 @@
+'use strict'
+
+module.exports = req => {
+  const xHeaderIpAddress = req.headers['x-forwarded-for']
+  let ipAddress
+  if (xHeaderIpAddress !== undefined) {
+    ipAddress = xHeaderIpAddress.split(',')[0]
+  } else {
+    ipAddress = (req.connection && req.connection.remoteAddress) ||
+      (req.socket && req.socket.remoteAddress) ||
+      (req.connection && req.connection.socket && req.connection.socket.remoteAddress)
+  }
+  return ipAddress !== undefined ? ipAddress.toString().trim() : null
+}
diff --git a/test/controllers/charge_controller_create_test.js b/test/controllers/charge_controller_create_test.js
@@ -84,7 +84,8 @@ describe('POST /card_details/{chargeId} endpoint', function () {
       chargeId: chargeId,
       header: sinon.spy(),
       headers: {
-        'x-request-id': 'unique-id'
+        'x-request-id': 'unique-id',
+        'x-forwarded-for': '127.0.0.1'
       }
     }
 
@@ -124,7 +125,8 @@ describe('POST /card_details/{chargeId} endpoint', function () {
       chargeId: chargeId,
       header: sinon.spy(),
       headers: {
-        'x-request-id': 'unique-id'
+        'x-request-id': 'unique-id',
+        'x-forwarded-for': '127.0.0.1'
       }
     }
     await requireChargeController(mockedConnectorClient).create(request, response)

diff --git a/test/fixtures/payment_fixtures.js b/test/fixtures/payment_fixtures.js
@@ -326,7 +326,8 @@ const fixtures = {
         'city': opts.addressCity || 'London',
         'postcode': opts.addressPostcode || 'DO11 4RS',
         'country': opts.addressCountry || 'GB'
-      }
+      },
+      'ip_address': opts.ipAddress || '127.0.0.1'
     }
     return {
       getPactified: () => {

diff --git a/test/integration/charge_billing_address_ft_tests.js b/test/integration/charge_billing_address_ft_tests.js
@@ -108,7 +108,8 @@ describe('chargeTests - billing address', function () {
         city: 'Willy wonka',
         postcode: 'Y1 1YN',
         country: 'GB'
-      }
+      },
+      ip_address: '127.0.0.1'
     }
   }
 

diff --git a/test/integration/charge_ft_tests.js b/test/integration/charge_ft_tests.js
@@ -130,7 +130,8 @@ describe('chargeTests', function () {
         city: 'Willy wonka',
         postcode: 'Y1 1YN',
         country: 'GB'
-      }
+      },
+      ip_address: '127.0.0.1'
     }
   }
 

diff --git a/test/services/mornalise_charge_test.js → test/services/normalise_charge_test.js b/test/services/mornalise_charge_test.js → test/services/normalise_charge_test.js
diff --git a/test/test_helpers/test_helpers.js b/test/test_helpers/test_helpers.js
@@ -268,6 +268,7 @@ module.exports = {
       .set('Cookie', ['frontend_state=' + cookieValue])
       .set('Accept', 'application/json')
       .set('x-request-id', 'some-unique-id')
+      .set('x-forwarded-for', '127.0.0.1')
       .send(data)
   },
 

diff --git a/test/utils/user_ip_address_test.js b/test/utils/user_ip_address_test.js
@@ -0,0 +1,40 @@
+const expect = require('chai').expect
+
+const userIpAddress = require('../../app/utils/user_ip_address')
+
+describe('user ip address', () => {
+  it('returns the address provided in x-forwarded-for header', () => {
+    const result = userIpAddress({
+      headers: { 'x-forwarded-for': '127.0.0.1, 0.0.0.0' },
+      connection: { remoteAddress: '0.0.0.0', socket: { remoteAddress: '0.0.0.0' } },
+      socket: { remoteAddress: '0.0.0.0' }
+    })
+    expect(result).to.equal('127.0.0.1')
+  })
+
+  it('returns the address provided as connection remote address', () => {
+    const result = userIpAddress({
+      headers: {},
+      connection: { remoteAddress: '127.0.0.1', socket: { remoteAddress: '0.0.0.0' } },
+      socket: { remoteAddress: '0.0.0.0' }
+    })
+    expect(result).to.equal('127.0.0.1')
+  })
+
+  it('returns the address provided as socket remote address', () => {
+    const result = userIpAddress({
+      headers: {},
+      socket: { remoteAddress: '127.0.0.1' },
+      connection: { socket: { remoteAddress: '0.0.0.0' } }
+    })
+    expect(result).to.equal('127.0.0.1')
+  })
+
+  it('returns the address provided as connection socket remote address', () => {
+    const result = userIpAddress({
+      headers: {},
+      connection: { socket: { remoteAddress: '127.0.0.1' } }
+    })
+    expect(result).to.equal('127.0.0.1')
+  })
+})