From ab037a347468853682e6e6f5bb469671af3d319a Mon Sep 17 00:00:00 2001 From: Miguel N Date: Sat, 23 Oct 2021 07:26:47 +0100 Subject: [PATCH] Allow hiding IP addresses This commit introduces a new feature where users can disable the collection and display of IP addresses. It's hardcoded in the .env config file for security reasons, and demo mode ignores this setting, because it already hides IPs by default. --- .env.example | 9 +++-- app/CustomFacades/IP.php | 33 ++++++++++++++++++- .../Controllers/ApplicationController.php | 1 + app/Http/Controllers/Auth/LoginController.php | 3 +- .../Controllers/Auth/RegisterController.php | 2 +- app/Http/Middleware/ForceLogoutMiddleware.php | 2 +- app/Http/Middleware/IPHistoryMiddleware.php | 21 ------------ app/Providers/AppServiceProvider.php | 13 ++++++-- config/app.php | 17 ++++++++++ .../user/profile/displayprofile.blade.php | 2 +- .../user/profile/useraccount.blade.php | 2 +- .../views/dashboard/user/viewapp.blade.php | 2 +- tests/Unit/ShouldCollectTest.php | 18 ++++++++++ 13 files changed, 91 insertions(+), 34 deletions(-) delete mode 100644 app/Http/Middleware/IPHistoryMiddleware.php create mode 100644 tests/Unit/ShouldCollectTest.php diff --git a/.env.example b/.env.example index 79807a8..ec4ee0d 100755 --- a/.env.example +++ b/.env.example @@ -7,14 +7,17 @@ APP_LOGO="https://www.raspberrypi.org/app/uploads/2020/05/Raspberry-Pi-OS-downlo APP_SITEHOMEPAGE="" # This can be your main homepage, other than this site itself -# Forces ssl connections even if the environment is set to "local". -# Void if env is production. -NONPROD_FORCE_SECURE=false +# Hides IP addresses +HIDE_IPS=false # Disables certain features for security purposes while running an open authentication system # Enable only for demonostration purposes DEMO_MODE=false +# Forces ssl connections even if the environment is set to "local". +# Void if env is production. +NONPROD_FORCE_SECURE=false + LOG_CHANNEL=daily DB_CONNECTION=mysql diff --git a/app/CustomFacades/IP.php b/app/CustomFacades/IP.php index 6753e29..da4579d 100755 --- a/app/CustomFacades/IP.php +++ b/app/CustomFacades/IP.php @@ -23,9 +23,38 @@ namespace App\CustomFacades; use Illuminate\Support\Facades\Cache; use Illuminate\Support\Facades\Http; +use Illuminate\Support\Facades\Log; class IP { + // Central source of truth for all operations that deal with IP addresses. + // For views, this is in a service provider, and is shared with all of them + /** + * Determines whether you should collect/display IP addresses in the app. + * @return bool Whether you should collect/display IPs, in the context in which this is called + */ + public function shouldCollect(): bool + { + // should collect or display IPs? + + // demo mode = true + // hide ips = false + + if (config('demo.is_enabled') || config('app.hide_ips')) + { + Log::debug('Global shouldCollect: ', [ + 'shouldCollect' => false + ]); + return false; // do not collect! + } + + Log::debug('Global shouldCollect: ', [ + 'shouldCollect' => true + ]); + + return true; + } + /** * Looks up information on a specified IP address. Caches results automatically. * @param string $IP IP address to lookup @@ -38,14 +67,16 @@ class IP 'ip' => $IP, ]; + if ($this->shouldCollect()) { + - if (!config('demo.is_enabled')) { return json_decode(Cache::remember($IP, 3600, function () use ($IP) { return Http::get(config('general.urls.ipapi.ipcheck'), [ 'apiKey' => config('general.keys.ipapi.apikey'), 'ip' => $IP, ])->body(); })); + } return new class { diff --git a/app/Http/Controllers/ApplicationController.php b/app/Http/Controllers/ApplicationController.php index fcb6dbf..082b91a 100755 --- a/app/Http/Controllers/ApplicationController.php +++ b/app/Http/Controllers/ApplicationController.php @@ -26,6 +26,7 @@ use App\Exceptions\ApplicationNotFoundException; use App\Exceptions\IncompleteApplicationException; use App\Exceptions\UnavailableApplicationException; use App\Exceptions\VacancyNotFoundException; +use App\Facades\IP; use App\Services\ApplicationService; use Illuminate\Http\Request; use Illuminate\Support\Facades\Auth; diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php index a97e63c..1dfd08d 100755 --- a/app/Http/Controllers/Auth/LoginController.php +++ b/app/Http/Controllers/Auth/LoginController.php @@ -26,6 +26,7 @@ use App\User; use Illuminate\Foundation\Auth\AuthenticatesUsers; use Illuminate\Http\Request; use Illuminate\Support\Facades\Log; +use App\Facades\IP; class LoginController extends Controller { @@ -81,7 +82,7 @@ class LoginController extends Controller public function authenticated(Request $request, User $user) { - if (!config('demo.is_enabled')) { + if (IP::shouldCollect()) { if ($user->originalIP !== $request->ip()) { Log::alert('User IP address changed from last login. Updating.', [ diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php index 4139139..7c7297b 100755 --- a/app/Http/Controllers/Auth/RegisterController.php +++ b/app/Http/Controllers/Auth/RegisterController.php @@ -124,7 +124,7 @@ class RegisterController extends Controller 'name' => $data['name'], 'email' => $data['email'], 'password' => Hash::make($data['password']), - 'originalIP' => config('demo.is_enabled') ? '0.0.0.0' : request()->ip(), + 'originalIP' => IP::shouldCollect() ? '0.0.0.0' : request()->ip(), ]); $user->assignRole('user'); diff --git a/app/Http/Middleware/ForceLogoutMiddleware.php b/app/Http/Middleware/ForceLogoutMiddleware.php index 7501cdd..b3b2baa 100755 --- a/app/Http/Middleware/ForceLogoutMiddleware.php +++ b/app/Http/Middleware/ForceLogoutMiddleware.php @@ -38,7 +38,7 @@ class ForceLogoutMiddleware if (Auth::user()->isBanned()) { Auth::logout(); - $request->session()->flash('error', 'Error: Your session has been forcefully terminated. Please try again in a few days.'); + $request->session()->flash('error', __('Your account is suspended. You will not be able to login or register until the suspension is lifted.')); return redirect('/'); } diff --git a/app/Http/Middleware/IPHistoryMiddleware.php b/app/Http/Middleware/IPHistoryMiddleware.php deleted file mode 100644 index eecadbf..0000000 --- a/app/Http/Middleware/IPHistoryMiddleware.php +++ /dev/null @@ -1,21 +0,0 @@ -app->environment() != 'local'); + $collect = true; + if(config('app.force_secure') && $this->app->environment() != 'production') $https = true; + if (config('app.hide_ips') || config('demo.is_enabled')) + { + $collect = false; + } + $this->app['request']->server->set('HTTPS', $https); + View::share('shouldCollect', $collect); View::share('demoActive', config('demo.is_enabled')); } } diff --git a/config/app.php b/config/app.php index 223f750..caf2438 100755 --- a/config/app.php +++ b/config/app.php @@ -77,6 +77,23 @@ return [ */ 'force_secure' => env('NONPROD_FORCE_SECURE', false), + + /* + |-------------------------------------------------------------------------- + | IP address anonymity + |-------------------------------------------------------------------------- + | + | RB Recruiter collects IP addresses and stores them in the database in order to + | display them to site admins. + | + | This feature allows you to disable the display and collection of IP addresses, + | just like in demo mode, without needing to be in demo mode. + | + | If enabled, demo mode will override this feature if it's set to false. + | + */ + 'hide_ips' => env('HIDE_IPS'), + /* |-------------------------------------------------------------------------- | Application Environment diff --git a/resources/views/dashboard/user/profile/displayprofile.blade.php b/resources/views/dashboard/user/profile/displayprofile.blade.php index 8903899..42f2fd9 100755 --- a/resources/views/dashboard/user/profile/displayprofile.blade.php +++ b/resources/views/dashboard/user/profile/displayprofile.blade.php @@ -317,7 +317,7 @@

{{$profile->profileShortBio}}

{{__('messages.reusable.member_since', ['date' => $since])}}

@if (Auth::user()->hasRole('admin')) - + @endif @if ($profile->user->is(Auth::user())) diff --git a/resources/views/dashboard/user/profile/useraccount.blade.php b/resources/views/dashboard/user/profile/useraccount.blade.php index f158da5..e037948 100755 --- a/resources/views/dashboard/user/profile/useraccount.blade.php +++ b/resources/views/dashboard/user/profile/useraccount.blade.php @@ -307,7 +307,7 @@
{{__('messages.profile.session_manager')}}

{{__('messages.profile.terminate_others')}}

-

{{__('messages.profile.current_session', ['ipAddress' => ($demoActive) ? '0.0.0.0 (censored)' : $ip])}}

+

{{__('messages.profile.current_session', ['ipAddress' => (!$shouldCollect) ? '0.0.0.0 (censored)' : $ip])}}

diff --git a/resources/views/dashboard/user/viewapp.blade.php b/resources/views/dashboard/user/viewapp.blade.php index f530a3a..a38fabf 100755 --- a/resources/views/dashboard/user/viewapp.blade.php +++ b/resources/views/dashboard/user/viewapp.blade.php @@ -132,7 +132,7 @@

{{__('messages.application_m.applicant_name')}} {{$application->user->name}}

@if (Auth::user()->hasRole('hiringManager')) -

{{__('messages.view_app.appl_ip')}} {{ ($demoActive) ? '0.0.0.0 (censored)' : $application->user->originalIP }}

+

{{__('messages.view_app.appl_ip')}} {{ (!$shouldCollect) ? '0.0.0.0 (censored)' : $application->user->originalIP }}

@endif

{{__('messages.application_m.application_date')}} {{$application->created_at}}

{{__('messages.last_updated')}}{{$application->updated_at}}

diff --git a/tests/Unit/ShouldCollectTest.php b/tests/Unit/ShouldCollectTest.php new file mode 100644 index 0000000..27615af --- /dev/null +++ b/tests/Unit/ShouldCollectTest.php @@ -0,0 +1,18 @@ +assertTrue(true); + } +}