Do not whitelist access by IP range

2021-10-08 11:10:24 +02:00 · 2021-10-08 11:10:24 +02:00 · 22104d3565
commit 22104d3565
parent 22e0b7dc27
2 changed files with 1 additions and 26 deletions
--- a/photo21/middleware.py
+++ b/photo21/middleware.py
@ -1,7 +1,6 @@
 from django.http import HttpResponseRedirect
 from django.conf import settings
 import ipaddress
 import re
@ -20,30 +19,9 @@ class LoginRequiredMiddleware:
        If user is not authenticated and external, redirect to login view
        before calling the view.
        """
-        if not request.user.is_authenticated and not self.check_ip(request):
+        if not request.user.is_authenticated:
            if not self.whitelist_re.match(request.path_info):
                return HttpResponseRedirect(settings.LOGIN_URL)
        response = self.get_response(request)
        return response
    def check_ip(self, request):
        """
        Return true if IP is in authorized range
        """
        # Get IP address
        if 'HTTP_X_REAL_IP' in request.META:
            ip = request.META.get('HTTP_X_REAL_IP')
        elif 'HTTP_X_FORWARDED_FOR' in request.META:
            ip = request.META.get('HTTP_X_FORWARDED_FOR').split(', ')[0]
        else:
            ip = request.META.get('REMOTE_ADDR')
        ip = ipaddress.ip_address(ip)
        # Check against ranges
        if hasattr(settings, 'LOGIN_EXEMPT_IP_RANGE'):
            for ip_range in settings.LOGIN_EXEMPT_IP_RANGE:
                net = ipaddress.ip_network(ip_range)
                if ip in net:
                    return True
        return False
--- a/photo21/settings.py
+++ b/photo21/settings.py
@ -165,6 +165,3 @@ SITE_ID = 1
 # Photologue
 PHOTOLOGUE_GALLERY_SAMPLE_SIZE = 1
 # IP range whitelist
 LOGIN_EXEMPT_IP_RANGE = ["185.230.76.0/22", "2a0c:700::/32"]