REMOTE_IP gets saved partially when using IPV6

[keevitaja]

When customer is using IPV6 address, the remote_ip might get saved only partially into sales_order and quote tables depending on the address str length.

Problem is in the remote_ip column length which currently is VARCHAR(32)

https://en.wikipedia.org/wiki/IPv6

Preconditions

1. tested on 2.1.5, but InstallSchema in 2.1.7 has also VARCHAR(32)

Steps to reproduce

1. Customer creates new order

Expected result

1. 2001:7d0:84ae:8d80:704b:bca4:b3a8:197

Actual result

1. 2001:7d0:84ae:8d80:704b:bca4:b3a

To fix this, the remote_ip column in sales_order and quote tables must be VARCHAR(45)

[andypieters]

Same issue here.
We need a valid enduser ip address for starting a payment.
If the ipaddress is invalid, customers cannot pay the order

[magento-engcom-team]

@keevitaja, thank you for your report.
We've created internal ticket(s) MAGETWO-83202 to track progress on the issue.

[OmarAssadi]

Didn't know about this until it almost burned me earlier in the week. This really needs resolving. More and more customers are using IPv6. And, had we not had access logs on, I'm not really sure what we would have done to catch this particular fraudulent customer.

[Zifius]

I'll take this, field length needs to be updated in the quote table as well

[luismaldonado91]

@Zifius I've updated both sales_order and quote tables. It's a must for signifyd in order to work properly.

[georgeschiopu]

@Zifius hope you don't mind if I take this, since there hasn't been an update in over a month? Have some spare time this evening and seems it's a quick one.

[Zifius]

Sure, go ahead!

…

On Thu, May 3, 2018 at 22:07 George Schiopu ***@***.***> wrote: @Zifius <https://github.com/Zifius> hope you don't mind if I take this, since there hasn't been an update in over a month? Have some spare time this evening and seems it's a quick one. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#10395 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAqhl1_tFdngByrfspaHG15zwzGnmVzfks5tu1WGgaJpZM4OptPj> .

[magento-engcom-team]

Hi @keevitaja. Thank you for your report.
The issue has been fixed in #14976 by @georgeschiopu in 2.2-develop branch
Related commit(s):

• ba224b4cec3b4424a45f3ebba4021392904492f7
• a08f37830ac22ad5139e5a4a5586e67a8b10d7ff

The fix will be available with the upcoming 2.2.5 release.

[magento-engcom-team]

Hi @keevitaja. Thank you for your report.
The issue has been fixed in #15142 by @dmytro-ch in 2.3-develop branch
Related commit(s):

• 41a99e114e79f167fa1a0548082bf573efa22516

The fix will be available with the upcoming 2.3.0 release.

[melamity]

I saw the commits in question here and I am left wondering about the x_forwarded_for field too - checking my Magento 2 installation here, it does seem that this has the same schema definition that remote_ip once had, which would cause some problems if you have a IPv6 "X-Forwarded-For" IP.

About the new size of the field being set to 45 - wouldn't it be more efficient setting the field to a size of 39, considering that an IPv6 address has 8 groups of 4 hexadecimal numbers, and 7 colons to separate them which makes (8 * 4) = 32 + 7 = 39 characters?

I can re-submit a PR for this later if this is something you guys want, with the above changes that I have suggested.

[keevitaja]

@megubyte 45 is correct!

https://www.google.ee/search?q=ipv6+max+length

[maartjegroen]

@megubyte I am left wondering about some other fields too. A quick search in my Magento (2.1) installation resulted in the following list.

table name	field name
admin_user_session	ip
password_reset_request_event	ip
quote	remote_ip
rating_option_vote	remote_ip
sales_order	remote_ip
sales_order	x_forwarded_for
sendfriend_log	ip