Mercurial > kallithea
changeset 7486:088155584e2e
auth: make sure request.authuser *always* has been checked for check_ip_allowed - there is thus no need to check it later
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Wed, 26 Dec 2018 03:03:31 +0100 |
| parents | c6ce891312ef |
| children | 22bc0f7cc2b4 |
| files | kallithea/controllers/login.py kallithea/lib/auth.py kallithea/lib/base.py |
| diffstat | 3 files changed, 7 insertions(+), 7 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/login.py Wed Dec 26 02:21:26 2018 +0100 +++ b/kallithea/controllers/login.py Wed Dec 26 03:03:31 2018 +0100 @@ -76,10 +76,8 @@ else: c.came_from = url('home') - ip_allowed = AuthUser.check_ip_allowed(request.authuser, request.ip_addr) - # redirect if already logged in - if request.authuser.is_authenticated and ip_allowed: + if request.authuser.is_authenticated: raise HTTPFound(location=c.came_from) if request.POST:
--- a/kallithea/lib/auth.py Wed Dec 26 02:21:26 2018 +0100 +++ b/kallithea/lib/auth.py Wed Dec 26 03:03:31 2018 +0100 @@ -777,9 +777,6 @@ loc = "%s:%s" % (controller.__class__.__name__, func.__name__) log.debug('Checking access for user %s @ %s', user, loc) - if not AuthUser.check_ip_allowed(user, request.ip_addr): - raise _redirect_to_login(_('IP %s not allowed') % request.ip_addr) - # Check if we used an API key to authenticate. api_key = user.authenticating_api_key if api_key is not None:
--- a/kallithea/lib/base.py Wed Dec 26 02:21:26 2018 +0100 +++ b/kallithea/lib/base.py Wed Dec 26 03:03:31 2018 +0100 @@ -529,12 +529,17 @@ if type.lower() == 'bearer': bearer_token = params - request.authuser = self._determine_auth_user( + authuser = self._determine_auth_user( request.GET.get('api_key'), bearer_token, session.get('authuser'), ) + if not AuthUser.check_ip_allowed(authuser, request.ip_addr): + raise webob.exc.HTTPForbidden() + + request.authuser = authuser + log.info('IP: %s User: %s accessed %s', request.ip_addr, request.authuser, safe_unicode(_get_access_path(environ)),