kallithea Changeset - 815bf70a88ce

Changeset - 815bf70a88ce

Parent rev.

Child rev.

[Not reviewed]

default

0 4 0

Søren Løvborg - 10 years ago 2015-07-14 13:59:59
kwi@kwi.dk

AuthUser: simplify check_ip_allowed and drop is_ip_allowed

check_ip_allowed is always called with user_id and inherit_from_default
arguments taken from the same User/AuthUser object, so just take that
object instead. This simplifies the is_ip_allowed method to the point
where it can be removed.

4 files changed with 11 insertions and 20 deletions:

kallithea/controllers/api/__init__.py

kallithea/controllers/login.py

kallithea/lib/auth.py

kallithea/lib/base.py

0 comments (0 inline, 0 general)

kallithea/controllers/api/__init__.py

➞

Show inline comments

@@ @@ -155,15 +155,14 @@ class JSONRPCController(WSGIController): @@
         try:
             u = User.get_by_api_key(self._req_api_key)
             if u is None:
                 return jsonrpc_error(retid=self._req_id,
                                      message='Invalid API key')
             #check if we are allowed to use this IP
             auth_u = AuthUser(u.user_id, self._req_api_key)
-            if not auth_u.is_ip_allowed(ip_addr):
+            if not AuthUser.check_ip_allowed(auth_u, ip_addr):
                 return jsonrpc_error(retid=self._req_id,
                         message='request from IP:%s not allowed' % (ip_addr,))
             else:
                 log.info('Access for IP:%s allowed' % (ip_addr,))
         except Exception, e:

kallithea/controllers/login.py

➞

Show inline comments

@@ @@ -106,13 +106,13 @@ class LoginController(BaseController): @@
     def index(self):
         c.came_from = safe_str(request.GET.get('came_from', ''))
         if not self._validate_came_from(c.came_from):
             c.came_from = url('home')
         not_default = self.authuser.username != User.DEFAULT_USER
-        ip_allowed = self.authuser.is_ip_allowed(self.ip_addr)
+        ip_allowed = AuthUser.check_ip_allowed(self.authuser, self.ip_addr)
         # redirect if already logged in
         if self.authuser.is_authenticated and not_default and ip_allowed:
             return self._redirect_to_origin(c.came_from)
         if request.POST:

kallithea/lib/auth.py

➞

Show inline comments

@@ @@ -605,25 +605,20 @@ class AuthUser(object): @@
         """
         Returns list of user groups you're an admin of
         """
         return [x[0] for x in self.permissions['user_groups'].iteritems()
                 if x[1] == 'usergroup.admin']
     def is_ip_allowed(self, ip_addr):
         """
         Determine if `ip_addr` is on the list of allowed IP addresses
         for this user.
     @staticmethod
     def check_ip_allowed(user, ip_addr):
         """
         inherit = self.inherit_default_permissions
         return AuthUser.check_ip_allowed(self.user_id, ip_addr,
                                          inherit_from_default=inherit)
     @classmethod
     def check_ip_allowed(cls, user_id, ip_addr, inherit_from_default):
         allowed_ips = AuthUser.get_allowed_ips(user_id, cache=True,
                         inherit_from_default=inherit_from_default)
         Check if the given IP address (a `str`) is allowed for the given
         user (an `AuthUser` or `db.User`).
         """
         allowed_ips = AuthUser.get_allowed_ips(user.user_id, cache=True,
             inherit_from_default=user.inherit_default_permissions)
         if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips):
             log.debug('IP:%s is in range of %s' % (ip_addr, allowed_ips))
             return True
         else:
             log.info('Access for IP:%s forbidden, '
                      'not in %s' % (ip_addr, allowed_ips))
@@ @@ -739,14 +734,13 @@ class LoginRequired(object): @@
     def __wrapper(self, func, *fargs, **fkwargs):
         controller = fargs[0]
         user = controller.authuser
         loc = "%s:%s" % (controller.__class__.__name__, func.__name__)
         log.debug('Checking access for user %s @ %s' % (user, loc))
         # check if our IP is allowed
         if not user.is_ip_allowed(controller.ip_addr):
         if not AuthUser.check_ip_allowed(user, controller.ip_addr):
             return redirect_to_login(_('IP %s not allowed') % controller.ip_addr)
         # check if we used an API key and it's a valid one
         api_key = request.GET.get('api_key')
         if api_key is not None:
             # explicit controller is enabled or API is in our whitelist

kallithea/lib/base.py

➞

Show inline comments

@@ @@ -183,15 +183,13 @@ class BaseVCSController(object): @@
         :param action: push or pull action
         :param user: `User` instance
         :param repo_name: repository name
         """
         # check IP
         inherit = user.inherit_default_permissions
         ip_allowed = AuthUser.check_ip_allowed(user.user_id, ip_addr,
                                                inherit_from_default=inherit)
         ip_allowed = AuthUser.check_ip_allowed(user, ip_addr)
         if ip_allowed:
             log.info('Access for IP:%s allowed' % (ip_addr,))
         else:
             return False
         if action == 'push':

0 comments (0 inline, 0 general)