NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-08-17 13:08:16 -06:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Raise 400 validation error on bad clientip

Browse Source
This commit is contained in:
Pieter Lambrecht 2022-03-21 11:47:31 +01:00
parent 3be0fc4c36
commit 84d163117c
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
netbox/netbox/api/authentication.py
View File

@ -1,4 +1,5 @@
from django.conf import settings from django.conf import settings
from django.core.exceptions import ValidationError
from rest_framework import authentication, exceptions from rest_framework import authentication, exceptions
from rest_framework.permissions import BasePermission, DjangoObjectPermissions, SAFE_METHODS from rest_framework.permissions import BasePermission, DjangoObjectPermissions, SAFE_METHODS
@ -21,13 +22,18 @@ class TokenAuthentication(authentication.TokenAuthentication):
# Replace 'HTTP_X_REAL_IP' with the settings variable choosen in #8867 # Replace 'HTTP_X_REAL_IP' with the settings variable choosen in #8867
if 'HTTP_X_REAL_IP' in request.META: if 'HTTP_X_REAL_IP' in request.META:
clientip = request.META['HTTP_X_REAL_IP'].split(",")[0].strip() clientip = request.META['HTTP_X_REAL_IP'].split(",")[0].strip()
http_header = 'HTTP_X_REAL_IP'
elif 'REMOTE_ADDR' in request.META: elif 'REMOTE_ADDR' in request.META:
clientip = request.META['REMOTE_ADDR'] clientip = request.META['REMOTE_ADDR']
http_header = 'REMOTE_ADDR'
else: else:
raise exceptions.AuthenticationFailed(f"A HTTP header containing the SourceIP (HTTP_X_REAL_IP, REMOTE_ADDR) is missing from the request.") raise exceptions.AuthenticationFailed(f"A HTTP header containing the SourceIP (HTTP_X_REAL_IP, REMOTE_ADDR) is missing from the request.")
if not token.validate_client_ip(clientip): try:
raise exceptions.AuthenticationFailed(f"Source IP {clientip} is not allowed to use this token.") if not token.validate_client_ip(clientip):
raise exceptions.AuthenticationFailed(f"Source IP {clientip} is not allowed to use this token.")
except ValidationError as ValidationErrorInfo:
raise exceptions.ValidationError(f"The value in the HTTP Header {http_header} has a ValidationError: {ValidationErrorInfo.message}")
return authenticationresult return authenticationresult

4
netbox/users/models.py
View File

@ -246,8 +246,8 @@ class Token(BigIDModel):
try: try:
ip_address = ipaddress.ip_address(raw_ip_address) ip_address = ipaddress.ip_address(raw_ip_address)
except ValueError: except ValueError as e:
raise ValidationError(f"{raw_ip_address} is an invalid IP address") raise ValidationError(str(e))
for ip_network in self.allowed_ips: for ip_network in self.allowed_ips:
if ip_address in ipaddress.ip_network(ip_network): if ip_address in ipaddress.ip_network(ip_network):