backoffice: allow limiting ADMIN_FOR_ALL to specific IP addresses (#7122)

help/fr/settings-permissions.page

@@ -45,12 +45,13 @@
 
   <p>
     Dans le répertoire de l'instance (<file>/var/lib/wcs/www.example.net/</file>
-    par exemple), créez un fichier <file>ADMIN_FOR_ALL</file>.
+    par exemple), un fichier <file>ADMIN_FOR_ALL</file> doit être créé,
+    contenant l'adresse IP qui sera utilisée pour la connexion.
   </p>
 
   <screen>
 <output style="prompt"># </output><input>cd /var/lib/wcs/www.example.net/</input>
-<output style="prompt"># </output><input>touch ADMIN_FOR_ALL</input>
+<output style="prompt"># </output><input>echo 77.109.103.99 &gt; ADMIN_FOR_ALL</input>
 </screen>
 
    <p>
@@ -61,6 +62,15 @@
      <file>ADMIN_FOR_ALL</file>.
    </p>
 
+   <note style="warning">
+    <p>
+      Pour des raisons de compatibilité, un fichier <file>ADMIN_FOR_ALL</file>
+      vide ouvre l'accès pour toutes les connexions; ce comportement
+      dangereux sera supprimé dans une version à venir, son utilisation est
+      fortement découragée.
+    </p>
+   </note>
+
 </section>
 
 </page>

tests/test_admin_pages.py

@@ -95,6 +95,19 @@ def test_admin_for_all():
         pub.cfg['admin-permissions'] = {'settings': [role.id]}
         pub.write_cfg()
         resp = get_app(pub).get('/backoffice/settings/', status=200)
+
+        # check it doesn't work with a non-empty ADMIN_FOR_ALL file
+        fd = open(os.path.join(pub.app_dir, 'ADMIN_FOR_ALL'), 'w')
+        fd.write('x.x.x.x')
+        fd.close()
+        resp = get_app(pub).get('/backoffice/settings/', status=302)
+
+        # check it works if the file contains the user IP address
+        fd = open(os.path.join(pub.app_dir, 'ADMIN_FOR_ALL'), 'w')
+        fd.write('127.0.0.1')
+        fd.close()
+        resp = get_app(pub).get('/backoffice/settings/', status=200)
+
     finally:
         del pub.cfg['admin-permissions']
         pub.write_cfg()

tests/utilities.py

@@ -137,7 +137,8 @@ def clean_temporary_pub():
         known_elements.sql_db_name = None
 
 def get_app(pub):
-    return TestApp(QWIP(pub), extra_environ={'HTTP_HOST': 'example.net'})
+    return TestApp(QWIP(pub), extra_environ={
+        'HTTP_HOST': 'example.net', 'REMOTE_ADDR': '127.0.0.1'})
 
 def login(app, username='admin', password='admin'):
     login_page = app.get('/login/')

wcs/backoffice/root.py

@@ -99,11 +99,25 @@ class RootDirectory(BackofficeRootDirectory):
         # to be marked as admin
         return get_request().user.can_go_in_admin()
 
+    def check_admin_for_all(self):
+        admin_for_all_file_path = os.path.join(get_publisher().app_dir, 'ADMIN_FOR_ALL')
+        if not os.path.exists(os.path.join(admin_for_all_file_path)):
+            return False
+        admin_for_all_contents = open(admin_for_all_file_path).read()
+        if not admin_for_all_contents:
+            # empty file, access is granted to everybody
+            return True
+        if get_request().get_environ('REMOTE_ADDR', '') in admin_for_all_contents.splitlines():
+            # if the file is not empty it should contain the list of authorized
+            # IP addresses.
+            return True
+        return False
+
     def _q_access(self):
         get_response().breadcrumb.append( ('backoffice/', _('Back Office')) )
         req = get_request()
 
-        if os.path.exists(os.path.join(get_publisher().app_dir, 'ADMIN_FOR_ALL')):
+        if self.check_admin_for_all():
             get_response().filter['admin_for_all'] = True
             return