diff --git a/netbox/netbox/api/authentication.py b/netbox/netbox/api/authentication.py index 324acb040..a40514617 100644 --- a/netbox/netbox/api/authentication.py +++ b/netbox/netbox/api/authentication.py @@ -13,7 +13,7 @@ class TokenAuthentication(authentication.TokenAuthentication): __request = False def authenticate(self, request): - self.request=request + self.request = request return super().authenticate(request) def authenticate_credentials(self, key): @@ -24,7 +24,7 @@ class TokenAuthentication(authentication.TokenAuthentication): raise exceptions.AuthenticationFailed("Invalid token") # Verify source IP is allowed - request=self.request + request = self.request if len(token.allowed_ipranges) > 0 and request: if settings.PROXY_HEADER_REALIP in request.META: @@ -37,7 +37,6 @@ class TokenAuthentication(authentication.TokenAuthentication): if not token.validateclientip(clientip): raise exceptions.AuthenticationFailed(f"Source IP {clientip} is not allowed to use this token.") - # Enforce the Token's expiration time, if one has been set. if token.is_expired: raise exceptions.AuthenticationFailed("Token expired") diff --git a/netbox/users/models.py b/netbox/users/models.py index b2d3454c1..47c6c491e 100644 --- a/netbox/users/models.py +++ b/netbox/users/models.py @@ -242,55 +242,56 @@ class Token(BigIDModel): """ Checks that the value is a comma separated list of IPv4 and/or IPv6 addresses, ranges or subnets. """ - if len(ip_addresses)==0: + if len(ip_addresses) == 0: return True for ip in ip_addresses.split(','): try: if '/' in ip: - iptest=ipaddress.ip_network(ip) + iptest = ipaddress.ip_network(ip) elif '-' in ip: - ips=ip.split('-') - ip1=ipaddress.ip_address(ips[0]) - ip2=ipaddress.ip_address(ips[1]) + ips = ip.split('-') + ip1 = ipaddress.ip_address(ips[0]) + ip2 = ipaddress.ip_address(ips[1]) if ip1>ip2: raise ValidationError() else: - iptest=ipaddress.ip_address(ip) - except: + iptest = ipaddress.ip_address(ip) + except ValueError: raise ValidationError(f"{ip} is an invalid value in the Allowed IP Ranges ({ip_addresses})") return True - def validateclientip(self,raw_ip_address): + def validateclientip(self, raw_ip_address): """ Checks that an ip address falls within the allowed ip ranges. """ - if len(self.allowed_ipranges)==0: + if len(self.allowed_ipranges) == 0: return True try: - ip_address=ipaddress.ip_address(raw_ip_address) - except: + ip_address = ipaddress.ip_address(raw_ip_address) + except ValueError: raise ValidationError(f"{raw_ip_address} is an invalid IP address") for ip in self.allowed_ipranges.split(','): if '/' in ip: - ipnet=ipaddress.ip_network(ip) + ipnet = ipaddress.ip_network(ip) if ip_address in ipnet: return True elif '-' in ip: - ips=ip.split('-') - ip1=ipaddress.ip_address(ips[0]) - ip2=ipaddress.ip_address(ips[1]) + ips = ip.split('-') + ip1 = ipaddress.ip_address(ips[0]) + ip2 = ipaddress.ip_address(ips[1]) if ip_address >= ip1 and ip_address <= ip2: return True else: - ipaddr=ipaddress.ip_address(ip) - if ip_address==ipaddr: + ipaddr = ipaddress.ip_address(ip) + if ip_address == ipaddr: return True return False + # # Permissions #