diff options
Diffstat (limited to 'rhodecode/controllers/api/__init__.py')
-rw-r--r-- | rhodecode/controllers/api/__init__.py | 10 |
1 files changed, 4 insertions, 6 deletions
diff --git a/rhodecode/controllers/api/__init__.py b/rhodecode/controllers/api/__init__.py index 6dcc79b2..b72cc2a4 100644 --- a/rhodecode/controllers/api/__init__.py +++ b/rhodecode/controllers/api/__init__.py @@ -43,7 +43,7 @@ from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \ HTTPBadRequest, HTTPError from rhodecode.model.db import User -from rhodecode.lib.auth import AuthUser, check_ip_access +from rhodecode.lib.auth import AuthUser from rhodecode.lib.base import _get_ip_addr, _get_access_path from rhodecode.lib.utils2 import safe_unicode @@ -148,17 +148,15 @@ class JSONRPCController(WSGIController): if u is None: return jsonrpc_error(retid=self._req_id, message='Invalid API KEY') + #check if we are allowed to use this IP - allowed_ips = AuthUser.get_allowed_ips(u.user_id) - if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips) is False: - log.info('Access for IP:%s forbidden, ' - 'not in %s' % (ip_addr, allowed_ips)) + auth_u = AuthUser(u.user_id, self._req_api_key, ip_addr=ip_addr) + if not auth_u.ip_allowed: return jsonrpc_error(retid=self._req_id, message='request from IP:%s not allowed' % (ip_addr)) else: log.info('Access for IP:%s allowed' % (ip_addr)) - auth_u = AuthUser(u.user_id, self._req_api_key, ip_addr=ip_addr) except Exception, e: return jsonrpc_error(retid=self._req_id, message='Invalid API KEY') |