class IPNetworkUserRestriction(ModelBase):
id = PositiveAutoField(primary_key=True)
network = CIDRField(
blank=True,
null=True,
help_text=_(
'Enter a valid IPv6 or IPv6 CIDR network range, eg. 127.0.0.1/28'))
class Meta:
db_table = 'users_user_network_restriction'
@classmethod
def allow_request(self, request):
try:
remote_addr = ipaddress.ip_address(request.META.get('REMOTE_ADDR'))
except ValueError:
# If we don't have a valid ip address, let's deny
# TODO: Verify this is what we want…
return False
restrictions = IPNetworkUserRestriction.objects.all()
for restriction in restrictions:
if remote_addr in restriction.network:
return False
return True
@classmethod
def get_error_message(self, request):
return _('Multiple add-ons violating our policies have been'
' submitted from your location. The IP address has been'
' blocked.')
class IPNetworkUserRestriction(GetErrorMessageMixin, ModelBase):
id = PositiveAutoField(primary_key=True)
network = CIDRField(
blank=True,
null=True,
help_text=_(
'Enter a valid IPv6 or IPv6 CIDR network range, eg. 127.0.0.1/28'),
)
error_message = _('Multiple add-ons violating our policies have been'
' submitted from your location. The IP address has been'
' blocked.')
class Meta:
db_table = 'users_user_network_restriction'
def __str__(self):
return str(self.network)
@classmethod
def allow_request(cls, request):
"""
Return whether the specified request should be allowed to submit
add-ons.
"""
try:
remote_addr = ipaddress.ip_address(request.META.get('REMOTE_ADDR'))
user_last_login_ip = (ipaddress.ip_address(
request.user.last_login_ip) if request.user else None)
except ValueError:
# If we don't have a valid ip address, let's deny
return False
restrictions = IPNetworkUserRestriction.objects.all()
for restriction in restrictions:
if (remote_addr in restriction.network
or user_last_login_ip in restriction.network):
# The following log statement is used by foxsec-pipeline.
log.info(
'Restricting request from %s %s, %s %s (%s)',
'ip',
remote_addr,
'last_login_ip',
user_last_login_ip,
'network=%s' % restriction.network,
)
return False
return True
class TestCIDRField(TestCase):
def setUp(self):
super().setUp()
self.field = CIDRField().formfield()
def test_validates_ip6_cidr(self):
with self.assertRaises(exceptions.ValidationError):
# Host bit set
self.field.clean('::1/28')
self.field.clean('fe80::/28')
def test_validates_ip4_cidr(self):
with self.assertRaises(exceptions.ValidationError):
# Host bit set
self.field.clean('127.0.0.1/28')
self.field.clean('127.0.0.0/28')
class IPNetworkUserRestriction(ModelBase):
id = PositiveAutoField(primary_key=True)
network = CIDRField(
blank=True,
null=True,
help_text=_(
'Enter a valid IPv6 or IPv6 CIDR network range, eg. 127.0.0.1/28'))
error_message = _('Multiple add-ons violating our policies have been'
' submitted from your location. The IP address has been'
' blocked.')
class Meta:
db_table = 'users_user_network_restriction'
def __str__(self):
return str(self.network)
@classmethod
def allow_request(cls, request):
"""
Return whether the specified request should be allowed to submit
add-ons.
"""
try:
remote_addr = ipaddress.ip_address(request.META.get('REMOTE_ADDR'))
except ValueError:
# If we don't have a valid ip address, let's deny
return False
restrictions = IPNetworkUserRestriction.objects.all()
for restriction in restrictions:
if remote_addr in restriction.network:
return False
return True
def setUp(self):
super().setUp()
self.field = CIDRField().formfield()