class IPNetworkUserRestriction(ModelBase): id = PositiveAutoField(primary_key=True) network = CIDRField( blank=True, null=True, help_text=_( 'Enter a valid IPv6 or IPv6 CIDR network range, eg. 127.0.0.1/28')) class Meta: db_table = 'users_user_network_restriction' @classmethod def allow_request(self, request): try: remote_addr = ipaddress.ip_address(request.META.get('REMOTE_ADDR')) except ValueError: # If we don't have a valid ip address, let's deny # TODO: Verify this is what we want… return False restrictions = IPNetworkUserRestriction.objects.all() for restriction in restrictions: if remote_addr in restriction.network: return False return True @classmethod def get_error_message(self, request): return _('Multiple add-ons violating our policies have been' ' submitted from your location. The IP address has been' ' blocked.')
class IPNetworkUserRestriction(GetErrorMessageMixin, ModelBase): id = PositiveAutoField(primary_key=True) network = CIDRField( blank=True, null=True, help_text=_( 'Enter a valid IPv6 or IPv6 CIDR network range, eg. 127.0.0.1/28'), ) error_message = _('Multiple add-ons violating our policies have been' ' submitted from your location. The IP address has been' ' blocked.') class Meta: db_table = 'users_user_network_restriction' def __str__(self): return str(self.network) @classmethod def allow_request(cls, request): """ Return whether the specified request should be allowed to submit add-ons. """ try: remote_addr = ipaddress.ip_address(request.META.get('REMOTE_ADDR')) user_last_login_ip = (ipaddress.ip_address( request.user.last_login_ip) if request.user else None) except ValueError: # If we don't have a valid ip address, let's deny return False restrictions = IPNetworkUserRestriction.objects.all() for restriction in restrictions: if (remote_addr in restriction.network or user_last_login_ip in restriction.network): # The following log statement is used by foxsec-pipeline. log.info( 'Restricting request from %s %s, %s %s (%s)', 'ip', remote_addr, 'last_login_ip', user_last_login_ip, 'network=%s' % restriction.network, ) return False return True
class TestCIDRField(TestCase): def setUp(self): super().setUp() self.field = CIDRField().formfield() def test_validates_ip6_cidr(self): with self.assertRaises(exceptions.ValidationError): # Host bit set self.field.clean('::1/28') self.field.clean('fe80::/28') def test_validates_ip4_cidr(self): with self.assertRaises(exceptions.ValidationError): # Host bit set self.field.clean('127.0.0.1/28') self.field.clean('127.0.0.0/28')
class IPNetworkUserRestriction(ModelBase): id = PositiveAutoField(primary_key=True) network = CIDRField( blank=True, null=True, help_text=_( 'Enter a valid IPv6 or IPv6 CIDR network range, eg. 127.0.0.1/28')) error_message = _('Multiple add-ons violating our policies have been' ' submitted from your location. The IP address has been' ' blocked.') class Meta: db_table = 'users_user_network_restriction' def __str__(self): return str(self.network) @classmethod def allow_request(cls, request): """ Return whether the specified request should be allowed to submit add-ons. """ try: remote_addr = ipaddress.ip_address(request.META.get('REMOTE_ADDR')) except ValueError: # If we don't have a valid ip address, let's deny return False restrictions = IPNetworkUserRestriction.objects.all() for restriction in restrictions: if remote_addr in restriction.network: return False return True
def setUp(self): super().setUp() self.field = CIDRField().formfield()