Add possibility to authenticate an account with its IP address

2020-10-19 23:44:47 +02:00 · 2020-10-19 23:44:47 +02:00 · d773303d18
parent bf29efda0a
commit d773303d18
3 changed files with 39 additions and 5 deletions
--- a/note_kfet/middlewares.py
+++ b/note_kfet/middlewares.py
@ -2,12 +2,12 @@
 # SPDX-License-Identifier: GPL-3.0-or-later

 from django.conf import settings
+from django.contrib.auth import login
 from django.contrib.auth.models import AnonymousUser, User
+from django.contrib.sessions.backends.db import SessionStore

 from threading import local

-from django.contrib.sessions.backends.db import SessionStore
-
 USER_ATTR_NAME = getattr(settings, 'LOCAL_USER_ATTR_NAME', '_current_user')
 SESSION_ATTR_NAME = getattr(settings, 'LOCAL_SESSION_ATTR_NAME', '_current_session')
 IP_ATTR_NAME = getattr(settings, 'LOCAL_IP_ATTR_NAME', '_current_ip')
@ -78,6 +78,41 @@ class SessionMiddleware(object):
        return response


+class LoginByIPMiddleware(object):
+    """
+    Allow some users to be authenticated based on their IP address.
+    For example, the "note" account should not be used elsewhere than the Kfet computer,
+    and should not have any password.
+    The password that is stored in database should be on the form "ipbased$my.public.ip.address".
+    """
+
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        """
+        If the user is not authenticated, get the used IP address
+        and check if an user is authorized to be automatically logged with this address.
+        If it is the case, the logging is performed with the full rights.
+        """
+        if not request.user.is_authenticated:
+            if 'HTTP_X_REAL_IP' in request.META:
+                ip = request.META.get('HTTP_X_REAL_IP')
+            elif 'HTTP_X_FORWARDED_FOR' in request.META:
+                ip = request.META.get('HTTP_X_FORWARDED_FOR').split(', ')[0]
+            else:
+                ip = request.META.get('REMOTE_ADDR')
+
+            qs = User.objects.filter(password=f"ipbased${ip}")
+            if qs.exists():
+                login(request, qs.get())
+                session = request.session
+                session["permission_mask"] = 42
+                session.save()
+
+        return self.get_response(request)
+
+
 class TurbolinksMiddleware(object):
    """
    Send the `Turbolinks-Location` header in response to a visit that was redirected,
--- a/note_kfet/settings/init.py
+++ b/note_kfet/settings/init.py
@ -49,9 +49,6 @@ try:
 except ImportError:
    pass

-if "logs" in INSTALLED_APPS:
-    MIDDLEWARE += ('note_kfet.middlewares.SessionMiddleware',)
-
 if DEBUG:
    PASSWORD_HASHERS += ['member.hashers.DebugSuperuserBackdoor']
    if "debug_toolbar" in INSTALLED_APPS:
--- a/note_kfet/settings/base.py
+++ b/note_kfet/settings/base.py
@ -79,6 +79,8 @@ MIDDLEWARE = [
    'django.middleware.locale.LocaleMiddleware',
    'django.contrib.sites.middleware.CurrentSiteMiddleware',
    'django_htcpcp_tea.middleware.HTCPCPTeaMiddleware',
+    'note_kfet.middlewares.SessionMiddleware',
+    'note_kfet.middlewares.LoginByIPMiddleware',
    'note_kfet.middlewares.TurbolinksMiddleware',
 ]