Adding ips validation

2014-11-28 13:37:18 +01:00 · 2014-11-28 13:37:18 +01:00 · 02400be2a1
parent bb8a2d2528
commit 02400be2a1
3 changed files with 10 additions and 1 deletions
--- a/settings/common.py
+++ b/settings/common.py
@ -360,6 +360,7 @@ PROJECT_MODULES_CONFIGURATORS = {
 }

 BITBUCKET_VALID_ORIGIN_IPS = ["131.103.20.165", "131.103.20.166"]
+GITLAB_VALID_ORIGIN_IPS = []

 # NOTE: DON'T INSERT MORE SETTINGS AFTER THIS LINE
 TEST_RUNNER="django.test.runner.DiscoverRunner"
--- a/taiga/hooks/gitlab/api.py
+++ b/taiga/hooks/gitlab/api.py
@ -48,6 +48,11 @@ class GitLabViewSet(BaseWebhookApiViewSet):
        if not project_secret:
            return False

+        valid_origin_ips = project.modules_config.config.get("bitbucket", {}).get("valid_origin_ips", settings.GITLAB_VALID_ORIGIN_IPS)
+        origin_ip = get_real_ip(request)
+        if not origin_ip or not origin_ip in valid_origin_ips:
+            return False
+
        return project_secret == secret_key

    def _get_project(self, request):
--- a/taiga/hooks/gitlab/services.py
+++ b/taiga/hooks/gitlab/services.py
@ -27,7 +27,10 @@ def get_or_generate_config(project):
    if config and "gitlab" in config:
        g_config = project.modules_config.config["gitlab"]
    else:
-        g_config = {"secret": uuid.uuid4().hex }
+        g_config = {
+            "secret": uuid.uuid4().hex
+            "valid_origin_ips": settings.GITLAB_VALID_ORIGIN_IPS,
+        }

    url = reverse("gitlab-hook-list")
    url = get_absolute_url(url)