mirror of
https://github.com/codeninjasllc/discourse.git
synced 2024-11-27 09:36:19 -05:00
FEATURE: allow restricting API keys to a particular range
This commit is contained in:
parent
4aec3c8c4c
commit
a9cda0f947
2 changed files with 27 additions and 2 deletions
|
@ -107,12 +107,16 @@ class Auth::DefaultCurrentUserProvider
|
|||
api_key = ApiKey.where(key: api_key_value).includes(:user).first
|
||||
if api_key
|
||||
api_username = request["api_username"]
|
||||
|
||||
if api_key.allowed_ips.present? && !api_key.allowed_ips.any?{|ip| ip.include?(request.ip)}
|
||||
Rails.logger.warn("Unauthorized API access: #{api_username} ip address: #{request.ip}")
|
||||
return nil
|
||||
end
|
||||
|
||||
if api_key.user
|
||||
api_key.user if !api_username || (api_key.user.username_lower == api_username.downcase)
|
||||
elsif api_username
|
||||
User.find_by(username_lower: api_username.downcase)
|
||||
else
|
||||
nil
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -31,6 +31,27 @@ describe Auth::DefaultCurrentUserProvider do
|
|||
}.to raise_error(Discourse::InvalidAccess)
|
||||
end
|
||||
|
||||
it "raises for a user with a mismatching ip" do
|
||||
user = Fabricate(:user)
|
||||
ApiKey.create!(key: "hello", user_id: user.id, created_by_id: -1, allowed_ips: ['10.0.0.0/24'])
|
||||
|
||||
expect{
|
||||
provider("/?api_key=hello&api_username=#{user.username.downcase}", "REMOTE_ADDR" => "10.1.0.1").current_user
|
||||
}.to raise_error(Discourse::InvalidAccess)
|
||||
|
||||
end
|
||||
|
||||
it "allows a user with a matching ip" do
|
||||
user = Fabricate(:user)
|
||||
ApiKey.create!(key: "hello", user_id: user.id, created_by_id: -1, allowed_ips: ['10.0.0.0/24'])
|
||||
|
||||
found_user = provider("/?api_key=hello&api_username=#{user.username.downcase}",
|
||||
"REMOTE_ADDR" => "10.0.0.22").current_user
|
||||
|
||||
found_user.id.should == user.id
|
||||
|
||||
end
|
||||
|
||||
it "finds a user for a correct system api key" do
|
||||
user = Fabricate(:user)
|
||||
ApiKey.create!(key: "hello", created_by_id: -1)
|
||||
|
|
Loading…
Reference in a new issue