lib: return default IP if none could be extracted

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-05-30 12:49:44 +02:00
parent cf57660772
commit 7e8044619c
5 changed files with 9 additions and 10 deletions

View File

@ -149,7 +149,7 @@ class Event(ExpiringModel):
request.session[SESSION_IMPERSONATE_USER] request.session[SESSION_IMPERSONATE_USER]
) )
# User 255.255.255.255 as fallback if IP cannot be determined # User 255.255.255.255 as fallback if IP cannot be determined
self.client_ip = get_client_ip(request) or "255.255.255.255" self.client_ip = get_client_ip(request)
# Apply GeoIP Data, when enabled # Apply GeoIP Data, when enabled
self.with_geoip() self.with_geoip()
# If there's no app set, we get it from the requests too # If there's no app set, we get it from the requests too

View File

@ -5,9 +5,10 @@ from django.http import HttpRequest
OUTPOST_REMOTE_IP_HEADER = "HTTP_X_AUTHENTIK_REMOTE_IP" OUTPOST_REMOTE_IP_HEADER = "HTTP_X_AUTHENTIK_REMOTE_IP"
USER_ATTRIBUTE_CAN_OVERRIDE_IP = "goauthentik.io/user/override-ips" USER_ATTRIBUTE_CAN_OVERRIDE_IP = "goauthentik.io/user/override-ips"
DEFAULT_IP = "255.255.255.255"
def _get_client_ip_from_meta(meta: dict[str, Any]) -> Optional[str]: def _get_client_ip_from_meta(meta: dict[str, Any]) -> str:
"""Attempt to get the client's IP by checking common HTTP Headers. """Attempt to get the client's IP by checking common HTTP Headers.
Returns none if no IP Could be found""" Returns none if no IP Could be found"""
headers = ( headers = (
@ -19,7 +20,7 @@ def _get_client_ip_from_meta(meta: dict[str, Any]) -> Optional[str]:
if _header in meta: if _header in meta:
ips: list[str] = meta.get(_header).split(",") ips: list[str] = meta.get(_header).split(",")
return ips[0].strip() return ips[0].strip()
return None return DEFAULT_IP
def _get_outpost_override_ip(request: HttpRequest) -> Optional[str]: def _get_outpost_override_ip(request: HttpRequest) -> Optional[str]:
@ -37,7 +38,7 @@ def _get_outpost_override_ip(request: HttpRequest) -> Optional[str]:
return request.META[OUTPOST_REMOTE_IP_HEADER] return request.META[OUTPOST_REMOTE_IP_HEADER]
def get_client_ip(request: Optional[HttpRequest]) -> Optional[str]: def get_client_ip(request: Optional[HttpRequest]) -> str:
"""Attempt to get the client's IP by checking common HTTP Headers. """Attempt to get the client's IP by checking common HTTP Headers.
Returns none if no IP Could be found""" Returns none if no IP Could be found"""
if request: if request:
@ -45,4 +46,4 @@ def get_client_ip(request: Optional[HttpRequest]) -> Optional[str]:
if override: if override:
return override return override
return _get_client_ip_from_meta(request.META) return _get_client_ip_from_meta(request.META)
return None return DEFAULT_IP

View File

@ -50,9 +50,7 @@ class PolicyEvaluator(BaseEvaluator):
"""Update context based on http request""" """Update context based on http request"""
# update website/docs/expressions/_objects.md # update website/docs/expressions/_objects.md
# update website/docs/expressions/_functions.md # update website/docs/expressions/_functions.md
self._context["ak_client_ip"] = ip_address( self._context["ak_client_ip"] = ip_address(get_client_ip(request))
get_client_ip(request) or "255.255.255.255"
)
self._context["http_request"] = request self._context["http_request"] = request
def handle_error(self, exc: Exception, expression_source: str): def handle_error(self, exc: Exception, expression_source: str):

View File

@ -30,7 +30,7 @@ class ReputationPolicy(Policy):
return "ak-policy-reputation-form" return "ak-policy-reputation-form"
def passes(self, request: PolicyRequest) -> PolicyResult: def passes(self, request: PolicyRequest) -> PolicyResult:
remote_ip = get_client_ip(request.http_request) or "255.255.255.255" remote_ip = get_client_ip(request.http_request)
passing = True passing = True
if self.check_ip: if self.check_ip:
score = cache.get_or_set(CACHE_KEY_IP_PREFIX + remote_ip, 0) score = cache.get_or_set(CACHE_KEY_IP_PREFIX + remote_ip, 0)

View File

@ -17,7 +17,7 @@ LOGGER = get_logger()
def update_score(request: HttpRequest, username: str, amount: int): def update_score(request: HttpRequest, username: str, amount: int):
"""Update score for IP and User""" """Update score for IP and User"""
remote_ip = get_client_ip(request) or "255.255.255.255" remote_ip = get_client_ip(request)
# We only update the cache here, as its faster than writing to the DB # We only update the cache here, as its faster than writing to the DB
cache.get_or_set(CACHE_KEY_IP_PREFIX + remote_ip, 0) cache.get_or_set(CACHE_KEY_IP_PREFIX + remote_ip, 0)