Merge pull request #45 from sqampy/patch-1

Forward the source IP as value for "client" in sendRequest()

src/PrivacyIDEA.php

@@ -42,6 +42,9 @@ class PrivacyIDEA
     /* @var string Realm for a service account to the privacyIDEA server. This is required to use the /validate/triggerchallenge endpoint. This is optional. */
     public $serviceAccountRealm = "";
 
+    /* @var bool Send the "client" parameter to allow using the original IP address in the privacyIDEA policies. */
+    public $forwardClientIP = false;
+
     /* @var object Implementation of the PILog interface. */
     public $logger = null;
 
@@ -422,6 +425,22 @@ public function sendRequest(array $params, array $headers, $httpMethod, $endpoin
         assert('string' === gettype($httpMethod));
         assert('string' === gettype($endpoint));
 
+        // Add the client parameter if wished.
+        if ($this->forwardClientIP === true)
+        {
+            $serverHeaders = $_SERVER;
+            foreach (array("X-Forwarded-For", "HTTP_X_FORWARDED_FOR", "REMOTE_ADDR") as $clientKey)
+            {
+                if (array_key_exists($clientKey, $serverHeaders))
+                {
+                    $clientIP = $serverHeaders[$clientKey];
+                    $this->debugLog("Forwarding Client IP: " . $clientKey . ": " . $clientIP);
+                    $params['client'] = $clientIP;
+                    break;
+                }
+            }
+        }
+
         $this->debugLog("Sending " . http_build_query($params, '', ', ') . " to " . $endpoint);
 
         $completeUrl = $this->serverURL . $endpoint;

test/ValidateCheckTest.php

@@ -32,6 +32,7 @@ public function setUp(): void
         $this->pi->logger = $this;
         $this->pi->sslVerifyHost = false;
         $this->pi->sslVerifyPeer = false;
+        $this->pi->forwardClientIP = true;
         $this->pi->realm = "testRealm";
     }