diff options
author | Marcin Kuzminski <marcin@python-works.com> | 2012-12-30 23:06:03 +0100 |
---|---|---|
committer | Marcin Kuzminski <marcin@python-works.com> | 2012-12-30 23:06:03 +0100 |
commit | b8e1df75b21aad11a161aa3930eb7f26c1c45770 (patch) | |
tree | fcc9b54514288e334d5cf135ecb0e28fb12053bb /rhodecode/lib/auth.py | |
parent | 41981be79eefe651870aab3138d143296a4205a2 (diff) |
Added UserIpMap interface for allowed IP addresses and IP restriction access
ref #264 IP restriction for users and user groups
--HG--
branch : beta
extra : amend_source : b1cad1d9ff6ef50b570689dacec7902a8909895b
Diffstat (limited to 'rhodecode/lib/auth.py')
-rw-r--r-- | rhodecode/lib/auth.py | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/rhodecode/lib/auth.py b/rhodecode/lib/auth.py index d234e3e2..2fb087c1 100644 --- a/rhodecode/lib/auth.py +++ b/rhodecode/lib/auth.py @@ -45,7 +45,7 @@ from rhodecode.lib.auth_ldap import AuthLdap from rhodecode.model import meta from rhodecode.model.user import UserModel -from rhodecode.model.db import Permission, RhodeCodeSetting, User +from rhodecode.model.db import Permission, RhodeCodeSetting, User, UserIpMap log = logging.getLogger(__name__) @@ -313,11 +313,12 @@ class AuthUser(object): in """ - def __init__(self, user_id=None, api_key=None, username=None): + def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None): self.user_id = user_id self.api_key = None self.username = username + self.ip_addr = ip_addr self.name = '' self.lastname = '' @@ -326,6 +327,7 @@ class AuthUser(object): self.admin = False self.inherit_default_permissions = False self.permissions = {} + self.allowed_ips = set() self._api_key = api_key self.propagate_data() self._instance = None @@ -375,6 +377,8 @@ class AuthUser(object): log.debug('Auth User is now %s' % self) user_model.fill_perms(self) + log.debug('Filling Allowed IPs') + self.allowed_ips = AuthUser.get_allowed_ips(self.user_id) @property def is_admin(self): @@ -406,6 +410,14 @@ class AuthUser(object): api_key = cookie_store.get('api_key') return AuthUser(user_id, api_key, username) + @classmethod + def get_allowed_ips(cls, user_id): + _set = set() + user_ips = UserIpMap.query().filter(UserIpMap.user_id == user_id).all() + for ip in user_ips: + _set.add(ip.ip_addr) + return _set or set(['0.0.0.0/0']) + def set_available_permissions(config): """ @@ -821,3 +833,19 @@ class HasPermissionAnyMiddleware(object): ) ) return False + + +def check_ip_access(source_ip, allowed_ips=None): + """ + Checks if source_ip is a subnet of any of allowed_ips. + + :param source_ip: + :param allowed_ips: list of allowed ips together with mask + """ + from rhodecode.lib import ipaddr + log.debug('checking if ip:%s is subnet of %s' % (source_ip, allowed_ips)) + if isinstance(allowed_ips, (tuple, list, set)): + for ip in allowed_ips: + if ipaddr.IPAddress(source_ip) in ipaddr.IPNetwork(ip): + return True + return False |