From d71885d264b3c096c07036ccb0ad76c7bc2317c2 Mon Sep 17 00:00:00 2001 From: Dariusz Niemczyk Date: Tue, 19 Sep 2023 18:21:11 +0200 Subject: [PATCH] Revert "hscloud: Add single address authentication" This reverts commit f1143dc4f1f43f4816302036c247471ce9abc536. --- spejstore/settings.py | 1 - storage/authentication.py | 20 +++++--------------- 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/spejstore/settings.py b/spejstore/settings.py index b78a506..c27d15a 100644 --- a/spejstore/settings.py +++ b/spejstore/settings.py @@ -222,4 +222,3 @@ LABEL_API = env("LABEL_API", "http://label.waw.hackerspace.pl:4567") LOGIN_URL = "/admin/login/" # Local LAN address space LAN_ALLOWED_ADDRESS_SPACE = env("LAN_ALLOWED_ADDRESS_SPACE", "") -LAN_ALLOWED_SINGLE_ADDRESS = env("LAN_ALLOWED_SINGLE_ADDRESS", "") diff --git a/storage/authentication.py b/storage/authentication.py index 2492c9c..3deed98 100644 --- a/storage/authentication.py +++ b/storage/authentication.py @@ -4,7 +4,6 @@ from rest_framework import exceptions from rest_framework.authentication import SessionAuthentication from spejstore.settings import ( LAN_ALLOWED_ADDRESS_SPACE, - LAN_ALLOWED_SINGLE_ADDRESS, ) @@ -38,29 +37,20 @@ def get_ip_from_request(request): return None -def has_address_space_permission(client_ip): - return ipaddress.IPv4Address(client_ip) in ipaddress.IPv4Network( - LAN_ALLOWED_ADDRESS_SPACE - ) - -def has_single_address_permission(client_ip): - return ipaddress.IPv4Address(client_ip) == LAN_ALLOWED_SINGLE_ADDRESS - - def has_permission(request): # We don't care if address space is undefined - if LAN_ALLOWED_ADDRESS_SPACE == '' and LAN_ALLOWED_SINGLE_ADDRESS == '': + if LAN_ALLOWED_ADDRESS_SPACE == '': return (True, '') client_ip = get_ip_from_request(request) if client_ip is None: # This should only happen on localhost env when fiddling with code. # It's technically impossible to get there with proper headers. return (False, "Unauthorized: no ip detected?") - - if LAN_ALLOWED_ADDRESS_SPACE != '' and not has_address_space_permission(client_ip): + in_local_space = ipaddress.IPv4Address(client_ip) in ipaddress.IPv4Network( + LAN_ALLOWED_ADDRESS_SPACE + ) + if not in_local_space: return (False, "Unauthorized: " + client_ip + " not in subnet of " + LAN_ALLOWED_ADDRESS_SPACE) - if LAN_ALLOWED_SINGLE_ADDRESS != '' and not has_single_address_permission(client_ip): - return (False, "Unauthorized: " + client_ip + " is not " + LAN_ALLOWED_SINGLE_ADDRESS) return (True, '') class LanAuthentication(SessionAuthentication):