17546551976

Committed 08 Sep 2025 09:41AM UTC coverage: 70.22% (-0.08%) from 70.299%

Build Type

github

Committed by

Commit Message

Merge ca9d1affd into 2e21a55c5

Run Details

0 of 31 new or added lines in 1 file covered. (0.0%)

4 existing lines in 2 files now uncovered.

12181 of 17347 relevant lines covered (70.22%)

0.7 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/pod/authentication/IPRestrictionMiddleware.py

1	"""Esup-Pod IP Restriction middleware."""
2
NEW 3	import ipaddress	×
NEW 4	from django.conf import settings	×
NEW 5	from django.utils.translation import gettext_lazy as _	×
6
NEW 7	ALLOWED_SUPERUSER_IPS = getattr(settings, "ALLOWED_SUPERUSER_IPS", [])	×
8
9
NEW 10	def ip_in_allowed_range(ip) -> bool:	×
11	"""Make sure the IP is one of the authorized ones."""
NEW 12	try:	×
NEW 13	ip_obj = ipaddress.ip_address(ip)	×
NEW 14	except ValueError:	×
NEW 15	return False	×
16
NEW 17	for allowed in ALLOWED_SUPERUSER_IPS:	×
NEW 18	try:	×
NEW 19	if '/' in allowed:	×
NEW 20	net = ipaddress.ip_network(allowed, strict=False)	×
NEW 21	if ip_obj in net:	×
NEW 22	return True	×
23	else:
NEW 24	if ip_obj == ipaddress.ip_address(allowed):	×
NEW 25	return True	×
NEW 26	except ValueError:	×
NEW 27	continue	×
NEW 28	return False	×
29
30
NEW 31	class IPRestrictionMiddleware:	×
NEW 32	def __init__(self, get_response) -> None:	×
NEW 33	self.get_response = get_response	×
34
NEW 35	def __call__(self, request):	×
NEW 36	ip = request.META.get('REMOTE_ADDR')	×
NEW 37	user = request.user	×
38
NEW 39	if user.is_authenticated and user.is_superuser:	×
NEW 40	if not ip_in_allowed_range(ip):	×
NEW 41	user.is_superuser = False	×
NEW 42	user.last_name = _(	×
43	"%(last_name)s (Restricted - IP %(ip)s not allowed)"
44	) % {"last_name": user.last_name, "ip": ip}
45
NEW 46	return self.get_response(request)	×