From d773303d187acaa921bdd670f7be73174c8a248a Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Mon, 19 Oct 2020 23:44:47 +0200 Subject: [PATCH] Add possibility to authenticate an account with its IP address --- note_kfet/middlewares.py | 39 ++++++++++++++++++++++++++++++++-- note_kfet/settings/__init__.py | 3 --- note_kfet/settings/base.py | 2 ++ 3 files changed, 39 insertions(+), 5 deletions(-) diff --git a/note_kfet/middlewares.py b/note_kfet/middlewares.py index 22f3e264..f545d839 100644 --- a/note_kfet/middlewares.py +++ b/note_kfet/middlewares.py @@ -2,12 +2,12 @@ # SPDX-License-Identifier: GPL-3.0-or-later from django.conf import settings +from django.contrib.auth import login from django.contrib.auth.models import AnonymousUser, User +from django.contrib.sessions.backends.db import SessionStore from threading import local -from django.contrib.sessions.backends.db import SessionStore - USER_ATTR_NAME = getattr(settings, 'LOCAL_USER_ATTR_NAME', '_current_user') SESSION_ATTR_NAME = getattr(settings, 'LOCAL_SESSION_ATTR_NAME', '_current_session') IP_ATTR_NAME = getattr(settings, 'LOCAL_IP_ATTR_NAME', '_current_ip') @@ -78,6 +78,41 @@ class SessionMiddleware(object): return response +class LoginByIPMiddleware(object): + """ + Allow some users to be authenticated based on their IP address. + For example, the "note" account should not be used elsewhere than the Kfet computer, + and should not have any password. + The password that is stored in database should be on the form "ipbased$my.public.ip.address". + """ + + def __init__(self, get_response): + self.get_response = get_response + + def __call__(self, request): + """ + If the user is not authenticated, get the used IP address + and check if an user is authorized to be automatically logged with this address. + If it is the case, the logging is performed with the full rights. + """ + if not request.user.is_authenticated: + if 'HTTP_X_REAL_IP' in request.META: + ip = request.META.get('HTTP_X_REAL_IP') + elif 'HTTP_X_FORWARDED_FOR' in request.META: + ip = request.META.get('HTTP_X_FORWARDED_FOR').split(', ')[0] + else: + ip = request.META.get('REMOTE_ADDR') + + qs = User.objects.filter(password=f"ipbased${ip}") + if qs.exists(): + login(request, qs.get()) + session = request.session + session["permission_mask"] = 42 + session.save() + + return self.get_response(request) + + class TurbolinksMiddleware(object): """ Send the `Turbolinks-Location` header in response to a visit that was redirected, diff --git a/note_kfet/settings/__init__.py b/note_kfet/settings/__init__.py index 0c76b6f4..3d995367 100644 --- a/note_kfet/settings/__init__.py +++ b/note_kfet/settings/__init__.py @@ -49,9 +49,6 @@ try: except ImportError: pass -if "logs" in INSTALLED_APPS: - MIDDLEWARE += ('note_kfet.middlewares.SessionMiddleware',) - if DEBUG: PASSWORD_HASHERS += ['member.hashers.DebugSuperuserBackdoor'] if "debug_toolbar" in INSTALLED_APPS: diff --git a/note_kfet/settings/base.py b/note_kfet/settings/base.py index f94a68e0..1cbf6ed7 100644 --- a/note_kfet/settings/base.py +++ b/note_kfet/settings/base.py @@ -79,6 +79,8 @@ MIDDLEWARE = [ 'django.middleware.locale.LocaleMiddleware', 'django.contrib.sites.middleware.CurrentSiteMiddleware', 'django_htcpcp_tea.middleware.HTCPCPTeaMiddleware', + 'note_kfet.middlewares.SessionMiddleware', + 'note_kfet.middlewares.LoginByIPMiddleware', 'note_kfet.middlewares.TurbolinksMiddleware', ]