wiktor
/
spejstore-new
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert "hscloud: Add single address authentication" 

This reverts commit f1143dc4f1.
This commit is contained in:
Dariusz Niemczyk 2023-09-19 18:21:11 +02:00
parent f1143dc4f1
commit d71885d264
No known key found for this signature in database
2 changed files with 5 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
spejstore/settings.py
View File

@ -222,4 +222,3 @@ LABEL_API = env("LABEL_API", "http://label.waw.hackerspace.pl:4567")
LOGIN_URL = "/admin/login/"
# Local LAN address space
LAN_ALLOWED_ADDRESS_SPACE = env("LAN_ALLOWED_ADDRESS_SPACE", "")
LAN_ALLOWED_SINGLE_ADDRESS = env("LAN_ALLOWED_SINGLE_ADDRESS", "")

20
storage/authentication.py
View File

@ -4,7 +4,6 @@ from rest_framework import exceptions
from rest_framework.authentication import SessionAuthentication
from spejstore.settings import (
LAN_ALLOWED_ADDRESS_SPACE,
LAN_ALLOWED_SINGLE_ADDRESS,
)
@ -38,29 +37,20 @@ def get_ip_from_request(request):
return None
def has_address_space_permission(client_ip):
return ipaddress.IPv4Address(client_ip) in ipaddress.IPv4Network(
LAN_ALLOWED_ADDRESS_SPACE
)
def has_single_address_permission(client_ip):
return ipaddress.IPv4Address(client_ip) == LAN_ALLOWED_SINGLE_ADDRESS
def has_permission(request):
# We don't care if address space is undefined
if LAN_ALLOWED_ADDRESS_SPACE == '' and LAN_ALLOWED_SINGLE_ADDRESS == '':
if LAN_ALLOWED_ADDRESS_SPACE == '':
return (True, '')
client_ip = get_ip_from_request(request)
if client_ip is None:
# This should only happen on localhost env when fiddling with code.
# It's technically impossible to get there with proper headers.
return (False, "Unauthorized: no ip detected?")
if LAN_ALLOWED_ADDRESS_SPACE != '' and not has_address_space_permission(client_ip):
in_local_space = ipaddress.IPv4Address(client_ip) in ipaddress.IPv4Network(
LAN_ALLOWED_ADDRESS_SPACE
)
if not in_local_space:
return (False, "Unauthorized: " + client_ip + " not in subnet of " + LAN_ALLOWED_ADDRESS_SPACE)
if LAN_ALLOWED_SINGLE_ADDRESS != '' and not has_single_address_permission(client_ip):
return (False, "Unauthorized: " + client_ip + " is not " + LAN_ALLOWED_SINGLE_ADDRESS)
return (True, '')
class LanAuthentication(SessionAuthentication):