From 2a70d2cb3133aaf74f238c9c5930e52e528efa91 Mon Sep 17 00:00:00 2001 From: Dariusz Niemczyk Date: Mon, 17 Jul 2023 23:12:02 +0200 Subject: [PATCH] Add configurable auth-by-lan values --- spejstore/settings.py | 8 +++++--- storage/authentication.py | 6 +++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/spejstore/settings.py b/spejstore/settings.py index 97094b1..600feab 100644 --- a/spejstore/settings.py +++ b/spejstore/settings.py @@ -186,6 +186,8 @@ SOCIAL_AUTH_JSONFIELD_ENABLED = True LABEL_API = env("LABEL_API", "http://label.waw.hackerspace.pl:4567") LOGIN_URL = "/admin/login/" -LAN_ALLOWED_ADDRES_SPACE = "10.8.0.0/16" -LAN_ALLOWED_HEADER = "X-LAN-ALLOWED" -PROXY_TRUSTED_IPS = ["172.21.37.1"] +# HSWAW lan +LAN_ALLOWED_ADDRESS_SPACE = env("LAN_ALLOWED_ADDRESS_SPACE", "10.8.0.0/16") + +LAN_ALLOWED_HEADER = env("LAN_ALLOWED_HEADER", "X-LAN-ALLOWED") +PROXY_TRUSTED_IPS = env("PROXY_TRUSTED_IPS", "172.21.37.1").split(",") diff --git a/storage/authentication.py b/storage/authentication.py index 81f5ebe..2da2c4d 100644 --- a/storage/authentication.py +++ b/storage/authentication.py @@ -3,7 +3,7 @@ from rest_framework import exceptions from rest_framework.authentication import BaseAuthentication from spejstore.settings import ( - LAN_ALLOWED_ADDRES_SPACE, + LAN_ALLOWED_ADDRESS_SPACE, LAN_ALLOWED_HEADER, PROD, PROXY_TRUSTED_IPS, @@ -48,7 +48,7 @@ class LanAuthentication(BaseAuthentication): return (user, "authorized") else: raise exceptions.AuthenticationFailed( - "Unauthorized: not in subnet of " + LAN_ALLOWED_ADDRES_SPACE + "Unauthorized: not in subnet of " + LAN_ALLOWED_ADDRESS_SPACE ) def authenticate_header(self, request): @@ -66,7 +66,7 @@ class LanAuthentication(BaseAuthentication): "Unauthorized: request is not coming from the PROXY_TRUSTED_IPS machine" ) return ipaddress.IPv4Address(client_ip) in ipaddress.IPv4Network( - LAN_ALLOWED_ADDRES_SPACE + LAN_ALLOWED_ADDRESS_SPACE ) else: return True