Do not whitelist access by IP range

2021-10-08 11:10:24 +02:00 · 2021-10-08 11:10:24 +02:00 · 22104d3565
commit 22104d3565
parent 22e0b7dc27
2 changed files with 1 additions and 26 deletions
--- a/photo21/middleware.py
+++ b/photo21/middleware.py
@ -1,7 +1,6 @@
 from django.http import HttpResponseRedirect
 from django.conf import settings

-import ipaddress
 import re


@ -20,30 +19,9 @@ class LoginRequiredMiddleware:
        If user is not authenticated and external, redirect to login view
        before calling the view.
        """
-        if not request.user.is_authenticated and not self.check_ip(request):
+        if not request.user.is_authenticated:
            if not self.whitelist_re.match(request.path_info):
                return HttpResponseRedirect(settings.LOGIN_URL)

        response = self.get_response(request)
        return response
-
-    def check_ip(self, request):
-        """
-        Return true if IP is in authorized range
-        """
-        # Get IP address
-        if 'HTTP_X_REAL_IP' in request.META:
-            ip = request.META.get('HTTP_X_REAL_IP')
-        elif 'HTTP_X_FORWARDED_FOR' in request.META:
-            ip = request.META.get('HTTP_X_FORWARDED_FOR').split(', ')[0]
-        else:
-            ip = request.META.get('REMOTE_ADDR')
-        ip = ipaddress.ip_address(ip)
-
-        # Check against ranges
-        if hasattr(settings, 'LOGIN_EXEMPT_IP_RANGE'):
-            for ip_range in settings.LOGIN_EXEMPT_IP_RANGE:
-                net = ipaddress.ip_network(ip_range)
-                if ip in net:
-                    return True
-        return False
--- a/photo21/settings.py
+++ b/photo21/settings.py
@ -165,6 +165,3 @@ SITE_ID = 1

 # Photologue
 PHOTOLOGUE_GALLERY_SAMPLE_SIZE = 1
-
-# IP range whitelist
-LOGIN_EXEMPT_IP_RANGE = ["185.230.76.0/22", "2a0c:700::/32"]