taiga
/
taiga-back
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #582 from taigaio/Issue-3783-hooks-origin-ips-configuration-allowing-networks 

Issue 3783: Hooks origin ips configuration allowing networks
remotes/origin/logger
David Barragán Merino 2016-01-25 11:20:03 +01:00
parent eaabde1153 4b37dc413e
commit 8bf4e0a019
6 changed files with 47 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
requirements.txt
View File

@ -34,3 +34,4 @@ lxml==3.5.0
git+https://github.com/Xof/django-pglocks.git@dbb8d7375066859f897604132bd437832d2014ea
pyjwkest==1.0.9
python-dateutil==2.4.2
netaddr==0.7.18

3
settings/common.py
View File

@ -508,7 +508,8 @@ PROJECT_MODULES_CONFIGURATORS = {
"bitbucket": "taiga.hooks.bitbucket.services.get_or_generate_config",
}
BITBUCKET_VALID_ORIGIN_IPS = ["131.103.20.165", "131.103.20.166"]
BITBUCKET_VALID_ORIGIN_IPS = ["131.103.20.165", "131.103.20.166", "104.192.143.192/28", "104.192.143.208/28"]
GITLAB_VALID_ORIGIN_IPS = []
EXPORTS_TTL = 60 * 60 * 24 # 24 hours

3
taiga/hooks/bitbucket/api.py
View File

@ -24,6 +24,7 @@ from taiga.hooks.api import BaseWebhookApiViewSet
from . import event_hooks
from netaddr import all_matching_cidrs
from urllib.parse import parse_qs
from ipware.ip import get_ip
@ -55,7 +56,7 @@ class BitBucketViewSet(BaseWebhookApiViewSet):
valid_origin_ips = bitbucket_config.get("valid_origin_ips",
settings.BITBUCKET_VALID_ORIGIN_IPS)
origin_ip = get_ip(request)
if valid_origin_ips and (not origin_ip or origin_ip not in valid_origin_ips):
if valid_origin_ips and (len(all_matching_cidrs(origin_ip,valid_origin_ips)) == 0):
return False
return project_secret == secret_key

4
taiga/hooks/gitlab/api.py
View File

@ -26,6 +26,7 @@ from taiga.hooks.api import BaseWebhookApiViewSet
from . import event_hooks
from netaddr import all_matching_cidrs
class GitLabViewSet(BaseWebhookApiViewSet):
event_hook_classes = {
@ -53,7 +54,8 @@ class GitLabViewSet(BaseWebhookApiViewSet):
gitlab_config = project.modules_config.config.get("gitlab", {})
valid_origin_ips = gitlab_config.get("valid_origin_ips", settings.GITLAB_VALID_ORIGIN_IPS)
origin_ip = get_ip(request)
if valid_origin_ips and (not origin_ip or origin_ip not in valid_origin_ips):
if valid_origin_ips and (len(all_matching_cidrs(origin_ip,valid_origin_ips)) == 0):
return False
return project_secret == secret_key

19
tests/integration/test_hooks_bitbucket.py
View File

@ -61,6 +61,25 @@ def test_ok_signature(client):
assert response.status_code == 204
def test_ok_signature_ip_in_network(client):
project = f.ProjectFactory()
f.ProjectModulesConfigFactory(project=project, config={
"bitbucket": {
"secret": "tpnIwJDz4e"
}
})
url = reverse("bitbucket-hook-list")
url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
data = json.dumps({"push": {"changes": [{"new": {"target": { "message": "test message"}}}]}})
response = client.post(url,
data,
content_type="application/json",
HTTP_X_EVENT_KEY="repo:push",
REMOTE_ADDR="104.192.143.193")
assert response.status_code == 204
def test_invalid_ip(client):
project = f.ProjectFactory()
f.ProjectModulesConfigFactory(project=project, config={

20
tests/integration/test_hooks_gitlab.py
View File

@ -59,6 +59,26 @@ def test_ok_signature(client):
assert response.status_code == 204
def test_ok_signature_ip_in_network(client):
project = f.ProjectFactory()
f.ProjectModulesConfigFactory(project=project, config={
"gitlab": {
"secret": "tpnIwJDz4e",
"valid_origin_ips": ["111.111.111.0/24"],
}
})
url = reverse("gitlab-hook-list")
url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
data = {"test:": "data"}
response = client.post(url,
json.dumps(data),
content_type="application/json",
REMOTE_ADDR="111.111.111.112")
assert response.status_code == 204
def test_invalid_ip(client):
project = f.ProjectFactory()
f.ProjectModulesConfigFactory(project=project, config={