forked from wiktor/spejstore-new
Add configurable auth-by-lan values
This commit is contained in:
parent
ae219a2533
commit
2a70d2cb31
|
@ -186,6 +186,8 @@ SOCIAL_AUTH_JSONFIELD_ENABLED = True
|
||||||
|
|
||||||
LABEL_API = env("LABEL_API", "http://label.waw.hackerspace.pl:4567")
|
LABEL_API = env("LABEL_API", "http://label.waw.hackerspace.pl:4567")
|
||||||
LOGIN_URL = "/admin/login/"
|
LOGIN_URL = "/admin/login/"
|
||||||
LAN_ALLOWED_ADDRES_SPACE = "10.8.0.0/16"
|
# HSWAW lan
|
||||||
LAN_ALLOWED_HEADER = "X-LAN-ALLOWED"
|
LAN_ALLOWED_ADDRESS_SPACE = env("LAN_ALLOWED_ADDRESS_SPACE", "10.8.0.0/16")
|
||||||
PROXY_TRUSTED_IPS = ["172.21.37.1"]
|
|
||||||
|
LAN_ALLOWED_HEADER = env("LAN_ALLOWED_HEADER", "X-LAN-ALLOWED")
|
||||||
|
PROXY_TRUSTED_IPS = env("PROXY_TRUSTED_IPS", "172.21.37.1").split(",")
|
||||||
|
|
|
@ -3,7 +3,7 @@ from rest_framework import exceptions
|
||||||
|
|
||||||
from rest_framework.authentication import BaseAuthentication
|
from rest_framework.authentication import BaseAuthentication
|
||||||
from spejstore.settings import (
|
from spejstore.settings import (
|
||||||
LAN_ALLOWED_ADDRES_SPACE,
|
LAN_ALLOWED_ADDRESS_SPACE,
|
||||||
LAN_ALLOWED_HEADER,
|
LAN_ALLOWED_HEADER,
|
||||||
PROD,
|
PROD,
|
||||||
PROXY_TRUSTED_IPS,
|
PROXY_TRUSTED_IPS,
|
||||||
|
@ -48,7 +48,7 @@ class LanAuthentication(BaseAuthentication):
|
||||||
return (user, "authorized")
|
return (user, "authorized")
|
||||||
else:
|
else:
|
||||||
raise exceptions.AuthenticationFailed(
|
raise exceptions.AuthenticationFailed(
|
||||||
"Unauthorized: not in subnet of " + LAN_ALLOWED_ADDRES_SPACE
|
"Unauthorized: not in subnet of " + LAN_ALLOWED_ADDRESS_SPACE
|
||||||
)
|
)
|
||||||
|
|
||||||
def authenticate_header(self, request):
|
def authenticate_header(self, request):
|
||||||
|
@ -66,7 +66,7 @@ class LanAuthentication(BaseAuthentication):
|
||||||
"Unauthorized: request is not coming from the PROXY_TRUSTED_IPS machine"
|
"Unauthorized: request is not coming from the PROXY_TRUSTED_IPS machine"
|
||||||
)
|
)
|
||||||
return ipaddress.IPv4Address(client_ip) in ipaddress.IPv4Network(
|
return ipaddress.IPv4Address(client_ip) in ipaddress.IPv4Network(
|
||||||
LAN_ALLOWED_ADDRES_SPACE
|
LAN_ALLOWED_ADDRESS_SPACE
|
||||||
)
|
)
|
||||||
else:
|
else:
|
||||||
return True
|
return True
|
||||||
|
|
Loading…
Reference in New Issue