Remove betteradminfield

Move IP verification to authenticate()
2025-08-17 13:08:16 -06:00 · 2022-03-18 09:42:33 +01:00 · 2022-03-18 09:42:33 +01:00 · d3774801c4
commit d3774801c4
parent a4cd082c39
6 changed files with 21 additions and 29 deletions
--- a/base_requirements.txt
+++ b/base_requirements.txt
@ -113,7 +113,3 @@ svgwrite
 # Tabular dataset library (for table-based exports)
 # https://github.com/jazzband/tablib
 tablib
-
-# It changes comma separated widget to list based in admin panel
-# https://github.com/gradam/django-better-admin-arrayfield
-django_better_admin_arrayfield
--- a/netbox/netbox/api/authentication.py
+++ b/netbox/netbox/api/authentication.py
@ -10,11 +10,24 @@ class TokenAuthentication(authentication.TokenAuthentication):
    A custom authentication scheme which enforces Token expiration times.
    """
    model = Token
-    __request = False

    def authenticate(self, request):
-        self.request = request
-        return super().authenticate(request)
+        token_user, token = super().authenticate(request)
+
+        # Verify source IP is allowed
+        if token.allowed_ips:
+            # Replace 'HTTP_X_REAL_IP' with the settings variable choosen in #8867
+            if 'HTTP_X_REAL_IP' in request.META:
+                clientip = request.META['HTTP_X_REAL_IP'].split(",")[0].strip()
+            elif 'REMOTE_ADDR' in request.META:
+                clientip = request.META['REMOTE_ADDR']
+            else:
+                raise exceptions.AuthenticationFailed(f"A HTTP header containing the SourceIP (HTTP_X_REAL_IP, REMOTE_ADDR) is missing from the request.")
+
+            if not token.validate_client_ip(clientip):
+                raise exceptions.AuthenticationFailed(f"Source IP {clientip} is not allowed to use this token.")
+
+        return token_user, token

    def authenticate_credentials(self, key):
        model = self.get_model()
@ -23,20 +36,6 @@ class TokenAuthentication(authentication.TokenAuthentication):
        except model.DoesNotExist:
            raise exceptions.AuthenticationFailed("Invalid token")

-        # Verify source IP is allowed
-        request = self.request
-        if token.allowed_ips and request:
-            # Replace 'HTTP_X_REAL_IP' with the settings variable choosen in #8867
-            if 'HTTP_X_REAL_IP' in request.META:
-                clientip = request.META['HTTP_X_REAL_IP'].split(",")[0].strip()
-            elif 'REMOTE_ADDR' in request.META:
-                clientip = request.META['REMOTE_ADDR']
-            else:
-                raise exceptions.AuthenticationFailed(f"The request HTTP headers (HTTP_X_REAL_IP, REMOTE_ADDR) are missing or do not contain a valid source IP.")
-
-            if not token.validate_client_ip(clientip):
-                raise exceptions.AuthenticationFailed(f"Source IP {clientip} is not allowed to use this token.")
-
        # Enforce the Token's expiration time, if one has been set.
        if token.is_expired:
            raise exceptions.AuthenticationFailed("Token expired")
--- a/netbox/netbox/settings.py
+++ b/netbox/netbox/settings.py
@ -321,7 +321,6 @@ INSTALLED_APPS = [
    'wireless',
    'django_rq',  # Must come after extras to allow overriding management commands
    'drf_yasg',
-    'django_better_admin_arrayfield',
 ]

 # Middleware
--- a/netbox/users/admin/init.py
+++ b/netbox/users/admin/init.py
@ -1,7 +1,6 @@
 from django.contrib import admin
 from django.contrib.auth.admin import UserAdmin as UserAdmin_
 from django.contrib.auth.models import Group, User
-from django_better_admin_arrayfield.admin.mixins import DynamicArrayMixin

 from users.models import ObjectPermission, Token
 from . import filters, forms, inlines
@ -56,7 +55,7 @@ class UserAdmin(UserAdmin_):
 #

@admin.register(Token)
-class TokenAdmin(admin.ModelAdmin, DynamicArrayMixin):
+class TokenAdmin(admin.ModelAdmin):
    form = forms.TokenAdminForm
    list_display = [
        'key', 'user', 'created', 'expires', 'write_enabled', 'description', 'list_allowed_ips'
--- a/netbox/users/migrations/0002_token_allowed_ips.py
+++ b/netbox/users/migrations/0002_token_allowed_ips.py
@ -1,7 +1,7 @@
-# Generated by Django 3.2.12 on 2022-03-15 13:08
+# Generated by Django 3.2.12 on 2022-03-18 08:25

+import django.contrib.postgres.fields
 from django.db import migrations
-import django_better_admin_arrayfield.models.fields
 import ipam.fields


@ -15,6 +15,6 @@ class Migration(migrations.Migration):
        migrations.AddField(
            model_name='token',
            name='allowed_ips',
-            field=django_better_admin_arrayfield.models.fields.ArrayField(base_field=ipam.fields.IPNetworkField(), blank=True, null=True, size=None),
+            field=django.contrib.postgres.fields.ArrayField(base_field=ipam.fields.IPNetworkField(), blank=True, null=True, size=None),
        ),
    ]
--- a/netbox/users/models.py
+++ b/netbox/users/models.py
@ -10,7 +10,6 @@ from django.db import models
 from django.db.models.signals import post_save
 from django.dispatch import receiver
 from django.utils import timezone
-from django_better_admin_arrayfield.models.fields import ArrayField as betterArrayField

 from netbox.models import BigIDModel
 from ipam.fields import IPNetworkField
@ -208,7 +207,7 @@ class Token(BigIDModel):
        max_length=200,
        blank=True
    )
-    allowed_ips = betterArrayField(
+    allowed_ips = ArrayField(
        base_field=IPNetworkField(),
        blank=True,
        null=True,