Repository: allura
Updated Branches:
refs/heads/kt/8159 [created] c506a379d
[#8159] Loosen IP matching restrictions for antispam checks
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/c506a379
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/c506a379
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/c506a379
Branch: refs/heads/kt/8159
Commit: c506a379d33eea6121f490ed307a0f15fbd18911
Parents: cc9b866
Author: Kenton Taylor <ktaylor@slashdotmedia.com>
Authored: Fri Jul 21 15:05:45 2017 +0000
Committer: Kenton Taylor <ktaylor@slashdotmedia.com>
Committed: Fri Jul 21 15:05:45 2017 +0000
----------------------------------------------------------------------
Allura/allura/lib/utils.py | 5 ++++-
Allura/allura/tests/functional/test_auth.py | 7 ++++++-
Allura/allura/tests/test_utils.py | 6 ++++++
3 files changed, 16 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/c506a379/Allura/allura/lib/utils.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/utils.py b/Allura/allura/lib/utils.py
index 3fa269e..9efce27 100644
--- a/Allura/allura/lib/utils.py
+++ b/Allura/allura/lib/utils.py
@@ -343,8 +343,11 @@ class AntiSpam(object):
self.client_ip = ip_address(self.request)
except (TypeError, AttributeError):
self.client_ip = '127.0.0.1'
+
+ octets = self.client_ip.split('.')
+ ip_chunk = '.'.join(octets[0:3])
plain = '%d:%s:%s' % (
- timestamp, self.client_ip, pylons.config.get('spinner_secret', 'abcdef'))
+ timestamp, ip_chunk, pylons.config.get('spinner_secret', 'abcdef'))
return hashlib.sha1(plain).digest()
@classmethod
http://git-wip-us.apache.org/repos/asf/allura/blob/c506a379/Allura/allura/tests/functional/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index 64b4da5..14cc87f 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -29,7 +29,7 @@ from bson import ObjectId
import re
from ming.orm.ormsession import ThreadLocalORMSession, session
from tg import config, expose
-from mock import patch
+from mock import patch, Mock
import mock
from nose.tools import (
assert_equal,
@@ -96,6 +96,7 @@ class TestAuth(TestController):
_session_id=self.app.cookies['_session_id']))
assert 'Invalid login' in str(r), r.showbrowser()
+ @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
def test_logout(self):
self.app.extra_environ = {'disable_auth_magic': 'True'}
nav_pattern = ('nav', {'class': 'nav-main'})
@@ -2244,6 +2245,7 @@ class TestTwoFactor(TestController):
assert_equal(tasks[0].kwargs['subject'], 'Two-Factor Authentication Disabled')
assert_in('disabled two-factor authentication', tasks[0].kwargs['text'])
+ @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
def test_login_totp(self):
self._init_totp()
@@ -2281,6 +2283,7 @@ class TestTwoFactor(TestController):
assert_equal(r.session['username'], 'test-admin')
assert r.location.endswith('/p/foo'), r
+ @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
def test_login_rate_limit(self):
self._init_totp()
@@ -2312,6 +2315,7 @@ class TestTwoFactor(TestController):
assert_in('rate limit exceeded', r)
assert not r.session.get('username')
+ @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
def test_login_totp_disrupted(self):
self._init_totp()
@@ -2341,6 +2345,7 @@ class TestTwoFactor(TestController):
r = r.follow()
assert_in('Password Login', r)
+ @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
def test_login_recovery_code(self):
self._init_totp()
http://git-wip-us.apache.org/repos/asf/allura/blob/c506a379/Allura/allura/tests/test_utils.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_utils.py b/Allura/allura/tests/test_utils.py
index 084aacd..c930f2c 100644
--- a/Allura/allura/tests/test_utils.py
+++ b/Allura/allura/tests/test_utils.py
@@ -104,6 +104,7 @@ class TestChunkedList(unittest.TestCase):
class TestAntispam(unittest.TestCase):
+ @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
def setUp(self):
setup_unit_test()
self.a = utils.AntiSpam()
@@ -114,6 +115,7 @@ class TestAntispam(unittest.TestCase):
assert 'name="spinner"' in fields, fields
assert ('class="%s"' % self.a.honey_class) in fields, fields
+ @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
def test_invalid_old(self):
form = dict(a='1', b='2')
r = Request.blank('/', POST=self._encrypt_form(**form))
@@ -122,6 +124,7 @@ class TestAntispam(unittest.TestCase):
utils.AntiSpam.validate_request,
r, now=time.time() + 24 * 60 * 60 + 1)
+ @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
def test_valid_submit(self):
form = dict(a='1', b='2')
r = Request.blank('/', POST=self._encrypt_form(**form),
@@ -129,6 +132,7 @@ class TestAntispam(unittest.TestCase):
validated = utils.AntiSpam.validate_request(r)
assert dict(a='1', b='2') == validated, validated
+ @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
def test_invalid_future(self):
form = dict(a='1', b='2')
r = Request.blank('/', POST=self._encrypt_form(**form))
@@ -137,6 +141,7 @@ class TestAntispam(unittest.TestCase):
utils.AntiSpam.validate_request,
r, now=time.time() - 10)
+ @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
def test_invalid_spinner(self):
form = dict(a='1', b='2')
eform = self._encrypt_form(**form)
@@ -144,6 +149,7 @@ class TestAntispam(unittest.TestCase):
r = Request.blank('/', POST=eform)
self.assertRaises(ValueError, utils.AntiSpam.validate_request, r)
+ @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
def test_invalid_honey(self):
form = dict(a='1', b='2', honey0='a')
eform = self._encrypt_form(**form)
|