Commit 8c176925 authored by Guilhem Saurel's avatar Guilhem Saurel
Browse files

LAASPermsMiddleware

parent 02bbac1d
Pipeline #8029 passed with stage
in 1 minute and 29 seconds
from ipaddress import ip_address, ip_network
from django.conf import settings
from django.http import HttpRequest, HttpResponse, HttpResponseForbidden
from rest_framework import permissions
def ip_laas(request: HttpRequest) -> bool:
forwarded_for = ip_address(request.META.get('HTTP_X_FORWARDED_FOR'))
return any(forwarded_for in ip_network(net) for net in settings.LAAS_NETWORKS)
class LAASPermsMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request: HttpRequest) -> HttpResponse:
allowed = (request.path.startswith('/admin/') or request.path.startswith('/accounts/')
or request.user and request.user.is_authenticated
or request.method in permissions.SAFE_METHODS and ip_laas(request))
if allowed:
return self.get_response(request)
return HttpResponseForbidden()
......@@ -56,6 +56,7 @@ MIDDLEWARE = [
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'dashboard.middleware.LAASPermsMiddleware',
]
ROOT_URLCONF = f'{PROJECT}.urls'
......@@ -166,3 +167,5 @@ AUTH_LDAP_SERVER_URI = "ldap://ldap.laas.fr"
AUTH_LDAP_USER_DN_TEMPLATE = "uid=%(user)s,ou=users,dc=laas,dc=fr"
AUTH_LDAP_START_TLS = True
AUTH_LDAP_USER_ATTR_MAP = {"first_name": "givenName", "last_name": "sn", "email": "laas-mainMail"}
LAAS_NETWORKS = ['140.93.0.0/21', '2001:660:6602:4::/64']
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment