From d5ffcad2caa53499319700bc15e7833b5e50ffbd Mon Sep 17 00:00:00 2001
From: Guillaume Rousse <guillaume.rousse@renater.fr>
Date: Mon, 26 Nov 2018 16:38:25 +0100
Subject: [PATCH] use XFF header when present, instead of remote address

---
 lib/AccountManager/App.pm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/AccountManager/App.pm b/lib/AccountManager/App.pm
index 3e5c852..538fbb3 100644
--- a/lib/AccountManager/App.pm
+++ b/lib/AccountManager/App.pm
@@ -462,6 +462,9 @@ sub req_complete_challenge {
         PRE_CHOMP    => CHOMP_ONE,
         INCLUDE_PATH => $templates_dir
     });
+    my $source_ip = $ENV{HTTP_X_FORWARDED_FOR} ?
+        (split(/, /, $ENV{HTTP_X_FORWARDED_FOR}))[0] :
+        $ENV{REMOTE_ADDR};
     my $data = {
         app => {
             url           => $self->{configuration}->{app}->{url},
@@ -469,7 +472,7 @@ sub req_complete_challenge {
             version       => $self->{configuration}->{app}->{version},
             name          => $self->{configuration}->{app}->{name},
         },
-        sourceip  => $ENV{REMOTE_ADDR},
+        sourceip  => $source_ip,
         to        => $email,
         entityid  => $entityid,
         token     => $token->secret(),
-- 
GitLab