From b74f226a8a2be6ae92a36c021716a441981444bd Mon Sep 17 00:00:00 2001
From: Alejandro Alonso <alejandroalonsofernandez@gmail.com>
Date: Wed, 10 Feb 2016 14:20:30 +0100
Subject: [PATCH] [Backport] Fixing bad origin configuration for gitlab and
 bitbucket

---
 taiga/hooks/bitbucket/api.py              |  2 +-
 taiga/hooks/gitlab/api.py                 |  2 +-
 tests/integration/test_hooks_bitbucket.py | 42 ++++++++++++++++++++++
 tests/integration/test_hooks_gitlab.py    | 43 +++++++++++++++++++++++
 4 files changed, 87 insertions(+), 2 deletions(-)

diff --git a/taiga/hooks/bitbucket/api.py b/taiga/hooks/bitbucket/api.py
index 6fcfcab5..aa4c9f63 100644
--- a/taiga/hooks/bitbucket/api.py
+++ b/taiga/hooks/bitbucket/api.py
@@ -63,7 +63,7 @@ class BitBucketViewSet(BaseWebhookApiViewSet):
             try:
                 mathching_origin_ip = len(all_matching_cidrs(origin_ip,valid_origin_ips)) > 0
 
-            except AddrFormatError:
+            except(AddrFormatError, ValueError):
                 mathching_origin_ip = False
 
         if not mathching_origin_ip:
diff --git a/taiga/hooks/gitlab/api.py b/taiga/hooks/gitlab/api.py
index 8b3671d0..88067e7a 100644
--- a/taiga/hooks/gitlab/api.py
+++ b/taiga/hooks/gitlab/api.py
@@ -61,7 +61,7 @@ class GitLabViewSet(BaseWebhookApiViewSet):
             try:
                 mathching_origin_ip = len(all_matching_cidrs(origin_ip,valid_origin_ips)) > 0
 
-            except AddrFormatError:
+            except (AddrFormatError, ValueError):
                 mathching_origin_ip = False
 
         if not mathching_origin_ip:
diff --git a/tests/integration/test_hooks_bitbucket.py b/tests/integration/test_hooks_bitbucket.py
index 1dbf8ea2..31d20fd0 100644
--- a/tests/integration/test_hooks_bitbucket.py
+++ b/tests/integration/test_hooks_bitbucket.py
@@ -80,6 +80,48 @@ def test_ok_signature_ip_in_network(client):
     assert response.status_code == 204
 
 
+def test_ok_signature_invalid_network(client):
+    project = f.ProjectFactory()
+    f.ProjectModulesConfigFactory(project=project, config={
+        "bitbucket": {
+            "secret": "tpnIwJDz4e",
+            "valid_origin_ips": ["131.103.20.160/27;165.254.145.0/26;104.192.143.0/24"],
+        }
+    })
+
+    url = reverse("bitbucket-hook-list")
+    url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
+    data = json.dumps({"push": {"changes": [{"new": {"target": { "message": "test message"}}}]}})
+    response = client.post(url,
+                           data,
+                           content_type="application/json",
+                           HTTP_X_EVENT_KEY="repo:push",
+                           REMOTE_ADDR="104.192.143.193")
+
+    assert response.status_code == 400
+    assert "Bad signature" in response.data["_error_message"]
+
+
+def test_blocked_project(client):
+    project = f.ProjectFactory(blocked_code=project_choices.BLOCKED_BY_STAFF)
+    f.ProjectModulesConfigFactory(project=project, config={
+        "bitbucket": {
+            "secret": "tpnIwJDz4e"
+        }
+    })
+
+    url = reverse("bitbucket-hook-list")
+    url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
+    data = json.dumps({"push": {"changes": [{"new": {"target": { "message": "test message"}}}]}})
+    response = client.post(url,
+                           data,
+                           content_type="application/json",
+                           HTTP_X_EVENT_KEY="repo:push",
+                           REMOTE_ADDR=settings.BITBUCKET_VALID_ORIGIN_IPS[0])
+
+    assert response.status_code == 451
+
+
 def test_invalid_ip(client):
     project = f.ProjectFactory()
     f.ProjectModulesConfigFactory(project=project, config={
diff --git a/tests/integration/test_hooks_gitlab.py b/tests/integration/test_hooks_gitlab.py
index 6cbf9c33..096eb7f1 100644
--- a/tests/integration/test_hooks_gitlab.py
+++ b/tests/integration/test_hooks_gitlab.py
@@ -96,6 +96,49 @@ def test_ok_signature_ip_in_network(client):
     assert response.status_code == 204
 
 
+def test_ok_signature_invalid_network(client):
+    project = f.ProjectFactory()
+    f.ProjectModulesConfigFactory(project=project, config={
+        "gitlab": {
+            "secret": "tpnIwJDz4e",
+            "valid_origin_ips": ["131.103.20.160/27;165.254.145.0/26;104.192.143.0/24"],
+        }
+    })
+
+    url = reverse("gitlab-hook-list")
+    url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
+    data = json.dumps({"push": {"changes": [{"new": {"target": { "message": "test message"}}}]}})
+    response = client.post(url,
+                           data,
+                           content_type="application/json",
+                           HTTP_X_EVENT_KEY="repo:push",
+                           REMOTE_ADDR="104.192.143.193")
+
+    assert response.status_code == 400
+    assert "Bad signature" in response.data["_error_message"]
+
+
+
+def test_blocked_project(client):
+    project = f.ProjectFactory(blocked_code=project_choices.BLOCKED_BY_STAFF)
+    f.ProjectModulesConfigFactory(project=project, config={
+        "gitlab": {
+            "secret": "tpnIwJDz4e",
+            "valid_origin_ips": ["111.111.111.111"],
+        }
+    })
+
+    url = reverse("gitlab-hook-list")
+    url = "{}?project={}&key={}".format(url, project.id, "tpnIwJDz4e")
+    data = {"test:": "data"}
+    response = client.post(url,
+                           json.dumps(data),
+                           content_type="application/json",
+                           REMOTE_ADDR="111.111.111.111")
+
+    assert response.status_code == 451
+
+
 def test_invalid_ip(client):
     project = f.ProjectFactory()
     f.ProjectModulesConfigFactory(project=project, config={