diff --git a/base_requirements.txt b/base_requirements.txt index 4df5f3d0e..0b8365e0e 100644 --- a/base_requirements.txt +++ b/base_requirements.txt @@ -113,7 +113,3 @@ svgwrite # Tabular dataset library (for table-based exports) # https://github.com/jazzband/tablib tablib - -# It changes comma separated widget to list based in admin panel -# https://github.com/gradam/django-better-admin-arrayfield -django_better_admin_arrayfield diff --git a/netbox/netbox/api/authentication.py b/netbox/netbox/api/authentication.py index 5545488f0..65f198471 100644 --- a/netbox/netbox/api/authentication.py +++ b/netbox/netbox/api/authentication.py @@ -10,11 +10,24 @@ class TokenAuthentication(authentication.TokenAuthentication): A custom authentication scheme which enforces Token expiration times. """ model = Token - __request = False def authenticate(self, request): - self.request = request - return super().authenticate(request) + token_user, token = super().authenticate(request) + + # Verify source IP is allowed + if token.allowed_ips: + # Replace 'HTTP_X_REAL_IP' with the settings variable choosen in #8867 + if 'HTTP_X_REAL_IP' in request.META: + clientip = request.META['HTTP_X_REAL_IP'].split(",")[0].strip() + elif 'REMOTE_ADDR' in request.META: + clientip = request.META['REMOTE_ADDR'] + else: + raise exceptions.AuthenticationFailed(f"A HTTP header containing the SourceIP (HTTP_X_REAL_IP, REMOTE_ADDR) is missing from the request.") + + if not token.validate_client_ip(clientip): + raise exceptions.AuthenticationFailed(f"Source IP {clientip} is not allowed to use this token.") + + return token_user, token def authenticate_credentials(self, key): model = self.get_model() @@ -23,20 +36,6 @@ class TokenAuthentication(authentication.TokenAuthentication): except model.DoesNotExist: raise exceptions.AuthenticationFailed("Invalid token") - # Verify source IP is allowed - request = self.request - if token.allowed_ips and request: - # Replace 'HTTP_X_REAL_IP' with the settings variable choosen in #8867 - if 'HTTP_X_REAL_IP' in request.META: - clientip = request.META['HTTP_X_REAL_IP'].split(",")[0].strip() - elif 'REMOTE_ADDR' in request.META: - clientip = request.META['REMOTE_ADDR'] - else: - raise exceptions.AuthenticationFailed(f"The request HTTP headers (HTTP_X_REAL_IP, REMOTE_ADDR) are missing or do not contain a valid source IP.") - - if not token.validate_client_ip(clientip): - raise exceptions.AuthenticationFailed(f"Source IP {clientip} is not allowed to use this token.") - # Enforce the Token's expiration time, if one has been set. if token.is_expired: raise exceptions.AuthenticationFailed("Token expired") diff --git a/netbox/netbox/settings.py b/netbox/netbox/settings.py index 497738012..d16e00337 100644 --- a/netbox/netbox/settings.py +++ b/netbox/netbox/settings.py @@ -321,7 +321,6 @@ INSTALLED_APPS = [ 'wireless', 'django_rq', # Must come after extras to allow overriding management commands 'drf_yasg', - 'django_better_admin_arrayfield', ] # Middleware diff --git a/netbox/users/admin/__init__.py b/netbox/users/admin/__init__.py index b9e9ca898..ddd1f3d6c 100644 --- a/netbox/users/admin/__init__.py +++ b/netbox/users/admin/__init__.py @@ -1,7 +1,6 @@ from django.contrib import admin from django.contrib.auth.admin import UserAdmin as UserAdmin_ from django.contrib.auth.models import Group, User -from django_better_admin_arrayfield.admin.mixins import DynamicArrayMixin from users.models import ObjectPermission, Token from . import filters, forms, inlines @@ -56,7 +55,7 @@ class UserAdmin(UserAdmin_): # @admin.register(Token) -class TokenAdmin(admin.ModelAdmin, DynamicArrayMixin): +class TokenAdmin(admin.ModelAdmin): form = forms.TokenAdminForm list_display = [ 'key', 'user', 'created', 'expires', 'write_enabled', 'description', 'list_allowed_ips' diff --git a/netbox/users/migrations/0002_token_allowed_ips.py b/netbox/users/migrations/0002_token_allowed_ips.py index aa3fe2be3..e13755e44 100644 --- a/netbox/users/migrations/0002_token_allowed_ips.py +++ b/netbox/users/migrations/0002_token_allowed_ips.py @@ -1,7 +1,7 @@ -# Generated by Django 3.2.12 on 2022-03-15 13:08 +# Generated by Django 3.2.12 on 2022-03-18 08:25 +import django.contrib.postgres.fields from django.db import migrations -import django_better_admin_arrayfield.models.fields import ipam.fields @@ -15,6 +15,6 @@ class Migration(migrations.Migration): migrations.AddField( model_name='token', name='allowed_ips', - field=django_better_admin_arrayfield.models.fields.ArrayField(base_field=ipam.fields.IPNetworkField(), blank=True, null=True, size=None), + field=django.contrib.postgres.fields.ArrayField(base_field=ipam.fields.IPNetworkField(), blank=True, null=True, size=None), ), ] diff --git a/netbox/users/models.py b/netbox/users/models.py index 3486d0793..2b0165c25 100644 --- a/netbox/users/models.py +++ b/netbox/users/models.py @@ -10,7 +10,6 @@ from django.db import models from django.db.models.signals import post_save from django.dispatch import receiver from django.utils import timezone -from django_better_admin_arrayfield.models.fields import ArrayField as betterArrayField from netbox.models import BigIDModel from ipam.fields import IPNetworkField @@ -208,7 +207,7 @@ class Token(BigIDModel): max_length=200, blank=True ) - allowed_ips = betterArrayField( + allowed_ips = ArrayField( base_field=IPNetworkField(), blank=True, null=True,