remove WebGUI::Utility::isInSubnet
This commit is contained in:
Graham Knop
parent
a3e08c3b8e
commit
ca7321f068
8 changed files with 15 additions and 68 deletions
|
|
@ -23,6 +23,7 @@ require WebGUI::Asset;
|
|||
use WebGUI::International;
|
||||
use WebGUI::DatabaseLink;
|
||||
use Scalar::Util qw( weaken );
|
||||
use Net::CIDR::Lite;
|
||||
|
||||
=head1 NAME
|
||||
|
||||
|
|
@ -773,7 +774,7 @@ sub getIpUsers {
|
|||
my @ipUsers = ();
|
||||
while (my ($userId, $lastIP) = $sth->array() ) {
|
||||
if (!exists $localCache{$lastIP}) {
|
||||
$localCache{$lastIP} = isInSubnet($lastIP, \@filters);
|
||||
$localCache{$lastIP} = Net::CIDR::Lite->new(@filters)->find($lastIP);
|
||||
}
|
||||
push @ipUsers, $userId if $localCache{$lastIP};
|
||||
}
|
||||
|
|
@ -1082,7 +1083,7 @@ sub hasIpUser {
|
|||
);
|
||||
|
||||
foreach my $ip (@ips) {
|
||||
return 1 if (isInSubnet($ip,\@filters));
|
||||
return 1 if Net::CIDR::Lite->new(@filters)->find($ip);
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
|
|
|||
|
|
@ -18,6 +18,7 @@ use WebGUI::International;
|
|||
use WebGUI::Workflow::Cron;
|
||||
use WebGUI::Workflow::Instance;
|
||||
use WebGUI::Utility;
|
||||
use Net::CIDR::Lite;
|
||||
|
||||
=head1 NAME
|
||||
|
||||
|
|
@ -271,7 +272,7 @@ sub www_runCronJob {
|
|||
my $session = shift;
|
||||
$session->http->setMimeType("text/plain");
|
||||
$session->http->setCacheControl("none");
|
||||
unless (isInSubnet($session->request->address, $session->config->get("spectreSubnets")) || canView($session)) {
|
||||
unless (Net::CIDR::Lite->new(@{ $session->config->get('spectreSubnets') })->find($session->request->address) || canView($session)) {
|
||||
$session->errorHandler->security("make a Spectre cron job runner request, but we're only allowed to accept requests from ".join(",",@{$session->config->get("spectreSubnets")}).".");
|
||||
return "error";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ use POE::Component::IKC::ClientLite;
|
|||
use WebGUI::Utility;
|
||||
use WebGUI::Workflow::Cron;
|
||||
use WebGUI::Workflow::Instance;
|
||||
use Net::CIDR::Lite;
|
||||
|
||||
=head1 NAME
|
||||
|
||||
|
|
@ -59,7 +60,7 @@ sub www_spectreGetSiteData {
|
|||
if (!defined $subnets) {
|
||||
$subnets = [];
|
||||
}
|
||||
if (!isInSubnet($session->request->address, $subnets)) {
|
||||
if (!Net::CIDR::Lite->new(@$subnets)->find($session->request->address)) {
|
||||
$session->errorHandler->security("Tried to make a Spectre workflow data load request, but we're only allowed to accept requests from "
|
||||
.join(",",@{$subnets}).".");
|
||||
}
|
||||
|
|
@ -182,7 +183,7 @@ sub www_spectreTest {
|
|||
}
|
||||
|
||||
my $sessionIp = $session->request->address;
|
||||
unless (isInSubnet($sessionIp, $subnets)) {
|
||||
unless (Net::CIDR::Lite->new(@$subnets)->find($sessionIp)) {
|
||||
$session->errorHandler->security(
|
||||
sprintf "Tried to make a Spectre workflow runner request from %s, but we're only allowed to accept requests from %s",
|
||||
$sessionIp, join(",",@{$subnets})
|
||||
|
|
|
|||
|
|
@ -26,6 +26,7 @@ use WebGUI::User;
|
|||
use WebGUI::Utility;
|
||||
use JSON;
|
||||
use XML::Simple;
|
||||
use Net::CIDR::Lite;
|
||||
|
||||
=head1 NAME
|
||||
|
||||
|
|
@ -141,7 +142,7 @@ sub canUseService {
|
|||
my ( $session ) = @_;
|
||||
my $subnets = $session->config->get('serviceSubnets');
|
||||
return 1 if !$subnets || !@{$subnets};
|
||||
return 1 if WebGUI::Utility::isInSubnet( $session->request->address, $subnets );
|
||||
return 1 if Net::CIDR::Lite->new(@$subnets)->find($session->request->address);
|
||||
return 0; # Don't go away mad, just go away
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ use WebGUI::Workflow::Instance;
|
|||
use WebGUI::Utility;
|
||||
use POE::Component::IKC::ClientLite;
|
||||
use JSON qw/ decode_json /;
|
||||
use Net::CIDR::Lite;
|
||||
|
||||
=head1 NAME
|
||||
|
||||
|
|
@ -482,7 +483,7 @@ sub www_runWorkflow {
|
|||
my $session = shift;
|
||||
$session->http->setMimeType("text/plain");
|
||||
$session->http->setCacheControl("none");
|
||||
unless (isInSubnet($session->request->address, $session->config->get("spectreSubnets")) || canRunWorkflow($session)) {
|
||||
unless (Net::CIDR::Lite->new(@{ $session->config->get('spectreSubnets')} )->find($session->request->address) || canRunWorkflow($session)) {
|
||||
$session->errorHandler->security("make a Spectre workflow runner request, but we're only allowed to accept requests from ".join(",",@{$session->config->get("spectreSubnets")}).".");
|
||||
return "error";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -22,6 +22,7 @@ use JSON ();
|
|||
use WebGUI::ProfileField;
|
||||
use Tie::CPHash;
|
||||
use Scalar::Util qw( weaken );
|
||||
use Net::CIDR::Lite;
|
||||
|
||||
=head1 NAME
|
||||
|
||||
|
|
@ -299,7 +300,7 @@ sub canUseAdminMode {
|
|||
my $pass = 1;
|
||||
my $subnets = $self->session->config->get("adminModeSubnets") || [];
|
||||
if (scalar(@$subnets)) {
|
||||
$pass = WebGUI::Utility::isInSubnet($self->session->request->address, $subnets);
|
||||
$pass = Net::CIDR::Lite->new(@$subnets)->find($self->session->request->address);
|
||||
}
|
||||
|
||||
return $pass && $self->isInGroup(12)
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ use Tie::IxHash;
|
|||
use Net::CIDR::Lite;
|
||||
|
||||
our @ISA = qw(Exporter);
|
||||
our @EXPORT = qw(&isInSubnet
|
||||
our @EXPORT = qw(
|
||||
&sortHash &isIn &round
|
||||
);
|
||||
|
||||
|
|
@ -39,7 +39,6 @@ This package provides miscellaneous but useful utilities to the WebGUI programme
|
|||
|
||||
use WebGUI::Utility;
|
||||
$boolean = isIn($value, @array);
|
||||
$boolean = isInSubnet($ip, \@subnets);
|
||||
$rounded = round($number, $digits);
|
||||
%hash = sortHash(%hash);
|
||||
|
||||
|
|
@ -71,49 +70,6 @@ sub isIn {
|
|||
return 0;
|
||||
}
|
||||
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 isInSubnet ( ipAddress, subnets )
|
||||
|
||||
Verifies whether an IP address is in a given subnet. Returns a 1 if it
|
||||
is, undef if there's a formatting error, or 0 if the IP is not in the
|
||||
list of subnets.
|
||||
|
||||
=head3 ipAddress
|
||||
|
||||
A scalar containing an IP address.
|
||||
|
||||
=head3 subnets
|
||||
|
||||
An array reference containing subnets in CIDR format. Example: 127.0.0.1/32
|
||||
|
||||
=cut
|
||||
|
||||
sub isInSubnet {
|
||||
my $ip = shift;
|
||||
my $subnets = shift;
|
||||
return 0 unless @{ $subnets };
|
||||
for my $cidr ( @{ $subnets } ) {
|
||||
my @parts = $cidr =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)\/(\d+)$/;
|
||||
unless ( 5 == @parts ) { # cidr has 5 parts
|
||||
return undef;
|
||||
}
|
||||
unless ( 4 == grep { $_ <= 255 } @parts[0..3] ) { # each octet needs to be between 0 and 255
|
||||
return undef;
|
||||
}
|
||||
unless ( $parts[4] <= 32 ) { # the subnet needs to be less than or equal to 32, as 32 represents only 1 ip address
|
||||
return undef;
|
||||
}
|
||||
}
|
||||
my $net = Net::CIDR::Lite->new(@{ $subnets });
|
||||
if ($net->find($ip)) {
|
||||
return 1;
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
#-------------------------------------------------------------------
|
||||
|
||||
=head2 round ( float [, significantDigits ] )
|
||||
|
|
|
|||
15
t/Utility.t
15
t/Utility.t
|
|
@ -43,21 +43,6 @@ is(WebGUI::Utility::round(47.6, 0), 48, 'round() - rounds up, too');
|
|||
}
|
||||
|
||||
|
||||
# isInSubnets
|
||||
is(WebGUI::Utility::isInSubnet('192.168.0.1', []), 0, 'isInSubnet: comparing against an empty array ref');
|
||||
is(WebGUI::Utility::isInSubnet('192.168.0.1', ['192.168.0.1/32']), 1, 'isInSubnet: comparing against an exact match');
|
||||
is(WebGUI::Utility::isInSubnet('192.168.0.2', ['192.168.0.1/32']), 0, 'isInSubnet: comparing against a mismatch');
|
||||
is(WebGUI::Utility::isInSubnet('192.168.0.2', ['192.168.0.1/30']), 1, 'isInSubnet: comparing against a match with mask');
|
||||
is(WebGUI::Utility::isInSubnet('256.168.0.2', ['192.168.0.1/30']), 0, 'isInSubnet: ip is out of range');
|
||||
is(WebGUI::Utility::isInSubnet('192.168.0.1', ['192.168.0.1/33']), undef, 'isInSubnet: mask is out of range');
|
||||
is(WebGUI::Utility::isInSubnet('192.168.0.1', ['192.168.0.0.1/33']), undef, 'isInSubnet: ip has too many dots');
|
||||
is(WebGUI::Utility::isInSubnet('192.168.0.1', ['0.0.1/33']), undef, 'isInSubnet: ip has too few dots');
|
||||
is(WebGUI::Utility::isInSubnet('192.168.0.1', ['192.168.0.1']), undef, 'isInSubnet: ip is missing mask');
|
||||
is(WebGUI::Utility::isInSubnet('192.168.0.1', ['256.168.0.1/32']), undef, 'isInSubnet: ip has an out of range quad');
|
||||
is(WebGUI::Utility::isInSubnet('192.168.0.1', ['192.257.0.1/32']), undef, 'isInSubnet: ip has an out of range quad');
|
||||
is(WebGUI::Utility::isInSubnet('192.168.0.1', ['192.168.258.1/32']), undef, 'isInSubnet: ip has an out of range quad');
|
||||
is(WebGUI::Utility::isInSubnet('192.168.0.1', ['192.168.0.259/32']), undef, 'isInSubnet: ip has an out of range quad');
|
||||
|
||||
TODO: {
|
||||
local $TODO = 'Things to do';
|
||||
ok(0, 'Move email validation tests out of Form/Email into here');
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue