From 760e3b5c293bf079be4876b7219e63fb9e56485e Mon Sep 17 00:00:00 2001
From: Marcin Kuzminski <marcin@python-works.com>
Date: Fri, 4 Jan 2013 23:34:53 +0100
Subject: Full IP restrictions enabled - short cache query for IP for
 performance - remove redundant logic - some small css fixes for login form to
 better show IP restricted message

--HG--
branch : beta
extra : amend_source : bec698601fe590964ad80b3fb12c0e3385c2c6c4
---
 rhodecode/controllers/api/__init__.py | 10 ++++------
 rhodecode/controllers/login.py        |  7 +++----
 2 files changed, 7 insertions(+), 10 deletions(-)

(limited to 'rhodecode/controllers')

diff --git a/rhodecode/controllers/api/__init__.py b/rhodecode/controllers/api/__init__.py
index 6dcc79b2..b72cc2a4 100644
--- a/rhodecode/controllers/api/__init__.py
+++ b/rhodecode/controllers/api/__init__.py
@@ -43,7 +43,7 @@ from webob.exc import HTTPNotFound, HTTPForbidden, HTTPInternalServerError, \
 HTTPBadRequest, HTTPError
 
 from rhodecode.model.db import User
-from rhodecode.lib.auth import AuthUser, check_ip_access
+from rhodecode.lib.auth import AuthUser
 from rhodecode.lib.base import _get_ip_addr, _get_access_path
 from rhodecode.lib.utils2 import safe_unicode
 
@@ -148,17 +148,15 @@ class JSONRPCController(WSGIController):
             if u is None:
                 return jsonrpc_error(retid=self._req_id,
                                      message='Invalid API KEY')
+
             #check if we are allowed to use this IP
-            allowed_ips = AuthUser.get_allowed_ips(u.user_id)
-            if check_ip_access(source_ip=ip_addr, allowed_ips=allowed_ips) is False:
-                log.info('Access for IP:%s forbidden, '
-                         'not in %s' % (ip_addr, allowed_ips))
+            auth_u = AuthUser(u.user_id, self._req_api_key, ip_addr=ip_addr)
+            if not auth_u.ip_allowed:
                 return jsonrpc_error(retid=self._req_id,
                         message='request from IP:%s not allowed' % (ip_addr))
             else:
                 log.info('Access for IP:%s allowed' % (ip_addr))
 
-            auth_u = AuthUser(u.user_id, self._req_api_key, ip_addr=ip_addr)
         except Exception, e:
             return jsonrpc_error(retid=self._req_id,
                                  message='Invalid API KEY')
diff --git a/rhodecode/controllers/login.py b/rhodecode/controllers/login.py
index 1e75bb49..da9c07f8 100644
--- a/rhodecode/controllers/login.py
+++ b/rhodecode/controllers/login.py
@@ -54,10 +54,9 @@ class LoginController(BaseController):
     def index(self):
         # redirect if already logged in
         c.came_from = request.GET.get('came_from')
-
-        if self.rhodecode_user.is_authenticated \
-                            and self.rhodecode_user.username != 'default':
-
+        not_default = self.rhodecode_user.username != 'default'
+        ip_allowed = self.rhodecode_user.ip_allowed
+        if self.rhodecode_user.is_authenticated and not_default and ip_allowed:
             return redirect(url('home'))
 
         if request.POST:
-- 
cgit v1.2.3