Drupal 8.0.0 beta 12. More info: https://www.drupal.org/node/2514176

core/modules/ban/src/BanIpManager.php

@@ -0,0 +1,72 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\ban\BanIpManager.
+ */
+
+namespace Drupal\ban;
+
+use Drupal\Core\Database\Connection;
+
+/**
+ * Ban IP manager.
+ */
+class BanIpManager implements BanIpManagerInterface {
+
+  /**
+   * The database connection used to check the IP against.
+   *
+   * @var \Drupal\Core\Database\Connection
+   */
+  protected $connection;
+
+  /**
+   * Construct the BanSubscriber.
+   *
+   * @param \Drupal\Core\Database\Connection $connection
+   *   The database connection which will be used to check the IP against.
+   */
+  public function __construct(Connection $connection) {
+    $this->connection = $connection;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function isBanned($ip) {
+    return (bool) $this->connection->query("SELECT * FROM {ban_ip} WHERE ip = :ip", array(':ip' => $ip))->fetchField();
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function findAll() {
+    return $this->connection->query('SELECT * FROM {ban_ip}');
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function banIp($ip) {
+    $this->connection->insert('ban_ip')
+      ->fields(array('ip' => $ip))
+      ->execute();
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function unbanIp($id) {
+    $this->connection->delete('ban_ip')
+      ->condition('ip', $id)
+      ->execute();
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function findById($ban_id) {
+    return $this->connection->query("SELECT ip FROM {ban_ip} WHERE iid = :iid", array(':iid' => $ban_id))->fetchField();
+  }
+}

core/modules/ban/src/BanIpManagerInterface.php

@@ -0,0 +1,61 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\ban\BanIpManagerInterface.
+ */
+
+namespace Drupal\ban;
+
+/**
+ * Provides an interface defining a BanIp manager.
+ */
+interface BanIpManagerInterface {
+
+  /**
+   * Returns if this IP address is banned.
+   *
+   * @param string $ip
+   *   The IP address to check.
+   *
+   * @return bool
+   *   TRUE if the IP address is banned, FALSE otherwise.
+   */
+  public function isBanned($ip);
+
+  /**
+   * Finds all banned IP addresses.
+   *
+   * @return \Drupal\Core\Database\StatementInterface
+   *   The result of the database query.
+   */
+  public function findAll();
+
+  /**
+   * Bans an IP address.
+   *
+   * @param string $ip
+   *   The IP address to ban.
+   */
+  public function banIp($ip);
+
+  /**
+   * Unbans an IP address.
+   *
+   * @param string $id
+   *   The IP address to unban.
+   */
+  public function unbanIp($id);
+
+  /**
+   * Finds a banned IP address by its ID.
+   *
+   * @param int $ban_id
+   *   The ID for a banned IP address.
+   *
+   * @return string|false
+   *   Either the banned IP address or FALSE if none exist with that ID.
+   */
+  public function findById($ban_id);
+
+}

core/modules/ban/src/BanMiddleware.php

@@ -0,0 +1,58 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\ban\BanMiddleware.
+ */
+
+namespace Drupal\ban;
+
+use Drupal\Component\Utility\SafeMarkup;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+
+/**
+ * Provides a HTTP middleware to implement IP based banning.
+ */
+class BanMiddleware implements HttpKernelInterface {
+
+  /**
+   * The decorated kernel.
+   *
+   * @var \Symfony\Component\HttpKernel\HttpKernelInterface
+   */
+  protected $httpKernel;
+
+  /**
+   * The ban IP manager.
+   *
+   * @var \Drupal\ban\BanIpManagerInterface
+   */
+  protected $banIpManager;
+
+  /**
+   * Constructs a BanMiddleware object.
+   *
+   * @param \Symfony\Component\HttpKernel\HttpKernelInterface $http_kernel
+   *   The decorated kernel.
+   * @param \Drupal\ban\BanIpManagerInterface $manager
+   *   The ban IP manager.
+   */
+  public function __construct(HttpKernelInterface $http_kernel, BanIpManagerInterface $manager) {
+    $this->httpKernel = $http_kernel;
+    $this->banIpManager = $manager;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = TRUE) {
+    $ip = $request->getClientIp();
+    if ($this->banIpManager->isBanned($ip)) {
+      return new Response(SafeMarkup::format('Sorry @ip has been banned', ['@ip' => $ip]), 403);
+    }
+    return $this->httpKernel->handle($request, $type, $catch);
+  }
+
+}

core/modules/ban/src/Form/BanAdmin.php

@@ -0,0 +1,130 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\ban\Form\BanAdmin.
+ */
+
+namespace Drupal\ban\Form;
+
+use Drupal\Core\Form\FormBase;
+use Drupal\ban\BanIpManagerInterface;
+use Drupal\Core\Form\FormStateInterface;
+use Drupal\Core\Url;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+
+/**
+ * Displays banned IP addresses.
+ */
+class BanAdmin extends FormBase {
+
+  /**
+   * @var \Drupal\ban\BanIpManagerInterface
+   */
+  protected $ipManager;
+
+  /**
+   * Constructs a new BanAdmin object.
+   *
+   * @param \Drupal\ban\BanIpManagerInterface $ip_manager
+   */
+  public function __construct(BanIpManagerInterface $ip_manager) {
+    $this->ipManager = $ip_manager;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function create(ContainerInterface $container) {
+    return new static(
+      $container->get('ban.ip_manager')
+    );
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getFormId() {
+    return 'ban_ip_form';
+  }
+
+  /**
+   * {@inheritdoc}
+   *
+   * @param string $default_ip
+   *   (optional) IP address to be passed on to
+   *   \Drupal::formBuilder()->getForm() for use as the default value of the IP
+   *   address form field.
+   */
+  public function buildForm(array $form, FormStateInterface $form_state, $default_ip = '') {
+    $rows = array();
+    $header = array($this->t('banned IP addresses'), $this->t('Operations'));
+    $result = $this->ipManager->findAll();
+    foreach ($result as $ip) {
+      $row = array();
+      $row[] = $ip->ip;
+      $links = array();
+      $links['delete'] = array(
+        'title' => $this->t('Delete'),
+        'url' => Url::fromRoute('ban.delete', ['ban_id' => $ip->iid]),
+      );
+      $row[] = array(
+        'data' => array(
+          '#type' => 'operations',
+          '#links' => $links,
+        ),
+      );
+      $rows[] = $row;
+    }
+
+    $form['ip'] = array(
+      '#title' => $this->t('IP address'),
+      '#type' => 'textfield',
+      '#size' => 48,
+      '#maxlength' => 40,
+      '#default_value' => $default_ip,
+      '#description' => $this->t('Enter a valid IP address.'),
+    );
+    $form['actions'] = array('#type' => 'actions');
+    $form['actions']['submit'] = array(
+      '#type' => 'submit',
+      '#value' => $this->t('Add'),
+    );
+
+    $form['ban_ip_banning_table'] = array(
+      '#type' => 'table',
+      '#header' => $header,
+      '#rows' => $rows,
+      '#empty' => $this->t('No blocked IP addresses available.'),
+      '#weight' => 120,
+    );
+    return $form;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function validateForm(array &$form, FormStateInterface $form_state) {
+    $ip = trim($form_state->getValue('ip'));
+    if ($this->ipManager->isBanned($ip)) {
+      $form_state->setErrorByName('ip', $this->t('This IP address is already banned.'));
+    }
+    elseif ($ip == $this->getRequest()->getClientIP()) {
+      $form_state->setErrorByName('ip', $this->t('You may not ban your own IP address.'));
+    }
+    elseif (filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_RES_RANGE) == FALSE) {
+      $form_state->setErrorByName('ip', $this->t('Enter a valid IP address.'));
+    }
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function submitForm(array &$form, FormStateInterface $form_state) {
+    $ip = trim($form_state->getValue('ip'));
+    $this->ipManager->banIp($ip);
+    drupal_set_message($this->t('The IP address %ip has been banned.', array('%ip' => $ip)));
+    $form_state->setRedirect('ban.admin_page');
+  }
+
+}

core/modules/ban/src/Form/BanDelete.php

@@ -0,0 +1,99 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\ban\Form\BanDelete.
+ */
+
+namespace Drupal\ban\Form;
+
+use Drupal\Core\Form\ConfirmFormBase;
+use Drupal\ban\BanIpManagerInterface;
+use Drupal\Core\Form\FormStateInterface;
+use Drupal\Core\Url;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
+
+/**
+ * Provides a form to unban IP addresses.
+ */
+class BanDelete extends ConfirmFormBase {
+
+  /**
+   * The banned IP address.
+   *
+   * @var string
+   */
+  protected $banIp;
+
+  /**
+   * Constructs a new BanDelete object.
+   *
+   * @param \Drupal\ban\BanIpManagerInterface $ip_manager
+   *   The IP manager.
+   */
+  public function __construct(BanIpManagerInterface $ip_manager) {
+    $this->ipManager = $ip_manager;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function create(ContainerInterface $container) {
+    return new static(
+      $container->get('ban.ip_manager')
+    );
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getFormId() {
+    return 'ban_ip_delete_form';
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getQuestion() {
+    return $this->t('Are you sure you want to unblock %ip?', array('%ip' => $this->banIp));
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getConfirmText() {
+    return $this->t('Delete');
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function getCancelUrl() {
+    return new Url('ban.admin_page');
+  }
+
+  /**
+   * {@inheritdoc}
+   *
+   * @param string $ban_id
+   *   The IP address record ID to unban.
+   */
+  public function buildForm(array $form, FormStateInterface $form_state, $ban_id = '') {
+    if (!$this->banIp = $this->ipManager->findById($ban_id)) {
+      throw new NotFoundHttpException();
+    }
+    return parent::buildForm($form, $form_state);
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function submitForm(array &$form, FormStateInterface $form_state) {
+    $this->ipManager->unbanIp($this->banIp);
+    $this->logger('user')->notice('Deleted %ip', array('%ip' => $this->banIp));
+    drupal_set_message($this->t('The IP address %ip was deleted.', array('%ip' => $this->banIp)));
+    $form_state->setRedirectUrl($this->getCancelUrl());
+  }
+
+}

core/modules/ban/src/Tests/IpAddressBlockingTest.php

@@ -0,0 +1,82 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\ban\Tests\IpAddressBlockingTest.
+ */
+
+namespace Drupal\ban\Tests;
+
+use Drupal\simpletest\WebTestBase;
+
+/**
+ * Tests IP address banning.
+ *
+ * @group ban
+ */
+class IpAddressBlockingTest extends WebTestBase {
+
+  /**
+   * Modules to install.
+   *
+   * @var array
+   */
+  public static $modules = array('ban');
+
+  /**
+   * Tests various user input to confirm correct validation and saving of data.
+   */
+  function testIPAddressValidation() {
+    // Create user.
+    $admin_user = $this->drupalCreateUser(array('ban IP addresses'));
+    $this->drupalLogin($admin_user);
+    $this->drupalGet('admin/config/people/ban');
+
+    // Ban a valid IP address.
+    $edit = array();
+    $edit['ip'] = '192.168.1.1';
+    $this->drupalPostForm('admin/config/people/ban', $edit, t('Add'));
+    $ip = db_query("SELECT iid from {ban_ip} WHERE ip = :ip", array(':ip' => $edit['ip']))->fetchField();
+    $this->assertTrue($ip, 'IP address found in database.');
+    $this->assertRaw(t('The IP address %ip has been banned.', array('%ip' => $edit['ip'])), 'IP address was banned.');
+
+    // Try to block an IP address that's already blocked.
+    $edit = array();
+    $edit['ip'] = '192.168.1.1';
+    $this->drupalPostForm('admin/config/people/ban', $edit, t('Add'));
+    $this->assertText(t('This IP address is already banned.'));
+
+    // Try to block a reserved IP address.
+    $edit = array();
+    $edit['ip'] = '255.255.255.255';
+    $this->drupalPostForm('admin/config/people/ban', $edit, t('Add'));
+    $this->assertText(t('Enter a valid IP address.'));
+
+    // Try to block a reserved IP address.
+    $edit = array();
+    $edit['ip'] = 'test.example.com';
+    $this->drupalPostForm('admin/config/people/ban', $edit, t('Add'));
+    $this->assertText(t('Enter a valid IP address.'));
+
+    // Submit an empty form.
+    $edit = array();
+    $edit['ip'] = '';
+    $this->drupalPostForm('admin/config/people/ban', $edit, t('Add'));
+    $this->assertText(t('Enter a valid IP address.'));
+
+    // Pass an IP address as a URL parameter and submit it.
+    $submit_ip = '1.2.3.4';
+    $this->drupalPostForm('admin/config/people/ban/' . $submit_ip, NULL, t('Add'));
+    $ip = db_query("SELECT iid from {ban_ip} WHERE ip = :ip", array(':ip' => $submit_ip))->fetchField();
+    $this->assertTrue($ip, 'IP address found in database');
+    $this->assertRaw(t('The IP address %ip has been banned.', array('%ip' => $submit_ip)), 'IP address was banned.');
+
+    // Submit your own IP address. This fails, although it works when testing
+    // manually.
+    // TODO: On some systems this test fails due to a bug/inconsistency in cURL.
+    // $edit = array();
+    // $edit['ip'] = \Drupal::request()->getClientIP();
+    // $this->drupalPostForm('admin/config/people/ban', $edit, t('Save'));
+    // $this->assertText(t('You may not ban your own IP address.'));
+  }
+}