Refactor IP registrar restriction

#600
2025-07-25 12:08:27 +02:00 · 2017-10-04 01:03:32 +03:00 · 2017-10-04 01:03:32 +03:00 · 35afbf1f8c
commit 35afbf1f8c
parent 787cca8e4c
15 changed files with 304 additions and 54 deletions
--- a/app/controllers/registrar/base_controller.rb
+++ b/app/controllers/registrar/base_controller.rb
@ -1,40 +1,37 @@
 class Registrar
  class BaseController < ApplicationController
-    before_action :authenticate_user!, :check_ip
-
    include Registrar::ApplicationHelper

+    before_action :authenticate_user!
+    before_action :check_ip_restriction
    helper_method :depp_controller?
-
-    def depp_controller?
-      false
-    end
-
-    def check_ip
-      return unless current_user
-      unless current_user.is_a? ApiUser
-        sign_out(current_user)
-        return
-      end
-
-      registrar_ip_whitelisted = current_user.registrar.registrar_ip_white?(request.ip)
-
-      return if registrar_ip_whitelisted
-      flash[:alert] = t('ip_is_not_whitelisted')
-      sign_out(current_user)
-      redirect_to registrar_login_path and return
-    end
-
    helper_method :head_title_sufix

-    def head_title_sufix
-      t(:registrar_head_title_sufix)
-    end
-
    protected

    def current_ability
      @current_ability ||= Ability.new(current_user, request.remote_ip)
    end
+
+    private
+
+    def check_ip_restriction
+      ip_restriction = Authorization::RestrictedIP.new(request.ip)
+      allowed = ip_restriction.can_access_registrar_area?(current_user.registrar)
+
+      unless allowed
+        flash[:alert] = t('registrar.authorization.ip_not_allowed', ip: request.ip)
+        sign_out current_user
+        redirect_to registrar_login_url
+      end
+    end
+
+    def depp_controller?
+      false
+    end
+
+    def head_title_sufix
+      t(:registrar_head_title_sufix)
+    end
  end
 end
--- a/app/controllers/registrar/sessions_controller.rb
+++ b/app/controllers/registrar/sessions_controller.rb
@ -1,13 +1,8 @@
 class Registrar
  class SessionsController < Devise::SessionsController
+    before_action :check_ip_restriction
    helper_method :depp_controller?

-    def depp_controller?
-      false
-    end
-
-    before_action :check_ip
-
    def login
      @depp_user = Depp::User.new
    end
@ -157,16 +152,24 @@ class Registrar
    # rubocop: enable Metrics/CyclomaticComplexity
    # rubocop: enable Metrics/MethodLength

+    private
+
+    def depp_controller?
+      false
+    end
+
    def find_user_by_idc(idc)
      return User.new unless idc
      ApiUser.find_by(identity_code: idc) || User.new
    end

-    private
+    def check_ip_restriction
+      ip_restriction = Authorization::RestrictedIP.new(request.ip)
+      allowed = ip_restriction.can_access_registrar_area_sign_in_page?

-    def check_ip
-      return if WhiteIp.registrar_ip_white?(request.ip)
-      render :denied, :layout => false, status: :forbidden, :locals => { :ip => request.ip } and return
+      unless allowed
+        render text: t('registrar.authorization.ip_not_allowed', ip: request.ip), status: :forbidden
+      end
    end
  end
 end