diff --git a/kallithea/controllers/admin/my_account.py b/kallithea/controllers/admin/my_account.py --- a/kallithea/controllers/admin/my_account.py +++ b/kallithea/controllers/admin/my_account.py @@ -98,8 +98,8 @@ class MyAccountController(BaseController # url('my_account') c.active = 'profile' self.__load_data() - c.perm_user = AuthUser(user_id=self.authuser.user_id, - ip_addr=self.ip_addr) + c.perm_user = AuthUser(user_id=self.authuser.user_id) + c.ip_addr = self.ip_addr c.extern_type = c.user.extern_type c.extern_name = c.user.extern_name @@ -193,8 +193,8 @@ class MyAccountController(BaseController def my_account_perms(self): c.active = 'perms' self.__load_data() - c.perm_user = AuthUser(user_id=self.authuser.user_id, - ip_addr=self.ip_addr) + c.perm_user = AuthUser(user_id=self.authuser.user_id) + c.ip_addr = self.ip_addr return render('admin/my_account/my_account.html') diff --git a/kallithea/controllers/admin/users.py b/kallithea/controllers/admin/users.py --- a/kallithea/controllers/admin/users.py +++ b/kallithea/controllers/admin/users.py @@ -168,7 +168,8 @@ class UsersController(BaseController): c.user = user_model.get(id) c.extern_type = c.user.extern_type c.extern_name = c.user.extern_name - c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr) + c.perm_user = AuthUser(user_id=id) + c.ip_addr = self.ip_addr _form = UserForm(edit=True, old_data={'user_id': id, 'email': c.user.email})() form_result = {} @@ -248,7 +249,8 @@ class UsersController(BaseController): c.active = 'profile' c.extern_type = c.user.extern_type c.extern_name = c.user.extern_name - c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr) + c.perm_user = AuthUser(user_id=id) + c.ip_addr = self.ip_addr defaults = c.user.get_dict() return htmlfill.render( @@ -260,7 +262,8 @@ class UsersController(BaseController): def edit_advanced(self, id): c.user = self._get_user_or_raise_if_default(id) c.active = 'advanced' - c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr) + c.perm_user = AuthUser(user_id=id) + c.ip_addr = self.ip_addr umodel = UserModel() defaults = c.user.get_dict() @@ -331,7 +334,8 @@ class UsersController(BaseController): def edit_perms(self, id): c.user = self._get_user_or_raise_if_default(id) c.active = 'perms' - c.perm_user = AuthUser(user_id=id, ip_addr=self.ip_addr) + c.perm_user = AuthUser(user_id=id) + c.ip_addr = self.ip_addr umodel = UserModel() defaults = c.user.get_dict() diff --git a/kallithea/controllers/api/__init__.py b/kallithea/controllers/api/__init__.py --- a/kallithea/controllers/api/__init__.py +++ b/kallithea/controllers/api/__init__.py @@ -159,8 +159,8 @@ class JSONRPCController(WSGIController): message='Invalid API key') #check if we are allowed to use this IP - auth_u = AuthUser(u.user_id, self._req_api_key, ip_addr=ip_addr) - if not auth_u.ip_allowed: + auth_u = AuthUser(u.user_id, self._req_api_key) + if not auth_u.is_ip_allowed(ip_addr): return jsonrpc_error(retid=self._req_id, message='request from IP:%s not allowed' % (ip_addr,)) else: diff --git a/kallithea/controllers/login.py b/kallithea/controllers/login.py --- a/kallithea/controllers/login.py +++ b/kallithea/controllers/login.py @@ -109,7 +109,7 @@ class LoginController(BaseController): c.came_from = url('home') not_default = self.authuser.username != User.DEFAULT_USER - ip_allowed = self.authuser.ip_allowed + ip_allowed = self.authuser.is_ip_allowed(self.ip_addr) # redirect if already logged in if self.authuser.is_authenticated and not_default and ip_allowed: diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py --- a/kallithea/lib/auth.py +++ b/kallithea/lib/auth.py @@ -468,14 +468,13 @@ class AuthUser(object): anonymous access is enabled and if so, it returns default user as logged in """ - def __init__(self, user_id=None, api_key=None, username=None, ip_addr=None): + def __init__(self, user_id=None, api_key=None, username=None): self.user_id = user_id self._api_key = api_key self.api_key = None self.username = username - self.ip_addr = ip_addr self.name = '' self.lastname = '' self.email = '' @@ -596,17 +595,13 @@ class AuthUser(object): return [x[0] for x in self.permissions['user_groups'].iteritems() if x[1] == 'usergroup.admin'] - @property - def ip_allowed(self): + def is_ip_allowed(self, ip_addr): """ - Checks if ip_addr used in constructor is allowed from defined list of - allowed ip_addresses for user - - :returns: boolean, True if ip is in allowed ip range + Determine if `ip_addr` is on the list of allowed IP addresses + for this user. """ - # check IP inherit = self.inherit_default_permissions - return AuthUser.check_ip_allowed(self.user_id, self.ip_addr, + return AuthUser.check_ip_allowed(self.user_id, ip_addr, inherit_from_default=inherit) @classmethod @@ -622,8 +617,8 @@ class AuthUser(object): return False def __repr__(self): - return ""\ - % (self.user_id, self.username, self.ip_addr, self.is_authenticated) + return ""\ + % (self.user_id, self.username, self.is_authenticated) def set_authenticated(self, authenticated=True): if self.user_id != self.anonymous_user.user_id: @@ -729,14 +724,14 @@ class LoginRequired(object): return decorator(self.__wrapper, func) def __wrapper(self, func, *fargs, **fkwargs): - cls = fargs[0] - user = cls.authuser - loc = "%s:%s" % (cls.__class__.__name__, func.__name__) + controller = fargs[0] + user = controller.authuser + loc = "%s:%s" % (controller.__class__.__name__, func.__name__) log.debug('Checking access for user %s @ %s' % (user, loc)) # check if our IP is allowed - if not user.ip_allowed: - return redirect_to_login(_('IP %s not allowed' % (user.ip_addr))) + if not user.is_ip_allowed(controller.ip_addr): + return redirect_to_login(_('IP %s not allowed') % controller.ip_addr) # check if we used an API key and it's a valid one api_key = request.GET.get('api_key') diff --git a/kallithea/lib/base.py b/kallithea/lib/base.py --- a/kallithea/lib/base.py +++ b/kallithea/lib/base.py @@ -342,7 +342,7 @@ class BaseController(WSGIController): self.scm_model = ScmModel(self.sa) @staticmethod - def _determine_auth_user(ip_addr, api_key, session_authuser): + def _determine_auth_user(api_key, session_authuser): """ Create an `AuthUser` object given the IP address of the request, the API key (if any), and the authuser from the session. @@ -350,13 +350,13 @@ class BaseController(WSGIController): if api_key: # when using API_KEY we are sure user exists. - auth_user = AuthUser(api_key=api_key, ip_addr=ip_addr) + auth_user = AuthUser(api_key=api_key) authenticated = False else: cookie_store = CookieStoreWrapper(session_authuser) user_id = cookie_store.get('user_id') try: - auth_user = AuthUser(user_id=user_id, ip_addr=ip_addr) + auth_user = AuthUser(user_id=user_id) except UserCreationError as e: # container auth or other auth functions that create users on # the fly can throw UserCreationError to signal issues with @@ -364,7 +364,7 @@ class BaseController(WSGIController): # exception object. from kallithea.lib import helpers as h h.flash(e, 'error') - auth_user = AuthUser(ip_addr=ip_addr) + auth_user = AuthUser() authenticated = cookie_store.get('is_authenticated') @@ -386,7 +386,6 @@ class BaseController(WSGIController): #set globals for auth user self.authuser = c.authuser = request.user = self._determine_auth_user( - self.ip_addr, request.GET.get('api_key'), session.get('authuser'), ) diff --git a/kallithea/templates/admin/my_account/my_account_profile.html b/kallithea/templates/admin/my_account/my_account_profile.html --- a/kallithea/templates/admin/my_account/my_account_profile.html +++ b/kallithea/templates/admin/my_account/my_account_profile.html @@ -13,7 +13,7 @@ %else: ${_('Avatars are disabled')}
${c.user.email or _('Missing email, please update your user email address.')} - [${_('Current IP')}: ${c.perm_user.ip_addr or "?"}] + [${_('Current IP')}: ${c.ip_addr}] %endif

diff --git a/kallithea/templates/admin/users/user_edit_profile.html b/kallithea/templates/admin/users/user_edit_profile.html --- a/kallithea/templates/admin/users/user_edit_profile.html +++ b/kallithea/templates/admin/users/user_edit_profile.html @@ -12,7 +12,7 @@
${c.user.email or _('Missing email, please update this user email address.')} ##show current ip just if we show ourself %if c.authuser.username == c.user.username: - [${_('Current IP')}: ${c.perm_user.ip_addr or "?"}] + [${_('Current IP')}: ${c.ip_addr}] %endif %endif