diff -up sf_notifications/sf_notifications.admin.inc /Users/kosta/Documents/Source/drupal/sf_notifications/sf_notifications.admin.inc --- sf_notifications/sf_notifications.admin.inc 2010-12-30 13:54:40.000000000 -0500 +++ /Users/kosta/Documents/Source/drupal/sf_notifications/sf_notifications.admin.inc 2010-12-30 13:54:07.000000000 -0500 @@ -21,6 +21,29 @@ function sf_notifications_settings_form( $edit = l('edit', SALESFORCE_PATH_FIELDMAPS . '/' . $id . '/edit', array('query' => array('destination' => drupal_get_destination()))); $form['sf_notifications']['sf_notifications_active_maps']['#options'][$id] = t('@drupal => @salesforce - %description (!edit)', array('@drupal' => $map->drupal, '@salesforce' => $map->salesforce, '%description' => $map->description, '!edit' => $edit)); } + + // IP Whitelist form + $form['sf_notifications_ip_whitelist'] = array( + '#type' => 'fieldset', + '#title' => t('IP Whitelist'), + '#description' => t('Settings for an IP whitelist of valid Salesforce IPs.'), + '#collapsible' => TRUE, + '#collapsed' => FALSE, + '#access' => user_access('administer sf_notifications'), + ); + + // These are taken from Knowledge Article #102757. + $default_ips = "204.14.232\n204.14.237\n96.43.144\n96.43.148\n204.14.234\n204.14.238\n202.129.242\n"; + + $form['sf_notifications_ip_whitelist']['sf_notifications_allowed_ips'] = array( + '#type' => 'textarea', + '#title' => t('Allowed IPs'), + '#description' => t('Enter the Salesforce IP addresses that will send outbound messages to your site. Enter one IP address per line.', array('@IPs' => url('https://help.salesforce.com/apex/HTViewSolution?id=102757&language=en'))), + '#cols' => 60, + '#rows' => 5, + '#default_value' => variable_get('sf_notifications_allowed_ips', $default_ips), + ); + return system_settings_form($form); } diff -up sf_notifications/sf_notifications.module /Users/kosta/Documents/Source/drupal/sf_notifications/sf_notifications.module --- sf_notifications/sf_notifications.module 2010-12-30 13:54:40.000000000 -0500 +++ /Users/kosta/Documents/Source/drupal/sf_notifications/sf_notifications.module 2010-12-30 13:54:07.000000000 -0500 @@ -21,7 +21,8 @@ function sf_notifications_menu() { 'title' => FALSE, 'page callback' => 'sf_notifications_endpoint', 'access arguments' => array('access content'), - 'type' => MENU_CALLBACK + 'access callback' => 'sf_notifications_allowed_ips', + 'type' => MENU_CALLBACK, ), SALESFORCE_PATH_FIELDMAPS . '/%/notifications' => array( 'title' => 'Notifications', @@ -36,6 +37,28 @@ function sf_notifications_menu() { ); } +/** + * Access callback for SALESFORCE_PATH_NOTIFICATIONS_ENDPOINT + * + * @return TRUE if IP is in whitelist and FALSE if not. + */ +function sf_notifications_allowed_ips() { + $ip = $_SERVER['REMOTE_ADDR']; + $ip = substr($ip, 0, 10); + + $ips = variable_get('sf_notifications_allowed_ips', NULL); + $allowed_ips = explode("\n", $ips); + + if (in_array($ip, $allowed_ips, TRUE)) { + watchdog('sf_notifications', 'IP address @ip accessed @endpoint successfully.', array('@ip' => $_SERVER['REMOTE_ADDR'], '@endpoint' => SALESFORCE_PATH_NOTIFICATIONS_ENDPOINT)); + return TRUE; + } + else { + watchdog('sf_notifications', 'Access denied to IP address @ip in attempt to access @endpoint.', array('@ip' => $_SERVER['REMOTE_ADDR'], '@endpoint' => SALESFORCE_PATH_NOTIFICATIONS_ENDPOINT), WATCHDOG_WARNING); + return FALSE; + } +} + function sf_notifications_fieldmap_settings_access($fieldmap_id, $perm) { $active = variable_get('sf_notifications_active_maps', array()); if (!empty($active[$fieldmap_id])) {