middleware: allow CIDR blocks in maintenance passthrough IPs (#73039)

2023-01-05 16:06:52 +01:00 · 2023-01-05 16:06:52 +01:00 · c880b0e082
parent c35bb334f9
commit c880b0e082
2 changed files with 13 additions and 0 deletions
--- a/tests/test_maintenance.py
+++ b/tests/test_maintenance.py
@ -39,6 +39,12 @@ def test_maintenance_page(settings):
    settings.MAINTENANCE_PASS_THROUGH_IPS = []
    resp = app.get('/', status=503)

+    settings.MAINTENANCE_PASS_THROUGH_IPS = ['127.0.0.1/4']
+    resp = app.get('/', status=200)
+
+    settings.MAINTENANCE_PASS_THROUGH_IPS = []
+    resp = app.get('/', status=503)
+
    with open(site_options_path, 'w') as fd:
        fd.write(
            '''\
--- a/wcs/middleware.py
+++ b/wcs/middleware.py
@ -14,6 +14,7 @@
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, see <http://www.gnu.org/licenses/>.

+import ipaddress
 import json
 import threading
 import time
@ -133,6 +134,12 @@ def pass_through(request, pub):
        pass_through_ips = getattr(settings, 'MAINTENANCE_PASS_THROUGH_IPS', [])
        if remote_addr in pass_through_ips:
            return True
+        for network in [x for x in pass_through_ips if '/' in x]:
+            try:
+                if ipaddress.ip_address(remote_addr) in ipaddress.ip_network(network, strict=False):
+                    return True
+            except ValueError:  # bad remote_addr or network syntax
+                pass
    pass_through_header = pub.get_site_option('maintenance_pass_through_header', 'variables')
    if pass_through_header and pass_through_header in request.headers:
        return True