Refactor IP registrar restriction

#600
This commit is contained in:
Artur Beljajev 2017-10-04 01:03:32 +03:00
parent 787cca8e4c
commit 35afbf1f8c
15 changed files with 304 additions and 54 deletions

View file

@ -1,40 +1,37 @@
class Registrar
class BaseController < ApplicationController
before_action :authenticate_user!, :check_ip
include Registrar::ApplicationHelper
before_action :authenticate_user!
before_action :check_ip_restriction
helper_method :depp_controller?
def depp_controller?
false
end
def check_ip
return unless current_user
unless current_user.is_a? ApiUser
sign_out(current_user)
return
end
registrar_ip_whitelisted = current_user.registrar.registrar_ip_white?(request.ip)
return if registrar_ip_whitelisted
flash[:alert] = t('ip_is_not_whitelisted')
sign_out(current_user)
redirect_to registrar_login_path and return
end
helper_method :head_title_sufix
def head_title_sufix
t(:registrar_head_title_sufix)
end
protected
def current_ability
@current_ability ||= Ability.new(current_user, request.remote_ip)
end
private
def check_ip_restriction
ip_restriction = Authorization::RestrictedIP.new(request.ip)
allowed = ip_restriction.can_access_registrar_area?(current_user.registrar)
unless allowed
flash[:alert] = t('registrar.authorization.ip_not_allowed', ip: request.ip)
sign_out current_user
redirect_to registrar_login_url
end
end
def depp_controller?
false
end
def head_title_sufix
t(:registrar_head_title_sufix)
end
end
end

View file

@ -1,13 +1,8 @@
class Registrar
class SessionsController < Devise::SessionsController
before_action :check_ip_restriction
helper_method :depp_controller?
def depp_controller?
false
end
before_action :check_ip
def login
@depp_user = Depp::User.new
end
@ -157,16 +152,24 @@ class Registrar
# rubocop: enable Metrics/CyclomaticComplexity
# rubocop: enable Metrics/MethodLength
private
def depp_controller?
false
end
def find_user_by_idc(idc)
return User.new unless idc
ApiUser.find_by(identity_code: idc) || User.new
end
private
def check_ip_restriction
ip_restriction = Authorization::RestrictedIP.new(request.ip)
allowed = ip_restriction.can_access_registrar_area_sign_in_page?
def check_ip
return if WhiteIp.registrar_ip_white?(request.ip)
render :denied, :layout => false, status: :forbidden, :locals => { :ip => request.ip } and return
unless allowed
render text: t('registrar.authorization.ip_not_allowed', ip: request.ip), status: :forbidden
end
end
end
end