Revision 0e3918f3
| b/helpdesk/middleware.py | ||
|---|---|---|
| 27 | 27 |
# The views and conclusions contained in the software and documentation are |
| 28 | 28 |
# those of the authors and should not be interpreted as representing official |
| 29 | 29 |
# policies, either expressed or implied, of GRNET S.A. |
| 30 |
|
|
| 30 | 31 |
from synnefo.db.models import SynnefoUser |
| 31 | 32 |
from django.conf import settings |
| 32 | 33 |
from django.http import HttpResponse |
| ... | ... | |
| 37 | 38 |
auth_tmp_token = "X-Auth-Tmp-Token" |
| 38 | 39 |
|
| 39 | 40 |
def process_request(self, request): |
| 41 |
|
|
| 42 |
# Check the request's IP address |
|
| 43 |
allowed = settings.HELPDESK_ALLOWED_IPS |
|
| 44 |
if not check_ip(request.META['REMOTE_ADDR'], allowed): |
|
| 45 |
try: |
|
| 46 |
proxy_ip = request.META['HTTP_X_FORWARDED_FOR'] |
|
| 47 |
except Exception: |
|
| 48 |
return HttpResponse(status=403, content="IP Address not allowed") |
|
| 49 |
if not check_ip(proxy_ip, allowed): |
|
| 50 |
return HttpResponse(status=403, content="IP Address not allowed") |
|
| 51 |
|
|
| 40 | 52 |
# Helpdesk application request, find the temp token |
| 41 | 53 |
tmp_token = None |
| 42 | 54 |
try: |
| ... | ... | |
| 49 | 61 |
if (time.time() - |
| 50 | 62 |
time.mktime(tmp_user.tmp_auth_token_expires.timetuple())) > 0: |
| 51 | 63 |
# The impersonated user's token has expired, re-login |
| 52 |
return HttpResponse("User token expired, request a new token")
|
|
| 64 |
return HttpResponse(status=403, content="Temporary token expired")
|
|
| 53 | 65 |
|
| 54 | 66 |
request.user = tmp_user |
| 67 |
|
|
| 68 |
def check_ip(ip, allowed): |
|
| 69 |
for addr in allowed: |
|
| 70 |
# Check exact match |
|
| 71 |
if ip == addr: |
|
| 72 |
return True; |
|
| 73 |
# Check range match |
|
| 74 |
if addr.endswith('.0'):
|
|
| 75 |
iprange = ip[0:ip.rfind(".")]
|
|
| 76 |
if addr.startswith(iprange): |
|
| 77 |
return True |
|
| 78 |
else: |
|
| 79 |
continue |
|
| 80 |
|
|
| 81 |
return False |
|
| b/helpdesk/tests.py | ||
|---|---|---|
| 1 |
# vim: set fileencoding=utf-8 : |
|
| 2 |
# Copyright 2011 GRNET S.A. All rights reserved. |
|
| 3 |
# |
|
| 4 |
# Redistribution and use in source and binary forms, with or without |
|
| 5 |
# modification, are permitted provided that the following conditions |
|
| 6 |
# are met: |
|
| 7 |
# |
|
| 8 |
# 1. Redistributions of source code must retain the above copyright |
|
| 9 |
# notice, this list of conditions and the following disclaimer. |
|
| 10 |
# |
|
| 11 |
# 2. Redistributions in binary form must reproduce the above copyright |
|
| 12 |
# notice, this list of conditions and the following disclaimer in the |
|
| 13 |
# documentation and/or other materials provided with the distribution. |
|
| 14 |
# |
|
| 15 |
# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
|
| 16 |
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
| 17 |
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
| 18 |
# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
|
| 19 |
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|
| 20 |
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|
| 21 |
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
| 22 |
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
| 23 |
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|
| 24 |
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|
| 25 |
# SUCH DAMAGE. |
|
| 26 |
# |
|
| 27 |
# The views and conclusions contained in the software and documentation are |
|
| 28 |
# those of the authors and should not be interpreted as representing official |
|
| 29 |
# policies, either expressed or implied, of GRNET S.A. |
|
| 30 |
|
|
| 31 |
from django.test import TestCase |
|
| 32 |
from django.test.client import Client |
|
| 33 |
|
|
| 34 |
from synnefo.helpdesk.middleware import check_ip |
|
| 35 |
|
|
| 36 |
class HelpdeskTestCase(TestCase): |
|
| 37 |
apibase = '/api/v1.1' |
|
| 38 |
|
|
| 39 |
def setUp(self): |
|
| 40 |
self.client = Client() |
|
| 41 |
|
|
| 42 |
def test_check_ip(self): |
|
| 43 |
range = ('127.0.0.1', '195.251.249.0')
|
|
| 44 |
|
|
| 45 |
ip = '127.0.0.1' |
|
| 46 |
self.assertTrue(check_ip(ip, range)) |
|
| 47 |
|
|
| 48 |
ip = '195.251.249.212' |
|
| 49 |
self.assertTrue(check_ip(ip, range)) |
|
| 50 |
|
|
| 51 |
ip = '195.234.249.2' |
|
| 52 |
self.assertFalse(check_ip(ip, range)) |
|
| b/settings.py.dist | ||
|---|---|---|
| 273 | 273 |
# Helpdesk application |
| 274 | 274 |
# |
| 275 | 275 |
|
| 276 |
# Duration for temporary auth tokens, created for impersonating a register |
|
| 277 |
# user by help desk staff.
|
|
| 276 |
# Duration for temporary auth tokens, created for impersonating a registered
|
|
| 277 |
# user by helpdesk staff. |
|
| 278 | 278 |
HELPDESK_TOKEN_DURATION_MIN = 30 |
| 279 | 279 |
|
| 280 | 280 |
# IP addresses of the machines allowed to connect as help desk |
| 281 |
HELPDESK_ALLOWED_IP = ("127.0.0.1")
|
|
| 281 |
HELPDESK_ALLOWED_IPS = ("127.0.0.1",)
|
|
| 282 | 282 |
|
| 283 | 283 |
# Helpdesk auth token |
| 284 | 284 |
HELPDESK_AUTH_TOKEN = "0xdeadbabe" |
Also available in: Unified diff