forked from wiktor/spejstore-new
Add configurable auth-by-lan values
This commit is contained in:
parent
ae219a2533
commit
2a70d2cb31
|
@ -186,6 +186,8 @@ SOCIAL_AUTH_JSONFIELD_ENABLED = True
|
|||
|
||||
LABEL_API = env("LABEL_API", "http://label.waw.hackerspace.pl:4567")
|
||||
LOGIN_URL = "/admin/login/"
|
||||
LAN_ALLOWED_ADDRES_SPACE = "10.8.0.0/16"
|
||||
LAN_ALLOWED_HEADER = "X-LAN-ALLOWED"
|
||||
PROXY_TRUSTED_IPS = ["172.21.37.1"]
|
||||
# HSWAW lan
|
||||
LAN_ALLOWED_ADDRESS_SPACE = env("LAN_ALLOWED_ADDRESS_SPACE", "10.8.0.0/16")
|
||||
|
||||
LAN_ALLOWED_HEADER = env("LAN_ALLOWED_HEADER", "X-LAN-ALLOWED")
|
||||
PROXY_TRUSTED_IPS = env("PROXY_TRUSTED_IPS", "172.21.37.1").split(",")
|
||||
|
|
|
@ -3,7 +3,7 @@ from rest_framework import exceptions
|
|||
|
||||
from rest_framework.authentication import BaseAuthentication
|
||||
from spejstore.settings import (
|
||||
LAN_ALLOWED_ADDRES_SPACE,
|
||||
LAN_ALLOWED_ADDRESS_SPACE,
|
||||
LAN_ALLOWED_HEADER,
|
||||
PROD,
|
||||
PROXY_TRUSTED_IPS,
|
||||
|
@ -48,7 +48,7 @@ class LanAuthentication(BaseAuthentication):
|
|||
return (user, "authorized")
|
||||
else:
|
||||
raise exceptions.AuthenticationFailed(
|
||||
"Unauthorized: not in subnet of " + LAN_ALLOWED_ADDRES_SPACE
|
||||
"Unauthorized: not in subnet of " + LAN_ALLOWED_ADDRESS_SPACE
|
||||
)
|
||||
|
||||
def authenticate_header(self, request):
|
||||
|
@ -66,7 +66,7 @@ class LanAuthentication(BaseAuthentication):
|
|||
"Unauthorized: request is not coming from the PROXY_TRUSTED_IPS machine"
|
||||
)
|
||||
return ipaddress.IPv4Address(client_ip) in ipaddress.IPv4Network(
|
||||
LAN_ALLOWED_ADDRES_SPACE
|
||||
LAN_ALLOWED_ADDRESS_SPACE
|
||||
)
|
||||
else:
|
||||
return True
|
||||
|
|
Loading…
Reference in New Issue