1
0
Fork 0

Revert "hscloud: Add single address authentication"

This reverts commit f1143dc4f1.
This commit is contained in:
Dariusz Niemczyk 2023-09-19 18:21:11 +02:00
parent f1143dc4f1
commit d71885d264
No known key found for this signature in database
2 changed files with 5 additions and 16 deletions

View File

@ -222,4 +222,3 @@ LABEL_API = env("LABEL_API", "http://label.waw.hackerspace.pl:4567")
LOGIN_URL = "/admin/login/" LOGIN_URL = "/admin/login/"
# Local LAN address space # Local LAN address space
LAN_ALLOWED_ADDRESS_SPACE = env("LAN_ALLOWED_ADDRESS_SPACE", "") LAN_ALLOWED_ADDRESS_SPACE = env("LAN_ALLOWED_ADDRESS_SPACE", "")
LAN_ALLOWED_SINGLE_ADDRESS = env("LAN_ALLOWED_SINGLE_ADDRESS", "")

View File

@ -4,7 +4,6 @@ from rest_framework import exceptions
from rest_framework.authentication import SessionAuthentication from rest_framework.authentication import SessionAuthentication
from spejstore.settings import ( from spejstore.settings import (
LAN_ALLOWED_ADDRESS_SPACE, LAN_ALLOWED_ADDRESS_SPACE,
LAN_ALLOWED_SINGLE_ADDRESS,
) )
@ -38,29 +37,20 @@ def get_ip_from_request(request):
return None return None
def has_address_space_permission(client_ip):
return ipaddress.IPv4Address(client_ip) in ipaddress.IPv4Network(
LAN_ALLOWED_ADDRESS_SPACE
)
def has_single_address_permission(client_ip):
return ipaddress.IPv4Address(client_ip) == LAN_ALLOWED_SINGLE_ADDRESS
def has_permission(request): def has_permission(request):
# We don't care if address space is undefined # We don't care if address space is undefined
if LAN_ALLOWED_ADDRESS_SPACE == '' and LAN_ALLOWED_SINGLE_ADDRESS == '': if LAN_ALLOWED_ADDRESS_SPACE == '':
return (True, '') return (True, '')
client_ip = get_ip_from_request(request) client_ip = get_ip_from_request(request)
if client_ip is None: if client_ip is None:
# This should only happen on localhost env when fiddling with code. # This should only happen on localhost env when fiddling with code.
# It's technically impossible to get there with proper headers. # It's technically impossible to get there with proper headers.
return (False, "Unauthorized: no ip detected?") return (False, "Unauthorized: no ip detected?")
in_local_space = ipaddress.IPv4Address(client_ip) in ipaddress.IPv4Network(
if LAN_ALLOWED_ADDRESS_SPACE != '' and not has_address_space_permission(client_ip): LAN_ALLOWED_ADDRESS_SPACE
)
if not in_local_space:
return (False, "Unauthorized: " + client_ip + " not in subnet of " + LAN_ALLOWED_ADDRESS_SPACE) return (False, "Unauthorized: " + client_ip + " not in subnet of " + LAN_ALLOWED_ADDRESS_SPACE)
if LAN_ALLOWED_SINGLE_ADDRESS != '' and not has_single_address_permission(client_ip):
return (False, "Unauthorized: " + client_ip + " is not " + LAN_ALLOWED_SINGLE_ADDRESS)
return (True, '') return (True, '')
class LanAuthentication(SessionAuthentication): class LanAuthentication(SessionAuthentication):