From b01dc2865bf853c744bddf671d19846a262de711 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= <clement@oodo.net>
Date: Tue, 26 Jun 2012 16:05:27 +0000
Subject: [PATCH] Change the way X Forwarded For adress is stored in session
 (#486)

---
 .../lib/Lemonldap/NG/Manager/Sessions.pm           | 11 ++++-------
 .../lib/Lemonldap/NG/Portal/Simple.pm              | 14 ++++++++------
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm
index f1d0516f0..f745f92cb 100644
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Sessions.pm
@@ -24,7 +24,7 @@ use utf8;
 our $whatToTrace;
 *whatToTrace = \$Lemonldap::NG::Handler::_CGI::whatToTrace;
 
-our $VERSION = '1.1.0';
+our $VERSION = '1.2.1';
 
 our @ISA = qw(
   Lemonldap::NG::Handler::CGI
@@ -74,9 +74,8 @@ sub new {
     %{ $self->{globalStorageOptions} } = %$globalStorageOptions;
     $self->{globalStorageOptions}->{backend} = $globalStorage;
 
-    # Check if we use X-FORWARDED-FOR header for IP
-    $self->{ipField} =
-      $self->{useXForwardedForIP} ? "xForwardedForAddr" : "ipAddr";
+    # IP field
+    $self->{ipField} = "ipAddr";
 
     # Multi values separator
     $self->{multiValuesSeparator} ||= '; ';
@@ -482,7 +481,7 @@ sub session {
     # Map attributes to categories
     my $categories = {
         'dateTitle'       => [qw(_utime startTime updateTime _lastAuthnUTime)],
-        'connectionTitle' => [qw(ipAddr xForwardedForAddr _timezone _url)],
+        'connectionTitle' => [qw(ipAddr _timezone _url)],
         'authenticationTitle' =>
           [qw(_session_id _user _password authenticationLevel)],
         'modulesTitle' => [qw(_auth _userDB _passwordDB _issuerDB _authChoice)],
@@ -887,8 +886,6 @@ sessions
         https         => 1,
         jqueryUri     => '/js/jquery/jquery.js',
         imagePath     => '/js/jquery.simple.tree/',
-        # Force the use of X-FORWARDED-FOR for IP
-        useXForwardedForIP => 1,
         # Optionnal
         protection    => 'rule: $uid eq "admin"',
         # Or to use rules from manager
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
index 0c25eded3..0b151d826 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
@@ -1924,14 +1924,16 @@ sub setSessionInfo {
     # Get the current user module
     $self->{sessionInfo}->{_userDB} = $self->get_module("user");
 
-    # Store IP address
-    $self->{sessionInfo}->{ipAddr} = $ENV{REMOTE_ADDR};
-
-    # Extract and store client IP from X-FORWARDED-FOR header
+    # Store IP address from remote address or X-FORWARDED-FOR header
     my $xheader = $ENV{HTTP_X_FORWARDED_FOR};
     $xheader =~ s/(.*?)(\,)+.*/$1/ if $xheader;
-    $self->{sessionInfo}->{xForwardedForAddr} = $xheader
-      || $ENV{REMOTE_ADDR};
+
+    if ( $xheader and $self->{useXForwardedForIP} ) {
+        $self->{sessionInfo}->{ipAddr} = $xheader;
+    }
+    else {
+        $self->{sessionInfo}->{ipAddr} = $ENV{REMOTE_ADDR};
+    }
 
     # Date and time
     if ( $self->{updateSession} ) {