1
0
Fork 0

Add configurable auth-by-lan values

This commit is contained in:
Dariusz Niemczyk 2023-07-17 23:12:02 +02:00
parent ae219a2533
commit 2a70d2cb31
No known key found for this signature in database
2 changed files with 8 additions and 6 deletions

View File

@ -186,6 +186,8 @@ SOCIAL_AUTH_JSONFIELD_ENABLED = True
LABEL_API = env("LABEL_API", "http://label.waw.hackerspace.pl:4567")
LOGIN_URL = "/admin/login/"
LAN_ALLOWED_ADDRES_SPACE = "10.8.0.0/16"
LAN_ALLOWED_HEADER = "X-LAN-ALLOWED"
PROXY_TRUSTED_IPS = ["172.21.37.1"]
# HSWAW lan
LAN_ALLOWED_ADDRESS_SPACE = env("LAN_ALLOWED_ADDRESS_SPACE", "10.8.0.0/16")
LAN_ALLOWED_HEADER = env("LAN_ALLOWED_HEADER", "X-LAN-ALLOWED")
PROXY_TRUSTED_IPS = env("PROXY_TRUSTED_IPS", "172.21.37.1").split(",")

View File

@ -3,7 +3,7 @@ from rest_framework import exceptions
from rest_framework.authentication import BaseAuthentication
from spejstore.settings import (
LAN_ALLOWED_ADDRES_SPACE,
LAN_ALLOWED_ADDRESS_SPACE,
LAN_ALLOWED_HEADER,
PROD,
PROXY_TRUSTED_IPS,
@ -48,7 +48,7 @@ class LanAuthentication(BaseAuthentication):
return (user, "authorized")
else:
raise exceptions.AuthenticationFailed(
"Unauthorized: not in subnet of " + LAN_ALLOWED_ADDRES_SPACE
"Unauthorized: not in subnet of " + LAN_ALLOWED_ADDRESS_SPACE
)
def authenticate_header(self, request):
@ -66,7 +66,7 @@ class LanAuthentication(BaseAuthentication):
"Unauthorized: request is not coming from the PROXY_TRUSTED_IPS machine"
)
return ipaddress.IPv4Address(client_ip) in ipaddress.IPv4Network(
LAN_ALLOWED_ADDRES_SPACE
LAN_ALLOWED_ADDRESS_SPACE
)
else:
return True