NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-02-05 14:56:24 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

Refactor source IP resolution logic

Browse Source
This commit is contained in:
jeremystretch
2022-06-22 17:01:07 -04:00
parent 7043c6faf9
commit a38a880e67
6 changed files with 59 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files
netbox/users/api/serializers.py
+4 -1
View File
@@ -67,7 +67,10 @@ class TokenSerializer(ValidatedModelSerializer):
class Meta:
model = Token
fields = ('id', 'url', 'display', 'user', 'created', 'expires', 'key', 'write_enabled', 'description', 'allowed_ips')
fields = (
'id', 'url', 'display', 'user', 'created', 'expires', 'key', 'write_enabled', 'description',
'allowed_ips',
)
def to_internal_value(self, data):
if 'key' not in data:
netbox/users/forms.py
+3 -2
View File
@@ -101,11 +101,12 @@ class TokenForm(BootstrapMixin, forms.ModelForm):
required=False,
help_text="If no key is provided, one will be generated automatically."
)
allowed_ips = SimpleArrayField(
base_field=IPNetworkFormField(),
required=False,
help_text='Allowed IPv4/IPv6 networks from where the token can be used. Leave blank for no restrictions. Ex: "10.1.1.0/24, 192.168.10.16/32, 2001:DB8:1::/64"',
label='Allowed IPs',
help_text='Allowed IPv4/IPv6 networks from where the token can be used. Leave blank for no restrictions. '
'Ex: "10.1.1.0/24, 192.168.10.16/32, 2001:DB8:1::/64"',
)
class Meta:
netbox/users/models.py
+6 -9
View File
@@ -223,7 +223,9 @@ class Token(models.Model):
base_field=IPNetworkField(),
blank=True,
null=True,
help_text='Allowed IPv4/IPv6 networks from where the token can be used. Leave blank for no restrictions. Ex: "10.1.1.0/24, 192.168.10.16/32, 2001:DB8:1::/64"',
verbose_name='Allowed IPs',
help_text='Allowed IPv4/IPv6 networks from where the token can be used. Leave blank for no restrictions. '
'Ex: "10.1.1.0/24, 192.168.10.16/32, 2001:DB8:1::/64"',
)
class Meta:
@@ -249,20 +251,15 @@ class Token(models.Model):
return False
return True
def validate_client_ip(self, raw_ip_address):
def validate_client_ip(self, client_ip):
"""
Checks that an IP address falls within the allowed IPs.
Validate the API client IP address against the source IP restrictions (if any) set on the token.
"""
if not self.allowed_ips:
return True
try:
ip_address = ipaddress.ip_address(raw_ip_address)
except ValueError as e:
raise ValidationError(str(e))
for ip_network in self.allowed_ips:
if ip_address in ipaddress.ip_network(ip_network):
if client_ip in ipaddress.ip_network(ip_network):
return True
return False