allura-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kentontay...@apache.org
Subject allura git commit: [#8159] Loosen IP matching restrictions for antispam checks
Date Fri, 21 Jul 2017 15:05:58 GMT
Repository: allura
Updated Branches:
  refs/heads/kt/8159 [created] c506a379d


[#8159] Loosen IP matching restrictions for antispam checks


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/c506a379
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/c506a379
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/c506a379

Branch: refs/heads/kt/8159
Commit: c506a379d33eea6121f490ed307a0f15fbd18911
Parents: cc9b866
Author: Kenton Taylor <ktaylor@slashdotmedia.com>
Authored: Fri Jul 21 15:05:45 2017 +0000
Committer: Kenton Taylor <ktaylor@slashdotmedia.com>
Committed: Fri Jul 21 15:05:45 2017 +0000

----------------------------------------------------------------------
 Allura/allura/lib/utils.py                  | 5 ++++-
 Allura/allura/tests/functional/test_auth.py | 7 ++++++-
 Allura/allura/tests/test_utils.py           | 6 ++++++
 3 files changed, 16 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/c506a379/Allura/allura/lib/utils.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/utils.py b/Allura/allura/lib/utils.py
index 3fa269e..9efce27 100644
--- a/Allura/allura/lib/utils.py
+++ b/Allura/allura/lib/utils.py
@@ -343,8 +343,11 @@ class AntiSpam(object):
             self.client_ip = ip_address(self.request)
         except (TypeError, AttributeError):
             self.client_ip = '127.0.0.1'
+
+        octets = self.client_ip.split('.')
+        ip_chunk = '.'.join(octets[0:3])
         plain = '%d:%s:%s' % (
-            timestamp, self.client_ip, pylons.config.get('spinner_secret', 'abcdef'))
+            timestamp, ip_chunk, pylons.config.get('spinner_secret', 'abcdef'))
         return hashlib.sha1(plain).digest()
 
     @classmethod

http://git-wip-us.apache.org/repos/asf/allura/blob/c506a379/Allura/allura/tests/functional/test_auth.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/functional/test_auth.py b/Allura/allura/tests/functional/test_auth.py
index 64b4da5..14cc87f 100644
--- a/Allura/allura/tests/functional/test_auth.py
+++ b/Allura/allura/tests/functional/test_auth.py
@@ -29,7 +29,7 @@ from bson import ObjectId
 import re
 from ming.orm.ormsession import ThreadLocalORMSession, session
 from tg import config, expose
-from mock import patch
+from mock import patch, Mock
 import mock
 from nose.tools import (
     assert_equal,
@@ -96,6 +96,7 @@ class TestAuth(TestController):
             _session_id=self.app.cookies['_session_id']))
         assert 'Invalid login' in str(r), r.showbrowser()
 
+    @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
     def test_logout(self):
         self.app.extra_environ = {'disable_auth_magic': 'True'}
         nav_pattern = ('nav', {'class': 'nav-main'})
@@ -2244,6 +2245,7 @@ class TestTwoFactor(TestController):
         assert_equal(tasks[0].kwargs['subject'], 'Two-Factor Authentication Disabled')
         assert_in('disabled two-factor authentication', tasks[0].kwargs['text'])
 
+    @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
     def test_login_totp(self):
         self._init_totp()
 
@@ -2281,6 +2283,7 @@ class TestTwoFactor(TestController):
         assert_equal(r.session['username'], 'test-admin')
         assert r.location.endswith('/p/foo'), r
 
+    @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
     def test_login_rate_limit(self):
         self._init_totp()
 
@@ -2312,6 +2315,7 @@ class TestTwoFactor(TestController):
         assert_in('rate limit exceeded', r)
         assert not r.session.get('username')
 
+    @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
     def test_login_totp_disrupted(self):
         self._init_totp()
 
@@ -2341,6 +2345,7 @@ class TestTwoFactor(TestController):
         r = r.follow()
         assert_in('Password Login', r)
 
+    @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
     def test_login_recovery_code(self):
         self._init_totp()
 

http://git-wip-us.apache.org/repos/asf/allura/blob/c506a379/Allura/allura/tests/test_utils.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_utils.py b/Allura/allura/tests/test_utils.py
index 084aacd..c930f2c 100644
--- a/Allura/allura/tests/test_utils.py
+++ b/Allura/allura/tests/test_utils.py
@@ -104,6 +104,7 @@ class TestChunkedList(unittest.TestCase):
 
 class TestAntispam(unittest.TestCase):
 
+    @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
     def setUp(self):
         setup_unit_test()
         self.a = utils.AntiSpam()
@@ -114,6 +115,7 @@ class TestAntispam(unittest.TestCase):
         assert 'name="spinner"' in fields, fields
         assert ('class="%s"' % self.a.honey_class) in fields, fields
 
+    @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
     def test_invalid_old(self):
         form = dict(a='1', b='2')
         r = Request.blank('/', POST=self._encrypt_form(**form))
@@ -122,6 +124,7 @@ class TestAntispam(unittest.TestCase):
             utils.AntiSpam.validate_request,
             r, now=time.time() + 24 * 60 * 60 + 1)
 
+    @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
     def test_valid_submit(self):
         form = dict(a='1', b='2')
         r = Request.blank('/', POST=self._encrypt_form(**form),
@@ -129,6 +132,7 @@ class TestAntispam(unittest.TestCase):
         validated = utils.AntiSpam.validate_request(r)
         assert dict(a='1', b='2') == validated, validated
 
+    @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
     def test_invalid_future(self):
         form = dict(a='1', b='2')
         r = Request.blank('/', POST=self._encrypt_form(**form))
@@ -137,6 +141,7 @@ class TestAntispam(unittest.TestCase):
             utils.AntiSpam.validate_request,
             r, now=time.time() - 10)
 
+    @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
     def test_invalid_spinner(self):
         form = dict(a='1', b='2')
         eform = self._encrypt_form(**form)
@@ -144,6 +149,7 @@ class TestAntispam(unittest.TestCase):
         r = Request.blank('/', POST=eform)
         self.assertRaises(ValueError, utils.AntiSpam.validate_request, r)
 
+    @patch('allura.lib.utils.ip_address', Mock(return_value="1.2.3.4"))
     def test_invalid_honey(self):
         form = dict(a='1', b='2', honey0='a')
         eform = self._encrypt_form(**form)


Mime
View raw message