From f74fe4438f592db9df62ebf529ef954ebd7a3e10 Mon Sep 17 00:00:00 2001
From: Chirag Aggarwal <chiragaggarwal5k@gmail.com>
Date: Sun, 26 Jan 2025 07:11:00 +0000
Subject: [PATCH 1/4] chore: override getUserAgent function to set forwarded
 user agent

---
 src/Appwrite/Utopia/Request.php | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/src/Appwrite/Utopia/Request.php b/src/Appwrite/Utopia/Request.php
index f8c0439293..95f5a0c203 100644
--- a/src/Appwrite/Utopia/Request.php
+++ b/src/Appwrite/Utopia/Request.php
@@ -2,8 +2,10 @@
 
 namespace Appwrite\Utopia;
 
+use Appwrite\Auth\Auth;
 use Appwrite\Utopia\Request\Filter;
 use Swoole\Http\Request as SwooleRequest;
+use Utopia\Database\Validator\Authorization;
 use Utopia\Route;
 use Utopia\Swoole\Request as UtopiaRequest;
 
@@ -180,4 +182,28 @@ class Request extends UtopiaRequest
         $headers = $this->getHeaders();
         return $headers[$key] ?? $default;
     }
+
+    /**
+    * Get User Agent
+    *
+    * Method for getting User Agent. Preferring forwarded agent for privileged users; otherwise returns default.
+    *
+    * @param  string  $default
+    * @return string
+    */
+    public function getUserAgent(string $default = ''): string
+    {
+        $roles = Authorization::getRoles();
+        $isPrivilegedUser = Auth::isPrivilegedUser($roles);
+        $isAppUser = Auth::isAppUser($roles);
+
+        if ($isPrivilegedUser || $isAppUser) {
+            $forwardedUserAgent = $this->getHeader('x-forwarded-user-agent');
+            if (!empty($forwardedUserAgent)) {
+                return $forwardedUserAgent;
+            }
+        }
+
+        return UtopiaRequest::getUserAgent($default);
+    }
 }

From eea088556d6809ba95c849e249b8e25ebfc24c81 Mon Sep 17 00:00:00 2001
From: Chirag Aggarwal <chiragaggarwal5k@gmail.com>
Date: Mon, 27 Jan 2025 04:15:32 +0000
Subject: [PATCH 2/4] chore: added check for empty forwarded user agent before

---
 src/Appwrite/Utopia/Request.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Appwrite/Utopia/Request.php b/src/Appwrite/Utopia/Request.php
index 95f5a0c203..7e09752c6e 100644
--- a/src/Appwrite/Utopia/Request.php
+++ b/src/Appwrite/Utopia/Request.php
@@ -193,13 +193,13 @@ class Request extends UtopiaRequest
     */
     public function getUserAgent(string $default = ''): string
     {
-        $roles = Authorization::getRoles();
-        $isPrivilegedUser = Auth::isPrivilegedUser($roles);
-        $isAppUser = Auth::isAppUser($roles);
+        $forwardedUserAgent = $this->getHeader('x-forwarded-user-agent');
+        if (!empty($forwardedUserAgent)) {
+            $roles = Authorization::getRoles();
+            $isPrivilegedUser = Auth::isPrivilegedUser($roles);
+            $isAppUser = Auth::isAppUser($roles);
 
-        if ($isPrivilegedUser || $isAppUser) {
-            $forwardedUserAgent = $this->getHeader('x-forwarded-user-agent');
-            if (!empty($forwardedUserAgent)) {
+            if ($isPrivilegedUser || $isAppUser) {
                 return $forwardedUserAgent;
             }
         }

From 70c119b9cc9e9d0f831d9b7cf4aa8228772bf6b4 Mon Sep 17 00:00:00 2001
From: Chirag Aggarwal <chiragaggarwal5k@gmail.com>
Date: Mon, 27 Jan 2025 13:58:46 +0000
Subject: [PATCH 3/4] chore: added test cases for forwarded user agent

---
 .../Account/AccountCustomClientTest.php       | 54 +++++++++++++++++++
 1 file changed, 54 insertions(+)

diff --git a/tests/e2e/Services/Account/AccountCustomClientTest.php b/tests/e2e/Services/Account/AccountCustomClientTest.php
index cca27cc3be..788f949fb3 100644
--- a/tests/e2e/Services/Account/AccountCustomClientTest.php
+++ b/tests/e2e/Services/Account/AccountCustomClientTest.php
@@ -2307,6 +2307,60 @@ class AccountCustomClientTest extends Scope
         $this->assertNotEmpty($response['body']['$id']);
         $this->assertNotEmpty($response['body']['expire']);
         $this->assertEmpty($response['body']['secret']);
+        $this->assertEquals('browser', $response['body']['clientType']);
+        $this->assertEquals('CH', $response['body']['clientCode']);
+        $this->assertEquals('Chrome', $response['body']['clientName']);
+
+        // Forwarded User Agent with API Key
+        $response = $this->client->call(Client::METHOD_POST, '/users/' . $data['id'] . '/tokens', [
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+            'x-appwrite-key' => $this->getProject()['apiKey'],
+        ], [
+            'expire' => 60
+        ]);
+
+        $userId = $response['body']['userId'];
+        $secret = $response['body']['secret'];
+
+        $response = $this->client->call(Client::METHOD_POST, '/account/sessions/token', [
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+            'x-appwrite-key' => $this->getProject()['apiKey'],
+            'x-forwarded-user-agent' => 'Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Mobile Safari/537.36'
+        ], [
+            'userId' => $userId,
+            'secret' => $secret
+        ]);
+
+        $this->assertEquals('browser', $response['body']['clientType']);
+        $this->assertEquals('CM', actual: $response['body']['clientCode']);
+        $this->assertEquals('Chrome Mobile', $response['body']['clientName']);
+
+        // Forwarded User Agent without API Key
+        $response = $this->client->call(Client::METHOD_POST, '/users/' . $data['id'] . '/tokens', [
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+            'x-appwrite-key' => $this->getProject()['apiKey'],
+        ], [
+            'expire' => 60
+        ]);
+
+        $userId = $response['body']['userId'];
+        $secret = $response['body']['secret'];
+
+        $response = $this->client->call(Client::METHOD_POST, '/account/sessions/token', [
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+            'x-forwarded-user-agent' => 'Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Mobile Safari/537.36'
+        ], [
+            'userId' => $userId,
+            'secret' => $secret
+        ]);
+
+        $this->assertEquals('browser', $response['body']['clientType']);
+        $this->assertEquals('CH', $response['body']['clientCode']);
+        $this->assertEquals('Chrome', $response['body']['clientName']);
 
         /**
          * Test for FAILURE

From a226e2ce79cfc0f1fe025cb8cbb15ebe424c1d45 Mon Sep 17 00:00:00 2001
From: Chirag Aggarwal <chiragaggarwal5k@gmail.com>
Date: Tue, 4 Feb 2025 05:14:37 +0000
Subject: [PATCH 4/4] chore: remove console user access

---
 src/Appwrite/Utopia/Request.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/Appwrite/Utopia/Request.php b/src/Appwrite/Utopia/Request.php
index 7e09752c6e..480fce58b0 100644
--- a/src/Appwrite/Utopia/Request.php
+++ b/src/Appwrite/Utopia/Request.php
@@ -196,10 +196,9 @@ class Request extends UtopiaRequest
         $forwardedUserAgent = $this->getHeader('x-forwarded-user-agent');
         if (!empty($forwardedUserAgent)) {
             $roles = Authorization::getRoles();
-            $isPrivilegedUser = Auth::isPrivilegedUser($roles);
             $isAppUser = Auth::isAppUser($roles);
 
-            if ($isPrivilegedUser || $isAppUser) {
+            if ($isAppUser) {
                 return $forwardedUserAgent;
             }
         }