Add configurable auth-by-lan values

2023-07-17 23:12:02 +02:00 · 2023-07-17 23:12:02 +02:00 · 2a70d2cb31
parent ae219a2533
commit 2a70d2cb31
2 changed files with 8 additions and 6 deletions
--- a/spejstore/settings.py
+++ b/spejstore/settings.py
@ -186,6 +186,8 @@ SOCIAL_AUTH_JSONFIELD_ENABLED = True

 LABEL_API = env("LABEL_API", "http://label.waw.hackerspace.pl:4567")
 LOGIN_URL = "/admin/login/"
-LAN_ALLOWED_ADDRES_SPACE = "10.8.0.0/16"
-LAN_ALLOWED_HEADER = "X-LAN-ALLOWED"
-PROXY_TRUSTED_IPS = ["172.21.37.1"]
+# HSWAW lan
+LAN_ALLOWED_ADDRESS_SPACE = env("LAN_ALLOWED_ADDRESS_SPACE", "10.8.0.0/16")
+
+LAN_ALLOWED_HEADER = env("LAN_ALLOWED_HEADER", "X-LAN-ALLOWED")
+PROXY_TRUSTED_IPS = env("PROXY_TRUSTED_IPS", "172.21.37.1").split(",")
--- a/storage/authentication.py
+++ b/storage/authentication.py
@ -3,7 +3,7 @@ from rest_framework import exceptions

 from rest_framework.authentication import BaseAuthentication
 from spejstore.settings import (
-    LAN_ALLOWED_ADDRES_SPACE,
+    LAN_ALLOWED_ADDRESS_SPACE,
    LAN_ALLOWED_HEADER,
    PROD,
    PROXY_TRUSTED_IPS,
@ -48,7 +48,7 @@ class LanAuthentication(BaseAuthentication):
            return (user, "authorized")
        else:
            raise exceptions.AuthenticationFailed(
-                "Unauthorized: not in subnet of " + LAN_ALLOWED_ADDRES_SPACE
+                "Unauthorized: not in subnet of " + LAN_ALLOWED_ADDRESS_SPACE
            )

    def authenticate_header(self, request):
@ -66,7 +66,7 @@ class LanAuthentication(BaseAuthentication):
                        "Unauthorized: request is not coming from the PROXY_TRUSTED_IPS machine"
                    )
            return ipaddress.IPv4Address(client_ip) in ipaddress.IPv4Network(
-                LAN_ALLOWED_ADDRES_SPACE
+                LAN_ALLOWED_ADDRESS_SPACE
            )
        else:
            return True