From 8f72571895dc9d659b161f426d85f9b301a4c60f Mon Sep 17 00:00:00 2001
From: Dane Everitt <dane@daneeveritt.com>
Date: Wed, 28 Feb 2018 23:39:59 -0600
Subject: [PATCH] Fix IP access middleware

---
 app/Http/Middleware/Api/AuthenticateIPAccess.php          | 4 ++--
 .../Unit/Http/Middleware/API/AuthenticateIPAccessTest.php | 8 ++++----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/app/Http/Middleware/Api/AuthenticateIPAccess.php b/app/Http/Middleware/Api/AuthenticateIPAccess.php
index 4815063d5..aed8f53a4 100644
--- a/app/Http/Middleware/Api/AuthenticateIPAccess.php
+++ b/app/Http/Middleware/Api/AuthenticateIPAccess.php
@@ -29,12 +29,12 @@ class AuthenticateIPAccess
         }
 
         $find = new IP($request->ip());
-        foreach ($model->allowed_ips as $ip) {
+        foreach (json_decode($model->allowed_ips) as $ip) {
             if (Range::parse($ip)->contains($find)) {
                 return $next($request);
             }
         }
 
-        throw new AccessDeniedHttpException('This IP address does not have permission to access the API using these credentials.');
+        throw new AccessDeniedHttpException('This IP address (' . $request->ip() . ') does not have permission to access the API using these credentials.');
     }
 }
diff --git a/tests/Unit/Http/Middleware/API/AuthenticateIPAccessTest.php b/tests/Unit/Http/Middleware/API/AuthenticateIPAccessTest.php
index 59b9137d9..babd95358 100644
--- a/tests/Unit/Http/Middleware/API/AuthenticateIPAccessTest.php
+++ b/tests/Unit/Http/Middleware/API/AuthenticateIPAccessTest.php
@@ -25,7 +25,7 @@ class AuthenticateIPAccessTest extends MiddlewareTestCase
      */
     public function testWithValidIP()
     {
-        $model = factory(ApiKey::class)->make(['allowed_ips' => ['127.0.0.1']]);
+        $model = factory(ApiKey::class)->make(['allowed_ips' => '["127.0.0.1"]']);
         $this->setRequestAttribute('api_key', $model);
 
         $this->request->shouldReceive('ip')->withNoArgs()->once()->andReturn('127.0.0.1');
@@ -38,7 +38,7 @@ class AuthenticateIPAccessTest extends MiddlewareTestCase
      */
     public function testValidIPAganistCIDRRange()
     {
-        $model = factory(ApiKey::class)->make(['allowed_ips' => ['192.168.1.1/28']]);
+        $model = factory(ApiKey::class)->make(['allowed_ips' => '["192.168.1.1/28"]']);
         $this->setRequestAttribute('api_key', $model);
 
         $this->request->shouldReceive('ip')->withNoArgs()->once()->andReturn('192.168.1.15');
@@ -54,10 +54,10 @@ class AuthenticateIPAccessTest extends MiddlewareTestCase
      */
     public function testWithInvalidIP()
     {
-        $model = factory(ApiKey::class)->make(['allowed_ips' => ['127.0.0.1']]);
+        $model = factory(ApiKey::class)->make(['allowed_ips' => '["127.0.0.1"]']);
         $this->setRequestAttribute('api_key', $model);
 
-        $this->request->shouldReceive('ip')->withNoArgs()->once()->andReturn('127.0.0.2');
+        $this->request->shouldReceive('ip')->withNoArgs()->twice()->andReturn('127.0.0.2');
 
         $this->getMiddleware()->handle($this->request, $this->getClosureAssertions());
     }