From 22104d356593c02fe9b02015a5303319abea7537 Mon Sep 17 00:00:00 2001 From: Alexandre Iooss Date: Fri, 8 Oct 2021 11:10:24 +0200 Subject: [PATCH] Do not whitelist access by IP range --- photo21/middleware.py | 24 +----------------------- photo21/settings.py | 3 --- 2 files changed, 1 insertion(+), 26 deletions(-) diff --git a/photo21/middleware.py b/photo21/middleware.py index 88ad41c..29aa5d6 100644 --- a/photo21/middleware.py +++ b/photo21/middleware.py @@ -1,7 +1,6 @@ from django.http import HttpResponseRedirect from django.conf import settings -import ipaddress import re @@ -20,30 +19,9 @@ class LoginRequiredMiddleware: If user is not authenticated and external, redirect to login view before calling the view. """ - if not request.user.is_authenticated and not self.check_ip(request): + if not request.user.is_authenticated: if not self.whitelist_re.match(request.path_info): return HttpResponseRedirect(settings.LOGIN_URL) response = self.get_response(request) return response - - def check_ip(self, request): - """ - Return true if IP is in authorized range - """ - # Get IP address - if 'HTTP_X_REAL_IP' in request.META: - ip = request.META.get('HTTP_X_REAL_IP') - elif 'HTTP_X_FORWARDED_FOR' in request.META: - ip = request.META.get('HTTP_X_FORWARDED_FOR').split(', ')[0] - else: - ip = request.META.get('REMOTE_ADDR') - ip = ipaddress.ip_address(ip) - - # Check against ranges - if hasattr(settings, 'LOGIN_EXEMPT_IP_RANGE'): - for ip_range in settings.LOGIN_EXEMPT_IP_RANGE: - net = ipaddress.ip_network(ip_range) - if ip in net: - return True - return False diff --git a/photo21/settings.py b/photo21/settings.py index bda42a0..b5ee4fd 100644 --- a/photo21/settings.py +++ b/photo21/settings.py @@ -165,6 +165,3 @@ SITE_ID = 1 # Photologue PHOTOLOGUE_GALLERY_SAMPLE_SIZE = 1 - -# IP range whitelist -LOGIN_EXEMPT_IP_RANGE = ["185.230.76.0/22", "2a0c:700::/32"]