taiga
/
taiga-back
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[Backport] Issue 3783: Hooks origin ips configuration allowing networks

remotes/origin/logger
Alejandro Alonso 2016-01-25 08:43:38 +01:00 committed by David Barragán Merino
parent 0be73d6290
commit 2aa76adabc
6 changed files with 48 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
requirements.txt
View File

@ -33,3 +33,5 @@ django-transactional-cleanup==0.1.15
lxml==3.5.0 lxml==3.5.0
git+https://github.com/Xof/django-pglocks.git@dbb8d7375066859f897604132bd437832d2014ea git+https://github.com/Xof/django-pglocks.git@dbb8d7375066859f897604132bd437832d2014ea
pyjwkest==1.0.9 pyjwkest==1.0.9
python-dateutil==2.4.2
netaddr==0.7.18

3
settings/common.py
View File

@ -493,7 +493,8 @@ PROJECT_MODULES_CONFIGURATORS = {
"bitbucket": "taiga.hooks.bitbucket.services.get_or_generate_config", "bitbucket": "taiga.hooks.bitbucket.services.get_or_generate_config",
} }
BITBUCKET_VALID_ORIGIN_IPS = ["131.103.20.165", "131.103.20.166"] BITBUCKET_VALID_ORIGIN_IPS = ["131.103.20.165", "131.103.20.166", "104.192.143.192/28", "104.192.143.208/28"]
GITLAB_VALID_ORIGIN_IPS = [] GITLAB_VALID_ORIGIN_IPS = []
EXPORTS_TTL = 60 * 60 * 24 # 24 hours EXPORTS_TTL = 60 * 60 * 24 # 24 hours

3
taiga/hooks/bitbucket/api.py
View File

@ -23,6 +23,7 @@ from taiga.hooks.api import BaseWebhookApiViewSet
from . import event_hooks from . import event_hooks
from netaddr import all_matching_cidrs
from urllib.parse import parse_qs from urllib.parse import parse_qs
from ipware.ip import get_ip from ipware.ip import get_ip
@ -54,7 +55,7 @@ class BitBucketViewSet(BaseWebhookApiViewSet):
valid_origin_ips = bitbucket_config.get("valid_origin_ips", valid_origin_ips = bitbucket_config.get("valid_origin_ips",
settings.BITBUCKET_VALID_ORIGIN_IPS) settings.BITBUCKET_VALID_ORIGIN_IPS)
origin_ip = get_ip(request) origin_ip = get_ip(request)
if valid_origin_ips and (not origin_ip or origin_ip not in valid_origin_ips): if valid_origin_ips and (len(all_matching_cidrs(origin_ip,valid_origin_ips)) == 0):
return False return False
return project_secret == secret_key return project_secret == secret_key

4
taiga/hooks/gitlab/api.py
View File

@ -25,6 +25,7 @@ from taiga.hooks.api import BaseWebhookApiViewSet
from . import event_hooks from . import event_hooks
from netaddr import all_matching_cidrs
class GitLabViewSet(BaseWebhookApiViewSet): class GitLabViewSet(BaseWebhookApiViewSet):
event_hook_classes = { event_hook_classes = {
@ -52,7 +53,8 @@ class GitLabViewSet(BaseWebhookApiViewSet):
gitlab_config = project.modules_config.config.get("gitlab", {}) gitlab_config = project.modules_config.config.get("gitlab", {})
valid_origin_ips = gitlab_config.get("valid_origin_ips", settings.GITLAB_VALID_ORIGIN_IPS) valid_origin_ips = gitlab_config.get("valid_origin_ips", settings.GITLAB_VALID_ORIGIN_IPS)
origin_ip = get_ip(request) origin_ip = get_ip(request)
if valid_origin_ips and (not origin_ip or origin_ip not in valid_origin_ips):
if valid_origin_ips and (len(all_matching_cidrs(origin_ip,valid_origin_ips)) == 0):
return False return False
return project_secret == secret_key return project_secret == secret_key

19
tests/integration/test_hooks_bitbucket.py
View File

@ -61,6 +61,25 @@ def test_ok_signature(client):
assert response.status_code == 204 assert response.status_code == 204
def test_ok_signature_ip_in_network(client):
project = f.ProjectFactory()
f.ProjectModulesConfigFactory(project=project, config={
"bitbucket": {
"secret": "tpnIwJDz4e"
}
})
url = reverse("bitbucket-hook-list")
url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
data = json.dumps({"push": {"changes": [{"new": {"target": { "message": "test message"}}}]}})
response = client.post(url,
data,
content_type="application/json",
HTTP_X_EVENT_KEY="repo:push",
REMOTE_ADDR="104.192.143.193")
assert response.status_code == 204
def test_invalid_ip(client): def test_invalid_ip(client):
project = f.ProjectFactory() project = f.ProjectFactory()
f.ProjectModulesConfigFactory(project=project, config={ f.ProjectModulesConfigFactory(project=project, config={

20
tests/integration/test_hooks_gitlab.py
View File

@ -59,6 +59,26 @@ def test_ok_signature(client):
assert response.status_code == 204 assert response.status_code == 204
def test_ok_signature_ip_in_network(client):
project = f.ProjectFactory()
f.ProjectModulesConfigFactory(project=project, config={
"gitlab": {
"secret": "tpnIwJDz4e",
"valid_origin_ips": ["111.111.111.0/24"],
}
})
url = reverse("gitlab-hook-list")
url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
data = {"test:": "data"}
response = client.post(url,
json.dumps(data),
content_type="application/json",
REMOTE_ADDR="111.111.111.112")
assert response.status_code == 204
def test_invalid_ip(client): def test_invalid_ip(client):
project = f.ProjectFactory() project = f.ProjectFactory()
f.ProjectModulesConfigFactory(project=project, config={ f.ProjectModulesConfigFactory(project=project, config={