Revision 0e3918f3
b/helpdesk/middleware.py | ||
---|---|---|
27 | 27 |
# The views and conclusions contained in the software and documentation are |
28 | 28 |
# those of the authors and should not be interpreted as representing official |
29 | 29 |
# policies, either expressed or implied, of GRNET S.A. |
30 |
|
|
30 | 31 |
from synnefo.db.models import SynnefoUser |
31 | 32 |
from django.conf import settings |
32 | 33 |
from django.http import HttpResponse |
... | ... | |
37 | 38 |
auth_tmp_token = "X-Auth-Tmp-Token" |
38 | 39 |
|
39 | 40 |
def process_request(self, request): |
41 |
|
|
42 |
# Check the request's IP address |
|
43 |
allowed = settings.HELPDESK_ALLOWED_IPS |
|
44 |
if not check_ip(request.META['REMOTE_ADDR'], allowed): |
|
45 |
try: |
|
46 |
proxy_ip = request.META['HTTP_X_FORWARDED_FOR'] |
|
47 |
except Exception: |
|
48 |
return HttpResponse(status=403, content="IP Address not allowed") |
|
49 |
if not check_ip(proxy_ip, allowed): |
|
50 |
return HttpResponse(status=403, content="IP Address not allowed") |
|
51 |
|
|
40 | 52 |
# Helpdesk application request, find the temp token |
41 | 53 |
tmp_token = None |
42 | 54 |
try: |
... | ... | |
49 | 61 |
if (time.time() - |
50 | 62 |
time.mktime(tmp_user.tmp_auth_token_expires.timetuple())) > 0: |
51 | 63 |
# The impersonated user's token has expired, re-login |
52 |
return HttpResponse("User token expired, request a new token")
|
|
64 |
return HttpResponse(status=403, content="Temporary token expired")
|
|
53 | 65 |
|
54 | 66 |
request.user = tmp_user |
67 |
|
|
68 |
def check_ip(ip, allowed): |
|
69 |
for addr in allowed: |
|
70 |
# Check exact match |
|
71 |
if ip == addr: |
|
72 |
return True; |
|
73 |
# Check range match |
|
74 |
if addr.endswith('.0'): |
|
75 |
iprange = ip[0:ip.rfind(".")] |
|
76 |
if addr.startswith(iprange): |
|
77 |
return True |
|
78 |
else: |
|
79 |
continue |
|
80 |
|
|
81 |
return False |
b/helpdesk/tests.py | ||
---|---|---|
1 |
# vim: set fileencoding=utf-8 : |
|
2 |
# Copyright 2011 GRNET S.A. All rights reserved. |
|
3 |
# |
|
4 |
# Redistribution and use in source and binary forms, with or without |
|
5 |
# modification, are permitted provided that the following conditions |
|
6 |
# are met: |
|
7 |
# |
|
8 |
# 1. Redistributions of source code must retain the above copyright |
|
9 |
# notice, this list of conditions and the following disclaimer. |
|
10 |
# |
|
11 |
# 2. Redistributions in binary form must reproduce the above copyright |
|
12 |
# notice, this list of conditions and the following disclaimer in the |
|
13 |
# documentation and/or other materials provided with the distribution. |
|
14 |
# |
|
15 |
# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND |
|
16 |
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
|
17 |
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
|
18 |
# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE |
|
19 |
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
|
20 |
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
|
21 |
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
|
22 |
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
|
23 |
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
|
24 |
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
|
25 |
# SUCH DAMAGE. |
|
26 |
# |
|
27 |
# The views and conclusions contained in the software and documentation are |
|
28 |
# those of the authors and should not be interpreted as representing official |
|
29 |
# policies, either expressed or implied, of GRNET S.A. |
|
30 |
|
|
31 |
from django.test import TestCase |
|
32 |
from django.test.client import Client |
|
33 |
|
|
34 |
from synnefo.helpdesk.middleware import check_ip |
|
35 |
|
|
36 |
class HelpdeskTestCase(TestCase): |
|
37 |
apibase = '/api/v1.1' |
|
38 |
|
|
39 |
def setUp(self): |
|
40 |
self.client = Client() |
|
41 |
|
|
42 |
def test_check_ip(self): |
|
43 |
range = ('127.0.0.1', '195.251.249.0') |
|
44 |
|
|
45 |
ip = '127.0.0.1' |
|
46 |
self.assertTrue(check_ip(ip, range)) |
|
47 |
|
|
48 |
ip = '195.251.249.212' |
|
49 |
self.assertTrue(check_ip(ip, range)) |
|
50 |
|
|
51 |
ip = '195.234.249.2' |
|
52 |
self.assertFalse(check_ip(ip, range)) |
b/settings.py.dist | ||
---|---|---|
273 | 273 |
# Helpdesk application |
274 | 274 |
# |
275 | 275 |
|
276 |
# Duration for temporary auth tokens, created for impersonating a register |
|
277 |
# user by help desk staff.
|
|
276 |
# Duration for temporary auth tokens, created for impersonating a registered
|
|
277 |
# user by helpdesk staff. |
|
278 | 278 |
HELPDESK_TOKEN_DURATION_MIN = 30 |
279 | 279 |
|
280 | 280 |
# IP addresses of the machines allowed to connect as help desk |
281 |
HELPDESK_ALLOWED_IP = ("127.0.0.1")
|
|
281 |
HELPDESK_ALLOWED_IPS = ("127.0.0.1",)
|
|
282 | 282 |
|
283 | 283 |
# Helpdesk auth token |
284 | 284 |
HELPDESK_AUTH_TOKEN = "0xdeadbabe" |
Also available in: Unified diff