kallithea Changeset - b66fd6de093c

Changeset - b66fd6de093c

Parent rev.

Child rev.

[Not reviewed]

beta

0 1 0

Marcin Kuzminski - 13 years ago 2013-04-04 16:38:33
marcin@python-works.com

fixed multiple IP addresses in each of extracted IP.
- different setup uses different proxy emthods. We make sure
we always select the first IP

1 file changed with 19 insertions and 11 deletions:

rhodecode/lib/base.py

0 comments (0 inline, 0 general)

rhodecode/lib/base.py

➞

Show inline comments

@@ @@ -11,71 +11,79 @@ from paste.httpexceptions import HTTPUna @@
 from paste.httpheaders import WWW_AUTHENTICATE, AUTHORIZATION
 from pylons import config, tmpl_context as c, request, session, url
 from pylons.controllers import WSGIController
 from pylons.controllers.util import redirect
 from pylons.templating import render_mako as render
 from rhodecode import __version__, BACKENDS
 from rhodecode.lib.utils2 import str2bool, safe_unicode, AttributeDict,\
     safe_str, safe_int
 from rhodecode.lib.auth import AuthUser, get_container_username, authfunc,\
     HasPermissionAnyMiddleware, CookieStoreWrapper
 from rhodecode.lib.utils import get_repo_slug, invalidate_cache
 from rhodecode.model import meta
 from rhodecode.model.db import Repository, RhodeCodeUi, User, RhodeCodeSetting
 from rhodecode.model.notification import NotificationModel
 from rhodecode.model.scm import ScmModel
 from rhodecode.model.meta import Session
 log = logging.getLogger(__name__)
 def _filter_proxy(ip):
     """
     HEADERS can have mutliple ips inside the left-most being the original
     client, and each successive proxy that passed the request adding the IP
     address where it received the request from.
     :param ip:
     """
     if ',' in ip:
         _ips = ip.split(',')
         _first_ip = _ips[0].strip()
         log.debug('Got multiple IPs %s, using %s' % (','.join(_ips), _first_ip))
         return _first_ip
     return ip
 def _get_ip_addr(environ):
     proxy_key = 'HTTP_X_REAL_IP'
     proxy_key2 = 'HTTP_X_FORWARDED_FOR'
     def_key = 'REMOTE_ADDR'
     ip = environ.get(proxy_key)
     if ip:
         return ip
+        return _filter_proxy(ip)
     ip = environ.get(proxy_key2)
     if ip:
         return ip
+        return _filter_proxy(ip)
     ip = environ.get(def_key, '0.0.0.0')
     # HEADERS can have mutliple ips inside
     # the left-most being the original client, and each successive proxy
     # that passed the request adding the IP address where it received the
     # request from.
     if ',' in ip:
         ip = ip.split(',')[0].strip()
     return ip
     return _filter_proxy(ip)
 def _get_access_path(environ):
     path = environ.get('PATH_INFO')
     org_req = environ.get('pylons.original_request')
     if org_req:
         path = org_req.environ.get('PATH_INFO')
     return path
 class BasicAuth(AuthBasicAuthenticator):
     def __init__(self, realm, authfunc, auth_http_code=None):
         self.realm = realm
         self.authfunc = authfunc
         self._rc_auth_http_code = auth_http_code
     def build_authentication(self):
         head = WWW_AUTHENTICATE.tuples('Basic realm="%s"' % self.realm)
         if self._rc_auth_http_code and self._rc_auth_http_code == '403':
             # return 403 if alternative http return code is specified in
             # RhodeCode config
             return HTTPForbidden(headers=head)
         return HTTPUnauthorized(headers=head)

0 comments (0 inline, 0 general)