diff options
Diffstat (limited to 'rhodecode/controllers')
-rw-r--r-- | rhodecode/controllers/api/__init__.py | 10 | ||||
-rw-r--r-- | rhodecode/controllers/login.py | 7 |
2 files changed, 7 insertions, 10 deletions
diff --git a/rhodecode/controllers/api/__init__.py b/rhodecode/controllers/api/__init__.py index 6dcc79b2..b72cc2a4 100644 --- a/rhodecode/controllers/api/__init__.py +++ b/rhodecode/controllers/api/__init__.py @@ -43,7 +43,7 @@ from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \ HTTPBadRequest, HTTPError from rhodecode.model.db import User -from rhodecode.lib.auth import AuthUser, check_ip_access +from rhodecode.lib.auth import AuthUser from rhodecode.lib.base import _get_ip_addr, _get_access_path from rhodecode.lib.utils2 import safe_unicode @@ -148,17 +148,15 @@ class JSONRPCController(WSGIController): if u is None: return jsonrpc_error(retid=self._req_id, message='Invalid API KEY') + #check if we are allowed to use this IP - allowed_ips = AuthUser.get_allowed_ips(u.user_id) - if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips) is False: - log.info('Access for IP:%s forbidden, ' - 'not in %s' % (ip_addr, allowed_ips)) + auth_u = AuthUser(u.user_id, self._req_api_key, ip_addr=ip_addr) + if not auth_u.ip_allowed: return jsonrpc_error(retid=self._req_id, message='request from IP:%s not allowed' % (ip_addr)) else: log.info('Access for IP:%s allowed' % (ip_addr)) - auth_u = AuthUser(u.user_id, self._req_api_key, ip_addr=ip_addr) except Exception, e: return jsonrpc_error(retid=self._req_id, message='Invalid API KEY') diff --git a/rhodecode/controllers/login.py b/rhodecode/controllers/login.py index 1e75bb49..da9c07f8 100644 --- a/rhodecode/controllers/login.py +++ b/rhodecode/controllers/login.py @@ -54,10 +54,9 @@ class LoginController(BaseController): def index(self): # redirect if already logged in c.came_from = request.GET.get('came_from') - - if self.rhodecode_user.is_authenticated \ - and self.rhodecode_user.username != 'default': - + not_default = self.rhodecode_user.username != 'default' + ip_allowed = self.rhodecode_user.ip_allowed + if self.rhodecode_user.is_authenticated and not_default and ip_allowed: return redirect(url('home')) if request.POST: |